Slashdot Mirror
IPv6 Still Hotly Debated
inkslinger77 writes "A significant stumbling block to IPv6 adoption may be IPv4 loyalists who are keen to keep the old protocol in preference to the 'new improved' version, according to a Computerworld Australia article. The article covers the views of Cisco's senior technical leader for IPv6 technologies, Tony Hain and Geoff Huston, a senior Internet research scientist from Asia Pacific Network Information Centre (Apnic)." From the article: "Go to your favourite venture capitalist and say 'I want to be an ISP'. By the time he stops laughing and [finds you want to run] IPv6 - the discussion gets terminated. No one wants to hear this. IPv6 is well ahead of adoption in this market so everyone is deferring. No one is running IPv6, because there is no business case for it ... if we really wanted to leave a legacy to our children we'd review the crap we have today which is pretty ghastly ..."
But assuming we really do need more IPs, why IPv6? Why 128 bits instead of, say, 64? Why build the functionality of DHCP, which (mostly) works perfectly well* and is extensible enough to support cool stuff that hadn't been thought of when IPv4 and DHCP were invented (e.g. WPAD, netbooting), into IP? What's the deal with including your MAC address as part of your IP address?
Going with the assumption that the problem really is as bad as people say it is (China has a gazillion people and more of them are getting online, and it'd be great if my refrigerator had a web-based interface I could access remotely without setting up port forwarding or a VPN, etc.)... I'm not convinced that IPv6 is the right solution to the problem. It just seems to be the only solution anyone has offered, and a lot of money has been spent bringing it closer to reality.
So, convince me: why is IPv6 the right answer to the problem?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Why the emphasis on NAT boxes saving the day? Why do people think they're so wonderful and with them, we don't need no stinkin' ipv6? I mean, yeah, they've been useful and I'm not disputing that, but I'm not sure they were ever intended as anything beyond a stopgap measure until something better could be found. Not to mention that, as I understand it, they actually impede certain methods of communication over the Internet (anything that needs a real end-to-end connection, I think).
Yes, ipv6 still has a ways to go, but I honestly think it's a much better alternative than sticking with what we've got. We're going to have to do somethinga bout it anyway, since there are plenty of people already starting to use it, or will be in the future.
>insert witty sig file here
What are the chances that the term "IPv4 loyalists" includes those who just have no reason to make the effort to shift to the new system? Considering the number of [people, admins, even that amusing case where MS didn't patch its own servers] who don't even download security patches - the shift to a parallel system while the old system still works fine just isn't going to happen in droves.
Browsing with +2 to insightful posts and a higher threshold makes the average post seen seem a lot more ingenious
Maybe it will be IPv7 by the time it's adopted.
Better yet, why not name it IPv2005, so everyone will have to take it up by the end of the year lest they be left behind? Sure sounds better than IPvXP or IPvVista, doesn't it?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
IPv6, I'm sure, will eventually be implemented however it's going to be a very slow process. The average person doesn't want to replace their routers etc. because all they want is simple Internet access to browse a few web sites (online banking etc.) and send email. Most of these people are not interested in upgrading because it costs money and also is a pain in the ass for them to take time out of their lives to do so. From the perspective of the average Joe, it's the "If it's not broke why fix it" syndrome and I can't say I blame them. Most people simply don't care enough to spend the money and effort to upgrade for what they see as little or no benefit.
"A Lisp programmer knows the value of everything, but the cost of nothing." - Alan Perlis
I, for one, will welcome the end of the NAT kludge.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Personally, I'm still waiting for ipv8 which will purportedly allow me to have an IP address for every cell in my body. The only thing I haven't worked out is how to run 6*10^13 spam filters.
"No one is running IPv6, because there is no business case for it ... if we really wanted to leave a legacy to our children we'd review the crap we have today which is pretty ghastly ...""
More like there's no easy upgrade path. The x86 survived and grew exactly because one could move from one generation to another. IPv6 doesn't have that advantage.
Just like anything else, market forces will dictate when this gets adopted.
Are we really running out of IPv4 numbers? The market will tell us.
Is there a killer app for IPv6? The market will tell us.
Can we ram IPv6 down everyone's throat? The market will retailiate and hit back.
BTW - what's with this "wont somebody please think of the children" bullshit about? If we need to get to IPv6 - we'll get to it - relax already!
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
I for one welcome our new IPv6 overlords!
Nobody likes to do an IP renumbering, but why forego progress to preserve the status quo? We already use IPv6 for internal stuff, but since there's little adoption, it isn't more than a novelty. I hope that with the explosion of embedded systems, we'll start to see more folks interested in adopting IPv6.
Zhrodague.net - I do projects and stuff too.
Instead of hacking IPmasq'ing to work with P2P protocols, just implement a system where there are enough addresses for everyone's PC, phone, etc.
As for you ISC DHCP problem, you can assign whatever address blocks you want to. You just need to setup the correct criteria and have a way to recognize it. The easiest way is to assign one block to particular MAC's an a different block to regular boxes.
I don't see why IPV6 needs to have 128 bits for addresses. You can tag every atom in the universe with its own IPV6 address. Why not do something simple like just have every segment of TCP be a 16 bit value instead of a byte? That way you could have 12312.2342.121212.3423 as a valid network address, and, 2^64 addresses out to be enough for anybody...
This is my sig.
Windows Vista will make IPv6 the protocol of choice. You can bind IPv4 and IPv6 in different orders on the NIC and it will enable great support for the protocol. They are even talking about having it running as part of the default install.
MS is developing Vista to enable programmers to push Home Automation. One thing they are doing is adding in that area is the functionality for IP's to securely be handled like a plug and play device. This isn't for printers on a network; it's for all the appliances in your house. IPv4 just doesn't work well for home automation. Also another sign is the majority of GE prototypes all are geared towards IPv6 not IPv4.
The regional specs that come with IPv6 are also huge things for MSN, Google, and Yahoo. It will allow your search (and Ads for that matter) results for a "pizza place" to give you the ones in your area without any additional info.
Vista will start the ball rolling, and the other two items will make the transition come very quickly. Security is also nice, and will help stop allot of traditional hacking, but the end user doesn't get excited about that. They will get excited about the other stuff though.
Two years from now we will start to see IPv6 becoming very common.
However, everyone involved completely underestimated the cost of switchover and overestimated its rate of adoption. This ultimately means that IPv6 is not enough of an advancement to justify its deployment costs. The end result is that IPv6 is already one-quarter through its estimated 30-year lifespan and it isn't even widely deployed yet.
I suspect that what we need is an IPv7 that would include:
If we start now, this might be deployable by 2020 or so... :-/
Anything new is of course going to be resisted by PHB's until PC World does an article describing how great it is ... then the PHB's will want IPV6 is designer colors.
#1. It allows you to run multiple boxes at home WITHOUT having to pay extra for a "family" connection plan.
#2. Cheap and easy way to block worms and such.
Why do we need all these freaking IP addresses anyway? I, for one, do *not* want my house, and fridge, or even my home PC for that matter, connected directly to the web. I have to deal with enogh virii and trojans and crap as it is, without worrying about if the OS on my fridge is updated with the latest patch to fix the buffer overflow on the mayonaise level access port.
What is wrong with having to go through a VPN login procedure to access these types of services? Whats the big deal? You log into the NAT access point, the *only* thing in your house on the web, and from there you can get to any other device. It is *not* that hard people.
I personally do not see any need or use for all these new IP blocks people seem to think we need. No copanies will put their workstations directly on the web, it is a huge security risk. What is the business/use case for IPv6? What does it give you, when you don't want to connect devices directly to the internet anyway?
There are plenty of addresses in northern Alaska that aren't being used. "Peak IPv4" indeed.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
In July 2003, Geoff said that IPv4 addresses will run out in two decades.
About two years later, Goeff says that IPv4 addresses will run out in just one decade.
So, if even very anti-IPv6 folks are saying that IPv4 addresses will run out sooner than expected, I think it is time to start preparing to the conversion.
SPF support for most open source mail servers can be found at libspf2.
People who don't want us to switch to ipv6 .. it's like going from horse and buggy to cars.
..but does that mean we should not improve on it? But cars are better. Just because the world still goes around without ipv6, doesnt mean things won't improve wih IPv6. Think of all the benefits .. devices and cell phones with voip that allow multiple device presence. Improved QoS (quality of service) features. More people in developing countries able to run servers/blogs cheaply at home enabled because they no longer have to be natted. etc. Emergency services made possible by ubiquitous addressable wirless devices. List is endless.
Yes, horse and buggy is a low cost transportation method that works
Correct me if I'm wrong, but isn't NAT and the separation of networks a good thing, security wise? (Obviously there are other measures needed, but it plays a part..) Even if we had IP6 it seems we'd still want DMZs and the like. Maybe I'm getting the wrong impression from the articles, but it seems like they're emphasizing everyone being able to have an IP address on a common network essentially - instead of the Internet being a network connecting a bunch of private networks. I don't know about you, but I feel much safer having my computers on a private network connected via one IP and a router than I would having all of them exposed.
am i the only one concerned about the geographical portion of the addressing and the issues with privacy this brings up?
... next week. In theory under IPv6 we can be less protective with IP address space, and give the UN and Europeans some portion of it to manage in whatever way they see fit. I doubt anybody present will be thinking beyond the raw policy issues sadly.
I do firewall management and support for a fairly well known Managed Security Service Provider. I deal a lot with troubleshooting complex issues with multiple parties on conference bridges. In the process of troubleshooting, I rely heavily the relay of IP address information to figure out the flow of traffic and to determine what the issue is.
The quality of the bridges are not always perfect, while the bridge itself is usually trouble free, frequently there are participants in noisy situations or someone on their cell phone with a poor connection.
At times relaying IPv4 information can be difficult and it is often mis-heard or needs to be repeated several times. I dread the day where IPv6 is the norm. It just increases the complexity of sharing IP information, and not all IP's I deal with have a DNS name associated with it so I will be dealing solely with the 128 bit hex address.
IPv4 will likely remain around for quite some time until there is a sudden demand for new (globally accessable) IP addresses. If there is a sudden spike in the demand for IP addresses then it is likely that some companies will choose to adopt IPv6 instead of opting for a stopgap measure that may not save the day for very long.
The question people should ask is what type of device/application will emerge such that everyone wants a new global IP address (or 10)? Consider that if it were not for email and porn most people would have not linked up to the internet and the IPv4 addresses would still be being slowly chewed up by the academic and government agencies that grew out of ARPANET.
Unless the RATE at which new global IPv4 addresses are needed increases people will be totally fine putting up with stopgap measures.
All your attention are belong to my old internet meme.
If client-based firewalls ar eso great, then why doesn't IBM and Ford and the Fortune 500 have all their PCs connected directly to the web and install personal firewalls? Answer?
- Having direct connections to the web for each terminal is more expensive than having them all behind the NAT
- You can't trust your employees to keep a secure environment
Thus, corperations have no need or desitre to have all their terminals directly connected to the internet. Thus, they don't need IPv6. Thus, the vast majority of computers *in the world* (business use still trumps home use by a factor of like 5 to 1) do not need it.
People don't seem to understand that IPV6 isn't the Internet. It's something else that nobody is on and nobody wants on because nobody is there.
http://cr.yp.to/djbdns/ipv6mess.html
IPV6 is being led by fools that are convinced that IPV6 is solely "a matter of time". Fact is, they have no transition plan, and until they do, they're going to continue to get laughed at.
I have recommended on numerous occasions that the simplest solution is to freeze the IANA and require TCP and UDP services publish their ports in DNS, and while we're at it, deprecate every record but NS, PTR, SRV and A. Make it a requirement right now.
Existing installations have it easy- they simply publish SRV records that contain the port numbers they already are using. New installations get to contact one less central authority about addressing, and at the rate that primary Internet vehicles (web browsers and email clients) are being deprecated for bugs, client deployment could be had in as little as 6 months.
You wouldn't need to add new configuration to your clients, and you wouldn't need to change anywhere near as much software as needs changing for IPV6. Best part: you'd increase the public internet address space by almost 16 bits- giving us almost 68,719,476,736 addresses or room for each person on the planet to publish 10 uniquely and immediately addressable services each - and that's without reallocating existing blocks- you do that and the number skyrockets to nearly 281,474,976,710,656 - which is enough addresses for everyone ON THE PLANET to publish 46,912 similarly immediately addressable services right now.
In contrast, IPV6 not only has to do all the work I suggest, but it has to replace every client and every server- regardless of whether or not they are going to benefit from the increased address space and complexity and they'll need to change the configuration files and configuration databases of those programs as well to accommodate the larger addresses.
But this will never happen: IPV6 is being run by people who think A6/DNAME records are a good idea.
I think because ip v6 is too strict when it comes to accountability is what is keeping it from being popular. Why? because all processes including economies need a lubricant to keep this process running smoothly. Corruption is the economies lubricant, while too much make the economy slide into oblivian, too little will grind the economy into a standstill. The proper answer for a healthy economy is balance between corruption and accountability. Any law or technology that will disturb the balance either way will cause a disturbance in the force (all people making decisions where and how much to invest).
My conclusion is that the majority of investors see a more or less balanced internet as it is now and are afraid to disturb that balance.
Of course you can have your own opinion about this.
Internet Protocol Version 6 is a backwards-compatible replacement for the current Internet protocol
Is this true? I was under the impression that the compatibility more or less ended at the socket API. Is the v4 address space actually mapped in to the v6 address space now so that hosts with v4 addresses are automatically capable of talking v6 if there is a v6 path?
No? That's what I thought. No, you have to go buy (cha-ching) seperate v6 space a number all your servers and routers with two seperate addresses, one v4 and one v6, manage new DNS for your v6 hosts, etc. etc. v1 had more compatibility with v4 than v4 has with v6. At least with the move to v4 the existing registrations mapped in to the new address space.
Feel free to point me at the documentation that says I'm wrong about this. No, really, I would like to be wrong about this. But last I heard they wanted to start the registration process over from scratch with this move and that means you don't have backwards compatibility.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I don't think I want a permanent static IP address. I know ISPs keep logs, but I'd rather not have web sites or people gathering data about me be able to count on that IP always being a single person (me).
The only reason these guys are against IPv6 is that they make money selling the ever-scarcer IPv4 addresses. Take away the scarcity, take away their profits. That's why they object.
Get your own free personal location tracker
hierarchically
useless sig advice - Read Nabokov.
You have to go to all kinds of lengths (using special session border controllers, media proxies, etc.) to be able to support SIP calls where one or both parties are behind a NAT. It is awful. NAT is a hack--a useful one in certain situations, but still a hack.
There's no place I can be, since I found Serenity.
One is, despite the claims that IPv4 will run out in the next "x" years and companies will be screwed, that never happens.
Worst case, folks will figure out how to get by on 1-2 ip addresses, or pay more than the $1/month or so to get an extra. There are TONS of unused, unrouted addresses out there through the entire hierarchy, from subnets, class b's etc.
Second, IPv6 and you can what? If I run IPv6 only, I need to at some point tunnel to IPv4 (and often get an IPv4 address anyways) to connect to the rest of the net. If I run just IPv4, I can connect to everything, and the first person who develops google that is IPv6 ONLY is going to have very few users.
In other words, the business case is flat out not there.
Also, I never understood why IPv4 wasn't just a subset of IPv6? Why can't my existing IPv4 addresses also be IPv6 addresses with a standard prefix? Maybe this has changed, but when IPv6 came out it looked like that wasn't part of it.
If my address was a subset, my ISP could create IPv6 endpoints for my address along with the IPv4 routing, even if I hadn't upgraded. They'd just strip the prefix and forward to me.
Honestly, that article is ridiculous. The idea that IPv6 won't be rolled out because IP address hording is going to be marketable. Sure thing. I can totally see myself paying an inflated amount of money for the privilege of hosting a web server.
Perhaps I'm overly optimistic, but I see a lot of people deciding that they don't care to spend a boat load of money on services they can put on IPv6. SSH for example, if all I need is a SSH server, or an extranet server, or something that has no need of being globally available, I don't think I would buy an IPv4 address for the privilege of making it available to the old net.
When/If the IP address market really gets going I foresee a real migration to the IPv6 space. Furthermore, hobbyists and technophiles will begin to move to IPv6, the rest will follow.
My inner self is ineffable, so don't eff with me.
Oddly enough, I've just recently flat out banned large portions of APNIC from signing up with my email service because I've gotten so many spammers from there ... coincidence? Maybe. In all my dealings regarding spam, they just seem ass-backwards over there.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
At Tuesday's IETF meeting in Vancouver the vote for consensus was many for and none against elevating the IPv6 Protocol Standards from "draft Standard" to "Internet Standard" and make them part of the everyday production Internet. The IPv6 WG is even shutting down as it has accomplished its mission and designed a good working protcol. The wired and wireless networks provided for the engineers at the IETF is running IPv6 and we are regularly using it to get information from our working group colloboration sites like: www.v6ops.euro6ix.net/
. If you don't understand because of FUD, please read up on our North American IPv6 Task Force website website [ www.nav6tf.org/ ] or the similar European/Asian sites.
Don't fear, the IETF V6 Operations (V6OPS) team and the IPv6 Forum will continue work to better clarify how to deploy IPv6 and to help build new network services around the new features. Most of the new network services groups in the IETF are basing new services on the features of IPv6 - early examples are Mobile IPv6 (MIPv6) and Network Mobility (NEMO) both of which are being extended to offer IPv4 access through IPv6 tunnels in order to get IPv4 native service through IPv4 NAT.
If you actually have useful comments or design alternatives for IPv6, bring it up in IETF working group mailing lists [http://www.ietf.org/html.charters/wg-dir.html%5D
"As for the future, your task is not to foresee it, but to enable it." - Antoine de Saint-Exupery
Yeah because protocols are what we'll be remembered for!
Much of the debate about the mechanics of how IPv6 gets rolled out takes place on the ARIN Public Policy Mailing List (PPML). If you're interested in deciding the future of how this stuff will work, that's the place to start.
To enable incoming calls for VOIP and video conferencing to a machine you need a public IP address. Without one you need a mediator (another host on the internet which you are connected to like instane messaging networks operate). P2P based video broadcasting technologies and similar are unable to operate. Essentially having you locked up behind NAT allows companies to charge for services created by restrictions that were not part of the original internet.
A NAT gateway works like a firewall in the same way that tearing out the eyes of a child prevents them from seeing porn, it cripples.
Agencies may have until June 30, 2008, to transition to Internet Protocol Version 6.
Government Vendors have to be IPv6 enabled if you are going to want to continue to sell there.
http://www.gcn.com/IPv6/
According to wikipedia:
IPv6 is intended to address the concern of IPv4 address exhaustion.... IPv6 addresses this problem by supporting 340 undecillion (655368 3.4 × 1038) addresses.
And as we all know, 340 undecillion addresses ought to be enough for anyone!
I don't know whether or not there is a huge need to jump to IPv6 or not, but hasn't history shown us that even the seemingly "good enough" possible ranges aren't usually good enough forever (640k, Y2K, etc.)? Not that I have any idea how we could ever use up "430 quintillion (4.3 × 1020) unique addresses per square inch" (again, thanks to wikipedia), but who knows what novel ideas will come up in the future? Plus having so many unused addresses has its advantages, too, since it makes it harder (it would seem almost impossible) for hackers to randomly guess a valid address out of that big of a space, even with an automated script that could test millions of addresses in a short time.
"The death of IPv4 has not really killed the Internet. In fact, far from it, we've managed to make an industry around it."
.gov start adopting, then it will get off the ground. Of course, this is unlikely to happen because Cisco doesn't sell IPv6 switches.
In other words, by keeping IPv4, we can sell NAT boxes (which we're already selling in huge numbers.. the wireless network hub in my den is a prime example.) Cisco has a big investment in building hardware to take care of IP space limitiations.
"You will still be able to get addresses, if you pay for them, because a market will appear."
In other words, this damned internet isn't making us enough money, because IP addresses are free. We want people to start trading them, so we can get commissions on the sales.
It's clear that this is "good buisiness" for the big internet companies: why invest in a new system that will make users's lives cheaper and easier when we can continue to sell patches on the old stuff, and make a market so that we can start charging the freeloaders?
It's also clear to me that the only way IPv6 will get adopted is if public bodies start using them and demanding their use. For instance, if Internet2, the US military, or all of
I'm no expert, but to my cynical eye it looks not like market forces, but like the usual problems with capitalism exploiting a local maximum and avoiding short-term risk.
----Nathaniel
One of the key principles of the Internet Protocol in its original usage was the idea that every entity has a unique address. The (Address,Protocol,Port) tuple identified a single connection endpoint.
NAT broke that by hiding many hosts behind a single address. Making it work required port forwarding to steer inbound connections to the appropriate internal host, TCP state tracking to allow many internal hosts to connect to external services and application layer gateways to fix NAT unfriendly protocols like FTP.
IPv6 steps in with its vast address space to save the day. All hosts will once again have a unique address... restoring order and peace to the Internet. Hurrah!
The problem is that now the game is security and privacy. We don't want all our hosts on the Internet. We want NAT and firewall and virus scanning. We don't want a firehose to the Internet we want a spyhole... with everything carefully controlled and protected.
IPv6 addresses a problem that nobody really cares about.
The IPv4 address space is running out... but the IETF and IAB are smart. The sky won't fall if IPv6 doesn't happen.
Just assign a secondary IP address to that card. Bind9 should be able to handle multiple addresses per card, as long as they aren't virtual. The problem appears to be how the broadcast packets are received and there really isn't any way to handle that with a virtual card.
But a secondary address should be able to handle it as the initial request will go to the primary address, an address will the issued, and future updates will be seen on that same card, but via the secondary address.
As this was discussed on /. a bit ago, the best reason for NAT is to create islands of IP addresses for your network, otherwise you have to renumber everything when you change service providers. Multiple service providers is another problem.
Even if the cable and dsl companies all switched over to IP6, and there were $50 routers and switches available, there is still reason to use NAT.
From what I've been reading asia is going IP6 much faster then we (USA) are. In China & other places I think it's because they're still building a lot of infrastructure so they can start with the latest.
Even my stupid IT Director thinks that IPv4 is sufficient...what a loser.
I hear some pro-IPv4 people saying "we don't need IPv6 now, so we won't migrate now". I won't debate the point about whether we need it now or not, but IMHO they don't realize something very important:
Waiting for the very last moment where we actually need IPv6, is *not* a good idea.
We should start migrating *before* the actual need arises, so that the transition from IPv4 to IPv6 is as smooth as possible. I would very much like to know what pro-IPv4 people think about this.
We don't _need_ ipv6 this very second. It's not cool or sexy. It doesn't really bring anything fun and/or critial to the table. It was developed to help catch future problems of ipv4 before they became critical. It's not going to be a hot button issue until we REALLY need ipv6. At that point the unprepared are going to be running around like bumbling idiots screaming that they did not get enough warning. The only thing that could really change that fact about human nature would be intervention from various governments. And we've seen how well that worked with HDTV.
If an officer ever threatens to taze you, say you have a pacemaker.
Markets arn't a very good forecasting medium in cases like this.
Killer app for IPv6, how would you know without having it? But then, why would the market implement it without having a killer app. Basically a circular logic problem getting you nowhere.
Can you ram it down everyones throat? Usually goverments can ram alot less pleasent things down peoples throats without retaliation at all, atleast most people seem to say forinstance pay taxes.
Worst of all, only getting IPv6 when you really need it, actually means you got it to late. Expecially there conversion will take awhile. Even worse, if you convert late your costs will be much higher then if you convert early.
How can the market mess up so badly, quite easily really, the term for it is competitive exclusion. Which is when in the short term changing things will cost you money, so you don't and instead accept in general less then ideal kludges. This is expecially true when the changes require widespread infrastructure changes, like a change in IP version would do. So basically people are taking immediate benefits at the price of lost revenue later. And because the equation is the same ach year, each year they defer judgement again.
... if you think that IPv6 is somehow going to make having personal static IP addresses cheaper.
The ISPs are not going to change their business models just because they can. Any given large ISP has *millions* of extra IP addresses that are never used that they could be handing out to the very small portion who want statics. Why don't they? Becaus e they want to make money. You think just because there will now be all these wide-open 128 bit IP ranges, that you will get a free ride? Think again.
"We happen to work in an industry that survives on complexity, address scarcity and insecurity," Geoff Huston, senior Internet research scientist at Apnic, said. "This is where the margins come from, and we are not innovators in this industry any more. We've learnt that optimism doesn't create a business case. All those people disappeared along with the dotcom boom," he said.
That is a stupid statement. It would be more accurate to say either "limps along" or "thrives" instead of "survives" in this context. The steam engine industry undoubtedly felt the same way about the internal combustion engine when it was first proposed.
Of course, Ipv6 isn't enough. It's not enough until every atom in the Universe can have it's own unique IP address, after which we can discuss the strings that create them.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Anyone?
Watch this Heartland Institute video
...and you can route it. I've routed IPv7 packets over our LAN and with some success over the Internet. They look just like IPv4 packets, but with "options" in the IPv4 header. That's right folks. Something backwards compatable with IPv4 is already spec'd out and you can route it unless the router or firewall is rejecting IPv4 packets with options. To regular IPv4 stacks, the options are just ignored. Maybe Cisco or somebody didn't like this because it would have been difficult to implement in their hardware, but cry me a river. We should just start using it, and as a pleasant side effect everybody who has an IPv4 address suddenly has a very large IPv7 subnet.
Why did you have to post this as AC? I want to hear more of your shenanigans. Please send me an e-mail with links to other posts by you.
News for merdes. Shit that matters.
Ask me about my sig.
iPV6
:o)
It's the lowercase inital "i" that will drive adoption.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
I think I may have found the answer: the shared-network statement in dhcpd.conf. I'll give this a try and see if I can get it working!
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I certainly like my dynamic IP. The last thing I need is another global unique and permanent identifier to track me.
It is certainly possible to assign dynamically changing IPs even in IPv6, but I would guess that the ISP won't bother with the extra overhead of a dynamic IP pool, or charge extra for it.
So most people will get a permanent IP, or permanent IP range. Most won't ever know about it, or about the implications.
An advertisers wet dream. I can't wait.
(Oh, and soon after permanent IP becomes the default, an union of the RIAA/MPAA/Advertisers will probably push for laws to make permanent IPs the rule)
the laws of supply and demand suggest that the value of each IP address will approach zero.
Except that the "laws" aren't laws at all and are in fact closer to myth. The supply of an item does not determine its price. The price people are willing to pay determines its price.
It's not really a myth, it's a valid model of economics. The question you're bringing up is more about who is providing the supply, and how freely they make it available. If everyone could just give themselves an IP address, then yeah, each address would be worth very little. But when your ISP controls the addresses you get, you have to have one to use the Internet, and they can market each additional address as a feature, then there is still a demand, and they are aritficially limiting the supply. It's like the diamond industry: DeBeers owns most of the supply, and there's lot of diamonds, but they don't let more on the market than the market demands to make sure that people will have to pay a lot for diamonds.
A recent study of IP address utilization has concluded that only old people in North Korea use IPv6.
They will make a 'big brother' database of each ipv6-address so they can monitor where does each ipv6 enabled cadget and a person carrying it go. Heck even you can make such database just make a ipv6 table and start tapping ipv6 traffic. But our children will be taught in school or by MTV to use those little cadgets that are ipv6 . Who would you like to tap your children's moves? We would lose not only our privacy. Think our children.
IPv6 vs. NAT
These are two distinctly different things. Nat takes one public IP address and translates it to many private IP addresses. THese are not two competing technologies, and you can use NAT with an IPv6 address. In reality, there isnt a debate here. Its a weak argument for those that want to keep things whe way they are.
IPv4 addresses an a commodity
Greedy Fuckers. Pure and simple. The basic interenet and all its various little noodly bits were created but university and governmetn organizations and then just loosed on the planet essentially for free. Yes, you had to buy some hardware to use it, but the shit works without you having to pay for a damn thing but your connection.
I have nothing against the idea of capitalism where you get paid for something you create, but hoarding a commodity that is out there for the collective good as a whole is just shitty. In very few cases is there a justification for the belief that "I must make ALL of the MONEY and IT MUST HAPPEN RIGHT NOW and YOU CANNOT HAVE ANY."
As an added bonus, this sort of behavior helps keep the "have nots" in the "have not" category, which just generally pisses them off unnecessarialy.
needing a publically available address
No, obviously we all do not have to have public IP addresses - not yet, anyway. Saying you don't now or never will shows a pretty big lack of foresight. You don't KNOW that there wont be an application that needs publically available addresses to work well andd that NAT just won't cut it. Why don't you know? Becuase someone will eventually come up with sommehting new, and it'll be good and important. People always do, eventually.
I realize that if you really wanted to have everything you own connected to the internet you could just use NAT and then if you wanted to talk to your refridgerator you sould just use "the fridge port" but its adding a level of complexity that could possibly get in the way of something on down the line.
This would slow down address scanning worms, neh?
if a worm's gotta look at giant chunks of addresses to find other victims, wouldnt this just slow down their epread a little?
then again, what the fuck do i know?
s'wut i sed.
Because, basically, IPv4 does everything I want it to do right now. I understand it. It's simple to set up. It's simple to maintain. I don't need additional IP addresses on my NATted system, because I can multiplex all my servers onto a single IP address using firewall rules (if I want to; I currently only have one server).
From what I've seen, IPv6 is hideously complicated, the stack is vast, there are innumerable incompatibility problems with various applications, and basically it's just too much effort for too little gain.
Can anyone convince me otherwise?
IPv6 will allow FreeWan Cells to integrate nearly seemlessly with the conventional Internet. Imagine trying to assign IPv4 addresses to each of over 2 million FreeWan Cells that may be created in the near future. Yes, it can be done if people are willing to pay the exorbitant prices required for such address space. IPv6 would allow EACH COMPUTER in each individual Cell to have its own ip address (even if it is withing a hobbyist range). FreeWan may not be much now, but as the Internet is increasingly filtered, taxed, regulated, spammed, virused, and restricted by both governments and corporations, FreeWan will play a bigger part in information exchange. IPv6 will be better suited to support a worldwide network of FreeWan Cells. Yes, IPv4 can be used for a worldwide network of FreeWan cells, but computers within these cells would not be able to connect to both the Internet and FreeWan at the same time due to the lack of an adequate number of private IPv4 address assignments.
is less people on earth!
keep IPv4!
Using a NAT as a security feature is based on the "security through obscurity" idea. The fact it isn't trivial to know what is on the otherside of the NAT component can lead people to think they are secure which leads to woe. A hidden network doesn't make that network secure.
A Network Admin should always use NAT for what it is designed to do: compact network address management. It is however *not* a security feature of the network. You need to use network security practices and devices to pull that off. Anyone claiming they want to stick to IPv4 for "NAT security" is some what misguided in what its purpose and place in the network.
Is there anything in IPv6 that says you can't do network address translation? I don't believe so but I'm not sure since like most it hasn't been deployed so it isn't an issue. NAT is a good idea simply because it helps manage network traffic and topology, reguardless of your address space.
"Hey, could you ping me? My IP is: 5F05:2000:80AD:5800:0058:0800:2023:2F8E. Thanks"
640YB ought to be enough for anybody.
http://www.chinadaily.com.cn/english/doc/2004-12/2 7/content_403512.htm
http://www.ipv6.net.cn/
the only permanence in existence, is the impermanence of existence.
In the past I was very pro IPv6, until I gave it some serious thought. True, IPv4 probaby will not hold up forever, even with CIDR and NAT/PAT, but those definately do extend it's life span signifigantly. If all the organizations with unused address space would turn in unused addresses, we would be in an even better position. If organazations not yet using NAT/PAT would do so, we would be even better yet. I am a big supporter of NAT anyways though, I do not feel that every machine in the world needs a live IP address. How many windows boxes are protected from worms simply because they are not on a live IP? Yes, there are some issues with NAT, but there will be issues with the conversion (and use) of IPv6 as well. My current distaste of IPv6 may partially be due to a lack of knowledge on it, but in a lot of ways it seems illogical, and unnecessary. 128 bit address space, when we are limited to 48 bits of MAC addresses. Illogical in that, with IPv4, it is fairly simple to know that a block of addresses belongs to Company X. But that is just my 2 cents, please, correct me if I am wrong on anything...
~oid
I beg to differ. I question whether you're serious or a troll, but I'll respond anyway and give you the benefit of the doubt.
Lots of companies which are big enough to have their own Class-A allocations assign all of their clients globally routable addresses. I can tell you this from personal experience.
They don't use personal firewalls, obviously, and I have no idea why you think this is related. Using a personal firewall at the client level has nothing to do with IP address allocation or NAT. You can assign every user on a subnet a globally unique IP address, and then still use a stateful firewall for security. This is what these companies do: you get the benefit of not having your applications negotiate NAT with the protection of firewalls separating the internal networks at various facilities from the global network.
As far as the cost thing, if you're big enough to have a Class A block, you're not paying individually for IP addresses, so there's no difference in cost between a client that has a unique address and a NAT one. In fact the NAT one is probably slightly more expensive because the NAT routers are probably more maintainance and support-intensive than a straight firewall.
In short, I don't think you know what you're talking about. You might be correct when it comes to small or medium businesses, who are buying their connection from an ISP who is going to charge them more for a lot of static IPs than a few dynamic ones that they can use with NAT, but this issue isn't relevant to IBM, Ford, Apple, or the rest of the Class A companies.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Here is a color graph comparison of IP4 & IP6.
http://webmasterdesignz.com/rphollenbeck/GradPortf olio/Papers/621-IP/
And this goes into much more detail about IP6 specifically than the article
http://www.cs.wfu.edu/~torgerse/Kokua/SGI/007-2860 -008/sgi_html/ch02.html#LE38116-PARENT
--
The InterNet is a terrible thing to waste. Arrest Bill Gates and shut down Microsoft immediately.
I will gladly loose all of life's battles.. in order to win the war..
It's really funny to see a guy from CISCO crabbing about this, since one of their most popular product lines is their small ethernet switches with routing support. Which have interface hardware filtering and processing to prevent their processor from saturating. Which will only filter ipv4, and throws all other traffic into a common bucket based on ethernet frame type. Which includes ipv6 traffic.
My theory is CISCO will promote ipv6 like crazy, and when people finally upgrade, then they'll profit off selling them newer switches with hardware filters that grok ipv6. Then when they are done with that, they'll resurrect ATM from the grave in a pure-optical-switching form for another wave of replacements (which of course wouldn't have so many feet in the grave if CISCO had actually bothered to implement it decently in the first place.)
Someone had to do it.
The market only cares about individual profits in the short term. Nothing else. Biological evolution may have produced remarkable results, but it has been over many millions of years, with many promising branches killed off by chance - two steps forward, one step back. And that's without participants altering the environment all the time to suit their own ends, as happens in the free market. Many species mis-manage themselves out of existence (as perhaps we are doing).
Although biological evolution is a stunningly elegant, beautiful explanation for life, it is not a universal pattern to be applied to all systems in the universe.
Ironically, it often seems to be the idiots who disbelieve biological evolution who most strongly believe natural selection in the marketplace is not only the best way towards progress, but it is somehow morally superior too.
This was pointed out by DJB a while back:
http://cr.yp.to/djbdns/ipv6mess.html
Yeah this looks like a serious privacy issue that most people haven't woken up to yet.
A MAC address is (usually) a globally unique identifier. How long before someone big builds a database relating MAC to user identity (Microsoft, your ISP, law enforcement, whoever).
At that point, no matter where you connect your laptop from, your traffic can be identified as yours. Be it for the purpose of advertising, tracing communication, or other data mining.
So the question is, are we ready and willing to surrender anonymity on the net?
NAT is a stupid kludge that breaks shit.
Example: You build a company network, and the ISP gives you one address. You happily NAT everything behind it to 192.168.1.0/24. This works great until you roll out the new security system where the company helps pay for users to buy a hardware firewall for their home system, at which point, 40% of your VPN clients won't work because the SOHO firewall ALSO uses 192.168.1.0/24, and you can't have the local address and the tunnel address on the same network.
That's okay. DHCP allows you to scoot over to 10.10.0.0/24, because hey, what are the chances of collision with a /8 space to carve out of? Your problems with home users disappear. Everything runs great until your company partners with a (insert vertical marketspace) company, wherein you set up a VPN link to allow access from your servers to their servers. Too bad THEIR administrator chose 10.0.0.0/12. And since they partner with 50 other companies, they're certainly not going to renumber. But, hey, you can remap your addreses into a DIFFERENT RFC space for the tunnel, and they'll un-re-map on their end! Sure, it's complex to the point of being unmaintainable, but isn't IPv6 complex too?
NAT breaks VPN, it makes various protocols, it's a stupid hack which should be trampled into the oblivious dust of history.
It's not that there is a lack of unused address space, it's that there is a lack of IPv4 space that you can REGISTER FOR. There are organizations with Class A and Class B address blocks that are primarily not being used....and they refuse to give them up.
If you are the chinese or japanese and you want enough IP addressess for every cell phone, pager, electronic device, then IPv4 can't provide it because there simply is NOT enough address space that IANA could give them.
But the more appropriate analogy is: You don't take
your car in for complete engine rebuild if the engine
is running fine.
While this may be true for your car, it's definitely not true of a helicopter, or a generator at a power plant, or any other important piece of machinery.
Would you still fly on an airline if that was their attitude towards maintenance? "Nah, we're not going to tear down that turbine...it hasn't failed yet!"
I think perhaps you should reevaluate the importance of the Internet to our society today. I think we've well surpassed the relative importance of a car to an average driver.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
You can definitely assign IPs with two different subnets on the same LAN... as long as you don't want the machines on one subnet to be able to talk to machines on the other subnet: They'll each address their "not my subnet" packets to the gateway's MAC address, not the MACs of the target machines.
Googling around, we find there are about 10 to the 77th hydrogen atoms in the universe. Same universe. That's a lot larger. So there are (roughly) 10 39 atoms per address in the ipv6 system.
And we know the 10**77 number is right because it's on the web ;-)
I18N == Intergalacticization
I don't have an objection as such to IPv6 except that I'm told there is going to be no need to have unroutable (ie: 192.168, 172.16 and 10.x.x.x) IP's around.
Surely this is going to be a real pain in the ass for LANs? - some new family purchases their first computer and has to contact their ISP to get a damn IP address for the thing - who wants to do that!?
What about Good ol' Joe and Jane - your average clueless PC user - who both get IPv6 boxes onto a lan behind their ISP, plug them in and go without worrying about firewalling, updates, etc. Atleast with NAT the NAT box provides some level of security for them to keep out whats not meant to be in there. It's not the best mind you, but it does provide some security.
Get rid of NAT, shove them straight onto the big bad net and while it might take some time, sooner or later somethings bound to get rooted.
Or how about my company? I like knowing that my ~200 users cannot have their IP addresses routed over the internet - that they HAVE to go through our routers (or NAT based system if you will) to get onto the big bad net.
I sleep easier at night knowing that if someone targets my network then they see our firewalls as their first port of call rather than a workstation on the company LAN.
Atleast when I run LAN parties I know I have a bunch of IP's available to me to shove on the DHCP server which are provided for non routable use only - granted with IPv6 everyone/thing/object can have its own IP setup beforehand, but that private range is useful to have just so I don't have to arrange to get a bunch of IP's from my IP Broker for a two night lan party. Who cares if the company down the road uses the same range - that's the whole point. They're non routable for a reason - so that any idiot with half an IQ and three quarters of a braincell can use them!
IPv6 isn't going to get rid of NAT as such, it's just going to rename NAT to a "Network Firewall" or some funky product to help "hide" those damn IP's you don't want on the visible on the internet.
Well thats what I think
The previous poster asked Why 128 bits instead of, say, 64?
The amount of work required to jump to 64 bit addressing or 128 bit addressing is identical. Since you're going to have to re-write everything anyway, you may as well figure in a ridiculously large address space, because not doing so saves you nothing.
Additionally, the routing table saving offered cannot be understated. With huge swaths of continguous address space, you can (hypothetically) represent an entire continent as a single aggregated routing entry (The more granular routing information would only be seen locally.), and the number of unique addresses within that range would be virtually inexhaustable.
Overkill is a good thing when it doesn't cost you anything.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
Through networks like Hurricane Electric, Freenet6 and (on a more serious level) OCCAID people are experimenting with IPv6 today. I recently colocated a server and for no additional cost receive native, dual stacked IPv6 service. Do many people use it? No, but it is a start. The trick will be to get as many servers working on this dual stacked service as possible. Eventually ISPs will start supplying dual stacked service.
Earthlink even offers a custom WRT54G firmware which will automatically set up an IPv6 tunnel for you. What are you waiting for? Now is the time to support both protocols so we can begin the very lengthy transition.
isomerica.net | Foonetic IRC
Why have we been completely stagnant on this front? There were developments in the ways of NAT and Virtual Hosting, but so much of the picture left unattended to. What happened to developing additional routing technologies? With the focus on firewalls anyway, NAT just makes sense. But where is there a missing piece?
How about HTTPS virtualhosting. Send the server name and then establish a secure connection adn send the GET/POST request. This one thing alone would free up about 500-600 public IP addresses from myself alone with all the HTTPS sites I deal with.
The standards just kind of stopped when they fixed the initial problem, and don't think down the road. They got virtualhosting working and that saved a crunch... But nobody is consolidating and reclaiming these IPs because it's a total pain.
IPv6 is at least 10 years off, because plain and simple, EVERY SINGLE PIECE OF NETWORKED SOFTWARE NEEDS TO BE REPLACED. IPv6 is a joke right now, but the IP stacks should support IPv6 starting now. The programs should support is starting now. It is just as easy to configure an IPv4 address as an IPv6 address in linux/apache/etc. All programs on an ipv4 only stack need to be phased out or updated, including mainframes, routing equipment, servers, workstations.
This isn't rocket science. It's stupid for a hosting provider to implement IPv6 because it has no benefit for at least 5-10 years. But SOFTWARE DEVELOPERS and OS DEVELOPERS need to think IPv6 so that it can be transitioned many years down the road.
Plus, nobody in north america cares, because we have most of the IPs anyway... just wait until some of those ClassA's get reclaimed for people to start kicking/screaming.
-M
when you see the word 'Linux', drink!
IPv6 fans ought to read D.J. Bernstein's excellent article on the subject. In short, the main problem is that the two protocols aren't easily interoperable, so investment in IPv6 infrastructure is without short-term return.
Ceci n'est pas une signature.
NAT can still be utilized with IPv6. If one still wants a private network accessed by port forwarding, this is no more difficult in IPv6 than it currently is with IPv4.
So it seems to me that the fundamental NAT vs IPv6 argument actually boils down to the fact that it _IS_ true that IPv6 might make NAT less useful, overall, than it currently is, because the primary use for NAT is to widen address space (it just offers what amounts effectively to additional security to most end users as a side effect of the design). Are people that use NAT so terrified that something better might exist which could potentially obsolete what they use right now that they'd rather that NOBODY be able to have it (since if everybody else switched, they would have to as well).
And anways, if NAT is so incredibly useful to so many people, then really, why should its use drop at all for the people that want it? As I said before, NAT can certainly be used with IPv6 for people that want it (even though IPv6 removes most of the reason why one would want to for the time being, it's still completely possible). As it happens, practically, if not entirely all of the security that NAT provides to the people that see the security as a good side effect of NAT could be just as easily provided by a firewall using what is probably an out-of-the box available configuration for the firewall called 'Medium' protection (or level 3 or 4 on a 1-5 scale). With IPv6, I expect that the primary use of NAT would probably be for home users only, that wished to disguise their home LAN as one IP address to their ISP (which will happen, so NAT itself won't die anyways).
Are the people that say NAT exists right now and therefore we don't need IPv6 actually just saying that they don't want to deal with the hassles of an upgrade, even though the upshot of everyone doing so is quite beneficial for those people for whom NAT creates problems? (bear in mind that the reason that NAT does this so effectively with so many people is because it is, and always was, just a kludge)
File under 'M' for 'Manic ranting'
a generational issue...
As much as I hate to agree with Geoff here. I think he is correct in what he is saying.
I think that as people change jobs, as people retire the idealism of IPv6 will change. A lot of newer networks will adopt IPv6 (I don't run IPv4 at my house any longer, but that's just me) a lot of people, including businesses will start adopting IPv6 internally, but proxy out to IPv4. This will expand out the lifespan of IPv4.
As I posted earlier, I don't know if I will see a full deployment of IPv4 in my lifetime. However, if my kids take up IT, I think they will see the complete roll out of IPv6.
I think this debate will go on for a long time, but 100 years into the future, we won't have an option. The IPv4 screw up we will leave for our children, Between now and then though, expect some change.
Curiosity was framed; ignorance killed the cat. -- Author unknown
I'll move to IPv6 the day when my ISP and home router ($39.95) has IPv6 configuration.
Ok so you do not feel that every machine in the world needs a live IP address. I agree with that, but it is not incompatible with IPv6. You are free to use IPv6 *without* giving a live IP address to every of your machines. You are free to continue using NAT with IPv6. Look at it this way: IPv6 offers you the possibility to assign more IP addresses if the need arises (and it will).
:-P) IPv6 is logical and will be necessary sometime in the future. What do you think ?
Then you say the 128-bit address space is illogical when compared to 48-bit MAC addresses. This is not illogical for a very simple reason: IPv6 addresses have to be unique amongst *all* the hosts on the Internet. While MAC addresses have to be unique *only* amongst the hosts of a particular LAN. So a shorter length for MAC addresses makes perfect sense.
In conclusion (I like conclusions
I happened to have a bit insight into IPv6 and at that time (looong time ago) it seemed to promise a lot more than a longer address.
/. only wrote about nat and "we don't need more addresses" on the entire first page :(
I am not familiar with the current state of the protocol (other than I religiously compile it into my kernel) - so I better not talk out of my butt.
It had a lot of support for a more secure IP implementation, QOS and routing.
Read the proposal on www.ietf.org and do not post "we do not need more addresses" crap.
Besides: we need more addresses, even end users who are stuck behind crappy nat boxes of our ISPs, but even more those who run public services and have to pay $5-10 or more for an extra address.
It is not because some use 5-10 addresses on their hosting, or because my ISP wants to give me an address for each"allowed computers"; it is because large companies are holding comlete B address spaces, ones that do not even use it.
That is why your toaster won't have a public address even if you wanted, and some want it. I just stuff all my computers, consoles, pdas behind a linux box because that is what I trust, but some people want to do gaming, work, p2p or use that damn IM software that allows tehm to "direct connect" to send a pic or voice chat.
On Nat: nat is not security by default, however if you do not use port forwarding to netted machines and use a private address space it gives a level of security, even if you only nat on the same physical network (e.g. internal and external net on the same device).
Not true? My windows machine is 192.168.1.210 on the same utp as my outer interface on my router. Can you ping it or ftp to it? No. It is a level of security.
I do not want to fight with anyone, but it is sad that
Is there an echo in here? "We'll never run out of [2^N for any value of N] addresses". Yes we will. There are people who are scheming to put every bloody light switch and kitchen appliance on the Internet. There are people designing applications to run on microscopic hosts that will be scattered like seeds, by the thousands or millions.
It's 128 bits instead of 64 so we don't have to go through this again in five years.
Remember, the Internet *core* used to run over 56kb/s lines -- the same speed as those $20 modems that individuals are throwing away by the basketful today because they're unbearably slow for *personal* use. It's *hard* to plan well for that kind of growth. Better to waste a couple of bits than have to waste the whole thing and do it over.
Investing trillions into migrating to IP6 would be like spending trillions on an ice maker in Alaska. The hope, magic and possibility of the Internet has faded, growth is for necessity sake, not cultural, like it used to be. The excitement(financial) is gone. Corporations, Television, millionaires, politicos, marketers own the 'net, so the 'net will slowly fade to a solemn object of human control and treachery. The projected growth toward IP6 popularity is moot. As an individual 'net user, my once positive outlook has reversed. The Internet will soon be under the control of the tyrants, just like every other single type of media that is under the control of tyrants. Since the rich and elite will own me, I am all for going back to command line just to slow them down. Music died a similar death.
One: Countries like China are somewhat less interested in interoperability with the rest of the (IPv4) Internet (See also "Great Firewall") so they probably aren't as concerned that switching to IPv6 is going to "break" their ability to connect to the rest of the world. In fact, perhaps the need to convert between them address spaces could help enforce the GF?
Two: I wonder if in other cases this will be like the 3rd world an cell phones/wireless networks. In many cases, countries that are just investing in technology can bypass the whole landline stage and jump directly to WiMax or whatever. It seems that counties where there are few existing users will find it less painful to switch to IPv6 since there are fewer people to complain.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
The MAC address will quickly become irrelevant if this takes off. You could bind unique IP's to each object on manufacture.
For some reason, many of you are assuming that just because everything has a unique IP address that it must therefore be sitting unprotected on the Internet.
This is an unfounded theory. Many quality security products aleady have support for IPv6, this includes firewalls, IPS, AV gateways and the like. These types of preventive measures are required today with IPv4 and will continue to be required with v6. Moving to v6 does not mean all the script-kiddes and malicious hackers have gone away, security will be as important as ever.
The only hacker activity that will become obsolete will be Enumeration, reconnoitering a network to learn what it's private address space is. Because, we'll all have unique addresses, he won't need to determine what space is inside your firewall.
Of course, the more worrying hacking activities such as probing and attacking will still exist. Therefore security measures will still be required.
The security benefit of NAT devices today is debatable. Yes, they obscure the actual source adress but that's it, and security through obscurity is weak at best. And as mentioned by an earlier poster, NAT breaks a good many things.
Have you tried to use SIP (VoIP protocol) through a NAT device? Be prepared to be frustrated. What about using your IPSec VPN client from behind a NAT device? Some IPSec vendors have methods to make this work (NAT Traversal) but it doesn't work natively. Don't even think about an X Windows client....
I look forward to the day when there will be no need for NAT, but there will always be a need to secure your network.
Nobody wants IPv6 because it isn't turned on automatically in Windows. I hear that the next iteration is supposed to fix that.
Meanwhile I have it running in my home and at my office. Works great. Easy to set up once you wrap your head around it. Try it and see.
hmm strange that I cold get this to work then BTW surfnet is a dutch isp, on there pages the say that thay provide ipv6 to costumors on request (sorry the page is in dutch and I don't have the time to translate) STOP! yes this is only one example, but if memmory serves me
hmm strange that I cold get this to work then
BTW surfnet is a dutch isp, on there pages the say that thay provide ipv6 to costumors on request (sorry the page is in dutch and I don't have the time to translate) STOP! yes this is only one example, but if memmory serves me
for mod trols: I don't mind beeing moded down but plz put in a comment telling me wher I'm wrong.
for grammar nazis: I know my spelloing iis bad, but I'm lazy so unless the typos make me dificult to understand just drop it
Minor nit, but *demand* drives prices UP, *supply* drives prices DOWN.
Acts of massive stupidity are almost never covered by warranty. --me.
For those in Japan, I suggest checking out IPv6 Promotion Council, WIDE, Internet Initiative Japan and the BSD folks over at KAME.
In general, you probably also want to check the IPv6 Information Page, which lists many IPv6 websites, FTP sites and even IRC sites not already listed. (Almost all the above sites are also IPv6-reachable.) This totally trashes the idea that there is NOBODY on IPv6, which is good because it is a delusion which prevents people from using IPv6.
I've used numerous IPv6 tunnels and will shortly be getting native IPv6 from my provider at home, so I cry "bullshit" to those who say it can't be done. Setting up an IPv6 tunnel through a broker requires knowing your public IP address and your MAC address, then running a simple script to set up the IPv6-over-IPv4 connection. It's all of a couple of minutes work, maximum. I dare those who say IPv6 isn't being used to actually set up such a tunnel, use IPv6, THEN come back and tell the rest of us why what they just did was so impossible.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
No, security through obscurity is not and never should be any part of the answer. The reason is that you should not rely for security on keeping things secret that you can't easily change if they should become public.
For example, you keep your cryptographic keys secret, and if they should be divulged, you change to new keys. But you should generally not rely on keeping your cryptographic algorithms secret, because if they get divulged, it would be a lot harder to issue new programs or machines using new algorithms. Coming up with new cryptographic algorithms is a highly non-trivial process, whereas anybody with access to a decent random-number generator can come up with new keys.
This is known as Kerckhoffs' Principle, and is applicable much more generally than just in cryptography.
NAT is actually solves a secondary problem: allowing individuals to have their own home network without having to register each of their computers with some sort of central authority. Almost all IPv6 advocates say that NAT won't be supported as part of the protocol, which is not such a bad thing if you see NAT simplay as a solution to solves address space issue, but it isn't if you see it as a solution allowing individuals to allocate their own addresses, without having to go through the bureaucratic process of registering each one. I feel that in missing this fact is actually a real issue and one that needs to be dealt with - if there already is a solution to this, then no one I have asked has yet provided me with one.
IPv6 needs to be seen as a long term solution and not try to solve an immediate problem. The way I see it is if you see something is running the chance of breaking then you really want to have a solution before it breaks. This is like the Y2K issue, which ended up being a non-issue simply because everyone had the foresight to fix the problem before Y2K occurred. You can argue that nothing broke because there wasn't really an issue, but at the same time you can argue that nothing broke because the problems had been solved before it was an issue.
Jumpstart the tartan drive.
Heh.
As every computer and router I'm connected to already has IPv6, I'd certainly get a lot of f3rst p0sts before the rest of the world catches up :-) Its a sad fact that not many ISPs offer IPv6 right now, and very few data centres, but once some popular systems go dual-stack, we'll see uptake increase.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
In a scheme where there are enough available addresses to give one to every grain of sand, the laws of supply and demand suggest that the value of each IP address will approach zero.
Unfortunately, if you want sand, say for a sandbox in the backyard, you still need to go buy sand (unless you visit a local beach or park and "acquire" some). And bottled water costs more per gallon than gasoline!Most likely, there will be a base price set up by the ISP to account for the infrastructure and personnel that they'd need to keep the network running. It may be true that additional IP addresses will be cheaper than they are now, but the track record of ISP leads me to believe that we'll still end up paying plenty for IPv6 addresses.
A security protocol presumes that the authorized user has some secret information. Security through obscurity is the false belief that hiding the protocol itself enhances security. But a protocol that hasn't been presented to peer review is likely to fall over the moment someone with a clue tries to analyze it. How long do you think it is before burglars know what the fake rocks look like?
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
In the past killer apps on the Internet have doubled their bandwidth usage every 2 weeks, usually for at least 6 months. If IPv6 does aquire a killer app[1], then will ISP's and companies have time to react? How quickly could your ISP buy equipment that supports IPv6? How quickly could your company roll out new IPv6 enabled firewalls?
There are technologies like 6to4[2], and Teredo[3] that will automatically tunnel IPv6 over the v4 internet, even if you are behind NAT and don't have a realworld IPv4 address. However intermediate systems that know nothing of IPv6 can't easily firewall, properly prioritise for QoS, or transparently proxy the traffic inside these tunnels. If you don't have IPv6 support for your network infrastructure, how do you know who on your network *does* have support for it and is using it to bypass your firewalls? Rumour has it that 6to4 and Teredo are both enabled by default on Windows Vista.
[1]: My picks are P2P/VoIP, since NAT makes both tricky (although not necessarily impossible).
[2]: http://www.wlug.org.nz/6to4
[3]: http://www.wlug.org.nz/Teredo
Have we met at an IPv6 meeting?
/32 for yourself. For the $1000/year, you can have more subnets than you can ever use. The real answer is just go to an existing LIR, and pay them the $50 to give you an IPv6/48 assignment, and just carry it around with you. No IPv6 carriers right now care about which aggregated block a /48 came from, they'll route it.
/48 from my block for 100Euros admin fee
PI vs. PA on IPv6 is a great topic to derail an IETF/RIPE/NANOG meeting on IPv6.
The winners, so far by attrition, are the "Every assignment is PA, portability is built in". Fsckheads! There are a lot of reasons to have PI space in IPv6, but the fear is non-aggregation of the routing tables. Of course, RAM is getting so cheap now (unless you buy direct from Cisco) that a small hit due to some PI driven non-ag wouldn't hurt much.
The official answer to your question is simple. Pay your money to become an LIR, and grab a
the AC
I'll lease you a portable
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Is there a Greasemonkey plugin that filters out posts made by people who can't tell the difference between using NAT and using a firewall?
Routers still look at all 128 bits of the address. Many ISPs are using /127s or /126s on their PtP links.
Wow- I didn't realize that there is only 436 unique IP V4 addresses. I own like 1% of the entire address space now! I should sell my three extra fixed IPs. The 3114 in IPV6 will be a big increase.
Me thinks that they should have used ^ or exp.
No, they aren't. IP packets are incapsulated in ethernet packets for local hops. Ethernet packets contain the mac address in the header, but these aren't delivered end-to-end unless both ends of a connection are in the same subnet.
In IPv6, it is envisioned that machines could use their mac address for the last 48 bits of their IP address so that they can claim a unique address within a subnet without a dhcp request, but this is only one possible convention. The truly paranoid could use a randomly generated number instead.
Well, I don't see any reason why a NAT router couldn't be used that translated a public IPv6 address into a private IPv4 address space, but I will certainly defer to the experts on this.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I would give a lot of credence to his opinion.
No you're MAC address is not carried in an IP packet. You need to send an Ethernet frame to your upstream router that is going to have your MAC address as the source MAC in the frame, but your MAC address doesn't go past the interface that you are connected to on your gateway.
Its all horribly horribly simple. No large investor or large vendor wishes IPv6 to happen in the mainstream until all the bogus submarine patents filed around it have expired. Until then its not in the interest of Microsoft, Cisco or anyone else to ship large amounts of IPv6 and get shot at.
Nobody will say that in public because the US doesn't like industries apparently conspiring together against a patent holder but you will hear it in private.
Sure, in a perfectly competitive market with symmetric information and no externalities over the long-term you might achieve optimal allocation of resources. But that's not the case here.
Of course, it depends which school of economic thought you subscribe to. Personally, I hold a mix of the neo-classical, public choice and new liberal views.
BTW, my training is in economics and all these links are gathered from the excellent market failure page on Wikipedia.
Of course we always rely on our "favorite venture capitalist" to make essential decisions about Internet technology.
IPv4 suited a different Internet than today's. It got a life extension when NATs multiplied the Internet address space, when broadband ISPs refused to allow multiple IP#s to single customers. Which technique also complicated the Internet, while creating a niche for nonstandard firewalls which further interfere with protocols. The resulting system of IPv4 hacks is an even knottier landscape, even less sustainable, while running on fumes.
IPv6 complaints boil down to "it's more than we need". Of course, that surplus incorporates the lessons from IPv4, which created a demand for more than IPv4 could supply. IPv6 is more "future proof" than was IPv4 - if it only had what (some people) need today, it would hasten the need for IPv7, along with exponentially more whining and constraints on advanced deployments, as the Internet becomes ever more central to everyone's lives.
Plenty of places are deploying IPv6. Mostly places which didn't have as much IPv4 to replace. The people whining the most against IPv6 are those who will have even bigger costs when they inevitably deploy it late, having deployed IPv4 for far too long. It's shortsighted greed for the remaining low-hanging fruit, at the expense of more costly/risky upgrades later. Combined with mere fear of change, a change that will expose all kinds of other hacks hidden by IPv4 limitations. Those primitive attitudes should not govern the expanding architecture of the Internet. It's too important to be left in the hands of those who sacrifice our future in the name of petty immediate costs, who have pushed the future back as far as they can, as long as they can.
--
make install -not war
I don't want all of my machines exposed to the entire Internet, and I certainly don't want all of Joe Moron's unpatched spam-zombie machines exposed to the entire Internet.
I support the Center for Consumer Freedom
IPv6 will never be adopted by the mainstream unless it's pushed from the centre.
Unless the main core network carriers agree to accept only IPv6 traffic (with IPv4 tunnelled within it) there is no push for the ISPs to change. Indeed, there is a very good business reason NOT to change.. it costs money and the customers generally don't want it either.
It's only at the point where ISPs have to do the work converting IPv4 traffic to IPv6 that the extended transition period could begin. Having forced the ISPs to use IPv6 they would see that it would cost them little or nothing to offer IPv6 directly to their customers.
Over an extended period of many years, first the big customers would slowly convert and as they do and spend money the cost of the IPv6 equipment will fall and the quality of the firmware will increase, finally trickling down to the consumer space.
As I see it, this period would take a long time, probably a decade or more with IPv4 never really dying out until all the systems which used it disappear. IPv4 will probably hang on in legacy systems for another 20 years or so.
Anyone who believes that there will be a "big-bang" where everyone changes over to IPv6 at the same time are living in a fantasy world.
Agrajag: "Oh no, not again!"
You can run multiple subnets on the same physical LAN, although this is generally a bad idea since you'll spend a lot of time tracking down odd glitches and problems. You will, of course, have to route between those two subnets if you expect them to communicate.
ISC DHCP (or any DHCP server) will receive your DHCP request in one of two ways. Either as a broadcast packet, which indicates the DHCP client is on the local subnet, or as a unicast packet from a DHCP relay agent (i.e. a router with ip-helper configured in Cisco-speak). The unicast packet contains the IP address of the relay agent which lets the DHCP server know which pool of addresses to draw your lease from.
You cannot have mulitiple IP addresses assigned to an interface with a DHCP relay agent or to an interface which has a DHCP server bound to it. That breaks the protocol since it makes it impossible for the DHCP server to determine which pool of leases to draw from. See the RFC for more details. http://www.bind9.net/rfc-dhcp
You also cannot use DHCP to assign two IP addresses to a single client NIC, whether those addresses are on the same subnet or not.
Vuja De: That sinking feeling that this is going to happen again. Often occurs in meetings with Product Managers.
Let's all be honest... the biggest reason we fear IPV6 is the fact that we'll never, ever be able to actually remember IP addresses by memory anymore. "aaa.bb.ccc.ddd" fits nicely within the human short term memory stack. "aaa.bb.ccc.ddd.ee.f.ggg.hh.iii.j.kk.lll.mm.nn.ooo .p.qqq.rr.sss.tt.uuu.vvv.ww.x.yyy.zzz.AA.BBB.CCC.D .EEE.FF" overflows it, by several orders of magnitude. AT BEST, it might be possible to keep a tiny handfull of IP addresses straight, IF they're mostly zeroes AND have those zeroes in the same locations.
Instead of using all 128 bits for address space, let's set aside the first bit for human-friendly data compression: if the first bit is "1", we assume that 127 significant bits of address data follow. If it's "0", we'd transparently insert 64 "0" digits, then continue with another 63 significant digits of address info.
Yeah, it would cut the potential address space in half... but as more than a few have already pointed out, IPv6 isn't exactly hurting for address space anyway. The big benefit is that for the first few years/decades/centuries of use, nobody would ever actually HAVE to deal with a full-blown 128-bit address... IPV6 would have a de-facto 64-bit address space, ready to become 127 bits when the need finally arises. IP addresses would double in length, but 8 bytes are still within most people's capabilities. For the foreseeable future, nobody outside of Cisco or academia would actually have to bother with 32-byte IP addresses.
Short of that, the only way ANYONE will be able to deal with 128-bit addresses is if someone comes up with a scheme for constructing plausible nonsense words that unambiguously map to real 128-bit addresses, using letter combos to encode 2 to 4 bits per letter. Say, compressing big repeating chunks of zeroes and ones with escape patterns down to 40 or 50 bits, then using those bits to specify grapheme (morpheme? "nonsense word"?) consonant-vowel combos vaguely resembling romanicized Japanese, like "fa muka gu zade no kwatule yo". It would look weird, but by re-establishing some kind of contextual link to plausible language, people would at least have SOME chance of (mostly) getting it right from memory.
Perhaps, but in that case it was a content-free post, since it only repeated what had already been said (not that that is an unheard-of occurance here on slashdot). Therefore, I assumed the poster was refering to IPv4.
...all your various household robots you will be getting, and your flying cars and scooters (and antique land based excursion craft like you might have now, heh). Then all the RFID tagged stuff you buy, every piece of food (your fridge will need to be able to monitor itself), electronic media (**AAs will require it), books (it'll just happen, it's a retail article of trade), clothes (already happening), kids toys (article of trade, inventory control, finding lost stuff around the house), the pets (must be a responsible companion animal friend), all the house plants (something has to monitor soil moisture and Ph and nutrient levels), individual windows and doors and walls and other HVAC sensors to run and monitor the home (smart homes aren't smart without it), the alternate energy controllers (common as anything 20 years from now when oil is 350$ barrel), all the individual components that make up your computers (all the drives and memory and CPUs will have to be certified and "trusted"),and the etc, big whopper list and etc....
And...pretty important... the multiple chips inside of you (heart monitor, brainwave societal balance monitor, GPS tracker, blood pressure, blood chemistry, internal credit card chips and ID verification, and various "stuff" like that there), eventually mandated by government and the health/law & enforcement/insurance/your employer cartels.
so, bump up that number a scosh, could be thousands easily.
Everything over http works just fine right now. NAT could be the perfect success. ...
Cisco's senior technical leader for IPv6 technologies, Tony Hain, begs to differ.
Of course cisco disagrees. They want to sell more routers.
meh
The two reasons there's so much bloat in IPv4 routing tables are that customers want to have their own provider-independent address space (so they're not tied down to a single provider) and want to multi-home to two different ISPs, advertising their address space on both ISPs so that if either connection fails, there are still routes to their address space. This means that every ISP out there needs table entries for the multi-homed customer's address space, even though the customer might only need one or two IP addresses, and the routing protocols often have calculations that need N**2 or at least N log N space, so it's especially annoying. (By the way, there's work on upgrading BGP from 16-bit ASNs to 32-bit ASNs to deal with the increasing numbers of multi-homed customers.)
IPv6 was supposed to fix this by providing enough address space that customers in the old swamp could be reallocated to provider-aligned space, but the customer-ISP politics problem is still there, and the need for reliable multihoming is still there. Browsers and DNS caching make the problem much worse, because DNS-derived IP addresses are persistent - if www.example.com's connection 1.1.1.1 fails, you can't just use DNS to tell the end users to use 2.2.2.2 instead, because DNS caches mean the update might not appear for days, and browsers and some other applications don't look up DNS entries on every packet either, so multi-homed customers really need to do rerouting to work around failures. That kind of speed is ok for network renumbering when you're changing ISPs with a week of advance preparation, but it's not fast enough for routing around failures.
There's an ugly project called shim6> that's supposed to work around the renumbering and routing issues, and it avoids NAT by replacing it with something IMHO almost if maybe not quite as nasty. AFAICT, the working group's not really finished with it, and it requires host software because it's a routing shim in the end-device's protocol stack.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Developers, Developers, Developers
Developers, Developers, Developers!!!
As someone who's developed embedded comms stacks for both protocols, IPv6 slaughters IPv4. Nice, clean, consistent fields in the packet, no kludged late-additions to the protocol, and NO FRAGMENTATION. I can't emphasize enough how valuable that last point is when you're in a resource-limited embedded environment. If every fridge, alarm clock and toaster is gonna have to have an RJ-45 on the back, then it's clear to me that v6 is the only protocol they should be speaking.
How do you convert the Internet to IPv6?
At the moment, all the major OS's have an IP6 stack built in, just never used (and if never used, just how debugged are they?)
Obviously you can't have a "Convert to Six" day, when everyone and everything changes their addressing.
So it has to be gradual. Who would do it first? Would it be a matter of dual addresses for a while?
How tough would it be for an ISP to click on IP6 routing for it's customers?
(Yes, I am ignorant, but wanting to learn.)
Are there any privacy concerns with IPv6, since all packets are tracable to one network card?
Because IPv6 is strictly heirarchical, you need to maintain one address for each downstream router and default for upstream. This gives you a memory requirement of about 2-4K for normal usage. Assuming a LOT of mobile users, you might need another 2-4K for redirections.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
..."try again"? I was pointing out some maybe possible ways you'd need more than 88 numbers for a family. Some are moderately whimsical, but a lot of them aren't. If you want a smart net enabled fridge, all the food needs to be tagged for instance, else what's the point?
I was never disputing the math on amount of addresses with IPv6, it's a huge amount,obviously way more than enough, I just think people are underestimating what eventually might be net enabled, even though they might not directly ever call those devices, devices/objects will be calling other devices and those in turn reporting someplace else. An individual could easily have thousands of them within 50 years or something just looking at gross technological and societal trends. I'm old enough to clearly remember when *nothing* was net enabled. Not one single thing. nada. Zero addresses "needed". Now I look at today, go "hmm", and extrapolate it. Best I can tell, it will be a "quite large" number of things. I cannot provide an exact number,no one can obviosly, but bet a nickle it's more than a few zeroes attached to it on the left of the decimal point. And who knows, they might decide that addresses for "security purposes" are only used once, then thrown away, retired. That might use them up a faster pace. Ya never know..
I honestly don't care either, I am not the least concerned over whether or not there will be enough addresses or if we use IPv4 or 6. 4 is used now, seems to be working OK, 6 is installed on most linux boxes already, so it is a non problem as far as I am concerned. If there's a buck in it, it will happen, if not, nothing lost except some dev time fooling with it, and that's mostly voluntary hobby action by the devs..and if not, they are getting paid to do it, so no harm there either, general R & D action, something all geeks like..
You put a pretty basic lock on your door at home and call it done because the cost/reward ratio is such that when you balance the risks of robbery against the possible returns and the difficulty of entering, it is just not worth it for the robber. If the robber could identify more readily which targets would be the most lucrative, then those targets become less obscure, the balance shifts, and theft becomes profitable. The people that get robbed, usually screw up one or more elements of the equation and thus become less obscure: they leave a door clearly unlocked, they comment to the wrong people about an unusual possession, they dress and drive above the average incoming of their neighborhood. And so on.
It is the same in all other security situations. More obviously in key cryptography where you obscure the key in a solution space of numbers, but nonetheless, obscurity is everything where security is concerned.
instead of giving every machine in your company an internet-accessible IP, everything has to go through a NAT firewall except those machines you specify to be world-accessible.
If your NAT router includes a stateful firewall, why can't a non-NAT router include a stateful firewall?
Current Java support for IPV6 is broken. Not in a technical sense, everything works fine technically.
Java detects if the local host OS supports IPV6 and will try to use it when available, which seems like a GoodThing(TM).
When you ask the URLConnection class to open a connection Java does two DNS lookups, one for the IPV4 'A' record, and a second one for an IPV6 'AAAA' record.
If the DNS server replies with a valid 'AAAA' record, then Java will try to use IPV6 to connect to the remote host, which also seems like a GoodThing(TM).
However, checking for a valid 'AAAA' DNS record only tells you if the remote system supports IPV6. It does not tell you anything about the nodes in between here and there.
We are working on a Grid system using SOAP as the core message protocol. Most of our servers are hosted at university departments, and most of them already run IPV6 networks and will have been issued with valid 'AAAA' records.
However, we want users to be able to connect to our systems from outside. In fact, most of the development team work from home a lot of the time.
If I run a Java app on a Linux machine at home and try to connect to a server at a university:
However:
The last one is the problem. If it caught the Exception, and then tried again with IPV4, then we could use IPV6 where possible, and still fall back to IPV4 if needed.
As far as I can tell, there isn't a way of selecting IPV4/IPV6 on a per connection basis. The only way to select it is using a global system property at startup.
Which means that in order to support the edge case of professor using our system on laptop from home, we have to ship all our software with IPV6 dispabled.
If anyone knows of a fix for this please let me know.
Each service on each host of the private side of your firewall box grabs a port number on the public side of the firewall and registers a corresponding SRV record with a DNS server, and any application out on the real Internet that wants to reach it finds the port number dynamically from DNS instead of statically hard-coding it. The public side still needs genuine registered addresses, but the private side can use RFC1918 space (e.g. 10.x.x.x), and each public-side IPv4 address can support as many machines behind the firewall as it takes to run out of ports. So if your cellphone has a web server, instead of reaching it through its own IP address and port 80, it looks like 10.11.12.13:80 on the hidden site, but you reach it from the real world at firewall123.cellphone-example.net:4567, and firewall123.cellphone has a real IPv4 address 123.456.789.10. Somebody in the real world who wants to reach your phone either looks up _http_.13115551212.cellphone-example.net and gets an SRV record telling them it's port 4567 on 123.456.789.10, or else you just advertise http://13115551212.cellphone-example.net:4567/ and let their browser go there directly. So if the average cellphone has 16 ports active(counting both directions), then that one IPv4 address can support 4000 phones.
And yes, this still has problems - it encourages service providers of cellphones, DNS, and cable modems to hide their users behind NAT-like service, but it's a two-way NAT-like service, and they don't have to limit the ports or protocols the users offer to the world but many of them will. And it also encourages service providers to provide big web-proxy farms on the private side to reduce the number of ports used on the public side, which makes censorship a bit easier. And there are protocols that *know* which port they live on, so the client and sometimes the server applications would need to change to use SRV records instead, but that's probably less disruptive than teaching them to use IPv6 addresses. Other protocols like http (using URLs with port numbers) and smtp (using MX records) already have ways to specify the port numbers. Some protocols like IPSEC aren't happy with NAT, especially port NAT, but they often end up doing Stupid UDP-wrapper Tricks to work around that.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The last geek band from DC that I know of was Barcelona; good stuff. I'll have to check it out.
The wheel is turning, but the hamster is dead.
Doesn't anyone ever read their RFC's?
http://www.rfc-editor.org/rfc/rfc1627.txt
NAT sucks, ipv6+firewall will be a better system. I hope.
IPv6 is a bit like HDTV... it's been "coming" for a long time,
but I can actually watch some shows in HD now, so maybe there is
hope after all!
Our universe
------------
number of atoms: 10^79
number of photons: 10^88
c>
You don't connect the Toaster to the internet. You connect the Amiga to the internet and the Toaster is inside of it.
Video Production Support
The one thing stopping my from using IPv6 is the fact that I just can't remember that many characters.
What about anonymity? If everyone has a permanent static IP address, wouldn't groups like the RIAA have a much easier time tracking people down?
Not a sentence!
China has a gazillion people, but Brazil has a brazillion people!
On osx tiger, If you goto view your IP address it actually displays your IPV6 IP address as well, FYI.
fuck windows vista. the beta shows that its nothing more than windows xp with security settings taken ala linux and a gui that trys to be a windows hybrid between xp and osx. i hope it burns. i really do. where is the innovation.
Anyone remember that rant/virus 'warning' about the virus that would turn off your fridge, scare your kids and run off with your wife?
This was back in the day, when chain e-mails were the biggest problem on the net.....
Is there a solution to IPV6 multihoming yet?
A lot of the proposals I have managed to read seem to be hacks on top of Layer4/5 protocols which is interesting but probably useless.
Am I correct in assuming that individual companies are not meant to get IPv6 ranges?
37 - what does it stand for really...
The topology helps, as the IPv6 backbone developers have realized you can't have a horrible design and expect it to work.
The problem is not with customers of a peered network (as their prefix MUST match that of the peered network), but with peers of peers, where prefixes may differ. Because you have more levels of peering, the problem is theoretically reduced (as lower levels MUST share a common prefix and are - generally - not permitted to peer between branches in the hierarchy) but that is more human policy than technology.
There is some confusion with regards IPv6 and backbone connections. IPv6 was originally designed NOT to support default routes. The
So how does all this help? It helps because details are kept hidden as far as possible. IPv4 is bad on routing, because the layout is crap, too much is visible and has to be learned, multiple specific routes may need to be learned for a given prefix, corporations buy large blocks of addresses then share them with multiple sites using different providers, etc. IPv6 doesn't permit a lot of that and policies agreed upon don't allow the rest.
In the end, routing requires that you know every possible route you need to follow to get to where you want to go, in the most general form you can store it. There's no escaping from that. The trick is to ensure that absolutely everything is (more or less) equally general and no specific exceptions are needed. It is the exceptions that are the killer, not the rules.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
You've been around long enough to know that 1) IPv6 address space is the least relevant reason, but in a way that's kind of the point there, and 2) that NAT is nothing more than a kludge anyway. It's just that the address space troll always takes up nearly 100% of the discussion.
What seems to be consistently neglected in nearly all discussion of IPV6 are its real advantages:
- Expanded routing and addressing
- Simplified packet headers
- Header and payload compression
- Quality of service capabilities
- Authentication and privacy
- Multicast / Anycast
- Local-use addresses
- Integrity and key managment
- Autoconfiguration
- Multi-homing capabilities
Those that have rolled out IPv6 networks include NYU, CERNIC, and ICANN. Japan, China and Korea have also committed to larger scale rollouts all between 2005 and 2011.Routers by Cisco, Nokia and Juniper already support IPv6.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
My big reason to switch to exclusively IPv6 for at least my mail servers is that the spammers and their zombies won't be doing any IPv6 for a long time. I just have to wait until most of the places I want to exchange mail with at least have IPv6 in addition to any IPv4. That should give me a few years of nearly zero spam.
now we need to go OSS in diesel cars
I wholeheartedly agree with that. It's trying to solve too many things at once. Revolution instead of evolution always costs you. At first the new thing may seem to do everything the old could, but you later find out it doesn't.
It completely breaks the whole IP philosophy and moves to a bastard child of IPSec (the who-needs-routing-tables protocol, and the blatant layering violation brought by IKE) and IPX. If IPX seems good, you simply don't understand the beauty of IPv4.
For a different take on it, see DJB's piece at http://cr.yp.to/djbdns/ipv6mess.html
Cheers,
Emile
All generalizations are false, including this one. (Mark Twain)
What the fuck's wrong with you guys? Sure this is offtopic, but I can't contact him any other way. Man, the pricks this site attracts...
News for merdes. Shit that matters.
Ask me about my sig.
With a /64 subnet, you could start an ISP and never run out of addresses.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
The goal was definitely supposed to be that individual end-user companies don't get Provider Independent address space - they get chunks of ISP-owned space (which are big enough for anything they want to do inside it, because IPv6 has lots of bits), and they were expected to use DNS and DHCP or similar approaches to renumbering rather than hard-coding addresses (seemed reasonable at the time.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, that's the point of a NAT router with a firewall.
A device doing pure NAT would forward all traffic -- including unsolicited incoming traffic -- on the public IP of the router to your computer's internal IP. So yes, you're right, someone on the outside wouldn't know your computer's internal IP address, but it wouldn't matter because the NAT box would happily forward all the packets. Because that's what NAT means.
Most home router boxes have NAT with selective port forwarding, plus a stateful-firewall-esque feature where it doesn't forward packets that aren't part of a connection that was initiated from inside the network. These are strictly speaking not part of NAT, they just tend to be rolled into the same devices making people think of them as one unit. (On most routers you can turn these things off and get "pure NAT" by putting your computer in as the DMZ address, this gets you NAT without firewalling so you can run a server.) But all of them could be easily implemented on IPv6 with a firewall.
The perceived security of NAT comes from the firewall-type features that are built into most home routers, not from the address translation service itself. There's no security gained simply by not letting an outside attacker know your internal network address if your gateway passes all packets, and conversely none given away by letting your attacker know it, IF you have a good firewall that's set to reject unsolicited traffic.
With IPv6, users would still probably want to have a box sitting between their easily-owned Windows box and the public net, but instead of being a NAT+Firewall, it would just be a Firewall. To them, the use would be exactly the same, except that they would have real end-to-end connectivity when they wanted it, and still retain the same level of security (or lack thereof) that they have today.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
IPv6 is great, but what we have deployed in the internet is IPv4 and we cannot magically switch to v6. What is needed is a transition plan. But we have no good plan now.
Wow did you misread the bias in that article.
Geoff Huston, the guy you're quoting, the one who was defending current IPv4 status quo, was not the Cisco guy.
The Cisco guy was Tony Hain, who said:
"The end to sustainable growth of the IPv4-based Internet has arrived and it is time to move on. IPv6 is ready as the successor, so the gating issue is attitude. When CIOs make firm decisions to deploy IPv6, the process is fairly straightforward. Staff will need to be trained, management tools will need to be enhanced, routers and operating systems will need to be updated, and IPv6-enabled versions of applications will need to be deployed. All these steps will take time-in many cases multiple years."
Which, if you feel like being cynical about selfish motives, still makes sense. You're wrong, Cisco does sell tons of IPv6 capable gear, and most companies that decided to do a big migration would have to buy lots of that gear. Cisco wants you to move to IPv6, not stay with NAT boxes.
So, convince me: why is IPv6 the right answer to the problem?
That depends on the problem. Were the "address space" the problem being considered, then going to 128 bits for address and nothing else would solve that problem.
But NoooOOOooo! No matter how beautiful simplifying the header (even with the long addresses) such as has been done with v6 is, this committee couldn't stop there. They had to go and screw it up by layering on protocols and functions on top of protocols and functions. A router that has to pay attention to payload isn't a router, it's a gateway.
It is a matter of opinion whether or not DHCP "should" be a network or server function. Right now, it's served by routers if you want it to be, by servers if you want it to be. Creating limitations by bundling the dynamic network address allocation into network hardware is a decrease in functionality that only a committee could have dreamed up.
The only reason v6 is still debated is because of this second-system syndrome.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics