Slashdot Mirror
IPv6 Readiness Report
MythoBeast writes "In the latest episode of the Intellectual Icebergs podcast, Brett Thorson of Ravenwing provides a very good review of how ready our industry is for IPv6. He also provides a pretty good implementation guide for those who want to set up IPv6 at home."
We'll need IPv8.
Personally, I'd rather have a written guide of some form to refer to when I implement IPv6, though I'm going to listen to this just to see how it turns out. It'll probably be just like class where I scribble furiously to write down everything the professor says.
If I have been able to see further than others, it is because I bought a pair of binoculars.
IPv6 is a solution looking for a problem, at the moment in its current state nobody will use it, its complex , doesnt play with legacy systems (even win2k support is flaky at best) all those routers and wifi boxes that best buy are selling, most of the ISP's dont want it and dont support it let alone the users figure it out
its another "its coming" technologies thats "nearly" with us for the last 10 years and STLL nobody really cares, its like W3C validation, nice in theory but most people dont care about it and most of the html generation tools dont create it
Could someone tell this uninformed person what the hype is all about? So, we run out of IP addresses, so what? Seems like a market then exists where you could on-sell your IP addresses for $$$. Prices go up too high, market forces then result in IPv6 implementation. What's the problem?
(mid-90s silicon valley story - friend of mine was visiting a friend, the house phone rang, somebody answered it and gave some technical advice about windows. "Who was it?" "Just a wrong number, but it was an easy question.")
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I didn't bother to listen to the podcast, but luckily this is Slashdot so no one will hold it against me.
Geoff Huston's "IPv6: Extinction, Evolution or Revolution?" is probably the most insightful thing I've ever read about IPv6 deployment, although the conclusion is pretty negative.
But assuming that IPv6 is worth deploying, Microsoft is way ahead in getting computers IPv6-enabled. Their work on Teredo should make life a lot easier for P2P developers.
The link is just to an .mp3 file. Shouldn't I need an apple product to listen to this?
With a traditional IPv4 network, I was running out of IP addresses, but now I can give each sofa cushion its own address.
Most people think that the consumption of IP addresses is what's going to push the move to IPv6. While this will be a major factor, most sources I've read think it will be the exponential growth of routing tables that will eventually force the switch.
Every time a segment of IPv4 addresses are partitioned, routing tables must be updated to reflect the changes. Last book I read said the number of entries were around 100K and that it would double by 2010 (may have been later/earlier, can't remember the exact details).
With this many entries the problem of managing routing tables becomes near impossible, not to mention router performance will become critical if it can handle it at all.The huge amount of IPv6 addresses will allow major aggregation to that point that most routing tables will be a fraction of what they are now. Heiarchical routing will actually be possible with IPv6.
Of course you routing hardware can be upgraded and more people can be paid to manage tables but if you're going to do that might as well make the problem go away and add a whole lot more features with a new protocol.
What's with the background music through the interview? Does anyone listen to this podcast regulary, is this a normal thing?
"damnit, trolley I want in your signature." - Elburrito
Direct links to a podcast at work is irritating. Guess I should look at the status bar more often.
Anywho, I'd adopt IPv6 if more straightforward and simpler guides existed, or I just can't find them.
Once IPv6 comes into force, there will be no derth of IP addresses. And each device including PCs can have its own unique IP address. When a person is born in this world, a tiny chip can be implanted in his body which has a unique IP address. And this can be used as his identity.
And the same way a DNS works, the IP address of the chip implanted in the persons body can be resolved to his name.
Linux Help
for all things on Linux
We can't move to IPv6 until the spam problem is solved. With the additional address space that IPv6 offers, spam will increase by a googol if the spam gangs are not stopped. More spam is stopped because of RBLs now than any other method. IPv6 would make that obsolete.
IPv6 isn't going to work because of television. Chloe: "Jack, give me the IP Address of the workstation and I'll send you a decrypter." Jack: "Okay one sec........... Alright, got it! F as in food, E as in earth, D as in death, C as in card, colon, B as in bad, A as in apple, six, eight, colon, three, six, four, four, colon, one, two, zero, seven, colon, A as in apple..." FBI Agent breaks in: What's this? Jack? You're supposed to be dead! [shoots Jack] [Season Ends] Man oh man oh man. That's gotta be the reason why IPv6 isn't implemented yet. (Seriously, tech support nightmares)
That would smokin', having B-ISDN and IPv6 rolled out worldwide at the same time...
People
If you really want this thing to catch on one day, trust me, just call it iPV6... [see the lowercase i?]
you'll all thank me one day...
I listened to the podcast being someone who is quite knowledgeable in IPv6 and thought that Brad did a good job of laying out the important points and stakes in terms that someone new to IPv6 can understand pretty well, and he was very accurate on his information from a technical standpoint (aside from when he talks about the implementation headaches of PKI, he was way off on that one). I also agree with him on the state of IPv6 (fun for geeks/military types now, but not business and consumer-level primetime yet)
The interviewer isn't too bright however. Also, for the love of god, please stop the mp3 after the interview before he launches on his excruciatingly bad Matrix-metaphor monologue. You *will* thank me
Overall, I'd say it's a good listen if you are curious just exactly what some of the benefits of IPv6 are, but for anyone who is even slightly knowledgeable about IPv6 it's a "Move along, nothing to see here"
-DSRIf your WRT is running DD-WRT v23 you can run a 4-6 tunnel through the router and run RADVD on it to give your clients IPv6 address's.
/jffs/ file system.
:)
Here is a IPv6 Install Guide for DD-WRT and a WRT54Gs
I would love some more people to test out my little config and tell me if there is anything they do not understand in it. It's very straight forward and uses SMB for people who have a v4 Router (not enough room for JFFS). Of course you could simply move a conf to your
As Long as your running Linux (with ipv6 enabled) and Windows XP (run "ipv6 install") once the router is setup and running your clients get IP's automagicly. (or any ipv6 enabled OS for that matter)
Thanks
Solosoft.org - Your Online Resource to Nothing
you would think of all places the Internet would level the field, i guess i lucked out
i see no transcript so i guess me and my buddies will have to look elsewhere for our IPv6 fix
while some middle class podcasters pat each other on the back on how clever they think they are in mastering Sound Recorder and LAME on their moms PC
Jay
Umm, [adding more devices is] precisely why [NAT is] used.
Apart from that, NAT is also useful because of an inherent side effect, namely that a basic firewall comes "free" once your router has implemented NAT.
I believe that the design of IPv6 was flawed in ways that it has inhibited adoption which could have been much more rapid. The IPv4 address space should have been a subset of the IPv6 address space. This would allow easy interconnectivity to Ipv4. The other direction, for going from Ipv4 to Ipv6 is trickier, but could involve manipulation of DNS. When a ipv4 peer requests a IP for a DNS address, the DNS server will reply with a private IPv4 address, the router/gateway associated with the DNS server will catch the connection to this IP and reroute the connection to the proper IPv6 address. It does only work with DNS addresses, yes. A special block of Ipv4 addresses should have been set aside for this purpose exclusively. Problem solved. Most people use DNS anyway. Other solutions could be devised to access a ipv6 address without DNS from ipv4, a protocol that would allow users to configure a forwarding route on the router via some utility, so that all connections to a private IP are rerouted to a specified IPv6 address. This could have eventually been built right into clients as well. This would have allowed a gradual switchover. The problem with the current switchover plan is that since there are so few Ipv6 users, there is not much incentive for websites to make themselves accessible on ipv6, but at the same time, users see no benefit from moving to ipv6, since there are not many websites avialable from it. So in order to access the internet, people need two seperate Ip configurations, people are not going to bother with ipv6 since it is pointless to them, all of the websites are on ipv4. Thus we get nowhere. It is absolutely true that there must be a gradual transition period where both protocols will be used and where both protocols must be interoperable.
And that is when two things happen:
1) Every valid mail server will be registered with some trusted organization and deemed to be "officially licensed" by the world email community, and be able to be authenticated by database lookup plus an encrypted key exchange challenge/handshake thingy.
2) Every one of those mail servers will only accept incoming mail that is not only recognized by the database and key exchange, but will also have to pass thru a local whitelist lookup too.
Mirror to MP3:
p 3
http://www.qcs-rf.com/slashdot/intice_08_060129.m
We've already run out of addresses. Chances are, you use some sort of NAT system so that you can access the internet. NAT is a dirty hack that multiplexes one IP for use by multiple clients. This hack means you don't get to participate fully on the internet.
IPv6 gives everyone in every private network an IP visible to the world. Its as if someone took NAT and made it useful.
Y'know, they're going to have to come up with a podcast equivalent to RTFA.
The guy isn't some podcaster, he's a network professional who is specifically being paid by a bunch of government agencies to see how effective and safe this stuff is. You'd have a tough time finding someone more knowledgable in your state much less at a party you happen to be at, even if it is in silicon valley.
It has been said many times here on Slashdot, but it bears repeating.
There is no business case (yet) for IPv6. The internet was designed for resilient point to point connectivity, but the business world does not want that.
Today's security paranoid businesses want to keep their internet exposure to a minimum. Look at most companies - lots of computers behind one or two public IP addresses. Most internal hosts are firewalled, proxied, and natted INTENTIONALLY.
Sure, this creates some problems, but there are workarounds for most issues.
I keep hearing about handhelds and that millions of them will need their own IP addresses. I don't see why. I'm sure most of the wireless providers want to control the content that their subscribers can send or receive - that business model does not want a wide open network with each host directly connected to the internet.
In this type of business environment, I can't see why any business would want to throw away thousands if not millions of dollars in their existing IPv4 investment.
If you can explain a bulletproof business case for IPv6, then Mr. Chambers at Cisco may have a nice sales job for you.
-ted
Extending that further, then why not allow BellSouth to charge content providers access to their network? Fuck end to end, right?
$PERSON makes $TRENDY style comment about $TECHNOLOGY. $EDITORS don't edit, they greenlight based on $TRENDY. Oh wait, we're talking about whether IPv6 is redundant, necessary, or useful? Thats actually secondary to the point of the accepted submission.
I want to delete my account but Slashdot doesn't allow it.
I pity the poor deaf slashdotters... Oh, and those of us who cannot download mp3s at work.
It's quite a bit more simple than IPv4. More importantly, last time I checked, the defaqult route tables were over 180,000, not just any old router can store all of that. Some of the plans for routing IPv6 based on geography will be nice and allow us to really scale the internet performance wise. No NAT, that alone dramatically simplifies a lot of things.
I think when Vista comes out the push will really begin. Comcast and other major ISPs are all readying their plans to roll it out. I for one welcome out 128bit overlords.
IPV6 will finally get accepted when it's discovered that it's the only way to play a network game of Duke Nukem Forever.
Good, inexpensive web hosting
I run a dual stacked network at home using tunneled connectivity from SixXS (I live near Boston, MA, the tunnel endpoint is in NJ. This gives excellent latency performance.). With this tunneled connection came a subnet with enough IPs to last me many lifetimes. Additionally, I maintain a server with native IPv6 access including public access Jabber, NTP, and IRC. See here for more info.
IPv6 won't neccessarily get you anything you don't already have at this point, but the technology is ripe for experimenting and things work remarkably well.
isomerica.net | Foonetic IRC
For installing IPv6 on any *BSD: Pretty much the same. All the *BSDs have been IPv6-ready for a long time, under the KAME project banner.
For installing IPv6 under Windows: You go to Microsoft Research and install the stack. Unless it's already on the CD - it is, for some versions of Windows.
For actually implementing an IPv6 stack? Well, for that you want the RFCs on the IETF website, and the IPv6 evaluation kit (TAHI) that is listed on Freshmeat. I didn't type all the damn information for the various testing packages into the record for nothing!
Aside from that, I really can't think of anything you could need a guide for.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Tell me again why you don't need IPv6. Only, this time, say how you're going to meet these criteria whilst you're at it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
There was no business case for the transition from ARPANET's old NCP protocol to TCP/IPv4 in the 1980s - but there were technically compelling reasons. Luckily the ARPANET pioneers realized that a new protocol was needed to easily integrate the new services and applications they were thinking of deploying. Soon the WWW, e-mail, etc. exploded as they were simple to deploy on a powerful TCP/IP infrastructure. IPv6 makes it cheaper to deploy new network services and applications (like imbedded IPsec and QOS routing) by adding new extension headers to define new services. It also scales massively and offers both private networks and E2E options. You'd be amazed at how much extra code/infrastructure is necessary to get around NAT today to make many applications work.
We are currently working on a paper, with help from subject matter experts of the North American IPv6 Task Force, on HOW to get a return on investment from IPv6 technologies by adding new IPv6 based network services to enhance reliability, security, QOS, and mobility support in networks.
"As for the future, your task is not to foresee it, but to enable it." - Antoine de Saint-Exupery
This is why I hate podcasts. Text can be indexed, skimmed, and searched with everything from Control/Command-F to Google. It can be cut, copied, pasted, and even plagiarized if you want. A sound recording has none of these advantages, and it has several disadvantages: the speaker might use a lot of "um"s and "uh"s or be otherwise unpleasant, you can only listen at a constant speed (more or less), skimming is pretty much impossible, etc etc etc. Also, you can read a lot faster than you can listen--i.e., how fast the other person can talk.
However, therein lies the rub: even though you can read faster than you can listen, anyone can talk faster than they can type. (Rough numbers: Reading, 200 wpm; talking, 100-150 wpm; typing, 30-60 wpm, plus proofreading, editing, formatting--maybe just 5-10 wpm in the end.) So, we're depending on the person with information we want to take lots of time to put the information in the most useful format for us, versus them sitting down with a mic and talking and recording in one quick and easy pass.
Podcasts, basically, are easier for the producer but much, much less useful for the consumer. It'll be very interesting to see in the next few years how all this goes.
Of course, podcasts are great for a lot of stuff--dramatic reading, music, other kinds of performance; and the ability to listen to them places where you might not be able to read, like while traveling--but for straight information-sharing, they pretty much suck.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
"IPv6 Readiness"
IPv6 doesn't support fragmented packets. It forces both sides to restrict the MTU of that connection to the smallest MTU of any intermediate network component. In consequence, firewalls don't need to check for fragmentation and don't need to reserve any space for extra state information.
The practical upshot is that your bottleneck (the firewall) can handle far more connections with far lower latencies, which means B2B (business-to-business) and e-commerce network traffic can run much more smoothly and the system can manage much higher numbers of connections.
More connections with lower latencies, more business transactions. More transactions, more profit.
QED.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Hold on a moment. Close your eyes and count to three. One... Two... Three... Now, open your eyes and try, say, pinging
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
what the hell happened to IPv8?
no, really, I want to know!
Some Linux distros don't ship with IPv6-enabled net tools, but do include distinct IPv6 versions. Dunno why, that's just so broken.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I listened to the audiocast and picked up an important point- the commentator said IPsec (an integral part of IPv6) has historically proven undeployable except in small networks and would not enhance security.
He is probably unaware that just a few weeks ago, the IETF released a series of updates to IPsec [RFCs 4301 - 4309] and a new automated key exchange (IKEv2) [RFC 4306] to update IPsec to simplify and standardize implementations and automate key exchange. Also, many a few large organizations (DoD, MIT, pharmaceutical companies, etc...) have extensive public Key Infrastructures (PKIs) ready for IPv6 IPsec. A new deployment guide on updated IPsec and IPv6 will be published shortly by the IPv6 Forum.
"As for the future, your task is not to foresee it, but to enable it." - Antoine de Saint-Exupery
Once that's been done, it's just a case of those same ISPs offering a CD to accelerate Internet usage (ie: which use native IPv6 rather than the gateway) and conversion is complete. Complete conversion of the Internet, by converting each ring in turn transparently to all outside layers, should be possible over the course of a few months at most. A solid concerted effort could probably achieve everything up to the end-user level in a matter of weeks, without a single person realizing what was happening.
Of course, I don't seriously expect that to happen. Not because it can't, but because the level of cooperation needed is likely beyond most businesses today. It's purely a political problem, not a technological one.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Verizon DSL (NYC) not ready. Oh so NOT ready. CableVision (NYC) so not ready. All of my old linksys routers don't even support IPv6. Only thing I have ready for IPv6 is my damn Linux box.
Yeah, so far, I can ping myself all day... I'm just getting myself ready... any day now... really... c'mon... do it. do it.
"Don't let fools fool you. They are the clever ones."
Of all the places that don't need IPv6, home if the last place that I'll allow that abomination to creep in. Why would I need one million routable addresses per square millimiter of my apartment floor? In fact, why do we need to trade speakable addresses for 10^17+ routable addresses per square millimiter of Earth surface, including oceans?
Most cable companies, in their TOS, specify that you are only allowed ONE connection with your account, that is one computer. If you want 4 computers in your house to have internet, you need to pay for more.
What most families due, usually clueless to the fact that they are breaking a TOS, is buy a spiffy looking linksys or netgear WAP, which has NAT enabled by default, and share their single connection amongst all 4 of their computers. Because of NAT, comcast, or whatever cable ISP they use, is never the wiser.
With Ip v6 there would be no need for NAT, and comcast could see how many IPs are coming through each cable line, and charge accordingly.
I wonder why people always conjure up those magical market forces when in fact the "market" is tightly controlled by a few and extremely powerful monopolies? So what do you think will happen if IPv4 addresses really get scarce... I can tell you what's going to happen. Internet consumers (dialup/cable/adsl etc.) will find their asses behind NAT boxes and transparent proxies, maybe even limited to only being allowed to use http(s) in the "basic service plan" while "premium users" get limited access to smtp. I think having to choose between the excuse to extremely curtail service while charging more for less and going through a costly migration that gives more power to the consumer... ask yourself WWMD: What would Microsoft do?
Did they ever fix multihoming with IPv6? Last time I looked it was nearly impossible.
I suspect we will end up in a situation where the "rest of the world" uses v6 and the US uses v4 practically forever.
IPv6 does indeed have fragments, it just doesn't allow fragmentation to occur anywhere but at the originating host.
This is becoming a bigger problem on the net lately, people who post links to video/audio streams which do not have accompanying transcripts. The submitter may find it interesting, but I personally don't have a spare half hour to devote to your pet video/audio link (even if it is in a usable, open media format). I'll happily skim even a long page of text/html, but links to audio and video should be limited to digg-style funny videos or compelling interviews with meaningful summaries accompanying them. Anyone who expects clueful members of the slashdot/digg audience to waste their lives listening to some channel 9 msdn or other video stream and then make sensible comments on it is a fool.
it's a blue bright blue Saturday hey hey
Don't limit yourself to earth ... the solar system is a very big place. Earth is rather puny in comparison. The InterPlanetary Internet http://www.ipnsig.org/ SIG is working through issues on expanding the Internet outward [latency, anyone?] ... and who knows? maybe in 100 years we'll have millions of robotic explorers and harvesters out there, all connected to one big network, and each having dozens or hundreds of components requiring an IP address each. Having a system in place now saves us from many, many, many firmware updates.
Slashdot headlines, Jan 31, 2106
Deep space probe thought to discover alien "trash"
Direct IPv6 Link to probe's 'real-time' camera
42,000nd comment: Light speed is too slow ... but after 18 hours of staring at the screen waiting for the picture to come in, all I see is a flying toilet.
42,001st comment: Hmmm ... try blinking to turn off your screen saver. You'll then see it's a Coca-Cola bottle.
next 20,000 comments: ... the probe has been slashdotted! ...
and one that says: man, those alien-space-deities must be crazy.
Now along comes this new network protocol, which auto-configures link-level addresses, and is enabled by default on many modern OSes, and you have the potential for a protocol that people end up running on their network without even knowing about it.
To add to this potential problem, the fact that the TCP and UDP transports can run over both v4 and v6 means that network services can (and will) end up running on both. The end result is a potential security problem.
I can remember the time when most networks ran multi-protocol (and IPv4 was generally one of the smaller volume protocols in the mix), but many people can't, and very few people think multi-protocol when it comes to security.
That's hardly a "business case." And as another poster (unfortunately not being modded up) pointed out, IPv6 supports fragmentation. It's just that end hosts have to fragment and reassemble, and not intermediary routers. So, your firewall will see fragments anyway.
I'm feeling lucky
Version 5 of IP was assigned to an experimental protocol called ST2 (Internet Stream Protocol, version 2), which is described in RFC 1819 and, AFAIK, was IPv4 with QoS for voice and data over multicast or somesuch.
HTH
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
I'll just point everyone to DJB:
http://cr.yp.to/djbdns/ipv6mess.html
He pretty much covers most of it. IPv6 is dead on the public Internet long before it started. I knew this as soon as I called up MCI/WorldCom last year to ask if they had any IPv6 address space to add to our few class-C's and they laughed at me. If the folks who run half the Internet aren't ready for it, why would we be?
-M
when you see the word 'Linux', drink!
"hey there; I just finished memorizing my IPv6 address!" "hi; I just refreshed the IP on my dishwasher" "you deserve an ip" "i forgot to ssh into my coffee machine; how's it going?"
I agree in a world of perfect information and no barriers to entry, that theory would work. You can't build a large area wireless nework overnight. The incumbent wireless providers have an advantage, and they can use that advantage to dictate the terms of your wireless service. Would IPv6 really be the "killer app" that causes a bunch of investors to pony up billions of dollars to build another wireless network? Do doctors, lawyers, and businessmen really care what transport protocol carries their data? I doubt it.
-ted
Yes, there's an equivalent - it's LTTFP. But I don't *want* to listen to a fscking podcast, I want to read an article. There's also RTFPIWP - and the fscking podcast's index webpage says that it's a podcaster covering several topics and some music, and one of the topics is a talk with an IPv6 expert, and it doesn't say how long any of the segments are. He may be a real expert - I googled his name and he's taken reasonable positions in other discussions - but I do know lots of real IPv6 experts. I'd be happy to read his opinion, and I'd probably be happy in an interactive discussion with him, but listening to some undetermined amount of podcast blather to get to his segment isn't interesting.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The list above thoroughly distorts the "benefits" of IPv6 - this list has become a troll which shows up during every debate. I challenge the author or anyone else to actually show how to configure all of those things.
For information about how broken routing is, take a look at NANOG - enterprises can no longer multihome.
For information about how broken autoconfiguration is, take a look at Running IPv6 by Iljitsch van Beijnum.
For information about how broken IPv6 is with regard to speed of routing and transmission, look at cisco - most IPv6 is software-forwarded, as opposed to hardware forwarded.
The other items in the list are things which IPv4 does AT LEAST as well as v6 (yeah, try getting AES-256 to work with IPv6 on an existing VAM2, without using IPv4 anywhere, and then talk to me about IPSec-v6...)
There are good and bad things about the protocol, but it's NOT the greatest thing since sliced bread, and that list is a heap of garbage.
-David
Need Geek Rock? Try The Franchise!
I re-configured my cats last week!
Come here 4B 69 74 74 79, 4B 69 74 74 79!
Defining Statistics and Social Research
640 million email addresses are all the universe will ever need. ...
-- Tigger warning: This post may contain tiggers! --
My domain address was stolen by doteasy and they would never relinquish it. Thanks for reminding me to change it here.
Slashdot. It's Not For Common Sense
Some bloggers like to play "intrepid reporter", perhaps including a few seconds of low-res video on their page. Imagine they now have Mobile IP and multicast capability. Suddenly, they can do live telecasts at a resolution and framerate that is starting to approach professional TV studios. Even if only a handful of bloggers ever took advantage of that, the impact would likely be staggering.
Some argue that most of the business on the Internet is X-rated. Ok, I don't agree and wouldn't particularly like it if it were true, but if it were, I feel confident people would pay a lot more for near-TV quality live footage... at the same time, because less bandwidth is needed, the merchants would need to spend less. That makes for much larger profits.
(Mobility support also means they would not be restricted to studios, or stationary locations. There would seem to be a lot of possibilities there that are simply not practical right now.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The second is to use pre-defined keys - usually based on X.509 or some shared secret. This method strongly authenticates one or both hosts, depending on how it is set up. In a semi-secure environment, you would only want to connect to trusted wireless access points. In a fully secure environment, you'd also want to restrict connections to fully trusted user machines.
If you have a totally controlled environment, and want to have secure wireless connections, I'd say 802.11x would be better than a generic solution like IPSec. However, you can get IPSec for far more machines than you can 802.11x, so in an environment in which you can't rely on 802.11x being available, IPSec is an extremely good option.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Where exactly did I say that autoconfiguration is broken?
/8s (~167 million IPv4 addresses) in 2005 with 62 free /8s held by IANA and another 25 /8s worth of unused space available elsewhere.
I'm not saying it's perfect but I use it every day and haven't had any trouble with it in a long time. (I did when I ran Zebra on my Mac a while ago - don't ask.)
The IETF is actually working on a new way to multihome in IPv6 that works for everyone (enterprises, end-users) rather than just those than have a portable address block and run BGP.
Two other things that were brought up earlier:
Last time I checked Cisco routers didn't do IPv6 NAT, but only NAT-PT. Sounds like the same thing, but it isn't: with NAT-PT IPv6 hosts can talk to IPv4 servers through an address translation device, it doesn't apply to IPv6-IPv6 interactions.
Even with NAT in full effect we used up 10
I currently run a 6bone connection via HE's tunnel broker, which is nowhere near as exciting as running a major junction.
(It should probably be noted that running tunnels from the University was in violation of a whole bunch of rules. I even had to swear blind I wasn't going to run virtual networks, in order to get the University's Autonomous System number. Mind you, they got upset so often about almost anything that about the only way to do research was to ignore them.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The problem with routers further out is a good one. You'd have to start at the backbone routers and work outwards to the home user, to be meaningful. The firewall argument isn't quite as strong, as I'm arguing the router will proxy between IPv6 and IPv4, so inbound traffic to the host is still IPv4. Provided the IPv4 firewall rules were shifted to the internal network interface, they would still function exactly as before. (All you'd need then is sensible defalt IPv6 firewall rules for the external interface, and you're all set.)
Hey, I'm not claiming this would be something Joe Average Helpdesk Tech could do in his sleep. I don't see it as this Mission: Impossible thing, either. Certainly, antequated Cisco devices don't support IPv6 well, but modern Cisco equiptment supports it just fine. At the very least, if backbone networks are running archaic equiptment that is about to burn out from old age, I would hope they'd upgrade to something recent.
For the backbone, enabling IPv6 shouldn't be a big deal, as they won't experience any change in traffic. Even if it means updating a few systems here and there, the cost simply won't register above the regular background fluctuations.
ISPs that are big, fairly well-off, and have a fair amount of manpower they can throw at problems (Comcast, Qwest, AT&T, Sprint, even AOL!) are quite capable of going next and updating. Chances are high that they'll have fairly modern equiptment anyway, because they'll have proper service contracts. At least, I'd hope so!
Security, true, is a problem. Well, once you go native IPv6, rather than use proxies to flip between protocols. However, many security headaches are skript kiddies and I seriously doubt many skripts are IPv6-enabled at this time, OR have been updated with exploits relevent to the IPv6 stack and IPv6 routines in applications.
The faster the transition, the longer between first serious usage and first serious headache. That's time that will be needed to get the IPv6 code hardened. (Don't expect network researchers to harden their code - they never did for IPv4, precisely because it wasn't needed when they were the main ones using it.) No, the only time we'll see a real push for solid IPv6 code is when it goes live on a significant number of machines.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)