Slashdot Mirror
IPv6 Essentials
Carla Schroder writes "IPv6 is halfway here, so network administrators need to learn their way around it whether they want to or not. Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good. And, there is more to it than just increasing the pool of available addresses. IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses, such as built-in IPSec, simplified routing and administration, and scalability that IPv4 simply can't support. We're moving into gigabyte and multi-gigabyte backbones, and high-demand real-time services like voice-over-IP and streaming audio and video that require sophisticated QoS (quality of service) and bandwidth prioritization. IPv6 can handle these, IPv4 can't." Read on for the rest of Carla's review.
IPv6 Essentials, 2nd Edition
author
Silvia Hagen
pages
436
publisher
O'Reilly Media, Inc.
rating
10
reviewer
Carla Schroder
ISBN
0-596-10058-2
summary
practical, in-depth guide to implementing and administering IPv6
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
So, does that mean we're using IPv5 now?
Author of Enyo: Up and Running from O'Reilly Media
Everytime I see QoS mentioned I get a little feeling that we are being had. Based on the needs of customers, VOIP and streaming video should be prioritized ahead of non-time-sensative packets. Yet you know ISP's actually prioritize in reverse. They actually put hardware in place that throttles VOIP and Streaming Video traffic. I wish I could give ISP's a good figurative slap on the back of the head!
isn't it gigabit and multi-gigabit backbones?
gigabytes and gigabit are two completely different things
Gekido's Lair
I know you're joking, but you're completely correct. Not only is IPv6 _not here_, it's not even halfway here. Not by anyone's measure that would make any more sense than (for example) "IPV6 is halfway here in the same way that the PS6 is halfway here."
See, there's this thing called The Internet, and Google, and AOL, and CNN are all on it. We all agree that that thing is called the Internet.
On IPV6, there's nobody.
IPV6 is just a misnomer. It should be called "Really big addresses" or something like that.
By calling it IPV6 they've managed to convince a large number of people that it's somehow better than what we've presently got. It's not. The Internet is useful because of who is on it and who uses it, not because of how many addresses it has (or doesn't have)- after all, we could use IPX- which has more addresses than IPV4 and just come up with a new routing scheme and it'd still be just as complicated to deploy.
No, see, there _was_ no IPV4 before IPV6 come out, and that should be your first clue that we're doomed.
The designers and advocates of IPV6 really need to just pull their collective heads from their collective asses and answer the one question people like me have been asking from the beginning:
You say we're 75% out of addresses? Okay, how are you going to convince 3 billion people that they need to stop using the Internet and start using your new toy?
Stop insulting our intelligence and show us a single roadmap that fixes this problem you describe. Stop making crap up, and trying to convince us that more radical steps are necessary than actually are. Just Stop.
And someday Britney will learn to sing and parent, and all rappers will go sign up as sunday-school superintendents.
In the meantime, the folks at the end of the ISP wires will have to spend kilo to megabucks on hardware and software upgrades, not to mention training themsleves, and training the users. Think of the millions of linksys home routers and wireless access points that will haev to be tossed out or reflashed! THink of all the books with xxx.xxx.xxx.xxx ip addresses that will be obsoleted! Lots of frustrated human-hours, even if the IP6 world will run as smoothly as the book suggests.
"When the package says 'Real Chocolity Goodness', what's that mean? No chocolate."
-George Carlin (paraphrased)
what are the most obvious benefits of ipv6? will it offer improvements on stuff like latency? is that even related to the protocol? is it even a protocol?!
But IPv6 has bigger tubes! We'll be able to send internets faster!
"You will pay for your lack of vision..." - Emperor Palpatine to Ray Charles
"IPv6 is halfway here,"
Will it be here before or after viable fusion? What about DNF?
...Or could the problem of supposedly running out of addresses be 'addressed' (sorry) simply by adding another octet to IPv4? If I've done my math right, this would result in a 40-bit address instead of 32.
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
I will say that V6 certainly seems to have its advantages, but I've tried (and failed) to learn its structure based on reading Lord only knows how many existing FAQs and white papers.
As far as the time frame goes: I'm self-hosted, meaning my ISP gives me a data pipe and six static addresses, and I do the rest (including DNS). When the day comes that said ISP calls me up to tell me "Hey, we're changing over to IPv6 at the end of the month (or year, or whatever), so you need to be ready for it," THEN I will start worrying about how to implement it.
Until then, V4 and NAT are working perfectly well for me, thanks.
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
Back in the day, the 8080 architecture had 16-bit addresses, which limited you to 64 KB of memory. The 8086 used segement registers to allow 16-bit registers to address up to 1 MB of memory. But data structures were still limited to 64 KB unless you were willing to slow down your access time by a factor of four or more, and sharing data between code running in different segments required even more jumping through hoops. NAT allows more devices than IPv4 can address to communicate with central servers that aren't running NAT, but setting up P2P between systems that are both using NAT is damn near impossible.
Good-bye, IPv4, and good riddance.
Nothing for 6-digit uids?
Duke Nukem Forever promises to support IPv6!
Yes, IPv6 is better. Security, QoS, transparent roaming, autoconfiguration, etc, etc. Its not just more numbers. And IPv6 can interoperate with IPv4. All the sites on the internet would still be accessible to you if you were using an IPv6 ISP instead of an IPv4 ISP. Nobody needs to stop using the internet, we just need to transition over to a new protocol ON THE INTERNET. Its like saying paved roads were stupid because everyone was already using dirt roads and all the stores were on dirt roads, so it would be impossible to convince people to move off of the existing roads, and onto the paved ones where nothing was. Nobody is making new roads, just paving the existing ones dumbass.
I know you're joking, but you're completely correct. Not only is IPv6 _not here_, it's not even halfway here. Not by anyone's measure that would make any more sense than (for example) "IPV6 is halfway here in the same way that the PS6 is halfway here."
ipv6 seems to be going backwards in fact, with the closure of the vast majority of tunnel brokers & no sign of any ISPs planning adoption (and many (most?) not supporting the anycast address any more). If it's halfway there it's facing in the wrong direction...
The summary cites QoS as a motivating feature to adopt IPv6, and this is not a good thing. The very nature of the Internet (as an end to end best effort network) makes it impossible to guarantee any sort of service. As such, the only usage of prioritization is unfairly biasing some network resources at the expense of others. This is a direct affront on network neutrality.
The only place packet prioritization and traffic shaping should take place is on private networks, where QoS can be guaranteed. Services such as VOIP and IPTV would ideally be offered over these ISP local networks at an additional cost. This is not to say that VOIP over the Internet impossible, but it should not have an unfair advantage over other Internet traffic.
The only place where things break down is in the last mile, where ISPs are selling bandwidth that does not exist. In this case, something has to give, and so they must implement unfair prioritization schemes. The obvious solution is to honestly advertise minimum guaranteed rates instead. This makes it possible to prioritize a customers own traffic as the customer wishes without affecting others. (For example, if you want VOIP prioritized to the ISP local VOIP network.)
Of course, such a scheme would still allow different speed grades, and excess capacity to be utilized. It can not be emphasized enough though that prioritization has no place on the Internet itself.
Stop bring logic and facts to our pissing contest!
Seriously though the amount of terms and knowledge lost in RFC's and ignored by the self appointed "gurus of the internet" is sad.
At least the IPv6 is ready for the day we run out of IPs which will be upon us sooner than some zealots say. But the simple fact is you never need to go to V6 unless you want an IP that's v6. The theory is v6 will still remain mostly v4 compliant. The infastructure is being update for the switch over and that's all that matters. If you want to remain ignorant or believe v4 will be here forever you're welcome to and it should be for the most part. But v6 will also start being used when it's time (I have yet to hear one legit complaint about it other then we don't need it "now".)
Stop spreading fud about tubes. Obviously IPv6 is faster because of bigger trucks.
We will not switch to IPv6 until the spam problem is neutralized to a great degree. RBLs are the most effective method of stopping spam now. IPv6 would set anti-spam efforts back to the beginning almost. The larger amount of IP space would make stopping spamming exponentially more problemmatic. I urge other ISPs and networks to REJECT ipV6 until the industry cleans its own house, stops zombie PCs and spammers. Then and ONLY THEN should we consider ipV6.
No increased address space on the net until the rogue activity is controlled!!
I think back 8 years or so ago during the boom years, there was some apprehension about "running out" of IPv4 addresses, which I think drove a lot of the desire for IPv6.
I think it probably solves other weaknesses in IPv4 -- spoofing and some other cracker-ish issues that are difficult to mitigate against in IPv4.
I think, though, that it's a little like alternative fuels -- we know they're good for us, but nobody wants to bother with them until we have to.
I hope you'll take better care of her than that. "As of September 2005, Tony Hain (Cisco) estimated the unallocated IANA pool to run out by 2008. Geoff Huston (APNIC) then estimated in November 2005 this to happen in early 2012."
Until we have something that everyone wants and ONLY works with IPv6, we're not going to switch. That "thing" might be here today, but it seems we're all unaware what it is.
Sure, there may be things that are better, but I can do all of the things IPv6 can do with IPv4 and a slew of extra services that I'm already familar with (VLAN or service-based QoS, NAT, DNS, DHCP, etc).
I for one REALLY want IPv6 to get here, but the people who make my software and pay for my equipment won't change until they need to.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
IPv6 is halfway here
In other words, it's not here. Just as always.
so network administrators need to learn their way around it whether they want to or not.
I'm a system and network admin and I haven't needed to learn my way "around" it. Unless by that you mean, to "turn it off whenever possible". Which I do. Just upgraded some FreeBSD machines and made sure all the IPv6 stuff wasn't built.
Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good.
No, adoption is slower because IT SOLVES NO PROBLEM. Do you know how many customers we've had ask about IPv6? Exactly one. Because he read a post on slashdot like this one and wanted to know "if it was something he needed to know about". Guess what answer he got?
IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses
No, there is only one reason to switch to IPv6: if the sites you want to reach aren't on IPv4 any more. I assume since you are posting to slashdot (IPv4) you agree with me. (By "switch" I mean STOP using IPv4 completely. Otherwise you haven't "switched").
I'm going to treat IPv6 the same way I always have: as a sort of intellectual curiosity, and not something that affects my day-to-day internet use or professional responsibilities.
I had half started to believe all the hype about IP address shortages... until one of my clients purchased a T1 from AT&T. AT&T gave them 32 addresses without even asking how many they needed. They need two of them. If AT&T can blindly fork over 32 publicly routable IPs for a small business running a 1.5MB T1 connection, I think the "shortage" is just a bunch of hype.
Not that IPv6 isn't needed or that it sucks or whatever, but who else gets a feeling that by the time IPv4 is entirely out (9x%), IPv6 will be obsolete?
In that case, how about some authentic bona fide literal trusted QoS?
HTH.HAND.
Cut that out, or I will ship you to Norilsk in a box.
Actually, the ipv4 to v6 change would be a freeking *EXCELLENT* time to dump SMTP for something better, like Bernstein's Internet Mail 2000.
The spam problem is probably solveable, but not with SMTP.
RFC 791 refers to a interface that was _also_ the on-wire format in many situations. The "Version 4" is about as version-foury as 802.11 is "version 11 of link protocol 802".
Nevertheless, DARPA's Internet program isn't what we're using. We're using The Internet, this thing that people promise is running out of addresses. Calling it an extension of TCP Version 3 is not only just plain silly, but missing the point.
Here's another one: How are you going to change all that software?
Here's another one: Why would you even try to do either of those things while there's a much simpler option?
You can cry about how nobody ever told you about the real problems with IPV6, but that doesn't mean there aren't any. If you were part of the IPNG working group and didn't know about the mailing lists being censored to hide dissent, you're an idiot too. If you're not part of the IPNG working group, then why the hell would you expect to know about all the goings-on with IPV6?
shameless plug for dd-wrt open source firmware... (its got IPv6 support built in)
sig goes here!
It's true I tell you, feller at work's next door neighbour read it in the paper.
It's true I tell you, feller at work's next door neighbour read it in the paper.
Yes, and the US will adopt metric any day now too.
Why do I need IPSec on my home network?
So you can bang your head into a wall after reading the howtos and specs thus creating jobs for people that repair walls. The cost will be about $8.50 an hour.
Having to work for a living is the root of all evil.
How are you going to convince the 3 billion people to switch?
Tell them that they won't be able to access resource N (Slashdot, YouTube, whatever) unless they switch over.
How are you going to change all that software?
The software is mostly changed already. The majority of that is done below the level that your typical implementation requires it to be accomplished at. There are notable exceptions, but the parts that need changing are usually very small libraries at the bottom of the application.
Why would you even try to do either of those things while there's a much simpler option?
This assumes that the simpler option is adequate. The rest of the world is changing, with or without you, and if you don't change you won't be able to access content from IPv6 sites.
Wake up - the future is arriving faster than you think.
So windows has a new patch, and as I stated there still legacy support for IPv4, and if you really want you can tunnel v4 to v6 or v6 to v4 if you must.
Now it'll get hard but as long as Microsoft offers versions of XP networking that support v6, and IE then all those people will switch (or have the option). Firefox will upgrade when it's stating to go live, Mozilla, opera, all of these will either upgrade or become obsolete. I'm guessing they will upgrade. But even with out the upgrade there's multiple ways we can tunnel V4-v6 through systems. Remember anonymous browsing? What if that will do your browsing for you even though it's on v4 it can reach v6? Easy.
And I keep hearing there's a simpler option, care to share it with me? You can say "but there's an easier option" all you want it doesn't help.
RFC 791 is very clear in that it describes version 4 of the internet protocol.
Hell page 33 includes the exact words "version 4 of internet protocol".
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Why would IPv6 be any different? The ip address is simply a bigger number - 128 bits instead of 32. The ability to lookup is slightly more difficult, but not particularly so and your text based lookups are significantly slower anyway.
On the other hand, if everything has its own IP address (instead of NAT), and a much faster routing and DNS system, then you will have better tools to tell whether an email came from the server it claims to. If it doesn't, then you can guarantee its a trojaned machine sending spams with forged headers. You won't need RBLs then.
It's quite simple, really. You start with 6to4 or Toredo (which, in case you aren't aware, is IPv6-over-IPv4, and you can run it now), and you gradually start pushing the IPv4 gateways closer and closer to the core of the Internet, until the address shortage is alleviated.
http://outcampaign.org/
Do you know that you can change your MAC address when you want it? You could use the same mechanism to your advantage instead, changing it constantly and make it look as if there was an entire server room on that connection.
Sorry to break it for you, but your opinion doesn't matter a damn. What matters is: Do the government and big companies want it? If so, they'll drag the rest of people with them. If the government requires it, ISPs will provide it. If companies implement it, then their sysadmins will go setup their and their friends' home networks with it.
Actually, no, it'll help a lot.
It looks like lately spamming botnets are getting popular. It's easy enough, infect lots of computers, then use them to relay spam working around the blacklists. At least something will get through, and given enough boxes, a LOT will get through.
By MASSIVELY increasing address space, IPv6 will make brute force scanning completely impractical. Currently a single box with a good connection can test every IPv4 address in a short time (measured in hours IIRC), IPv6 will make that impossible.
That means it won't be possible to randomly infect computers anymore, attackers will have gather address lists somewhere and target specific addresses. And that's going to make it a lot easier to find the point of origin and neutralize it.
Not only that, but with IPv6 there's no need for NAT or dynamic address assignation anymore, which means that an ISP just gives out everybody a subnet and forgets about it. Now bans can be a lot more precise as you can definitively ban a single computer, then escalate to banning the whole connection.
Just to clear up a few misnomers:
The whole of the IPv4 address space is included in the IPv6 space.
It is possible to translate between IPv4 and IPv6.
IPsec is not mandatory, therefore the processing overhead is optional.
cheers,
Aehgts.
"If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
I started a section on my wiki site to help me learn about IPv6. I'm going to be using it to help with some Ubuntu deployment. There is also a signifcant amount of information related to use in Windows, and if you get a DD-WRT-capable router ($45 for a Buffalo on Newegg), you can have IPv6 in your home.
Life is irony, and nothing ever goes as planned.
It's been a while since I've bothered to look at IPv6 -- so, did folks ever work out the multi-homing issues with IPv6, so that companies (like, say the current favorite, Google,) could have multiple simultaneous connections with multiple backbone providers?
(This seemed problematic for a while due to the hierarchial nature of the IPv6 address space forcing a tree-like structure into the routing and preventing the possiblities of having links between branches.)
Actually, 802.11 specifies that the version number in 802.11 frames should be 0, not 11. In fact, there are only two bits allocated for the version, so 11 (binary) would be the last possible version.
Why do I need IPSec on my home network?
Well, one obvious application that home users would be interested in is adding another layer of authorization/encryption for home wireless links.
Not to mention how useful IPSec is for people who work from home (built-in, easy-to-deploy tunnelling would be so very sweet).
Top 7 FUD reasons to migrate to IPV6:
1) "We're running out of IPv4 address space!"
- People, even if every possible human house hold item requires an IP in the next 5 years, NAT in IPv4 will handle this just fine. Same goes for corporations. We've been running out of IP space for 10+ years now... but have we ran out? Nope, tonnes & tonnes left!
2) "IPV6 supports IPSEC natively"
- Yeah, so what? We've had IPSEC VPNs on IPv4 for like a decade now.
3) "IPV6 supports QoS!'
- Ummm... VoIP & video w/QoS has been working just fine since at least 2002 with IPv4. TOS & DSCP Ethernet header options have been around for ages before then.
4) "But IPV6 supports GPRS for modern mobile networks"
- Newsflash: Most mobile networks are still running IPv4 just fine and will continue to do so.
5) "But the US DOD is migrating to IPv6 now!"
- Yeah, maybe it's because they need to implement security through obscurity... seeing as barely anyone understands IPv6"
6) "What about most of Korea being on IPv6?"
- What about it? North America 'started' the Internet, so we have more IPv4 public address space than late adopters like South Korea.
7) "IPv6 does Multicasting natively"
- Er... Have you actually looked at how complex Multicasting is in a private network? Now imagine trying to implement that on the Internet with 128 bit HEX addresses that come with our lovely IPv6. Plus like everything else, Multicasting is working just fine with IPv4.
People, a migration to IPv6 for most Enterprises is a hella complex & expensive nightmare. Until there's actual BUSINESS needs to do so, it's really just make(alot_of)-work projects. So far every conceivable advatange of IPv6 has been resolved by 3rd party IPv4 protocols (i.e. DHCP, IPSEC, QoS, etc); plus there's analytical studies out there that claim migration to IPv6 may have a significance performance impact on your expensive WAN links due to packet header sizes being dramatically bigger. Some estimate as much as 50% WAN link speed increase requirements for the same amount of payload (considering 64 byte average payload per packet).
Wake me up when we ACTUALLY run out of IPv4 address space...
Adeptus
No trees were killed in the making of this post; however, many trillions of electrons were horribly inconvenienced.
But I like my NAT! It helps keep me safe... since nothing outside of my network can initiate a connection to an internal machine. Will we still be able to use it? Why do people assume it's such a PITA?
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Why? Simply: MAC addresses are only 48-bit, or 64-bit if everyone were to switch over EUI-64. IPv6's 128-bit size is a lot larger. There are 281474976710656 MAC addresses, 18446744073709551616 EUI-64 addresses, and 3.4e38 IPv6 addresses.
So, IPv6 is approximately 1208925819614629174706176 times larger than the MAC address space.
If you need help visualing this, here are the address space sizes padded with 0s in a monospace font. A space has been added in the middle to prevent
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
OK, fine. Where are you going to stick the extra octet? The only legal place to put it is in the IPv4 options. A proposal that did just that, IPv7, was actually floated. IIRC, it was dubbed "toasternet" because the proposal got "toasted". Interestingly enough, I was able to experimentally route "toasted" IPv4 packets, and hit about half of the web sites I tested. I had no way to verify end-to-end transmission, but sometimes my SYNs worked and sometimes they didn't. AFAIK, The existing infrastructure does one of two things: 1. ignore the options and route the packet normally. 2. Drop the packet, because admins set up the network to drop packets with such options as "suspicious".
FWIW, I think IPv7 was a fine proposal, and I have no idea why it got "toasted". People would have had to augment their existing IPv4 stacks. All IPv4 address owners would have immediately gotten a /32 in your proposal (a /32 now has 256 IPs). The options field could hold even more data, making a /32 into 64k IP-addresses. Perhaps the internet authorities didn't like the idea of simply multiplying everybody's address allocation. Google around for "toasternet" and IPv7 if you're really curious. I'm sure the full story is out there somewhere.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Bernstein's IM 2000 doesn't work the way people expect mail to work, and so I'll say it will NEVER be widely used.
The fact that the sender needs a machine to always be accessible for the receiver to fetch it from, if you have 2000 possible senders does that mean the receiver has to poll 2000 different servers regularly?
If the receiver just has one IM2000 server to poll, and the senders with transient machines upload their mails to that server then that start to look like SMTP and POP3 doesn't it? And with the same problems all over again.
The amount of work implementing something practical that looks like IM2000, would be about the same as requiring everyone to use crypto/signed messages and stick to plain old SMTP/POP3/IMAP.
djb is a smart guy. But he has not shown how IM 2000 can work and be practical, and actually be a significant advantage.
Actually I think your gunshot metaphor isn't making the point you think it is.
Let's say there are two people, Joe and Bob. Joe has a sucking chest wound. Bob has a bad stomach bug from some questionable Chinese food. They both want to go to the hospital, and there are two methods of getting there: the high-priority route, which involves calling 911 and getting taken there in an ambulance to a special door, and directly in to see the doctor; then there's a low priority route where you take a car, stand around in line with the rest of the walking wounded, etc.
There's nothing preventing Bob from calling 911; assuming they have the ambulance to spare, the EMTs will still pick him up and drag his ass to the hospital. Why doesn't he? Because it's really freaking expensive, that's why. Nobody takes that route if they can possibly avoid it, because if you get caught doing it when you weren't actually in trouble, you get the bill. The guy with the sucking chest wound doesn't give a damn about how much it's going to cost, so he's going to be calling 911 regardless. Thus the prioritization is done by the users, and there's a strong disincentive to abuse it. (There are other disincentives too besides cost, but I'm simplifying here.)
Taking this back to the matter at hand, the solution is really just to make people pay for the level of prioritization they want to have, on the packets they want to put it on. For most people, this probably means paying extra for their VOIP packets to go "real time," but not for their WoW packets to get the same treatment. But hey, if you want to pay for your WoW/porn/bittorrent to get flagged as "needs real time" and "needs high throughput" or whatever else, you're more than welcome to if you can put your quarter on the bar. That seems fair to me: everybody who pays the same, gets the same service. If we both pay for nothing but bulk-packet, 'best effort' delivery with no prioritization, then neither of us should get it. If you pay more, you should get more.
The only issue with this is making sure that ISPs don't use the monopoly power they currently hold to price gouge: the price for packet prioritization should be determined by something akin to the actual cost to deliver "one more packet" with the higher priority versus the lower, not the maximum that someone is willing to pay for it. (That's the difference between the competitive-market price for a good and the monopoly-market price; micro-econ 101 if I remember correctly.) If we can make the market competitive and thus not allow it to turn into screw-the-consumer day at the cableco and telco office, that's probably the most fair outcome.
Any system which depends on the end users to be trustworthy is inherently flawed. The internet is riddled with the corpses of protocols and systems that depended on the good nature or trustworthiness of end-users not to abuse them (*cough* Usenet *cough*); it would be a giant and indefensible mistake to create such a situation with that in hindsight. Any system that is being designed today should take on premise that its users will, if given the opportunity, attempt to manipulate the system to their own advantage at the expense of others, as far as they are allowed to do so without a strong and direct disincentive.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
QoS is needed exactly for things like voip and iptv. IPv6 having QoS doesn't mean internet traffic needs to be prioritized, it means that they can run internet traffic, voip traffic, iptv or other streaming video traffic all over the same lines, each with different priorities, inside their network. Exactly what you describe with ISPs providing these extra services is exactly where IPv6 excels. That's the whole point.
Are you sure you understand IM2000?
... maybe somewhat like SMTP, but it would have a maximum size of maybe 200 bytes. Then the recipient knows exactly where to pull the whole message from -- IF it passes the blacklist check.
You would not need to poll any possible server that might send something to you. A small "token" message is sent
The sender stores the mail until retrieved, and there should be a good realtime blacklist system. When a spammer attempts to send a payload, it is blacklisted before the vast majority of the victims get it.
Seems like a sound concept to me, the only major disadvantage being the change involved. But communication is changing anyway. A lot of people already realize that SMTP isn't totally reliable. A lot of people are using IM or MySpace instead of regular email.
Don't talk to him at all.
IPv6 is not about USERS, it's about ADMINISTRATORS.
Users will not feel the difference, aside from setting up home networking, which will be more automated than ever.
there is no issue with my network
Slashdot, please see my sig.
Bloody luddites running this site.
Get your own free personal location tracker
This is a really rough idea, but I'll lob it out for some thought (and release all future IP claims)... I might even be similar to IM2000, which I haven't read about
How about evolving email to a P2P application where the email never passes through any ISP's computer... and transfer the email over an encrypted channel. Using a central directory something similar to DNS, if you wanted to send an email to john.doe@isp123.com, you would query to get back the IP address of the computer (or maybe something more clever to hide the recipient from the sender).. that is handling email for him. The sender would have to identify itself for approval to permit the recipient to manage which senders they wish to receive email from and under what conditions... having a simple reliable method to determine how long the sender has been registered would greatly limit hit-and-run spammers.
This is not a server at isp123.com (although it could be a proxy or intermediary for corporate mail or computers not normally online)... an IP address and encryption key is returned.... the sender connects to the IP address, an encryption key exchange takes place - once the mutual key exchange and authentication takes place, the email is sent by the sender. If the recipient's computer is offline or ignores the connection request, the sender adds it to its polling queue and tries later.
The value added by SMTP was back in the old days when bandwidth was expensive, email was often delayed to be sent via UUCP overnight, international circuits were hugely expensive and small, and most client computers (and many email servers) could not be assumed to be online 24/7. Those guiding principles are no longer true.
There is significant evidence that IMs and SMS messaging are largely displacing what people used to use email for - especially in the under 25 group. Email might be a problem that doesn't need a solution.
Final 2006 "Proof of Global Warming" US Hurricane Count -> 0
Actually, your MAC address, which is a globally unique identifier, forms half of your IPV6 address unless you do something unusual to avoid that. So it is a very valid privacy concern.
The AOL search data episode showed how easy it is to unmask anonymity when all you have is a bunch of URLs coming from the same unique anonymous identifier. IPV6 increases the risk of this kind of aggregation of supposedly anonymous activity.
When IPV6 is here, Choicepoint will probably pay for your MAC address. And everyone else will pay Choicepoint to know who the "anonymous" person is visiting their website.
As a bonus, NSA will find it easier to know exactly who is using the free public wifi at the library.
> * NAT is a kludge. Alot of services (VoiP, Filesharing, IM-Filetransfers) will just work smoother without, and the customers will probably like that.
"Services" require "servers", i.e. machines listening to the net and willing to accept unsolicited connections from any IP address on the net. Do your *REALLY* want Joe Sixpack running ftp, http, IM, etc. servers under Windows?
I run linux. Linux is a lot more secure than Windows, and I'm a lot more computer-literate than Joe Sixpack. Having said that, I still insist on hiding both of my machines behind a NAT-ing router. It's one more layer of defense-in-depth. No matter how good linux may be, I don't want to tempt fate by letting the Russian mob pound away at my machine 24x7. A hardware firewall is more secure, and also cuts down on the crap in my firewall logs.
> * Uniquely addressable gadgets. Your cell phone and your PIM could have their own addresses and you could access them from anywhere.
And the Russian mob can also access them from anywhere. Just what I want/need... !NOT.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
> We will not switch to IPv6 until the spam problem is neutralized to a great degree.
Totally irrelevant, but your choice.
> RBLs are the most effective method of stopping spam now.
*BZZT* wrong. RBLs would have been a good idea if there was a way to maintain them actively. Experience shows that none of them are maintaned in any useful way (leaving inactive addresses blacklisted for years in some cases), giving false positives at an alarming rate. Greylisting does work with only trivial to insignificant numbers of false positives (all of them RFC violations and stupid configuration errors), and if you're addicted to blacklists, there are greytrap-based lists available which are purged of anything older than 24 hours.
Moving to IPv6 will not change any of this. Getting rid of the unwashed masses of unmaintained, moron-operated machines with Microsoft products might help ease the spam load, and moving to IPv6 exclusively might actually help achieve that.
-- That grumpy BSD guy - http://bsdly.blogspot.com/
When the US FCC first allocated UHF TV channels (all the way to 83; wow) there were UHF-coverter boxes sold that switched the UHF frequency down to Channel 3 or 4. People didn't have to throw out their VHF-only TV sets. As older sets wore out and were replaced by UHF-capable TV sets, the converter boxes faded away in electronic history.
There'll be a similar scenario when digital TV (ATSC) replaces analogue (NTSC) TV. For a few years, there'll be converter boxes that'll let your old-fashioned NTSC TV set show digital channels... albeit at a lower resolution.
When IPV6 becomes necessary (one of these days), there'll be a market for a multi-port router box that lets you plug ethernet from 4 IPV4 machines into the back, and does IPV6 on the internet-facing side. This will allow home users to continue using their current hardware and software. And they will continue to enjoy the security benefits of NAT. As time goes on and older hardware wears out, hardware and software will come in that is IPV6-capable. The transition will be smooth and one day people will remember IPV4 as a historical curiosity, just like some of us oldsters remember Gopher.
Having said that, I will still use a NAT-ing router (even if it's IPV6-to-IPV6), so that the Russian mob won't be pounding away on my machine 24x7.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
I'm still sceptical about IPv6. There's been too much optimism and too many false starts -
r y=ipv6_meme_update
http://www.realmeme.com/roller/page/realmeme/?ent
The software is mostly changed already. The majority of that is done below the level that your typical implementation requires it to be accomplished at. There are notable exceptions, but the parts that need changing are usually very small libraries at the bottom of the application.
This is an extremely naive view at the situation.
No, the typical application cannot be converted to IPv6 by linking to another library.
Even when major operating systems have IPv6 support, that does not mean that most of the software has changed already.
When I take a look at the typical "network appliance" availble today, there is no IPv6 support or it has been disabled. And probably when it is implemented, it has not been tested.
There is still a long way to go.
I'd love to use IPv6, but reading djb's take on ipv6 really makes me wonder if we're ever going to get there. I don't know what the current situation is, but from reading djb's comments it looks like if I deploy servers on IPv6 only, then I'd have a network that would be completely separated from IPv4!
Claiming to be pedantic on Slashdot is asking for trouble
Actually Earthlink has a cool patched linksys image with ipv6, with the same web interface as the original one, plus with a ipv6 page for easy configuration.
I recommend it for anyone with a linksys and who are ready to check it out.
Rgds
Daxomatic
I think the point about IPv4 is that for the people it works for right now there isn't much wrong with it: QoS isn't much of an issue, Security can be dealt with, configuration isn't too hard.
But it isn't necessarily that way for everyone. China and many developing nations don't have enough IP space. IPv4 configuration IS unnecessarily hard- why can't I just physically plug two machines together and have them work? Security is fiddly to configure. NAT adds an additional layer of complexity to everything (e.g. UPnP in home routers, magic VoIP tunneling stuff, peer to peer protocols) and adds a layer of accidental security at best. Of course there are solutions which work around all these problems but if we were starting with a clean slate and a choice between IPv4 and IPv6 the choice would be clear.
So for everyone who has good working IPv4 networks: great. For many others, IPv6 will be (or become) a good alternative. It can come in to play piece by piece- home networks all running IPv6 because noone configured IPv4 services and the ISP supported IPv6 so everything just worked (which could be a reason for ISPs to use IPv6: simpler service configuration). Carriers that use an IPv6 address space on mobile devices because the roaming support makes things easier- leading to large, although disjoint, networks of IPv6 devices. Countries (like China) who use IPv6 internally because, frankly, IPv4 address space issues mean they have to NAT everything out of the country anyway and they get to be on the leading edge of technology development selling back to places like the U.S. rather than buying.
IPv6 doesn't have to happen soon. It just needs to have stable network stacks in lots of places (which is what is happening with Windows, Linux, MacOS as well as Cisco, Nortel and so on) and it can become a natural alternative in a range of situations. The interconnection between IPv4 and IPv6 networks is ugly but is do-able and no worse than the current horror that is NAT.
I don't see the IPv6 transition happening in a wide spread manner any time soon. But I do think it will happen.
IPv6 is not required to do QoS, and I really wish people would stop trying to associate the two - IPv4 has had QoS (via the 3-bit IP Precedence field and the 6-bit DiffServ codepoint that has superseded it) for decades, and virtually every router has QoS support. Both IPv4 and IPv6 have identical 6-bit DiffServ fields, termed the TOS byte in IPv4 and the Traffic Class in IPv6.
This is a bit like IPSec, which works fine on IPv4 even though it was designed alongside IPv6 (maybe that's why it was initially so NAT-hostile...)
The only unique IPv6 feature for QoS is the flow label, which is intended for easy classification of 'flows' such as a session on a specific source & destination port combination - however, this is really only useful with RSVP QoS, which doesn't scale well and requires application changes, and has therefore never taken off. (I worked on QoS technology and policy management for quite a while from the late 90s.)
The hard part of delivering QoS is the political/commercial agreement, and after that, agreeing on what the QoS levels should be. Telcos already run IP networks for use by business IP VPNs (MPLS not IPSec) this way, so they have a lot of experience.
IPv6 is a great technology but its main benefits are around router and host autoconfiguration, and never having to worry about IP address scarcity again.
I've written a small report on IPv6 for a university course. It was intended to give a general overview of IPv6. Here's a link if anyone's interested: http://szyman.magres.net/mydocs/net/ipv6/IPv6_and_ Transition_Techniques.pdf
The rest of us are on the Internet. It uses dotted-quads, and A records. None of this AAAA or D6 or A6 garbage. It's also where google and cnn and aol are. It's where we're communicating now- and where slashdot is. _THIS_ is the Internet.
If something doesn't contain this, it isn't the Internet. Period. I might as well call IPX an Internet Protocol because people do it inter-site. Heck, TP4 has wider deployment than IPV6, so let's call _IT_ the Internet.
Because the Internet isn't a protocol, or a program, or even your pet inferiority complex. The Internet is a concept that lots of people had to share to make it exist.
JUST an end user?
I'm sorry, but since you're telling me I have to replace all of my hardware, software, and change my configuration settings to get on _your_ network, I'd say your engineering puts you at about the intelligence level of the morons who thought source-routing in RFC821 was a good idea.
You're a fool and a sucker. IPV6 is suffering a worse fate than MX records. Think about it:
MX advocates say "change your mail software, configuration, and databases. MX will make things _so_ much better!"
Never mind the fact that the gross majority of domains have a single MX, and the gross majority of MTAs don't actually load-balance.
Besides: both WKS and SRV records are better engineering than MX.
The real reason IPNG wants to push IPV6 is because they don't like putting addressing in application protocols. They think the Host header in HTTP is a "kludge". That RFC821 mtas shouldn't see domain names. They want to return to a kinder-gentler Internet that just plain never existed.
So just sit-back and relax, and wait for the IPNG people to bail you out. Fifty years from now, someone smart might get on the IPNG and actually tell them how to fix the problems they're talking about. But until then, just keep shooting your mouth off and tell people how smarter you are than them. After all, say it loud enough, and with just as little information and justification as possible, and they might actually believe it, saving you from actually having to be smarter than them.
So what? _I_ own IPV6 space. IPV6 space is cheap. Why don't you have IPV6 space?
I hedge my bets, and eventually I'll want to do something using IPV6. Maybe in fifty years, someone will have managed to figure out how to actually deploy IPV6, at which point, and IPV6-based islands I created won't go through the headaches Apple went through when they decided to "migrate" to the Internet.
Guess what, you can buy IPX addresses too! And the right to name stars! And real-estate on Mars!
It doesn't mean that IPX is making a comeback any more than that real-estate can actually be turned in your lifetime.
How does it feel to be wrong?
No, telling people "you can set up tunnels if you want to reach the Internet" is mind-blowingly obtuse.
What do you think happens to obsolete systems?
First of all, its not a mere matter of changing software. Programs that once stored four bytes now need to store 16. Their parsers are different. URLS no longer match the expressions described in their earliest specifications. Documentation and think needs to change as well.
Then, routing tables and methods need to change. All those 256MB routers getting full BGP feeds need a memory and a hardware upgrade. And they're "brand new".
And everyone needs to change "all at once".
See, the idea behind IPV6 migration is "sites will start providing both IPV6 and IPV4, and eventually they'll stop providing IPV4" - but nobody at IPNG ever says why they'll start providing both. It's silly.
Why would I spend 30,000$USD to refit my network to support IPV6? Nobody's on IPV6. It doesn't get me any more customers, and given how complicated it is, it looks like IPV6 is vapor. What possibly can motivate me there?
So IPNG resorts to fear-tactics "We've exhausted 75% of the IP space, We're running out! OMG!"
And that makes their position worse: IPV4 has four billion addressable hosts, they say three billion are entrenched and they want to uproot three billion hosts twice!?
Tell me, exactly what part of their migration plan made sense to you?
Why bother? Why do I want to be on IPV6 and have a lower service quality than I did on the Internet? So what if my ISP will proxy me to IPV4.
How would you feel if your ISP served IPX connections over PPP and gave you tunneling software to reach the Internet?
What are you talking about?
I don't understand this. I suspect most people don't understand this.
Ah, well, it's so mind-blowingly simple you won't like it: It doesn't inconvenience 3 billion people.
Push addressing to applications.
1. Mandate new applications support SRV records. Deprecate all other resource-specific RR types. This way services can live on any port they like. This increases the number of addressable sites by rougly 2^15. This buys people time (if the needs are
2. Allocate IPv6 addressing in a protocol. Give it UDP port #6, and allocate the top 16 bytes of the packet as a long-address. This makes 20-bytes (or 2^160 addresses).
Note at this point, IPV4 is simply 4 billion networks, but we've got 2^175 addressable nodes. More than IPV6, and we don't have to change anything _except_ what we're _going_ to do.
Next they're going to expect us to adopt the metric system or some such wackiness.
I'm a fiscal conservative, it's a pity we don't have a political party anymore
The internet, an agreement between parties to speak a common language when communicating, has immense value because it leaves the prioritization and customization of services to the retailers (i.e. enduser ISP's, content providers, distributors, etc.) which facilitates choice through diversity/competition and therefore quality and optimal pricing.
Trying to make the internet do some things better than others, as World of Ends so eloquently puts it, obviously comes at the cost of doing some things worse than others.
Vista installs ipv6 and ipv4 stacks by default... it should be a transparent switch for Joe Sixpack, once gateways are updated as well (My new Linksys isn't ipv6 at least - dunno about other brands).
Jeremy
...For the multiple explanations. I now understand why simply adding another octet wouldn't gain much of value.
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
AFAIK the original proposal never mentioned sending of a small message.
;).
Even with such a notification based IM2000 style system, for many practical reasons the actual sender is unlikely to be the one holding the mails. The mail would have to be stored on an ISP/3rd party mail repository, or on one of the thousands of zombie machines "owned" by spammers
Thus you will have the problem of who gets to submit mail to the ISP's mail repository.
Wow now it looks like the same problem as SMTP doesn't it?
And I believe most of the solutions are applicable to both SMTP and IM2000. Just nobody seems to want those solutions - CAs, everyone with certificates, crypto. And many people may not like the idea of some central authority effectively deciding whether you can successfully send mail or not.
Worse, in initial stages you will have to have IM2000 to SMTP gateways and vice versa. So the IM2000 users will still get spam from SMTP sources...
I think I understand IM2000 pretty well and have some idea of how the real world works too.
I wonder whether the IM2000 proponents actually do.
I think they should think things through properly, rather than come up with half baked ideas.
And back to the topic: the problem with IPv6 is it isn't backward compatible with IPv4. If it was backward compatible, the switch to IPv6 would have been much faster.
You are right.
It's = contraction of "It is"
its =
I usually get it right.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
> Wow now it looks like the same problem as SMTP doesn't it?
To a lesser extent, I think.
IM2000 would only work with one or more centralized blacklists, and that can also be done with SMTP. Couple differences:
1. in IM2000 the mail would normally not be transferred from the source ISP until it was requested for viewing. (Of course, some users would likely batch download mail.) So spam would not need to waste so much bandwidth if the receiver recognized it as such before downloading it.
2. Say a spam is sent to a million people. In IM2000, a blacklist might kick in after a few dozen poeple transferred it. That would save the other hundreds of thousands from having to even see it.
So I think it's still better, if not perfect.
Dude, you obviously have no idea what the fuck ou're talking about. Don't generalize about RBLs because some of them are managed by asshats.
RBLs are the only effective way thus far to actually cost spammers money. Don't talk about stuff you don't know anything about. I mess with this stuff for a living. I design and build systems and deal with large quantities of mail and mail servers. RBLs save shitloads of money and resources. Keep your ignorance to yourself.
Brute force scanning is irrelevant.
Right now, IP space in which spammers can operate is getting limited. This is what is driving them to engage in worm and botnets... their illegal activity is going to get them all shut down eventually if the authorities start doing their job.
If ipV6 opens up, then spamming will increase EXPONENTIALLY. You guys have to trust me on this. There's always a bunch of moron pundits embracing new technology that will "change everything" and it's fucking bullshit. Content-based filtering costs companies money -- the very same companies that spammers steal bandwidth from. RBLs put a stop to this. ipV6 will completely negate the massive amount of work that's been done in this area and there is NO alterntative.
Every major ISP. EVERY MAJOR ISP is now using RBLs, from AOL to Cox to you-name-it. They don't advertise it because they use it in combination with content-based filtering, but you can bet the IP source of mail has more to do with the spam ranking than anything else.
Also, with the limited IP space, it's easier to stop worm propagation because broadband DUL space is blacklisted. There should be no SMTP traffic originating from end user IPs... so if you see it, 99.99% of the time it's the sign of a zombie pc. If you open up more IP space, it'll be a thousand-thousand times harder to deal with and nail down.
I am right about this. I was right about every other goofy-ass anti-spam measure from CAN-SPAM on down. I'm not trying to be arrogant. I know what I'm talking about here. Increase IP space will create a nightmare for administrators and networks. It's not needed. There are other, better solutions. ipV6 can wait until the spam problem is under control.
You don't understand about RBLs. Read up on them, and then you'll understand why ipV6 will completely break the backbone of the existing spam filtering network.
Right now 2-10% of the actual spam travelling on the net gets through filters. If we go to ipV6, that number will probably jump up to 70% because the location from which mail is received has a lot to do with how systems determine what is and isn't spam. This is based on a "blacklist" of known IP blocks that shouldn't be sending e-mail. If this pool size increases exponentially, as is proposed with ipV6, then it will be exponentially harder to maintain such a list of "rogue IP space" and spammers will have their biggest obstacle ever removed.
In short, ipV6 is every spammer's fucking orgasmic dream come true.
1) is related to 2, otherwise how would you know it is spam.
;).
As for 2) please explain how the blacklist part is going to "magically" work after just a few dozen people transfer it.
Questions:
i) Who decides it is spam? How?
ii) What happens after it is marked as spam?
iii) Why/How would it work better than the current methods already used with SMTP, POP3 etc systems?
Already many ISPs are tagging email as spam in the headers, and users can just configure their mail clients to handle such mails differently, if they trust the ISP's spam filters.
And like I said, the ISP's mail server would be just like an IM2000 mail repository.
Show how with IM2000 I would be receiving orders of magnitudes less spam. If it's say just 30% less, it's really not worth the bother. Work on improved spam detection methods would be better, and having a diversity of such methods makes it harder for spammers (like genetic diversity in the face of parasites and disease).
For bonus points, show how during the transition period from SMTP to IM2000, IM2000 users will be receiving significantly less spam (assuming of course they successfully receive the same amount of nonspam as they normally would - rather than the IM2000 system causing them to not receive legitimate mail). If it's just because they changed their email address, then people already do that regularly to reduce spam
> i) Who decides it is spam? How?
Probably by users clicking on "this is spam" in their mail program. Yeah that can be abused, but it shouldn't be taken seriously until quite a lot of users do that for any given message or mail server.
> ii) What happens after it is marked as spam?
It should remove all the tokens for users who haven't seen it yet.
> iii) Why/How would it work better than the current methods already used with SMTP, POP3 etc systems?
I think all this translates to significantly less bandwidth usage for any spam that does show up.
> Already many ISPs are tagging email as spam in the headers, and users can just configure their mail clients to handle such mails differently, if they trust the ISP's spam filters.
But still the full body of the spam message has to travel the whole way on the network. IM2000 should cut into that.
Maybe you're right that it can be solved better with crypto. All I know is that SMTP as is, having the assumption that the Internet can be trusted, is broken and needs serious work.
Yawn. You're right, yet you provide absolutely zero explanation why. I have provided mine. Where's your?
Not so. You don't understand the difference between comparing 32 bit numbers (ie IPv4 addresses) and 128 bit numbers (IPv6 addresses). There is an insignificant difference. The time taken to convert the IPv4 dotted decimal value to the 32-bit value takes longer than any comparison of any 128-bit value.
With the length of the blocklists, if they're sorted into order, then the lookups will be as fast as the current systems, regardless of how many addresses get added to them.
IPv6 has an added advantage of better categorising IPs from a particular country, so you can block all traffic from, say, China much more efficiently than with IPv4.
Furthermore, once we go IPv6 everyone will have their own IP address, no more hidden NAT systems and so forth, so the person sending spam will be easily identifiable. This means that those hosts on dynamic IPs will be able to be filtered correctly - currently, you block an IP, you end up blocking everyone else at that ISP as they use that shared IP. With IPv6 the ISP will know instantly who has the trojaned machine and will (hopefully) shut it down.
These last 2 things mean that RBLs will be smaller in future, not larger as they can be more accurately targetted at rogue ISPs and countries who refuse to deal with spam and other internet malware.
So, all in all, you have nothing to worry about when using IPv6. The only issue will be with systems that need to be updated to handle IPv6 addresses, but I imagine all software spam filters will have releases out the moment someone uses them on the new network.
I take your points about other areas that depend on IP addresses. The problem with multi-homing in IPv4 and IPv6 is that it makes it hard to scale the network - in fact, core routing tables started growing exponentially again in 2004 on the IPv4 Internet due to multi-homing (ref: http://en.wikipedia.org/wiki/Border_Gateway_Protoc ol). There is an IETF working group called Multi6 on IPv6 multi-homing for this reason, see http://www.ietf.org/html.charters/multi6-charter.h tml - not sure if their approach will simplify things for multi-homed sites but they are aiming to reduce core routing table growth.