Slashdot Mirror
IPv6 Essentials
Carla Schroder writes "IPv6 is halfway here, so network administrators need to learn their way around it whether they want to or not. Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good. And, there is more to it than just increasing the pool of available addresses. IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses, such as built-in IPSec, simplified routing and administration, and scalability that IPv4 simply can't support. We're moving into gigabyte and multi-gigabyte backbones, and high-demand real-time services like voice-over-IP and streaming audio and video that require sophisticated QoS (quality of service) and bandwidth prioritization. IPv6 can handle these, IPv4 can't." Read on for the rest of Carla's review.
IPv6 Essentials, 2nd Edition
author
Silvia Hagen
pages
436
publisher
O'Reilly Media, Inc.
rating
10
reviewer
Carla Schroder
ISBN
0-596-10058-2
summary
practical, in-depth guide to implementing and administering IPv6
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
So, does that mean we're using IPv5 now?
Author of Enyo: Up and Running from O'Reilly Media
Everytime I see QoS mentioned I get a little feeling that we are being had. Based on the needs of customers, VOIP and streaming video should be prioritized ahead of non-time-sensative packets. Yet you know ISP's actually prioritize in reverse. They actually put hardware in place that throttles VOIP and Streaming Video traffic. I wish I could give ISP's a good figurative slap on the back of the head!
And someday Britney will learn to sing and parent, and all rappers will go sign up as sunday-school superintendents.
In the meantime, the folks at the end of the ISP wires will have to spend kilo to megabucks on hardware and software upgrades, not to mention training themsleves, and training the users. Think of the millions of linksys home routers and wireless access points that will haev to be tossed out or reflashed! THink of all the books with xxx.xxx.xxx.xxx ip addresses that will be obsoleted! Lots of frustrated human-hours, even if the IP6 world will run as smoothly as the book suggests.
But IPv6 has bigger tubes! We'll be able to send internets faster!
"You will pay for your lack of vision..." - Emperor Palpatine to Ray Charles
Back in the day, the 8080 architecture had 16-bit addresses, which limited you to 64 KB of memory. The 8086 used segement registers to allow 16-bit registers to address up to 1 MB of memory. But data structures were still limited to 64 KB unless you were willing to slow down your access time by a factor of four or more, and sharing data between code running in different segments required even more jumping through hoops. NAT allows more devices than IPv4 can address to communicate with central servers that aren't running NAT, but setting up P2P between systems that are both using NAT is damn near impossible.
Good-bye, IPv4, and good riddance.
Nothing for 6-digit uids?
Duke Nukem Forever promises to support IPv6!
The summary cites QoS as a motivating feature to adopt IPv6, and this is not a good thing. The very nature of the Internet (as an end to end best effort network) makes it impossible to guarantee any sort of service. As such, the only usage of prioritization is unfairly biasing some network resources at the expense of others. This is a direct affront on network neutrality.
The only place packet prioritization and traffic shaping should take place is on private networks, where QoS can be guaranteed. Services such as VOIP and IPTV would ideally be offered over these ISP local networks at an additional cost. This is not to say that VOIP over the Internet impossible, but it should not have an unfair advantage over other Internet traffic.
The only place where things break down is in the last mile, where ISPs are selling bandwidth that does not exist. In this case, something has to give, and so they must implement unfair prioritization schemes. The obvious solution is to honestly advertise minimum guaranteed rates instead. This makes it possible to prioritize a customers own traffic as the customer wishes without affecting others. (For example, if you want VOIP prioritized to the ISP local VOIP network.)
Of course, such a scheme would still allow different speed grades, and excess capacity to be utilized. It can not be emphasized enough though that prioritization has no place on the Internet itself.
I think back 8 years or so ago during the boom years, there was some apprehension about "running out" of IPv4 addresses, which I think drove a lot of the desire for IPv6.
I think it probably solves other weaknesses in IPv4 -- spoofing and some other cracker-ish issues that are difficult to mitigate against in IPv4.
I think, though, that it's a little like alternative fuels -- we know they're good for us, but nobody wants to bother with them until we have to.
Until we have something that everyone wants and ONLY works with IPv6, we're not going to switch. That "thing" might be here today, but it seems we're all unaware what it is.
Sure, there may be things that are better, but I can do all of the things IPv6 can do with IPv4 and a slew of extra services that I'm already familar with (VLAN or service-based QoS, NAT, DNS, DHCP, etc).
I for one REALLY want IPv6 to get here, but the people who make my software and pay for my equipment won't change until they need to.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
IPv6 is halfway here
In other words, it's not here. Just as always.
so network administrators need to learn their way around it whether they want to or not.
I'm a system and network admin and I haven't needed to learn my way "around" it. Unless by that you mean, to "turn it off whenever possible". Which I do. Just upgraded some FreeBSD machines and made sure all the IPv6 stuff wasn't built.
Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good.
No, adoption is slower because IT SOLVES NO PROBLEM. Do you know how many customers we've had ask about IPv6? Exactly one. Because he read a post on slashdot like this one and wanted to know "if it was something he needed to know about". Guess what answer he got?
IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses
No, there is only one reason to switch to IPv6: if the sites you want to reach aren't on IPv4 any more. I assume since you are posting to slashdot (IPv4) you agree with me. (By "switch" I mean STOP using IPv4 completely. Otherwise you haven't "switched").
I'm going to treat IPv6 the same way I always have: as a sort of intellectual curiosity, and not something that affects my day-to-day internet use or professional responsibilities.
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
As I understand it one of the main reasons IPV4 wasn't just extended in address space was because routing becomes too difficult with such a large address space, so you need to build routing into the protocol. There's also some very cool features of IPV6 like multi-casting that's been very poorly supported under IPV4. This would allow things like broadcasting internet based TV without multi-gigabyte connections.
When the day comes that said ISP calls me up to tell me "Hey, we're changing over to IPv6 at the end of the month (or year, or whatever), so you need to be ready for it," THEN I will start worrying about how to implement it.
That'll probbably never happen (or at least not for 20 years maybe). IPV4 isn't going away, what'll happen (someday) is your ISP will one day support IPV6 and you'll be able to get an IPV6 IP address. No one is going to call you up, you'll probbably have to call them up and ask if they're supporting it.
Until then, V4 and NAT are working perfectly well for me, thanks.
Well, I'm sure horse and buggy owners thought that horses were perfectly good transportation when the car first came out too. There weren't many paved roads, the things were expensive, and took special fuel to run them where horses just ran on oats. It's often hard to see the advantages of a new technology before it's hit the mainstream.
AccountKiller
Meanwhile, you have people in the developing world behind four or five layers of NAT.
How are you going to convince the 3 billion people to switch?
Tell them that they won't be able to access resource N (Slashdot, YouTube, whatever) unless they switch over.
How are you going to change all that software?
The software is mostly changed already. The majority of that is done below the level that your typical implementation requires it to be accomplished at. There are notable exceptions, but the parts that need changing are usually very small libraries at the bottom of the application.
Why would you even try to do either of those things while there's a much simpler option?
This assumes that the simpler option is adequate. The rest of the world is changing, with or without you, and if you don't change you won't be able to access content from IPv6 sites.
Wake up - the future is arriving faster than you think.
Talking completely out your hind end, are we?
IPv6 is more secure because communications within a subnet use a special address coding that (a) can never leave the subnet (b) can never be introduced from outside the subnet, and (c) can be positively identified as coming from inside the subnet. IPv6 has other security features, but this one all by itself blocks a couple of categories of intrusion technique.
QoS has a single field in IPv4 that has no implementation attached to it, and is thus implemented as an afterthought in a collection of vendor-specific ways. Saying it has QoS is kind of like saying that your house comes with a jacuzzi because there's a place out back where you can put one and plug it in. IPv6, on the other hand, has a full standard implementation associated with it.
Um, IPv6 IS at the network level. Duh. Are you talking at the hardware link layer? That's only supposed to connect one device to the next, not keep track of network topology. Roaming isn't tunneling either - the old address actually replies to a packet letting it know where it should send the information to, thus making the switchover quick, transparent, and very, very lightweight.
IPv6 autoconfiguration is STATELESS. It doesn't require a server to figure out what addresses it has available, which ones it's handed out already, which ones have expired, etc, etc. DHCP is nice, but it requires maintenance. You can tell me how easy DHCP is to configure all day long, but it'll always be tougher than none at all.
Wake up - the future is arriving faster than you think.
Why? Simply: MAC addresses are only 48-bit, or 64-bit if everyone were to switch over EUI-64. IPv6's 128-bit size is a lot larger. There are 281474976710656 MAC addresses, 18446744073709551616 EUI-64 addresses, and 3.4e38 IPv6 addresses.
So, IPv6 is approximately 1208925819614629174706176 times larger than the MAC address space.
If you need help visualing this, here are the address space sizes padded with 0s in a monospace font. A space has been added in the middle to prevent
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Actually, your MAC address, which is a globally unique identifier, forms half of your IPV6 address unless you do something unusual to avoid that. So it is a very valid privacy concern.
The AOL search data episode showed how easy it is to unmask anonymity when all you have is a bunch of URLs coming from the same unique anonymous identifier. IPV6 increases the risk of this kind of aggregation of supposedly anonymous activity.
When IPV6 is here, Choicepoint will probably pay for your MAC address. And everyone else will pay Choicepoint to know who the "anonymous" person is visiting their website.
As a bonus, NSA will find it easier to know exactly who is using the free public wifi at the library.