Slashdot Mirror
(Almost) All You Need To Know About IPv6
Butterspoon tips us to an article in Ars Technica titled "Everything you need to know about IPv6." Perhaps not quite "everything"; the article doesn't try to explain the reasons behind IPv6's meager adoption since its introduction 12 years ago. But it should be regarded as essential reading for anyone overly comfortable with their IPv4 addresses. Quoting: "As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
Do I need to upgrade to IPv6 to use web 2.0?
It's true I tell you, feller at work's next door neighbour read it in the paper.
All you need to know about IPv6. It wont run on your current network hardware, and you wont get the budget approved to upgrade.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
I want IPv8 engine...
OK, so I've requested a SixXS tunnel and I'm waiting for the response. I'm actually gonna go through with it.
This is something I've wanted to do, but never got around to before.
What I'd like to know, are there any ISPs that offer IPv6 native? (Specifically in the San Francisco Area, as that's where I'm moving this summer)
The reason, in a word and three letters:
Widespread NAT
With the limited number of addresses, maybe spam would drop if there is a significant demand for IP addresses. Spammers wouldn't be able to just set up a new shop over night.
testing out my trending skills
Will we all have our own IP address in the future, like a SS# that identifies you wherever you go on the next? It looks like things are going this way. Is it the governments business if you like clown porn?
Libertarian Leaning Political Discussion Forum.
we'll be clean out of IP addresses
No. No. NO. Behind every router you can have an independent network, with as many machines as you want. Most small networks have users on the IPs 192.168.0.n or 192.168.1.n or 10.0.0.n. There are probably tens of thousands of machines using these addresses - but they do not conflict, because they are not using that address on the same global network.
As the number of used IPv4 addresses go up on the global internet, the number of routers - and so numerically isolated networks - will also increase. Even if it comes to the point where city areas or even ISPs have their own routers, it is still farcically easy to set up more and more networks that are independent of each other except at their shared contact point of the greater web.
The only way we can run out is if we put all devices onto the same network, which in itself only invites exploitation and problems.
It's not going to happen.
Browsing with +2 to insightful posts and a higher threshold makes the average post seen seem a lot more ingenious
I think and fear IPv6 won't make its day.
There are too many embedded devices that won't be upgraded to IPv6 just because they have IPv4 carved in silicon.
Companies won't spend money in upgrades and related risks.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
I hear that we are only supposed to use the even versions, but I also heard that they kept messing around with version 6. Is it stable?
I am running a i386. Should I just stick with IPv2?
testing out my trending skills
Ted Stevens (R-Pork): As my colleagues from across the aisle are pointing out, we're facing Peak Internets. Clearly what we need is to open up drilling in IPNAR (Internet Protocol National Address Reserve) and start drilling in those unused /8s. We need more tubes!
Ted Kennedy (D-Ham): Sure, how about 34.0.0.0/8, Halliburton?
Dick Cheney (R-Oil): Suck it, Ted. Your union buddies in 19.0.0.0/8, Ford Motor Company, ain't long for this world anyways.
Senator BOFH (I-Maginary): Umm, dudes? I didn't know DEC was still around, let alone still owned (16.0.0.0/8), and do enough people still go to Interop (45.0.0.0/8) that it deserves a whole frickin' /8 to itself?
FCC: All of y'all, shaddap. The telcos paid us good money to put us in charge of this little exercise, so we'll take it from here. Everybody switches to IPv6 on our timetable. It shouldn't take us much longer than it took to phase out analog TV.
It had never been routed across the public net. I'd be prepared to bet there's a lot of companies that decided they 'were a major entity' and grabbed a big chunk of address space, back in the day when the IPv4 address space was 'more than anyone would ever need'.
I'd be prepared to bet there were a huge amount of 'entities' in the same situation. I mean, there's only a relatively small list that acutally need many at all, most can get by with a couple for DNS servers, a couple for mailservers, a couple for web servers and maybe a few for other 'key' internet thingummies. But 254 is way more than _most_ companies actually need.
As of January 1, 2007, 2.4 billion of those [IPv4 addresses] were in (some kind of) use. 1.3 billion were still available and about 170 million new addresses are given out each year. So at this rate, 7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
As of January 1, 2007 too many IP addresses were in (some kind of) use by Apple and MIT who have entire class As but don't need that kind of address space. In 7 years when we are approaching what this particular author believes will be the end of the road for IPv4, those two (and anyone else with too many unused addresses) should be mandated to give them up so that everyone else can use them.
IPv6 won't be in wide use until the ISPs drop their ridiculous additional IP charges. They make a good bit of money through that so I assume they will be the absolute last people to switch over. Because most residential connections are on Comcast and other providers that don't want anything to do w/making less money, there's no way that this will happen w/o a fight.
What isn't ever discussed are the people who originally developed IPv6. Not the brightest crew there ever was; some were the types who deliberately get their names attached to something, but who don't have the technical chops to contribute something significant.
Others are what can be best called as control freak fascists. I overheard one in his office one day ranting about how awful Phil Zimmerman and others were for their efforts. All well-known and respected people. It was truly shocking. But that's the type of person he was. He wasn't into security, he was more into control. A real nut-case.
It has come as no surprise that IPv6 has had security problems. Nor is it any surprise that it's adopted by the most control-freak countries in the world.
If you ever REALLY want to understand a technology, understand the people behind it. It's seldom that you see interviews with the entire bunch at once.
3.7 billion unique IP's ought to be enough for anybody.
stuff |
"There's no place like 0:0:0:0:0:0:0:1"
You heard it here first. iThankyou.
throw new NoSignatureException();
I really doubt that after all this time that IPv6 adoption will ever be driven by address scarcity in the IPv4 space. We've developed tools like NAT that have extended the usable number of addresses far beyond what was originally envisioned, and the few problems created by the widespread usage of NAT are not showstoppers to the vast majority of users.
I think we have much more pressing problems. I seriously question whether or not our advanced technological society will last long enough to exhaust the currently available address space, and even if the prediction is true, and we approach that state within the next 7.5 years, it is more likely that measures will be taken to ensure that abandoned or underutilized address space is reallocated.
- "7.5 years from now, we'll be clean out of IP addresses; faster if the number of addresses used per year goes up. Are you ready for IPv6?"
Unless the number of addresses in use goes down via things like NAT.
I'd give my right arm to be ambidextrous.
if the predicted exhaust date for the addresses is seven years out.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The reason IPV6 has not been widely deployed is that the direct consumers of IPV4 addresses changed their ways and starting implementing sound IP address deployment strategies.
/25 (128 IP, half of what most people mistakenly call a class C). If a customer purchased a T1 then it was negotiated how many /24 (256 IP, again considered a class C).
When I say direct consumers as it relates to IPV4 the two largest consumers are Internet service providers and large corporations.
I remember when I started my first ISP. Everyone that dialed up to our modem bank was assigned a public IPV4 IP address. Later as higher bandwidth solutions arrived it was nothing for an ISDN user to have a
Now that has changed. Generally unless you pay extra you are going to have a RFC1918 (IP addresses that have been mutually agreed upon to be private). With this type of IP address nobody from the Internet can initiate communication to and of your equipment. These IP addresses are not routed on the public Internet. When you initiate an outbound communication to some server on the Internet your ISP will do a hide NAT to get you out to the Internet.
A hide NAT is when many systems using private address space all use the same IP address as their source when they leave their ISP. So, instead of the good ol (not so good) days where ever user needed a public IP address now an ISP can hide thousands of customers behind a single IP address.
Large corporation use similar techniques. They realized that not ever computer on ever desk need a public IP address. Again, they could use hide NAT and let them all use RFC1918 (private IP space) and when they would go out to the Internet they could either be hidden behind an IP or use a proxy. Also, almost simultaneously the idea that not all the servers in your data center needed a public address either. Your web and mail servers might but their back end database servers wouldn't. These wouldn't even require NAT because for security reasons it is just better if the have no interaction with the public Internet. The web servers could communicate with them with a physical separated network or internal routers could route their traffic to the proper location within their corporate infrastructure.
Two factors drove this movement. First was the fear of running out of IPV4 addresses. Arin and the like were doing there best to scare consumers into rationing their allocation in fear of not being able to get another. Second came from network security. Firewalls and proxy servers and the like were being implemented more rapidly than ever before. This was partly in response to the ever expanding IT bubble that many were sure would grow indefinitely and the majority was due to the realization that without proper security the bad guys would enter you system and start poking around. A system (server environment) can never be made 100% secure but the more money you are willing to spend on security the higher you raise the bar for a potential black hat hacker. As you increase security you make those that don't easier targets so a hacker would go after the easiest to penetrate rather than the more secure environments. This feeds upon itself. There will always be hackers and network security will have to continually evolve.
But back to IPV4. Looking at the current utilization of IPV4 as to what it was say in 1990 you see a completely different picture. The current picture is what was the promise of IPV6 and that is that it doesn't look like we will be running out in the foreseeable future. It's true with IPV4 we don't have enough public IP addresses so that everyone can have all their kitchen appliance connected to the Internet with a public IP. I have listened to many people tell the analogy that IPV6 has enough IP space so that every grain of sand on the planet Earth could have it's own IP address. Well, the truth is that we don't need that many, not anywhere near that many. And though it's true that IPV6 has more features t
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
The article does a great job of presenting the debate. In every talk, you should tell the audience what you are going to tell them, then tell them, then tell you what you told them. In this case, the author took the novel and interesting approach of using a Slashdot summary of the subject, linking to a previous discussion and paraphrasing it. I present the summary and the expansion side by side to highlight their ingenious rhetorical style:
"Use NAT, n00b. All 1337 of my Linux boxes share a single IP and it's safer, too!"
"NAT is not a firewall."
"NAT sucks."
"You suck."
Thanks for the shoutout, Ars. The explanation of various non free software limitations for using IP4/IP6 and partial explanation of why those systems may need firewalls to begin with is sure to add to the human body of knowledge and foster civilized conversations. After reading the article, it's all clear to me, for sure not at all. Respeckt!
Friends don't help friends install M$ junk.
Actually, the small size of the available IPv4 chunks has already driven the adoption of IPv6 in several large networks. Take a look at Comcast's huge migration of their cable modem customer edge. Of course other factors are driving it as well, which is why so many management networks have moved over. So what do you think, when BT completely replaces the their existing infrastructure as they are now doing, are all the new boxes going to work with IPv6? I don't think it is a requirement, but I also don't see any noncompliant devices winning bids.
NAT is not the answer to everything. VPN is starting to be everywhere. With still more clients, suppliers, employees and partner companies VPN'ing with each other, even defining namespaces internally in 192.168.0.0/16 is starting to be an issue. I've so far been lucky with a strategy of every party selecting a pseudo-ramdom number for the third block in 192.168.0.0/16, but sooner or later, conflicts will happen.
...the article doesn't try to explain the reasons behind IPv6's meager adoption since its introduction 12 years ago.
That's pretty easy to answer, in my opinion, at least. For the most part, the answer is: NAT.
You clearly read the article, or at least skimmed it, since you know that the article says that even with NAT, if current trends continue (they are likely to get worse, not to continue) we will run out in 7.5 years. You really think we're going to have a cataclysm in that timeframe? It's not impossible... but it seems relatively unlikely. As the FA says, even reclaiming a couple of used class As would be fairly useless.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
See my sig.
Get your own free personal location tracker
http://en.wikipedia.org/wiki/Ipv6
Now, take it with a grain of salt [or a whole salt lick...], but the list of features here in the wiki-article about IPv6 looks good to me. o_O
My comments I posted on the Ars forum:
Interesting article, but I still feel like I have questions and don't really understand why or what I should do, if anything, with IPv6.
I'm on Comcast cable, XP w/o IPv6 turned on, and with a WRT54G router with stock firmware. IF I enable IPv6 in XP, what do I gain? Would it mess up the other PCs on my network? Would it affect performance? Would my router handle it without modification? Does it even matter since I'm on Comcast?
I guess I keep reading about IPv6, reading that it's an improvement (which I wouldn't argue with), but I guess I don't know if I should do something about it now (would I be a small part of mass progress?), or just wait until things straighten themselves out? I know it's better, but what am I supposed to do?
... have already been explained.
The command how to install IPv6 is : windows XP: run -> type: ipv6 install linux redhat: insmod ipv6 or modprobe ipv6 , check the list get IPv6 or not, rmmod ipv6 delete ipv6. autorun: edit /etc/sysconfig/network add new line " NETWORKING_IPV6=YES "
FreeBSD Unix :
edit /etc/rc.conf add new
ipv6_enable="YES"
One thing I run up against in deploying web services for organizations is that in order to provide SSL for HTTP (without using some sort of NAT-like proxy) we need either a unique port or a unique IP address.
Now, the unique port thing works great for small organizations who connect via commercial ISPs. But for government organizations, or for those whose connection is provided by government organizations, byzantine firewall rules and mandatory HTTP proxies prevent them from connecting to anything other than port 443.
Some days I think it will be easier to implement IPv6 than to get city and state sysadmins to open high ports on their firewalls and HTTP proxies.
Is Network Address Translation Translation where you write the RFC in Klingon?
I think that falls under the category of "rearranging the deck chairs on the Titanic." At most, it might buy us a few more months of IPv4dom, but at what cost? And by diverting those resources to IPv4 recovery, how much more painful are we going to make the transition to IPv6 when we do run out? Because the numbers are clear, we are going to run out of allocatable IPv4 addresses eventually. Distracting people by telling them that it's the Class A blocks that are the problem isn't going to make that easier; it's just going to make the eventual runout into a catastrophe instead of a page-three technology topic.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The one little nugget that people always forget when they project the time line to where we will run out of IP's is the fact that some do get returned to the pool per say. Business's and people don't get the IP's for life, they do need to renew.
First, NAT by itself doesn't offer that much security, once you get it outfitted with UPnP and other stuff that allow users to do the things they want to do, without messing around with it too much. (Actually, NAT in its purest implementation, without a stateful firewall at all, wouldn't offer any security, because it would only serve one host, and it would forward all connections to it, incoming and outgoing. But all home "NAT boxes" also have firewalls and serve multiple hosts, and have the side-effect of blocking incoming connections.)
Second, there are applications coming that aren't going to play well with NAT, particularly internet telephony. We need to get rid of NAT in order to allow for WiFi/cellular phones, and portable devices that will multihome across networks. There are whole classes of applications and technologies that will be possible, once the infrastructure allows for things like this, and NAT is holding it back.
Complaining because NAT makes your printers easier to set up securely, and thus ought to be kept around, is a little like people who grumbled that persistent network connections between campus mainframes were a huge security risk, and that everyone would be better if we just stuck with UUCP and nightly dial-ins. While they may have been right, I think we can all agree that the benefits, in hindsight, of not all being stuck on isolated systems that only connected to each other at midnight to exchange traffic, outweigh the hazards. (If you disagree, signal your discontent by reaching behind your PC and unplugging that network cable or antenna.) It's a shortsighted position.
Until households and "dumb devices" get globally routable addresses, we won't know the sort of things that we can do with them. The ideas that people have outlined today -- the ability to use broadband applications on your cellphone or portable device over your connection at home, and then seamlessly failover to the cellular network (or another WiFi network, or whatever) when you walk out of range, without dropping the connection or needing to do a messy DHCP renewal -- that's just the beginning. That's like someone in 1985 trying to give a sales pitch about the Internet: how many things do we have now that weren't really possible to foresee at that point? (Good and bad.) A whole lot.
Third, even with the widespread adoption of NAT, we're still running out of IPv4s. There are enough applications and situations out there that require routable addresses, that even if we were to use NAT on everything, we'd still run out. It's a temporary solution at best, and an admittedly very cool hack, but we're coming to the end of the road for it. It's time to implement a real solution.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
ARIN wouldn't give us an allocation. In their rules, I have to be able to prove that we have a customer base large enough to use up a full /32 (of IPv6) addresses before we can get an allocation. So in order to get IPv6 block, we have to have enough customers to use up 2^16, or by IPv4 standards, a Class B block. WTF???? IPv4 allocations are handed out for free, but you can't get one unless you're a mega-conglomerate.
:(
IPv6 adoption won't occur in the US unless ARIN comes up with a better policy.
Karma: Chameleon (mostly due to the fact that you come and go).
Oh, and one more thing - they told me to get an allocation from my upstream provider.
I can't do that. Why? They can't get an IPv6 allocation because they're not big enough either. They would have to get one from THEIR upstream providerS (yes, plural), and one of those doesn't offer IPv6 allocations because...well, you figure it out.
Karma: Chameleon (mostly due to the fact that you come and go).
Take a look at Comcast's huge migration of their cable modem customer edge.
I wasn't aware of this. Has Comcast migrated its cable modem subscribers over to IPv6?
Sadly I don't have a v6-capable router at that end of my network. (I have two routers, a good one -- WRT54GL with DD-WRT -- and a crappy one -- some shoddy Netgear box -- and unfortunately have to use the Netgear for the headend NAT, because the '54GL is the only one which will act as a wireless bridge.)
If I were to put a IPv6 capable router on the WAN, would it get a v6 address from Comcast? That would almost make it worth going out and getting another decent router.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
It's no harder than it is right now. Most of your portable devices already have unique serial numbers. Your cellphone has two, one in the handset and another in the SIM card. Your computer has a MAC address, probably more than one. Someone could track you with any of these.
IPv6 doesn't change any of this; it just lets you take the same IP address with you when you move from one network to the other, but it doesn't keep you from changing it arbitrarily, or somehow check to see whether your address is the same as your interface's MAC address or not. If you want to use some other randomly generated number instead of your hardware MAC address, you can do that. If you want to change it when you move from one network to another, you can do that, too, but you'll of course drop any connections you had, until you reestablish a connection using the new address to whatever service you were using.
There are some opportunities for very bad design choices in IPv6, but we're just going to have to try and steer people away from making them: for instance, trying to use an address as a user identifier rather than as a temporary network-node identifier. You're still going to have to have logins and passwords, which are managed at some higher level; if someone tried to make the IPv6 address into some sort of per-user authentication credential, that would be a Bad Thing.
But even Microsoft seems to have figured that part out; Windows doesn't even use the MAC address in IPv6, it randomly generates a number, and it's not persistent across reboots (which is/would-be a PITA in other situations, but not for the things most Windows users want to do). So right there, you've got a whole lot of computers that are just going to be using arbitrary values as addresses. That ought to throw a wrench into anyone's evil-genius (or just idiotic) plans to use IPv6s for per-user tracking.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The company I worked for was affiliated with a larger entity that had TWO /16s. One was very sparsely used as their public IP space and the other /16 was used internally. Yes, they NAT'd from one public 16 to another public 16.
/30s or /29s but can hand out single IP addresses.
/29 or even a single IP can be reused anywhere without the 1990s style whining about routing table sizes?
My guess is that we'll very nearly never run out of IPv4 addresses -- as they become scarcer, ISPs will quit giving them away or come up with more effecient ways of giving them out so they don't need to hand out
I wouldn't also be surprised to see more work done on automagic NAT mapping protocols that can allow for dynamic inbound mappings, further eliminating the need for multiple public IPs just to satisfy port number conflicts.
And shouldn't we expect faster and smarter routers less dependent on CIDR block-type allocations so that a recovered
I made a fairly determined effer to see if we could bring up a manageable lab with IPv6./ technol/tcpipfund/tcpipfund_ch03.mspx#EDAAE
s .Deploying.IPv6.Networks.Feb.2006_html/1587052105/ ch02lev1sec1.html
.5, exchange at .7, proxy server at .13, etc using DHCP static leases, it make life easier on our field techs, they know exactly where key pieces of infrastructure are for troubleshooting. We can send them to different customers and they have an ingrained familiarity of how things are configured. Currently MS IPV6 does not have a usable IPv6 DHCP server, and the IPv6 clients do not allow such an address assignment even if the server could do reservations.
1) Our local provide (XO) doesn't even offer public IPv6 address space.
2) ARIN wants thousands of dollars PER YEAR for portable address space.
3) Identifying what/how-to use a substitute for the deprecated "site-local" addressing. Tracking this down took days of searching and piecing things together. All the docs agreed that site-local was deprected but rarely mentioned what was going to take its place. Here is some links to what was found, MS has surprising helpful documentation:
http://www.microsoft.com/technet/network/evaluate
http://book.itzero.com/read/cisco/0602/Cisco.Pres
Generate a global ID with either of the tools below:
http://www.kame.net/~suz/gen-ula.html
http://www.hznet.de/tools/generate-rfc4193-addr
Additionally it is nearly impossible to control the allocation of hosts to specific suffixes. We often organize customers address space so that global catalog for each site are at, say,
In a nutshell, IPv6 tools and implementation on hosts fall far short of the enterprise tools used define and organize a LAN for IPv4 and until ease of use is at least on par with MS IPv4 DHCP point/click environment it is going to continue to languish. It absolutely must have integrated DHCP server redundancy with automatic failover/failback/sync so sorely lacking, LO these many years in MS offerings.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
There is significatly more latency in IPv6 routing vs. IPv4 due to the extra address bytes. Each hop that passes through a router would take over 5 times longer. This puts a greater processing burden on the routers and delays all traffic. The impact to the user is the greatest for unconnected data (UDP, ICMP, etc.) since TCP windowing can offset the increased latency.
It is only FAIR to move to IPv6 for the sake of developing countries that will someday find their way onto the Internet in increasing numbers.
Whatever you do, please do not say this in public, because I can't think of anything more damaging to the potential adoption of IPv6, than to paint it as some sort of charity project that will "help" developing countries (particularly because what you're not saying is that it will help them become more competitive with the West).
Nobody is going to spend money to do that, and if they were, they'd probably just contact a charity or something. People are going to go to IPv6 for two reasons: (1) because they have to, because IPv4 addresses will start becoming hard to get, and therefore expensive, and (2) because IPv6 will allow for all sorts of new services, protocols, and applications (like practical user-to-user videoconferencing without a lot of centralized auto-negotiation, multihoming VOIP, and lots of stuff that hasn't been invented yet).
The fact that it will, indeed, help developing countries get online ought to be mentioned as a nice, warm-and-fuzzy coincidence, if it's mentioned at all. Nobody is interested in paying money for that.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
And despite the fact that IPsec was developed for IPv6 or at least with IPv6 in mind, it also works with IPv4. All in all, IPsec can't be considered a security advantage for IPv6.
IPSec over IPv4 always uses UDP as a transport layer. This poses big problems for NAT devices. Breaking IPSec connections are a daily nuissance. IPSec is embedded naturally within IPv6 and is independent of the transport layer. With that even opportunistic encryption can be done. These two facts are a huge advantage over IPv4!
The will not assign you IPv6 address block, because ARIN assigns it to the Tier 1 or someone connected to backbone and such. The reason is to avoid the crap that is going on with the IPv4 routing. The smaller the assignments of IPv4, the more routing you need and well, the bigger and less efficient the routing tables.
:) Pretty small upstream there! The Tier 1 providers would easily get a /16 assignment (or whatever they give out these days). And you should then be able to get a /32 if your customers are networks (65k /48 allocations). Otherwise, you probably only need a /48 or /64.
Anyway, they tell you to get your IPv6 from your upstream because it doesn't screw the routing tables this way.
And, 2^16 is only 65k customers. It is not REALLY that big. If your provider doesn't have 65k end-customers (customers of customers, if they only sell to resellers), then, well..
1 public IP to 1 private IP? Not much use, really then.
It's not (well, there are some situations where you'd want it, but they're mostly special cases) but most of the usefulness of NAT really comes from it also being a stateful firewall, which keeps track of network connections and thus can hide multiple hosts behind a single IP just by modifying the destination address of the packets as they pass through.
Really, it's academic to say what functionality is part of the "firewall" and what is part of "NAT," because they're almost always an integrated unit, but what I was trying to get at is that a "NAT box" without a stateful firewall (meaning, it only worked 1:1) would be a pretty sorry appliance, and of very limited usefulness. Most of its usefulness, and all of its security, are the result of the connection-tracking, which is also part of every stateful firewall.
Or, conversely, you can remove the NATing functionality from a stateful firewall, and still have all the security benefits that you had with NAT, including blocking of all incoming connections, blocking certain ports to certain hosts, etc. When you take out the "NAT" part, all you're doing is telling the firewall not to modify the IP address anymore, and to pass the packet straight through if that packet is allowed by its rules. There seems to be this idea that you can't have a firewall without NAT, and that's just stupid. Of course people will still have firewalls after the IPv6 migration. They'll probably look suspiciously like the 'home router' boxes we have right now, and will do exactly the same things, except for the IP masquerading / NAT.
To get all the same security as you currently have with IPv4+NAT/FW, all you need to do is use a v6 firewall (which might be just a software upgrade for your router, although I doubt this because the manufacturers will want you to buy a new one) with a default rule that blocks incoming connections. Of course, to get most of the benefits of IPv6, you'll need more complex rules which might allow some incoming connections, but it's trivial to make a IPv6 network just as locked-down as a typically configured IPv4 NATed arrangement.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
A guide to easy obtaining an IPv6 tunnel is available at sixxs.net, pretty simple and straightforward.
Want to know what's changed in the past few years (apart from the significant decrease in free IPv4 address blocks since 2000), and why it's far more likely to take off now? Simple.
The Chinese are supporting it in a big way.
Could be argued that the Chinese government have their own reasons (cynical or otherwise) for supporting this, and that there's no need for the rest of us to go along with it. However, it's not like they're supporting some proprietery technology (a la SVCD). And although they're nowhere near the West in terms of technology penetration (yet), it's a fair bet that the sheer size of the market will encourage many in the rest of the world to support IPv6 as well. This could be the catalyst that will finally encourage IPv6 to take off properly.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Sounds like a misunderstanding. IPv6 addresses are hierarchical. A /32 would be allocated to an ISP, and you should get a /48 from them (yes, I've done this). If your upstream ISP doesn't distribute IPv6 addresses, they aren't going to be able to route IPv6 either, so you need to find a tunnel broker. Any tunnel broker will give you a range, either a /48 or a /64, which you can use with a fixed tunnel. Alternatively you can set up a 6to4 tunnel using the anycast addresses 192.88.99.1 and 2002:c058:6301:: as the far end, which will give you a unique /48 based on the IPv4 address of your router - however if you're serious about building a commercial network on IPv6, you should probably go for the fixed link.
This is why: ALERT! Host 2002:1341:4024:dbca:1024:1911:abba:babe is being attacked by Host 2001:1241:ddde:2ab4:1039:: Today's top 3 visitors were: 3ffe:3041:2911:0000:3141:9201:dead.beef 2001:db4::2801:27be abcd:ef01:234:5678:9acd:1942:beef:dead OK JOHN, LET'S MAKE SURE WE KNOW WHAT ALL OUR IPs ARE BEING USED FOR, PLEASE CHECK OUT THIS SUBNET: Everything on subnet 2003:abcd:: and report back.
I recognize that this is a problem. In fact, I think it's really the only significant problem in remaining with private IP addressing.
I don't buy the VoIP argument, though, as mentioned by other posters. I don't believe that any protocol should embed an address in it's data stream, and I think there are much more useful ways of connecting two calling devices than assigning every single handset on the face of the planet a publicly-routable number.
Ah, but Comcast, in this function is not an end-user of address space, but a network services provider, so it makes much more sense for Comcast to assign publicly-routable numbers to their devices than it would for most other companies who do not provide such services to other users. The same applies to BT.
But...it is unlikely that we will experience such meteoric growth at the level of telecommunications providers. Consolidation of networks will tned to reduce the number of allocations actually necessary for infrastructure purposes.
Cataclysm? I never used that particular word, but I do see many troubling trends out there that make me wonder how much longer we can expect things like the Internet to exist, not the least of which is Peak Oil, the implications of which will cascade to an extent that most people have difficulty realizing (which is of course, the reason *why* we're in so much trouble).
But that's a different discussion entirely.
I set mine (WRT54G) up with DD-WRT. It also has IPv6 support, and is a breeze to set up.
...but Comcast, in this function is not an end-user of address space, but a network services provider...I fail to see how this negates the point. Almost all ISPs will be the ones feeling the number crunch first.
it is unlikely that we will experience such meteoric growth at the level of telecommunications providers. Consolidation of networks will tned[sic] to reduce the number of allocations actually necessary for infrastructure purposes.I think you are mistaken. Right now consolidation of networks means that voice and television networks are converging with generic data and are tunneled through regular IP. One of Comcast's main goals in moving to IPv6 was to facilitate their triple play: data, voice, television strategy and that is a whole lot easier when they can bring IPv6 right to the end node and assign a unique, routable, QoS manageable address to every device there. If you were a network engineer at Comcast what would appeal to you more... having control for insuring quality and doing traffic shaping on each individual voice and television stream to a client, or just routing it all by origin IP and hoping nothing is multicast? The consolidation of TV and phone onto data networks will provide huge incentive for IPv6, not the other way around.
I would also like to mention that we have the capability of reclaiming quite a bit more than "a couple" of Class A networks for more efficient use. Nearly 50% of the IPv4 address space is Class A (you have to preserve 127 in some way, though we may find ways of dealing with the link-local problem as well, and of course network 10 is already set aside). Most of this address space is grossly underutilized, and much of it is reserved for nefarious IANA reasons.
Such large allocations really can't be justified except by the largest of network service providers, and even then, I'm not sure that even a single one of the world's behemoth telecom companies can really fully justify 16 million public addresses--and bear in mind that some companies own *more than one* Class A network, like BBN. Hell, the US Department of Defense probably owns more address space than anyone else on the planet.
Also, how many networks' addressing schemes out there are still laid out using the old rules from the days before zero subnetting worked? There's more to it than just NAT.
IMO, what's blocking widespread adoption of IPv6 is that the address space is ridiculously long and complex.
::::::000A:0002? ::::::0A00:0002? I can't keep the things straight. Of course, the address wouldn't be that simple, because I imagine that, other than localhost, IPv6 doesn't have addresses set aside for local addressing, as the address space is large enough that each device would have its own mini address space... something like a /64 in CIDR notation.
1. They're hard to remember.
For instance, I know that on my local network, my computer is 10.0.0.2. What is that in IPv6? 0A:::::::02?
Which brings up my next point:
2. The address space is too large. Why do we need 16 bytes to store an address, anyway? What's wrong with 8 bytes (64 bits)? That would still give us 18,446,744,073,709,551,615 (18.45 quintillion in short scale, 18.45 trillion in long scale) addresses. Even 6 bytes (48 bits) would give us 281,474,976,710,655 (281.47 trillion in short scale, 281.47 billion in long scale) addresses. Both are more than the population of the earth.
I can see why 6 bytes might not be enough, as the number of people, businesses, and devices grow, but 8 bytes is more than plenty. I'm sure that someone will compare that to Mr. Gates's 640K memory quote, so I'll beat you to the punch: IPv4 is smaller than the population of the world, which is rather short-sighted. It was smaller than the then-current world population when the Internet as we know it was formed during the switch to TCP/IP in 1983.
The CIA Factbook pegs the world population at 6,525,170,264. Now, to calculate the affect of having larger IP address space, I need to draw a few conclusions. The first is that businesses need as many IPs as the population of the world. The second is that people have an average of 2 devices that need IPs... only 2 because the first world countries are balanced out by third world countries.
That gives me the number 26,100,681,056. 6 byte addresses would give us 10,784.2 times that many IPs. 8 byte addresses would give us 706,753,361.5 times that many addresses. IPv6 (16-byte) addresses give us 13,037,298,382,783,566,222,946,247,990.49 times that many addresses.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
page 4, from the article:
"And we still have a lot to look forward to: the IETF is currently working on mobility and multihoming extensions to IPv6. Mobility means moving from one network to another while keeping the same IP address. So a VoIP call could start on your home network, continue over wireless service and then finish at work. Multihoming means connecting to more than one ISP at the same time, so that when one fails, communication sessions automatically move over to the other."
netsukuku already has these features.
And although they're nowhere near the West in terms of technology penetration (yet), it's a fair bet that the sheer size of the market will encourage many in the rest of the world to support IPv6 as well. This could be the catalyst that will finally encourage IPv6 to take off properly.
Highly unlikely. China is considered a hostile participant (at best) in the global market by just about every major country in the world. They live in their own bubble and no one respects their choices.
About those reserved blocks 224.. thru 255..., that seems excessive in today's world. Are any of those reclaimable for normal use?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Lucky you - I'm pulling a shift this Sunday to switch our internal IP range from 192.168.1.x to 10.0.x.x because our existing range clashes with 3 of the directors' home networks. After that, I'm putting together an IPv6 readiness committee 'cos I'm not going through this again...
"If he were a plant, people would roll him up and smoke him."
XKCD drew a map of the IPv4 address space.
I think there were a few errors before.. they might have been corrected.
He's selling them in Poster form now.
The caption:
"For the IPv6 map just imagine the XP default desktop picture."
http://xkcd.com/c195.html
Nouvelles de jeux et technologies en français. TC
Well, it is a different discussion, but I don't agree with your assertion. We would have to undergo a serious shift if we actually ran out of oil, but the internet makes things more efficient, and not using it would make things worse, not better.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Well... someone usually posts this list so I'll run down it (these discussions could be defined as a dup :) )
Larger address space - given.
Stateless autoconfiguration - doesn't handle DNS addresses, router addresses, other stuff, so you still need DHCP, which ipv4 has anyway...
Multicast - ipv4 has this.
Jumbograms - err. what? Might matter on multi-gigabit links I guess. Good look finding a switch that can handle it (it's hard enough finding ones that handle 4k frames).
Faster routing - ipv4 routing is fast enough (nearly instant is fast enough for me). Technical issues that really doesn't matter to anyone except backbone providers.
Ipsec - ipv4 has this.
Mobility - see mobile ipv4. Not needed TBH.. my mobile phone handles handover just find on its ipv4 address no matter how many cells I cross.
All this crap about IPv6 being an inexhaustible address space is pure unadulterated hogwash. For example, it's rumored that in Internet 2.0, Halliburton will be granted a block of 4,722,366,482,869,645,213,696 IPs, to enable individually addressing every oil molecule on Earth. Between that and the nanocytes we'll have scant room for anything else, maybe 3 or 4 Web servers and an FTP site.
For restricting connections, a firewall is the right tool for the job. That is exactly what firewalls are meant for.
For translating one address range to another, a NAT is the right tool for the job. If one of the address ranges is private, the NAT has the side effect of preventing incoming connections, but it's not actually designed for that purpose, and it's not the most appropriate tool for the job. It's sufficient, in most cases, but a firewall is preferable.
A well configured NAT functions as a firewall for inbound connections (in effect).
A poorly configured NAT functions as a firewall for inbound connections (in effect).
A well configured firewall functions as a firewall.
A poorly configured firewall does not function as a firewall.
For most users in most circumstances, a NAT is the best advice for protecting their systems. You have to really make some effort to have a NAT not work as a 100% perfect firewall *for inbound connections*. I would much rather have someone use NAT than have them use a real firewall if they don't know just what they're doing.
Setting up a NAT has the added bonus of allowing more computers on the network in the future - even if there is just one to start.
I have no problem with firewalls. I just don't like it when folks say that NAT is never a good firewall solution - usually it's just fine. (not that you said that).
Is this a typo? Can anyone explain the 2 in front?
I don't think this is the first time I've seen this.. maybe the other course I followed had the same error?
Nouvelles de jeux et technologies en français. TC
I point this out every time the subject of IPv6 comes up, especially when people gripe about the slow update of IPv6:
Try to get a page from Slashdot's servers using IPv6 - that is to say, using IPv6 format packets, NOT IPv4 packets.
Then ask yourself again why IPv6 is NOT being adopted.
(NOTE: You can replace Slashdot with CNN, Digg, or whatever other mainstream site floats your boat.)
www.eFax.com are spammers
I have a PAN on my LAN in my WAN My name is Stan, and Im the man.
So, like all the other 'problems' with IPv4 I don't think this 'problem' is going to drive the adoption of IPv4 either. We're just too good at coming up with kludges and workarounds.
Ok, now what.
ARIN wouldn't give us an allocation. In their rules...whinge, whinge, whinge
/32 allocation, if you can show you are an ISP of any size or have an AS number. As long as you claim you'll be giving out at least 16 /48 networks to your customers within the next 2 years, its no problem. If you aren't an ISP, but a company that wants a large enough allocation to route (a /35), I'll rent you space on one of my allocations, for about 100 Euros/year. This is all in the RIPE region, add a little more for ARIN allocations, and allow a few weeks extra, because, as you point out, ARIN is the worst region for getting approvals.
/32 block. Once you have it, nobody really ever checks if you are using it or just playing around.
/24 or a v6 /48, 200 Euros for anything up to a v4 /20 or v6 /32, and significantly more money for anything larger because it takes a lot more work on my part.
/24 PI block just has to write a check and they get the addresses within a few days. That's the way the internet has worked for at least the last 10 years. Justification is left as a creative exercise for the applicant.
So give me 200 Euros, and I'll get you a
The rules are changing for IPv6 allocations. It doesn't take much justification, and it's pretty much SOP to stretch the truth when asking for a standard initial
IPv4 allocations are handed out for free, but you can't get one unless you're a mega-conglomerate.
That statement has been false since at least 1995. Nobody gets IP addresses for free any more. But the rates are so low that being a Local Internet Registry is rarely a money making activity for an ISP. The charges are just to keep people from grabbing many allocations and sitting on them, hoping that in 2012 they can re-sell them for a profit.
Rates for IPv4 are about the same as IPv6, I'll charge 100Euros for a v4
Anyone who just wants a v4
IPv6 adoption won't occur in the US unless ARIN comes up with a better policy.
No argument there, ARIN is seemingly stuck in the stone age compared to all the other RIRs. But there is progress, they now grudgingly admit a need for IPv6 PI space, even if they put a time limit on the allocation.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
There is a lot of network hardware out there which supports IPv6 and all that is needed is for it to be turned on and the device be given an IPv6 address (presumably the one that matches the IPv4 address it already has). Start with that and as more older gear is replaced, more and more of the global internet will have functioning IPv6 addresses.
At some point you will find that you are running into conflicts with partner companies networks which also use 10.0.x.x. You may find it more fruitful to use some other variant of 10.x.x.x, or some rarely used 172.16.x.x-172.31.x.x backwater.
Of course, this only lessens the odds that you will find conflicts, it doesn't eliminate the problem.
And in any case, wouldn't it be easier to change the home networks of the three directors?
How about a new TCP instead of a new IP? If we crank the port fields to 64 bits we can make almost infinite NAT. The only routing equipments that will need to be changed are the ones between the ISP and the end user. We can still keep the least significant 16 bits where they are and put the rest at the end of the header. That way we are almost backward compatible. I'm ignoring a lot of realevent details but could a new TCP postpone IPv6 adoption for another decade?
You fail to see how it negates the point, because I wasn't trying to negate the point, as such.
I was observing that Comcast is one of the few entities, as a network services provider, that can make a good argument for public IP address allocations. Most other companies, who in this area are consumers of those services rather than providers, have much less footing for the argument that they should have large allocations of publicly-routable address space.
Considering that such a large portion of the *currently allocated* addresses are grossly underutilized, I have a hard time believing that there is any natural scarcity in the IPv4 space, as opposed to an artifically created scarcity that can be corrected relatively easily, relatively quickly, and relatively inexpensively...at least as compared to the worldwide costs of the migration to IPv6.
As for network consolidation, I think you will find that services such as Comcast's "Triple Play" will only tend to reduce the number of IP addresses actually needed in the wild, not increase that number. There are a finite number of customers in the world, and this will be true for the foreseeable future, even if the actual number of people on the blue marble increases. There are only so many services that can be consumed in a 24-hour day, and therefore a limit on how many individually addressable devices will ever be needed in the world.
True, the sheer size of the IPv6 address space obviates many of the tricks we've used to get around the very bad choices made in the early days of IPv4 as concerns allocation of address space, but at what cost?
Correction: I meant the "loopback" network problem, not the "link-local" problem, though of course, the "link-local" allocation also takes away from the globally available address space, in its own fashion.
IDG is an interesting workaround, but I don't really need it. Until 6 gets here, OpenSSH does what I want. I can get files and gui's out of my network. That's all I really need until I bother with VOIP, but then I can do that on my gateway machine as easy as I can on any other.
The thing I thought was funny was how they carefully but incompletely stepped through the hypothetical argument they had just made fun of. What it showed me was that both Windoze and Mac have serious and arbitrary limitations that create ignorance and force poor networking practices on the world. If you don't understand and work within those crazy limitations, you just are not leet like the Ars people are.
Friends don't help friends install M$ junk.
Alan Cox pointed out in 2005 that there are patent reasons for the non-adoption of IPv6:
"The whole history of the steam engine was held up because the original creators of the steam engine thought high-pressure steam was a dangerous evil and sort of refused to grant rights to their patents to any of the high-pressure steam people. High-pressure steam was the future, as it turns out, but it was held up for almost 20 years.
"The same has happened with IP version 6. You notice that everyone is saying IP version 6 is this, is that, and there's all this research software up there. No one at Cisco is releasing big IPv6 routers. Not because there's no market demand, but because they want 20 years to have elapsed from the publication of the standard before the product comes out - because they know that there will be hundreds of people who've had guesses at where the standard would go and filed patents around it. And it's easier to let things lapse for 20 years than fight the system."
You might think that, in the era of "internet time", 20 years would be an impossibly long delay. Amazingly, we're already 12 years down, only 8 to go.
If IPv4 addresses will run out in 7.5 years, here's a prediction: some of the class-A blocks assigned to large companies and mostly unused will be reclaimed, even though this will extend the useful life of IPv4 by only a year or so, because that will allow sufficient time for the patents to expire.
IPv6 is a prime example of how intellectual property law sometimes stifles progress: where patents are wrongly granted for obvious incremental improvements to an existing technology, and the mess has to be resolved by either litigation or procrastination.
I'd like to see a real reference for the allocation rate stated in the article, first of all. Second of all, I'd like to know how many of those supposedly ~170 million addresses being allocated now are actually being highly utilized.
At one point in time, Bolt Beranek & Newman Inc. had three Class A's and a Class B or two. But that was a long time ago, and had a good reason.
BTW the company changed its name to "BBN Corp." around 1995, at which time its commercial ISP operation took the name BBN Planet. That used Net 4, as well as ASN (autonomous system number, used by BGP) 1. In 1997, GTE bought them. In 2000, Bell Atlantic (l/k/a Verizon) took over, but as terms of the deal, BBN Planet became a separate partially-owned subsidiary called Genuity. It did an IPO and burned through billions in a hurry before tanking. Net 4 went with Genuity, and was acquired as a bankruptcy asset, with the rest of Genuity, by Level 3. But only the lower 1/4 of Net 4 -- the rest was already returned.
The other two Class A's were not for BBN's own use. BBN had run the ARPAnet for the feds, having built the first routers ("IMPs") in 1969. They were BBN's for government contract use only, and were returned to the assignment pool in the late 1990s.
Verizon kept BBN Systems & Technology, the non-ISP side, for a couple of years, but it didn't really fit. Eventually it was spun off to investors and BBN Technologies is again a separate company, mostly doing government research, and not an ISP. BBN's internal network uses a Class B (128.33, IIRC).
I believe IPv6 is still at least 15 - 20 years away. When I first heard about it back in 1999, I went on this panicked frenzy to figure out everything I could about the soon-to-be deployed IPv6. I wanted to make sure my home computers were ready for this major shift, and maybe take advantage of some network performance improvements. That was 8 friggen years ago. I should have put money on the Red Sox winning a world series before I bothered worrying about IPv6.
I am sure there are exceptions like routers and the like that do NAT but I have been in Network security for over a decade and the majority of the NAT is just one function that Firewalls are providing.
Packet inspection, encryption with or without VPN, authentication, NAT, PAT, bandwidth management, etc. You name it and most likely it is being done by a Firewall. The primary product I have worked with is Check Point and I have used it since before it was called Check Point. Back in the days when it was a co venture between Sun and Check Point and it was called Sun Solstice.
I think that current Firewall products, especially Check Point, have gone way over the edge with all the things they build into the product. A good example of this is Check Point's SmartDefense. I worked at Check Point for some time and many high profile customers would buy into the whole SmarDefense sales pitch to only be told later by the escalation team (Check Point's highest support level staff) that to be able to do what they want they would have to disable SmartDefense.
Don't get me wrong I believe in Check Point's products and if I were in the decision making loop I would definitely recommend many of their products but there are some things that have been integrated into their base firewall that is just silly. But, when you have a customer driven product development strategy this kind of stuff happens.
But back on topic, I don't know of any company, beside DSL and cable modem ISPs, that is using NAT that doesn't have at least a basic level of Firewall protection. They are like second cousins they just go together, like peas and carrots.
The Internet service providers will use hide NAT not to save on IP space, that is just an added bonus, they use it to keep you from getting inbound connections so that you cannot run web servers or host games, etc. This way they can charge you extra if you want to run those kinds of services. As far as firewalls go if you want your ISP to manage your Firewall service for you, even if you have a fat pipe T3 or bigger, they will be happy to do it but be prepared to pay. The managed Firewall service will cost you more per month than your Internet connectivity. Though, who can blame them when the average rate for a qualified Firewall engineer is around 80K, say in Dallas TX, and someone with my skill set can demand 100+ annually running a large Firewall infrastructure is not going to be an inexpensive proposition.
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
So why would I even think about ipv6 as a US home internet user?
Just guessing - So I can decipher ipv6 web and email addresses with my current browser and client (if they can)?
BSD has an option for it, but I ignored the option on install. (Desktop internet user - no servers)
Dave
Get Connected and head to http://ipv6links.net to find some sites that are available via IPv6.
Homeland Stupidity is a great ipv6-connected blog that many Slashdotters would probably like.
The way Hide NAT works is that when a user initiates a connection and is being hidden behind a hide NAT IP address the Firewall modifies your source port and builds a table so that when the response comes back it can do a lookup and find out which internal IP initiated that traffic so it can send them the reply. Since the range of possible source ports is 0 - 65535 then the theoretical maximum would be 65,536 active connections. So, it would be possible to hide even larger amounts of computers behind a single hide NAT IP since not all the users are currently accessing the Internet at once. Though, I have never seen such a large number of users hidden behind a single IP address. Since the maximum number of hosts you can have on one Ethernet segment is 1024 then I would imagine that someone with a massive amount of users would most likely hide them behind a unique hide NAT IP for each segment.
Though now that I think about it if you did want to say hide an entire country behind a single IP then it could be accomplished through multiple layer hide NAT. Say for every 100,000 systems (again remember not everyone will be accessing the Internet at the same time) you have a hide NAT IP, a RFC1918 (private one) then for ever 65,000 (since you could assume this IP would always be active since it represents up to 100,000 potential users) hide NAT IP addresses you HIDE them behind a public hide NAT IP. An example like this would allow you to hide 6,500,000,000 so if we ever get an interplanetary network going you could hide an entire planet behind a single public hide NAT IP. Though I wouldn't want to be involved in a project to hide an entire country behind a single public NAT IP. Unless of course it would make me Oprah rich. The biggest problem would accountability as the rest of the world could track it down and say OMG look what someone in China did but without China's help there would be no way to limit the possible suspects beyond that their IP sourced from China.
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
...and most of our other mobile workers. 192.168.1.x is just too widely used; however, good point on using a more obscure 10.x.x.x address, I may well do that. As for changing the directors, there's politics involved unfortunately.
"If he were a plant, people would roll him up and smoke him."
Peruse the following listing of IPv4 allocations by country:
8
http://www.ip2location.com/faqs-ip-country.aspx#1
Considering that virutal web hosting is pretty much de-facto and that NAT usage will definately continue to rise, does it seem reasonable to say that SOME countries are hogging IPv4 address space and subsequently hastening IPv4's demise?
linux redhat: " insmod ipv6 " or " modprobe ipv6 "
what's you system is?
and what you want ask?
Can someone post the PDF of the whole thing somewhere public? Please?
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
That was a typo - IPv6 blocks are free. IPv4 on the other hand gets expensive quickly.
Karma: Chameleon (mostly due to the fact that you come and go).
A quick correction to my above. They *are* in fact giving out IPv6 blocks free. I typo'ed v4 above. ARIN won't charge you, but you have to prove that you have some 65k customers.
This I just can't do.
Karma: Chameleon (mostly due to the fact that you come and go).
So you think companies will voluntarily hand over IP address space already allocated to them for the common good? Or do you think they will try selling them, thus providing financial incentive for companies to go to IPv6 instead?
As for network consolidation, I think you will find that services such as Comcast's "Triple Play" will only tend to reduce the number of IP addresses actually needed in the wild, not increase that number.Right now I use on IP address for my router, which uses NAT to supply an additional 5 or 6 to my home computers. My TV does not have an IP address. My home phone does not have an IP address. My cell phone does not have an IP address. With the convergence of services onto the IP network, soon not only will my TV and my home phone need an IP address, ideally they would like one that is not a NAT address to the quality of the service can be made more reliable without me having to overbuy by bandwidth. So how does adding public IP addresses for my TV and phone decrease the number of IP addresses that are needed?
There are only so many services that can be consumed in a 24-hour day, and therefore a limit on how many individually addressable devices will ever be needed in the world.There are more and more services and devices that are being internet enabled. Sure, there is a limit to the number as a function of the populace, but we're nowhere near that limit. Until my refrigerator can automatically order a new water filter cartridge, my car can schedule an oil change appointment, and my iPod can automatically and wirelessly grab new albums from my favorite artists to whom I have subscribed... there will be a need for an increased number of IPs, not decreased.
True, the sheer size of the IPv6 address space obviates many of the tricks we've used to get around the very bad choices made in the early days of IPv4 as concerns allocation of address space, but at what cost?Yes, what is the cost? Eventually all your network gear will break. There is not much on the market these days that does not handle IPv6. Service providers gain real traffic shaping and management capabilities from IPv6, which they currently spend a significant amount of money to replicate via specialty hardware. Since IPv6 is backwards compatible, I see the network core and the provider edge moving to it in the next decade and I see increasingly smaller networks moving as the cost of being IPv4 goes up and the cost of being IPv6 goes down.
I'm an ISP building out a new fiber ring in St. Louis. They tell me they want me to build it out IPv4, get my customers, THEN come back and ask for IPv6. ????
Rather than do it right the first time, they want me to go this route instead. W. T. F. ?
Karma: Chameleon (mostly due to the fact that you come and go).
Though I wouldn't want to be involved in a project to hide an entire country behind a single public NAT IP. Unless of course it would make me Oprah rich. The biggest problem would accountability as the rest of the world could track it down and say OMG look what someone in China did but without China's help there would be no way to limit the possible suspects beyond that their IP sourced from China.
I didn't know that it could be that easy to actually do. I've heard of the great firewall of China and several other countries that where controlling their part of the internet. Now, I don't care if the US or UK can track down some thing to my big bad country. (Actually, I would be concerned about them, and would actually use US or UK ISPs for foreign intel work, but for domestic uses let's hide my citizens from them!) Yes, that would mean that the US or UK couldn't spy or track down a Chinese IP address without Chinese help. I liked your explanation. I was thinking, we could have 1 US IP, 50 state IPs, and each state would have various county IPs, then each county could just look at the zip codes and say they need that many ip addresses. You could have a town/city level in there as well. No here is where it gets "interesting." I live the US in the State of AR, in Miller county in the city of Texarkana. That's 4 levels of potential privacy law protections that others would have to break through before getting to my local ISP would would add a 5th level of protection. How difficult would it be for the RIAA or MPAA to back track through that? Of course, the flip side is would any P2P program work through that?
I have been involved in the startup up several ISP. All of which were eventually sold to another larger provider. That is generally how it works. At least if you are running it like an actual business and not as a side hobby.
/dev/null (essentially throwing it away before it has ever been written to disk). Now, a company like this would have to take very strong security methods to keep from being an easy target. Not an easy thing to do when you don't keep a single log but I think it could be done. The good thing is that the law requires you to turn over logs when they suspect someone and need to track them down. If you didn't have any laws then you wouldn't have to turn over anything and you wouldn't be breaking any laws. I don't know of any laws that require you to maintain any level of logging and all those logs take up disk space anyways. Plus your users would be completely protected because you couldn't be compelled to turn them in for anything since you yourself wouldn't be able to track them down.
Anyways, I have always though if I was going to be involved in another ISP venture I would make it so I didn't log anything. For those of you that know UNIX I would just send all my logs to
I'm for smaller government and privacy is very important to me. Sure people would sign up to my service just to do bad things and the law would be request my logs all the time. The most they could get would be a list of customers. Also, I imagine if people did do bad things and I complied and gave them my logs, nothing, then I bet it would lead to some serious press which would just bring more customers to my service.
As far as P2P goes. It has evolved along with the Internet. systems like bittorrent would work in a completely hidden system because of the nature of the way they communicate. Nobody is a server and all sessions are initiated by the clients. The technical aspects of this would take hours to describe but the short answer is yes P2P would thrive.
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...