Slashdot Mirror
One Less Reason to Adopt IPv6?
alphadogg writes "For a decade, IPv6 proponents have pushed this upgrade to the Internet's main communications protocol because of its three primary benefits: a gargantuan address space, end-to-end security, and easier network administration through automatic device configuration. Now it turns out that one of these IPv6 benefits — autoconfiguration — may not be such a boon for corporate network managers. A growing number of IPv6 experts say that corporations probably will skip autoconfiguration and instead stick with DHCP, which has been updated to support IPv6."
But puppies don't have a "gargantuan address space" or end-to-end security. Trust me, puppies leak all the time.
I don't have a microwave. I do, however, have a clock that occasionally cooks shit.
DHCP in an IPV6 world is a buggy whip. It's not necessary. An IPV6 device can discover its own IP address and gateway router and subnet mask (if necessary) without the help of any servers because it's built into the protocol stack.
DHCP doesn't give a network admin any more control over a network, either. That's just a silly statement. How does having a server doling out IP addresses make it any easier to control a network? It's not a like a device *must* be set to use DHCP. It's not difficult to figure out what IP address ranges a DHCP server is not doling out and use that, even on IPV4.
My blog
IPv6 Autoconfiguration is close but no cigar in a couple of signignificant ways:
/64 addresses for hosts, the address size gain, while large, isn't anywhere near the original promise, and encoding the MAC address into a globally-visable IP address does release information about hosts which was formerly private (NIC vendor, for one, as well as the more theoretical complaint about the layering violation).
1) DNS server information wasn't baked in from the beginning (there are now some drafts to fix this, but I haven't yet seen the working code) - all this time, and we managed to recreate BootP...
2) Because autoconfiguration uses
3) Just try it with VMWare or other virtualization software. Ouch. There's a whole lot of borked there.
4) Obviously you wouldn't want to use it for a true server, becuase who wants their server IP to change when a NIC burns out?
All that said, in a dual-stack environment it works reasonably well: but it doesn't honestly look like anyone gave much thought to a time when IPv4 wouldn't be present on the LAN or on the hosts...
Need Geek Rock? Try The Franchise!
Autoconfig is nice for home networks and such. For the corporate world, DHCPv6 is far more useful.
Most people think of DHCP as just giving an IP address, mask, gateway, and DNS. DHCP can do SO much more. We're talking HUNDREDS of pieces of data, including custom strings. Want to tell your IP phone where the call manager is? DHCP. Want to tell your Netware clients where the nearest replica server is? DHCP. Still using WINS for some strange reason? DHCP.
Autoconfig is nice for the lazy admin, but for folks who want to keep track of where their IPs are going and want to deploy additional features, DHCP is the better option.
There is no reasonable defense against an idiot with an agenda
:wq
There have been a number of suggestions to solve it that problem, of course, ranging from adding an extra field for DNS servers in the autoconfig ICMP messages to using well-known unicast addresses for the closest recursive DNS server to using a dedicated protocol just to discover DNS servers. The first and last of those have (rightfully, IMNSHO) been shot down because then one might "just as well" use DHCP, which exists and has a solution ready for the issue at hand. I cannot remember why the unicast suggestions have been rejected, though, and it has been disturbing me, because I think it is the best solution. I really just cannot see the drawbacks to it. I guess there might have been some talk about lack of security in that model, but that's a problem with DNS in general, though. That's why DNSSEC was invented.
Last I looked, the consensus seems to be to use autoconfig for address generation, and then request network information (such as DNS servers) from a link-local DHCPv6 server. When everything comes around, I think that's a rather good solution. Clients can still get whatever non-occupied address they want (which means the privacy extensions will also continue to work), and still get the information they find relevant, and a DHCPv6 server should be easy to implement on a network of any scale.
Autoconfig is a nice default for something that "just works" without much need for an admin to plan out the network, and DHCP is great for tighter control where needed. What's wrong with having both options available?
init 11 - for when you need that edge.
IPv6 isn't that good because DHCP has been updated to support IPv6?
O.O *blink blink* O.O
Printer Friendly:
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2007/091107-dhcpv6.html
[Fuck Beta]
o0t!
IPv6 33% Pointless
One Less Reason to Adopt IPv6
IPv6 Address Assignment Choices
Some May Forgo IPv6 Autoconf. for DHCP
IPv6 Autoconf. Vs DHCPv6
NetworkWorld chic: Well, I like "33% Pointless" the best, but my editor struck it down. The informative ones are too boring. I'll get more page views with "One Less Reason..."
a gargantuan address space,
Methinks one reason IPv6 hasn't been adopted is because those who have chunks of the IPv4 space are quite happy having what is essentially an artificially precious resource.
Most people think the IP address space is "nearly full", but a handful of companies are sitting on prime real estate (nevermind there is a huge amount of "reserved" space which is not in use.) For example, why do the following companies have entire class A's to themselves?
Please help metamoderate.
> Why are we waiting until it's a crisis to deal with it?
:-)
Because that's just human nature -- we're all procrastinators -- some of us admit it -- others are putting that admission off.
History is replete with situations where timely action would have saved piles of money and/or lives -- have we ever acted at the right time? No -- we wait until something like http://www.historyplace.com/worldwar2/timeline/dday.htm is necessary.
So I think we can all safely predict that it will be a crisis before we do anything about it.
And remember -- never put off until tomorrow that which can be put off until the day after.
Ian Ameline
Because people learned the WRONG lesson from y2k.
Nothing happened.
So the accepted wisdom became that the whole thing was just an alarmist fiasco that chewed up a bunch of money unnecessarily. They don't realize that y2k was no problem precisely because of all the noise. A LOT of people did a lot of planning and a lot of work, and that all paid off in how few problems there really were.
But the common man, and unfortunately the common leaders don't understand that. So now y2k was a so-called crisis, wasn't a problem, and we can approach our next so-called crisis without the extensive preparation we "wasted" on y2k. Oh boy!
The living have better things to do than to continue hating the dead.
What's up with the OSI protocols? NIH I guess. Lets all re-invent the wheel instead.
That's not the problem that I saw, 15 or 20 years back, when I was involved in a number of OSI implementation projects. We were in fact looking at several competing protocols, with the idea of implementing them all and developing test suites to determine their good and bad points.
But something interesting happened on all the OSI projects: We'd need the specs, of course, and you couldn't download them. You had to order the hard copy. This meant going through the usual corporate red tape for ordering stuff. You'd fill out a requirement doc, get it ok'd. You'd fill out a purchase req, figure out whose signatures you needed, and have the secretaries work on collecting the signatures. You'd mail off the order, and wait.
Meanwhile, since there was a lot of waiting to do, we'd work on the IP version. We'd download the RFCs, spend an hour or so reading and a few hourse discussing, and then we'd sit down at a terminal and start coding. We'd be at the testing stage within a day, and have usable results in a few days. By the time the OSI specs showed up on our desks, we'd have had the IP version up and running for weeks. While we were reading the OSI specs (always much larger than the IP specs), we'd have users getting experience with the IP version, and sending in bug reports and/or change/feature requests. By the time we finally got an OSI version to the alpha stage, the IP version would be ready to send to the first customers.
If the OSI gang had had the sense to make their docs available free on the Internet, they might not have lost so badly. But by trying to make the specs a profit center, and by using a different competing delivery network (the postal system), they put a major time blockade in the way of developers. So they lost out big time to IP.
I've never been all that convinced that IP was any better than OSI, especially now with the big migration to IPv6 peering over the horizon. But I never really got a good chance to test them and compare their capabilities. The OSI version of our code was always so far behind the IP version that the whole issue was moot. IP won every race, because OSI was so slow out of the starting box. And that was because we developers couldn't get out hands on the specs in a timely manner.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
"Why are we waiting until it's a crisis to deal with it?"
/. fix.
Ironically, the longer you wait to deal with it, the cheaper it may be!
There are some obvious reasons why waiting longer makes it cost more, but there are quite a few subtle reasons why it's cheaper to wait. For example:
1) If your current hardware is not IPv6 capable and you buy new IPv6-capable hardware now, it may reach end-of-life before you need the IPv6 capability.
2) IPv6 routes take more memory than IPv4 routes. The longer you wait, the cheaper it will be to add this memory. (Note that we're not just talking cheap main memory, we're talking expensive CAM and custom chip memory.)
3) Research and development are constantly progressing. The longer you wait, the better researched the solution you ultimately deploy may be. (To a limit, of course. You also lose the chance to gain experience.)
On balance, I think we're progressing at a sensible pace, perhaps a bit slower than perfect. People are continuing to do test deployments to see how IPv6 will work and make sure they'll be able to implement it for real when the demand comes. But they're not wasting money replacing working hardware or increasing network instability on the real, live Internet we all depend on for our daily (hourly? half-hourly?)