Four Root DNS Servers Go IPv6 On February 4th

I Don't Believe in Imaginary Property writes "On February 4th, IANA will add AAAA records for the IPv6 addresses of the four root servers. With this transition, it will finally be possible for two internet hosts to communicate without using IPv4 at all. Certain obsolete software may face compatibility problems due to the change, but those issues are addressed in an ICANN report (pdf)."

Routers!

[arth1]

The main problem isn't obsolete software, but hardware. Changing routers to some that support IPv6 isn't done over night. And even if you do, and get IPv6 assigned, it doesn't help unless your provider also supports IPv6 -- else you might as well be tunelling the old way anyhow.

Regards,
--
*Art

Re:Routers!

[jskline]

This actually begs the question then about the current crops of routers out there, both the Cisco's and the cheap dime-store Speedstreams, etc.. All of these will have to cope and function with both IPV4 and IPV6 because as I hear it, IPV4 will not go away yet for a very long time because of legacy hardware/software platforms.

Re:Routers!

[Just+Some+Guy]

else you might as well be tunelling the old way anyhow.

What's so awful about that? OK, so it's not native, but none of your apps or services can tell the difference. The advantage is that when you do get native connectivity, you've already done your testing and you're ready for the world.

Re:Routers!

[palegray.net]

I ask this because I honestly don't know. How many routers on the net are embedded devices capable of receiving firmware updates to cope with the additional functionality? Or, how many full-fledged "router in a box" style server systems are capable of receiving software updates, or already support IPV6?

Re:Routers!

[ArsonSmith]

This may beg for the question, but it does not beg the question.

Re:Routers!

[D'Sphitz]

That's great, and what's funny is YOU didn't even know what "beg the question" meant until you had some pompous grammar nazi explain it to you, and now all of a sudden you've taken on the cause. What's your cause again? Oh yeah how dare people misuse "begs the question", of all the causes to champion...

Re:Routers!

[ArsonSmith]

...and I got modded flamebait?!? Anyway, what's wrong with championing the "begs the question" correction battle? It's important to keep language consistent because it is a very good thing for language. I have educated myself through reading Slashdot grammar Nazis. While you would rather embrace your ignorance.

Re:Routers!

Part of the problem is that, even though most routers can get software updates in the field, older models only have hardware accelerated IPv4 support. If you upgrade these routers to IPv6, they have to do everything with their puny CPU, which means the same router can handle fewer IPv6 packets than IPv4 packets.

Re:Routers!

[VagaStorm]

For ip6 to be used, dos ip6 has to be used all the way, or could say dsl users sit on ip6 adresses and access servers on ip4s?

Re:Routers!

[NatasRevol]

" It's important to keep language consistent because it is a very good thing for language. "

Wow, that's idiotic. It's important to keep language dynamic because it is a very good thing for language to be UP TO DATE. Else, thou wouldst have to sticketh this commentation in thine arse!

Re:Routers!

[zsau]

"To sticketh" is not grammatically correct. The "to" signifies that we are using an infinitive of the verb, yet the "-eth" is a finite ending. -eth is simply the original form of the -s suffix on verbs: it marks the singular third person present tense. So "he sticketh", "John sticketh" are fine, but "have to sticketh" is not.

Re:Routers!

[totally+bogus+dude]

The phrase "begs the question" has an intuitive meaning which is understood by any English speaker even if they've never encountered the phrase before. The fact that the intuitive meaning is "wrong" is irrelevant. The "correct" meaning is only going to be understood by those who study philosophy or logical fallacies, i.e. a specialised field. It's further complicated by the fact that there are other terms such as "circular argument" which mean much the same thing (and are typically used when people are trying to explain what begging the question "actually" means) and which are understood by most people.

It's similar to the debate over "kilobyte" meaning 1,000 or 1,024 bytes. The sanest thing to do is to treat it as a term which has a special meaning within a particular industry, i.e. when used in the context of computing "kilo" means 1,024, while in other uses it continues to mean 1,000; and make allowances for the fact that people who don't know about the fact it has a different meaning in computing will sometimes use it incorrectly.

It's perfectly reasonable to correct people who use the term incorrectly in a discussion about logic. Correcting laypeople serves no purpose, as the only people who give a crap are those who get a feeling of superiority when they know some technicality that 99% of the population doesn't give a crap about. Most people will continue to use the phrase "incorrectly", because they know that everybody else will understand what they mean, which is the purpose of language.

Re:Routers!

[totally+bogus+dude]

I'm fairly sure the IPv4 space is mapped into a part of the IPv6 space, and I think that IPv6-only hosts would be able to convert an IPv4 address (i.e. from an IN A DNS response) into the IPv6 equivalent. This could then be routed to a NAT gateway which would rewrite the packet as an IPv4 one. So it should be doable. But note the "fairly sure" and "I think" and "should".

In practice, everyone that's interested in interoperability (i.e. most people) will use both stacks simultaneously. Most systems that support IPv6 now have both a v4 and v6 address. They typically look for a v6 address first but failing that will fall back to v4 communication.

Re:Routers!

[emilper]

considering that by the time "sticketh" might have been regarded as a grammatically corrent expression there were sooooo many "English" grammars and orthographies in use even in printed books, the fact that thee hast no sensse of humore really irrelevant is ... I only wish there was a way to use the Ascii to imitate the funny XVIIIth century alphabets, where the s-es looked very much like the f-s, so the anachronism would be complete. ... right, I should stop celebrating the New Year ... right now ...

Re:Routers!

[zsau]

Wait, mefeems 'tis thou who haft no fenfe of humour. Ich vfed an form of humour known as "irony".

And in any case, iuft becaufe fpelling and writing was not as ftandardized at ye time ne meaneth not that Englifh grammour was oyer yan how j defcribed it. Iuft as there are things we can fay in colloquial fpeech (like double negatives) and things we cannot say (like "Said john donkey a the eatinged cat" for "John said the donkey was eating a cat"), there were ways grammour (and fpelling) cud differ and ways yey cud not. Thow wast wrong; I am right.

Re:Routers!

[dodobh]

The core of the Internet is fully IPv6 capable. As you move towards the edge, the deployment of IPv6 becomes more and more problematic (CPE tends not to support IPv6 at all).

Re:Routers!

[True+Vox]

I am NOT a grammer Nazi, but I would simply point out that the only 'consistent' languages I'm aware of (as far as ever were or are commonly spoken by humans) are dead ones (such as Latin). English is ever evolving (ever read any of ye olde english?).

Re:Routers!

[NatasRevol]

ok, you just jumped the shark on this joke.

or is that fark???

Re:Routers!

[rs79]

"The main problem isn't obsolete software, but hardware."

Well, that'll get those last versions of bind4 out. It pukes on quad a records.

Re:Routers!

[ArsonSmith]

Sorry, I was begging the question.

Finally

[elsJake]

Hopefully ISPs will start to offer IPv6 as standard pretty quick, I'm getting tired of dynamic IP allocation.

Re:Finally

[CastrTroy]

They don't do dynamic IP addresses because they don't have enough addresses. They do it for stopping you from running a server on your home computer. Sure you can still run a server, but it's harder to run one when your IP address keeps changing.

Re:Finally

[tgd]

No... if that was the case, your IP would change.

IP changes, in my experience from both Comcast and Verizon FIOS, are so rare that they effectively don't happen. I've never had a change with FIOS from the day the service was fired up, and although I can't recall ever having my previous Comcast one change except when I physically moved, its possible it did once or twice.

If they want to block servers, they'd block inbound ports.

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer.

Re:Finally

[elsJake]

True, true... I don't get them tho , the number of people doing that is so low. And then you have CNAMES +/ some dynamic DNS service.

Re:Finally

[cheater512]

AOL is the best example. Global network, hundreds of thousands of users.
Do you really think they dont give out static ips because they dont like home servers?

Yeah some ISPs dont like servers. Some even block certain ports (25 is occasionally blocked).
It everyone had static ips though then we'd be using ipv6 a long time ago.

Re:Finally

[Kjella]

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer. Hell, I find they make life simpler for us geeks too. I went into my router set up, clicked a button to say this lease is permanent and unless I change my network card (aka MAC address) it'll still get the same IP even if I wipe the system clean. Much, much simpler than setting it up manually.

Re:Finally

I just set up a publicly available server on my home DSL account last week. I'd known how for years, but never bothered. I went to dyndns.com. Signup took a couple of minutes. Picking out a subdomain took a couple more. Altering the httpd.conf to have a VirtualHost matching my new DNS name took another minute or two. Adding a port-forward rule to my router took another minute. Downloading an installing the DynDns IP Update client took a couple minutes.

Total time spent: under 10 minutes.

The only caveat here is in the port-forward setup. If the ISP is all Nazi about blocking servers, don't use port 80 or 8080. Just tell your router to forward incoming requests on port 8081 to port 80 on your server machine. After that, it just runs.

Re:Finally

[peragrin]

I have forced Time Warner to change my IP address by playing around with the settings on my router.

though if I use the same mac address I usually get the same IP. exceptions to this are duration between changes.

As for IPV6 my systems and internal routers can use it whenever I want. As it is now my routers broadcast both, switching won't be hard.

Re:Finally

[Blakey+Rat]

Obligatory "me too." I've had Verizon DSL for over 5 years now, and I think my IP has changed once in all that time. While it's technically a DHCP-assigned address, in practice DHCP nearly always assigns the exact same address when the lease is up, and you end up with a (non-guaranteed) static IP. I can't speak for other ISPs, but Verizon is good that way.

(I just wish they'd run FIOS in my hometown already!)

Re:Finally

[Ash+Vince]

No... if that was the case, your IP would change.

IP changes, in my experience from both Comcast and Verizon FIOS, are so rare that they effectively don't happen. I've never had a change with FIOS from the day the service was fired up, and although I can't recall ever having my previous Comcast one change except when I physically moved, its possible it did once or twice. My IP changes every time I reconnect. If I tell my router to drop its connection then reconnect straight away I never get the same IP. As to why my ISP do this I have no idea if it is to stop me running a home server or not, but I do know they throttle bit torrent traffic. Personally I don't mind them throttling torrent traffic if it means I can play online games with no lag.

Back on topic I would like to say that for about as long as I can remember we have been very close to the limit of IPv4 addresses. Without dynamically assigning a lot of home user IP addresses we certainly would have hit that limit a long time ago.

Re:Finally

[cwebster]

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer. DHCP can be used to assign static addresses and it would be transparent to the end user.

Re:Finally

[SeaFox]

What makes you think they are going to start giving you a free static IP just because they transition to IPv6? Right now most providers charge for a static IP, they have no reason to give away a revenue stream.

Re:Finally

[dekemoose]

If I recall correctly, you don't get routable IP Addresses from AOL, you get stuff in the 172.16.0.0/12 address range. Net requests are then all run through some form of proxy or NAT out to the real net.

Re:Finally

[XenoPhage]

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer. DHCP can be used to assign static addresses and it would be transparent to the end user. Reasons they don't :

1) Possible admin overhead (automatic assignment needs to handle non-contiguous blocks, returned IPs, etc)
2) Why waste the time on this? Is a static IP guaranteed as part of your service?
3) We can charge for static IPs!

Re:Finally

[raju1kabir]

I think many of us geeks know that you can also use methods like DHCP to configure static IPs. What you are benefiting from here is DHCP, not your dynamic IP.

Re:Finally

[elsJake]

for one , my ISP doesn't give me the opportunity to pay them for a static ip.

Re:Finally

[grahammm]

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer. Surely dynamic IP addresses are a legacy of dial-up where each dial-in port has a fixed IP address and this is assigned to whoever is connected to that port at the time.

Re:Finally

[Kizeh]

No. It's the only sane way to allow for changes in network address assignments and for zero-configuration networking on machines. In larger installations it also allows for essentially statistical multiplexing; not every computer hooked up to the network is going to be on at the same time, so the total number of addresses needed is lower than the number of computers.

Re:Finally

[rtb61]

Well that is not completely accurate. They don't do it to stop you from running a server, they do it to 'charge you a lot extra' if you want to easily run a server.

So with IPv6 comes the dirt cheap home web/mail/file server (bye bye web and ISP email), enormously long and ever growing IP address blocking lists (billions of entries), possibly hardware manufactured with a fixed IP address and compulsory personal registration (government and corporations watching and monitoring all of your digital interactions all of the time), the growth of web IP anonymising services.

A lot of opportunities and unfortunately a lot of problems unless the corporate and political, greed and power control freaks, are not kept under strict control and preferably behind bars where they belong.

Re:Finally

[suggsjc]

I think the parent should be modded up (at least a little). For a moderate sized network having ip addresses handled by dhcp (meaning almost zero client configuration) combined with a local dns server (for internal lookups) means that you can essentially control how everyone in the network gets access to ip based resources all from a single configuration (ok, well two configurations).

Re:Finally

[SCHecklerX]

They do. Because I have a list of about 110 addresses on my mail server that gets 3-4 messages a day, I was blocked "because your computer has a virus", smtp both inbound and outbound. Mailhop outbound and mailhop relay from dydns fixed the problem for now by letting me run on a different port.

Re:Finally

[ZorbaTHut]

My ISP actually does offer DHCP to assign static addresses - my package comes with no less than 8 static IPs, and if I wanted to I could use DHCP for them.

In reality, I have an OpenBSD box acting as a router with static IPs (and NAT, natch), and on the other side I have . . . static IPs distributed over DHCP because it's just plain easier. My computers have static IPs, friend's laptops get assigned dynamic IPs, everything works.

DHCP is awesome whether you have static or dynamic IPs.

Re:Finally

[gnarfel]

That isn't true. Time warner's routing system internally 'knows' where your IP is, and if you assign yourself a static one, most incoming packets simply wont get routed. You can still browse the internet mostly, but quite a few problems start arising if you assign yourself an IP thats in a different logical network than your dynamic one.

Re:Finally

[thatblackguy]

having techs setting up every joe six pack or grandmothers computer. Lol, ironically an Indian ISP 'Sify' does exactly that. How do they handle the cost? Teach two 'joe six pack' types exactly what steps to follow like trained monkeys and send them around. "Ok now sir if you'll just start windows" "But I don't use windows" "Then how can you start your computer?" "....."

Re:Finally

[jimmypw]

Your right its the only ISP i know of where your external IP address changes Dynamically thanks to the several layers of transparent proxies.

Re:Finally

[CastrTroy]

With everybody and their brother having a router in their house, how much can they really rely on not everybody being connected at the same time.

Re:Finally

[dpilot]

I've been an Adelphia/Comcast customer for quite a few years, and my results mostly mirror yours.

But think just a moment about the way DHCP is supposed to work! When you are given a lease, you store away the address you've been given. When you next request a lease, either at renewal time or after you've been offline for a while, you request the last address you had. In general, if that address is available and valid for your subnet, it's the address you're given. On the other hand, if you've been offline for a while, say for an ice-storm power outage, and in the meantime say a new customer comes online, they might get your old IP. Then when you reconnect, your old IP won't be available, and they'll give you a new one, which will then be as stable as the old one was. The other reason I've seen for IP changes is when they reconfigure their network, juggling subnet sizes, or just plain moving subnets around different prefixes.

THAT is why our DHCP addresses are so stable. They're actually doing a good job of implementing DHCP as it's meant to be implemented. Amazing, isn't it? If they wanted to be pricks about it, they could tweak their DHCP servers to rotate IP leases every renewal, plus they could also shorten the renewal interval. Places like DynDNS.org might even crumble under the load of cable/dsl subscribers updating their IPs so frequently.

I'm a little surprised that they don't simply block incoming SYN packets (and "new" incoming UDP connections (I know, UDP is stateless, but IPTables pretends for conntrack, and so could they)) - they'd be perfectly within their TOS rights to do so. IMHO it's another example of the "New York State Thruway speeding ticket" effect. They have "laws" (TOS) in place that they don't generally enforce, yet pretty much everyone breaks. Then when they have reason to not like you, chances are overwhelming that they can get your for *something*.

Re:Finally

[icsx]

Actually they do dynamic because its faster to set up through DHCP. Saves time and effort + why give customers a static IP when you can charge extra for it?

Re:Finally

[mrbcs]

no-ip.com

Address problem solved.

This ipv6 is all bullshit. They can nat until the cows come home or also free up the unused space. My fridge does NOT need to go on the damn internet! And if it did, it could go through the router.

I still don't see this shit happening for a long time. What I don't like about it is that your mac addy is embedded in the ipv6 address. I don't like the idea of being that easily identified. (Watches too many tin-foil hat shows)

Re:Finally

[darkpixel2k]

I think many of us geeks know that you can also use methods like DHCP to configure static IPs. What you are benefiting from here is DHCP, not your dynamic IP.

I think what you are trying to say is that the major benefit isn't necessarily the 'D for Dynamic' in DHCP, it's the 'HCP for Host Configuration Protocol'.

As an admin, I could care less what IP the workstations on my network get (meh--within reason. 192.168.33/24) ...as long as it gets them without me having to go tweak another setting on each machine.

Re:Finally

[jjthegreat]

Sorry for answering so late in the game, but one of the main reasons to have dynamic ip's is so that the ISP does not have to keep (and pay for) large blocks of unused ip's. They oversell ip's like they do bandwith as they know not all of them will be in use 100% of the time. Ever wonder why some ISPs have ridiculously short lease times, sometimes on the order of 4 hours?

Pave way for 128-bit registers?

[Besna]

First of all--this is great news. We need breaks from the past like this. Maybe we'll see computers natively handle 128-bit words. UUIDs are already there. I'm sure the custom networking hardware already has it down, but this could be something that drives it. 128-bits seems like overkill for addressing, but it could be put to use as well.

So when will I be able to connect?

[AlexMax2742]

So when will this mean that I can actually use IPv6 for connecting to servers?

Like, when will I be able to open my browser window, type in an IPv6 address, and connect to...say..google?

Re:So when will I be able to connect?

[Blakey+Rat]

Three years after the sun goes dark.

Re:So when will I be able to connect?

When NAT stops working. So never. Perhaps it could be legislated in the USA as part of some kiddie porn tracking law, but other than that going to IPv6 is just an extra short term expense for most businesses.

I think it is more likely a 2nd network will emerge with gateways between v4 & v6. But again it seems there needs to be a compelling benefit for businesses to change (ISPs).

Re:So when will I be able to connect?

[dmayle]

Right now.

No, really.

There are tunnel brokers who will give you an IPv6 address now, and tell you how to create an IPv6 over IPv4 tunnel and keep it up. I've got one public server already set up on IPv6 by tunnel.

Some ISPs are starting to offer native IPv6, as well. My ISP from when I lived in France, Free.fr, offers 30Mbit/2Mbit ADSL with unlimited calling to 40 odd countries with 300 odd channels for 29.99 Euros. They just added IPv6 addresses for those who request them. Makes my Optimum Online service look like the absolute crap it is...

Re:So when will I be able to connect?

[discogravy]

if you're browsing by IP now anyway you're doing it wrong.

Re:So when will I be able to connect?

[rwyoder]

So when will this mean that I can actually use IPv6 for connecting to servers? Like, when will I be able to open my browser window, type in an IPv6 address, and connect to...say..google?

dig www.google.com any aaaa

Pretty tough to connect via IPv6 to a server not advertising an IPv6 address.

If you want to use IPv6, you need to do one of the following:

• Get an ISP offering IPv6.
• Use IPv6 Anycast.
• Get a tunnel broker.

I currently use Anycast. I've used a tunnel broker in the past, but with a dynamic IP, Anycast is less fuss. The easiest way to do the 2nd or 3rd choice is to get an Apple AP.

Re:So when will I be able to connect?

[Chris+Mattern]

Right now.

No, really.

You appear to have misspelled your answer: the correct answer is "Real soon now. Not really."

Google has no IPv6 address to connect to. Nor have most other major net sites. IPv4 is still the only way to connect to almost all of the internet.

Chris Mattern

Re:So when will I be able to connect?

[Kizeh]

When Google decides to support it and when your ISP decides to support it. My university is natively IPv6 connected, and for any of the few places that have IPv6 running I use IPv6 on stock Vista 64 bit, no changes necessary. Client and server OSs, routers/switches and a lot of applications support it just fine today. Our FTP mirror syncs some distros using rsync over IPv6, and there are some public audio streaming servers and random other resources on the net, although presently precious few.

Re:So when will I be able to connect?

[Pedrito]

if you're browsing by IP now anyway you're doing it wrong.

Imposter! Real hackers always browse by IP!

Re:So when will I be able to connect?

[thatotherguy007]

Real hackers always browse by IP! Ha! You missed something. Hackers have no need to browse; they can simply wget all pages individually and manually render them.

Re:So when will I be able to connect?

[idiotnot]

Google has no IPv6 address to connect to.

But I understand that they're working on quite a bit of IPv6 stuff.

Nor have most other major net sites.

OTSG needs to get in gear. Slashdot and Sourceforge should have had connectivity two years ago.

IPv4 is still the only way to connect to almost all of the internet.

Unfortunately, this is true. I am able, however, to do most of my free software system updates over IPv6 (NetBSD and Debian).

The uptake of IPv6 should continue to grow as a) the federal government really starts to integrate things (deadline for the backbone of all federal agencies is this summer, per OMB, but there's also work ongoing with the emerging military systems....from what i understand, the F-35 makes use of ad-hoc features....an aircraft from all three branches that'll fly them will be able to get together, and share information so long as they're in comms range), and b) Vista's uptake increases.

The second one will be even more important than the first for the edge devices....the only consumer-grade router I've seen that does v6 natively (yes, you can do them on a linksys w/ loonix, I get it already) is the Airport stuff from Apple.

About time..

[ch-chuck]

Great, now we can soon get on with the job of assigning static ip addresses to all our toasters, refrigerators, furnaces, thermostats, tv sets, electric hairdryers, etc.

Re:About time..

[Dark$ide]

Err, I've already done that by using NAT with a 10.0.0.0/16 subnet. That gets me plenty of IPv4 for all the IP capable devices in my house.

Re:About time..

[l8f57]

My furnace does have an IP address (and domain name): http://www.freymond.ca/templogger/

Re:About time..

[cheater512]

With IPv6 I think everyone in the world could have enough ips for one per atom in your body with plenty left over for any population increases.

2^128 is a very very big number. :)

Re:About time..

[FooAtWFU]

I want to be able to configure my Christmas lights via SNMP. Each and every single bulb, individually.

Sure, you may laugh now and recommend a controller-based architecture with different instance IDs for each bulb, BUT SOMEDAY IT SHALL BE SO!!!!!!!11

Re:About time..

[Denis+Lemire]

That's odd, I can't seem to ping your toaster... Its almost like a route doesn't exist... Unfortunate!

You and your kind (those ignorant of IP networking and the concept of true end to end connectivity) may enjoy non-routeable addresses, but I happen to like the flexibility that incoming connections permit.

I could rant about all the things your lousy NAT setup breaks but arguing about this over and over again is just getting tiresome.

Re:About time..

[jackpot777]

2^128 = 3.40282367 × 10^38, says the Googles.

This page says "A 70 kg body would have approximately 7*10^27 atoms." So enough for all the atoms in all the people on Earth.

Re:About time..

[DoktorSeven]

And why the hell would anyone want a route to his toaster? With NAT, you specify exactly what you do and do not want exposed to the outside world. You can make it completely invisible if you want, or certain ports, or fully and completely open. With v6, you've unnecessarily exposed something that you don't exactly want open, and would have to firewall every single device connected to your "wonderful" new world of everything connected to v6.

Just because it's SHINY AND NEW and allows you to give every TV, toaster, camera, and dildo in your house an IP address doesn't make it better. Intelligent use of v4 with NAT is just fine.

Re:About time..

[mr_mischief]

You both have points, but why the hell do you need to access his toaster or would he need to access yours? NAT gives him the flexibility to decide which outside connections get forwarded without a separate set of firewall rules for the internal and external networks. Despite the totally internetworked ideal some people have, people will still use NAT with IPv6. It won't be for lack of addresses, but for (ab)using the lack of routing in place of a proper addition of firewall rules.

There are other nice things about NAT, too. You can achieve many tricks with NAT, ARP tricks, and tunnels for failover redundancy, transparent proxies, and load balancing. Having multiple machines appear on one IP can make things convenient depending on your goals and methods.

IPv6 gets rid of one big reason for NAT, but it's still going to have uses.

Re:About time..

[dvice_null]

There are some people who don't even have their own public ip address. These people are surfing by sharing the same ip address with thousands of other people and only thing they have in common is that they don't live in the USA and they have the same ISP.

Re:About time..

[Denis+Lemire]

What is so difficult about adding a default rule to your firewall that blocks all incoming connections to your subnet and then adding rules specifically for the devices and services that do require incoming connections?

ie) deny ip from any to 2610:78:ad::/48

With NAT you are eliminating the possibility of incoming connections, with IPv6 you can deny connections all you want but can allow incoming connections where required or desired. Sure you can setup a port forwarding rule to allow a service for a given machine, but what happens when you need the same service to go to more than one host? You know need to accommodate for that by changing the incoming port on your real IP.

Not to mention all the issues raised by protocols that embed IP's that are not routable within the protocol themselves (take the SIP protocol for example). Work-arounds need to be put in place for many protocols on an individual basis in a NAT'd environment. This is a pain in the ass that would be highly unnecessary in a post IPv4 world.

If you're so fond of the kludge that is NAT, nobody is stopping you from using NAT with IPv6 in combination with a non-routable unique-local prefix (fc00::/7).

Dragging your feet on adoption of a superior technology that works for every situation in favor of a broken setup that happens to meet YOUR rather limited requirements is delaying progress for the rest of us. ;)

Generally speaking the consumer world isn't ready for IPv6 yet anyway (Too many Windows machines with limited IPv6 capabilities)... but I still get annoyed with all the anti-IPv6 commentary by those that have not fully investigated the specifics.

Just the personal pet peeve that is looking forward to moving behind the network design of choice for the 1980's.

Re:About time..

[pyite]

With v6, you've unnecessarily exposed something that you don't exactly want open, and would have to firewall every single device connected to your "wonderful" new world of everything connected to v6.

At least v6 gives you the flexibility. Only an idiot would leave everything open. The idea is that you have an implicit deny for the entire network that you have and then only poke holes when you need them. At least then everything's routable. NAT is a kludge. Nothing more. It needs to die a swift death.

Re:About time..

[fm6]

Forget that! I'm not letting every script kiddy hack into my toaster! It took me years to find the right setting, and I don't let anybody else touch it!

Re:About time..

[Denis+Lemire]

Agreed. Some people will still have a use for NAT in a post IPv4 world, however there is a big difference between having the flexibility to use NAT when appropriate vs NAT shoved down your throat because you're stuck with a single dynamic IPv4 address from your ISP.

People have different requirements for different networks. Surely I don't need to connect to his toaster, but there are many real world requirements that simply are not well addressed with IPv4+NAT.

Re:About time..

[fm6]

You don't need IPv6 to give every light bulb you own its own IP address. You just need to use a private address space. The biggest one is 10.*.*.*, which should be plenty for any (relatively) sane person.

You should do it that way anyway, or else somebody is going to hack into your Christmas ornamentation and do evil things.

Re:About time..

[growse]

Everyone, lets all hold hands and repeat now:

Firewalling and NAT are different things...
Firewalling and NAT are different things...
Firewalling and NAT are different things...

Re:About time..

[ISoldat53]

Now we will know where you live.

Re:About time..

[jonbryce]

Well there are more people in the world than there are IPv4 addresses, and in many countries, there are more cell phones than people. It would be quite reasonable to have every cell phone ultimately having its own IP address. Add to that your work and home computer, your work and home telephone and so on, and you see why we need more IP addresses.

Re:About time..

[Chris+Mattern]

That's odd, I can't seem to ping your toaster... Its almost like a route doesn't exist... Unfortunate!

Feature, not a bug. I seriously don't *want* you accessing my damn toaster and the fact that you don't have a route to it suits me just fine.

Chris Mattern

Re:About time..

Your toaster's firewall is off and I just burnt your toast.

Re:About time..

[X0563511]

Wow, firewalling everything is really hard. This Cisco on my desk here, I think I need to type maybe 2 lines into an access list, and type one more command to assign that list to the WAN interface.

Jeez, that was so hard. NAT is often more work!

Re:About time..

[DoktorSeven]

It's simplicity over complexity. Same as people thinking all these wonderful flawed new technologies like cell phones, HDTVs, HDDVD/BluRay, and so on are better just because they are new, and they've been brainwashed to think that way and call anyone else that questions the wonderous new technology a luddite and stuck in the past somehow.

NAT (and by the way, in response to another, no, NAT is not a firewall, but generally it's done in the same place, in front of the devices/systems/computers have hooked up to them, and this is what I meant -- or are you naive enough to think that firewalls can be used on the system you're trying to protect?) done at a single entry point for one IP address is much easier to manage and is all that is necessary in most cases because in general, you do not need every single device or system to be fully connected. Sure, you can hook up multiple devices with multiple v6 IPs behind a firewall/router/whatever you want, but really, what's the point? You can basically turn your argument around and say that what might be necessary for YOUR needs isn't necessary at all for MOST needs, and the solution that is the simplest for the most needs should be the one that is implemented, and that is IPv4, not the insane complexity of v6.

And mods: I've said it before, I'll say it again. Just because you DISAGREE with me, does NOT make it flamebait. Now mod my original post back up.

Re:About time..

[wertigon]

And what exactly would prevent port blocking for the interfaces instead of the ip addresses? ip filter to eth0:0-65535 from eth1

Re:About time..

[Blakey+Rat]

What is so difficult about adding a default rule to your firewall that blocks all incoming connections to your subnet and then adding rules specifically for the devices and services that do require incoming connections?

ie) deny ip from any to 2610:78:ad::/48

How about the fact that to the average user it's complete and utter gibberish? That's pretty difficult.

Re:About time..

[joshuac]

Terrible visions trying to visualize what the non-electric hairdryers are like...

Welding torch?

Re:About time..

Its interesting that this issue is not brought up and discussed more. I understand your point of view about the kludginess of NATs, but as a architect for a large networking company, having worked with scores and scores of corporate networks all over the world, my experience is that NATs are standard in the corporate world, and whether that comes from ignorance or legitimate security concerns is an interesting discussion, but lets not forget the practical reality of the observation.

The fact of the matter is that, currently, NATs are here and they have to be dealt with. Protocols developed long ago, such as FTP, which used embedded IP addresses and separate control connections have been enormous challenges in the networking industry. I have written NAT proxies that support FTP properly, and I can tell you, it is a major pain to get it right, especially when you deal with thousands of concurrent connections churning through the port numbers. *sigh*. So, single connection protocols such as ssh/scp or http cause much less trouble and that is nicer for the networking folks to work with.

In the last decade, a lot of media protocols have become very popular, but unfortunately, in many cases the designers of these protocols simply ignored the issue of NATs. While it is fine to climb up to the top of the ivory tower and declare NATs are bad and your protocol should not be bothered with them, please do not be surprised to hear that hundreds of expensive networking software engineers in scores of different networking companies have to read a 70 page Masters Thesis to understand how to parse your protocol, and of course, then write and maintain tricky, mission critical network protocol software for years on end to deal with it properly. http://www.cs.columbia.edu/sip/drafts/Ther0005_SIP.pdf

Is it any wonder SIP has grown much slower than it should have given the underlying wonderful flexibility of the higher level semantics? But no, a budding internet phone service provider ends up buying and setting up complex and expensive SIP NAT traversal devices (google that phrase) just to get going. I suppose protocol researchers do not spend a lot of time working with corporate networks. Unfortunately, the cost of this ignorance has been enormous. Fortunately for most, it was swallowed by large networking companies who have not complained enough perhaps.

By the way, protocol researchers should look at SCTP as the basis for signaling protocols. It is based on IP and is an alternative to TCP and UDP see http://www.isoc.org/briefings/017/ , and every operating system is on board ... except Microsoft, of course. But there is a standard 3rd party library available ala winsock. Perhaps, just as they hated winsock and the internet (and still do, IMHO) until it became too popular to ignore, perhaps so it will be with SCTP.

--
I do not want to write forever, but reviving the question from my first paragraph, it is interesting to think about whether corporations will be comfortable giving up the anonymity and security benefits (if only illusionary) of their NATs when they are presented with the opportunity to provide an unlimited number of cheap, routable IPv6 addresses to their employees. I honestly have no idea. It would make my job easier, but surfing slashdot with my personal corporate IP address would make it hard for me to be ... an Anonymous Coward

Re:About time..

[Cajal]

Actually, you probably wouldn't assign them static IPv6 addresses. It's much more likely that they would use IPv6 stateless address autoconfiguration (btw, www.ietf.org is an Ipv6-accessible site), to obtain an address automatically.

Re:About time..

[totally+bogus+dude]

In an earlier post you said:

With v6, you've unnecessarily exposed something that you don't exactly want open, and would have to firewall every single device connected to your "wonderful" new world of everything connected to v6.

You seem to be arguing that a NAT router in front of your network is easier than having a firewall with a default deny policy in front of your network. Then you go and point out that pretty much all NAT routers also function as firewalls. So... you're complaining that IPv6 requires you to have a device in front of your network to manage access, which you already have and need for IPv4 NAT anyway.

With a firewall that drops all incoming traffic to addresses you don't want exposed, then nobody has any way of knowing if there's anything active on that address, anyway. You can also argue that it's harder to find interesting things on your network if everything has a different address. Most home users have a single address, and to find interesting things on it you need to portscan that single address. Under IPv6, it's feasible for home users to have hundreds of addresses, of which maybe half a dozen will actually be used, and most of them won't respond to incoming connections anyway.

the solution that is the simplest for the most needs should be the one that is implemented, and that is IPv4, not the insane complexity of v6.

Most people find IPv4 plenty complicated already. People use it because they have to in order to use the internet. When v4 address space is too scarce to be affordable, people will use IPv6 because it's what you need to use. Consumer devices will simplify it enough for normal people to be able to use even if they don't understand what the hell it's about, just like they do now for IPv4.

You can basically turn your argument around and say that what might be necessary for YOUR needs isn't necessary at all for MOST needs, and the solution that is the simplest for the most needs should be the one that is implemented, and that is IPv4, not the insane complexity of v6.

You seem to be arguing that pro-IPv6 people are "elitists" trying to force their own preferences on other people as if they're arrogant and insensitive folk who don't care about others needs or opinions. But at the same time you're espousing your own opinions as if they're the One Ultimate Truth. You don't find cell phones or HD media at all useful, therefore they're simply flawed and anyone that thinks they're useful despite the flaws is somehow "brainwashed". You're also saying that because IPv4 NAT is okay for your needs, it should be enough for anyone.

I think you were modded flamebait for being arrogant and close-minded, not because people simply disagree. Also your point was kind of ignorant, because there's nothing about IPv6 that automatically implies everything will be "exposed", anything more than IPv4 does.

To return to the topic with a point which I think you've missed but might help you understand why some people think the IPv6 promise of "lots of publically routeable addresses for everyone" is useful, consider that most people only have a single v4 address; getting more costs a fair bit, because they're kind of scarce. This will only get worse over time.

Suppose you have something on your home network with a web interface you want to be able to access remotely. So you set up port forwarding on your NAT gateway from port 80 to the device, and you're set. Nice and easy.

Now imagine you get another device which also has a web interface, and which you want to be able to access remotely. So you set up port forwarding from port 80... oops... er... 81 to your new device's port 80, and you're set. Nice and easy, so long as you remember that you need to use www.my.home for device 1's HTTP service and www.my.home:81 for device 2's. Also your work firewall might not allow you to connect to port 81, so maybe you need try a few ports until you find one that's allowed.

Re:About time..

[Denis+Lemire]

It is complex now only because there are no IPv6 capable routers for "average" users yet. When the time comes and such routers exist it will be just as simple for them to block all incoming connections by default and allow users to allow specific incoming connections through a simple GUI not all that dissimilar from the Port Forwarding GUI's of today, just without the limitations.

Re:About time..

[Denis+Lemire]

What exactly is simpler in your viewpoint about IPv4? I'd like to see just one single pointer from you. Remember, just because you lack understanding of a technology doesn't mean it is more complex. In fact, in many ways IPv6 is simpler to deploy and maintain than IPv4. How many people that have deployed a network fudge up a subnet mask? With the large address space of IPv6 it is no longer necessary to deal with subnet masks, every subnet is 64 bits. Isn't that easier then having subnets of length somewhere between 8 and 30 bits and requiring the administrator to calculate the required number of hosts and the subnet masks to go along with that? What happens when a large network that does require end to end connectivity (think hosting provider network or the like here) provisions their network for 254 hosts and later outgrows this limitation? They need to re-number. Is re-numbering your network every time it grows to exceed an arbitrary limitation imposed by an obsolete standard "simple?" Thats only a couple examples.

Also, what part the word firewall makes you think that the firewall has to run on the host that you are trying to protect? I agree 100% that would not be ideal. Your gateway in IPv6 would still handle all the firewalling needs of your subnet. It is still a single point of administration at the edge of your network, nothing changes here!

You could turn my argument around, but you'd be dead wrong. How many people wonder why transfers over IM networks are so painfully slow or don't work at all? With both endpoints being behind NAT the IM clients need to each establish a connection to a third outside host to relay the transfer for them. How many people wonder why their SIP phone doesn't work properly in their hotel room. How many people wonder why a given game won't work behind their NAT. The examples are damn near countless. A lot of things happen behind the scenes to alleviate these issues to an extent but these are all added complexities. Here I thought your goal was to simplify things.

Have a look some day at how many protocols and standards exist, each to find yet another way around the limitations of NAT for a particular service or protocol (STUN, UPNP, NAT-PMP, etc, etc).

The thing is, there is nothing in the IPv6 spec that breaks functionality that you are used to today. There are however a great many things that are simply impractical with IPv4 unless you are one of the lucky few that has a sufficiently sized chunk of globally routable IP space.

Perhaps when you've administered a network larger then your personal home network you'll have a better grasp of what some of these issues entail.

Re:About time..

[gnarfel]

I find that most problems with NAT and port forwarding can be solved by common VPN software. Assuming your networkable device is running embedded linux, it's not overly difficult to set up hamachi, or even some homebrew software to create a virtual, private, unroutable IP. Better yet, toss a bind/[insert dns server of preference] server on to one of your VPN'd boxes, and use it to do local resolution and you'll have easy to remember names that are only accessible to you. Example scenario: 4 networked devices [toaster, dvr, etc] 1 'server' [bind, VPN server (if you're running your own)] each device is given a non-routable IP in addition to its NAT'd DHCP ip. the bind server could provide names like toaster.devices.myhouse

Re:About time..

[mikael_j]

But isn't it much easier having unique IP addresses for all hosts that are connected to the internet? Using a private address space is one way to "protect" the light bulb hosts but it also introduces a problem in that their addresses are unreachable from the public internet. My preferred solution would IPv6 which some kind of firewall at the "demarcation point" for the internet connection (and just in case you're one of those younglings who think NAT is required for a firewall I'll just say NO).

/Mikael

Re:About time..

[Richard+W.M.+Jones]

Great, now we can soon get on with the job of assigning static ip addresses to all our toasters, refrigerators, furnaces, thermostats, tv sets, electric hairdryers, etc.

Actually with IPv6 you don't need to do that. They can form their own unique, static addresses completely automatically. The top part of the address comes from your ISP-assigned prefix, which they can determine statelessly and automatically when they boot. The bottom part comes from the MAC address which they have already.

Rich.

Re:About time..

[growse]

To me, spanish is gibberish. Doesn't mean it is though. Just means I can't be arsed to learn it.

Re:About time..

[arth1]

You seem to forget that NAT serves another purpose except traffic blocking -- hiding the infrastructure map from the outside. With NAT, you can't see whether packets from one IP address come from the same machine or different ones, and (depending on the NAT used) can't look up the manufacturer of the NIC (and thus often of the system) based on the MAC address.
With IPv6 without NAT or a proxying service, you disclose this information, which may not always be in your best interest.

Re:About time..

[fbjon]

Feature, not a bug. I seriously don't *want* you accessing my damn toaster and the fact that you don't have a route to it suits me just fine. Neither. It's a fortunate side-effect of a bug. Not a feature.

Re:About time..

[mrv20]

Call me crazy but that sounds like more work on both ends than simply allocating your devices public IPv6 addresses and a few firewall rules.

Yes it can be done with IPv4/NAT and kudos for doing so, but I'd rather use a system where ingenious workarounds are not required for basic scenarios such as runnning more than one web interface.

Re:About time..

[mrv20]

If mine was hooked up to the net the last thing I would do is post a link to it on slashdot - that seems like asking for trouble (or at least attempts to fiddle with your thermostat).

OTOH a slashdotted webserver should provide enough heat to keep you toasty warm :o)

Re:About time..

[The_reformant]

Great, now we can soon get on with the job of assigning static ip addresses to all our toasters, refrigerators, furnaces, thermostats, tv sets, electric hairdryers, etc.

I like the way you included furnaces in that list of household items. Also are you obsessed with temperature related gizmos?

Re:About time..

[sgtrock]

The fact of the matter is that, currently, NATs are here and they have to be dealt with. Protocols developed long ago, such as FTP, which used embedded IP addresses and separate control connections have been enormous challenges in the networking industry.

All true. However, I think you're missing the GP's point. For IPv6 connections, the fundamental reason that NATs came into being (preservation of IPv4 space) goes away.

That has zero effect on the problem that you are referring to, obviously. I would argue that for IPv6 connections that those problems simply don't matter any longer. Have an issue with an old protocol using braindead techniques? Then just don't support it in the new environment.

That should not prevent anyone from adopting IPv6 for anything else. After all, nobody with half a clue is suggesting that any network of any size should do a flash cut to a pure IPv6 network right now.

To me, the truly tragically funny thing that all this opposition to IPv6 boils down to a bunch of network geeks who don't want to support a second protocol on their networks. Please. Anyone who has been doing network design and administration for more than 10 years should have been involved in at least one project that had three or four protocols running on it. It certainly complicates your network design, but it's not the end of the world.

IMNSHO, there is no reason that enterprise networks can't support IPv6 in parallel with IPv4 today. The real question should be, is there a functional or business requirement to do so? If the answer is yes, (even if it's for just a handful of sites) then just get it done. If the answer is not yet, then wait. :)

Re:About time..

[BenEnglishAtHome]

I'm a desktop tech so networking isn't my thing. But I did glean just enough from my last IP fundamentals class to decide that IPv6 was a good thing though probably a ways away.

The instructor didn't spend much time on v6 but he did make a comment that I found intriguing. He remarked that once IPv6 was universal, nothing on the net would be able to hide, that all those "underground" happenings (I suppose he meant things like botnets and the way the Russian Business Network works) would be easily traceable.

True? If so, I'm conflicted. The notion of having a lawless frontier, even if just a virtual one, always struck me as a good thing on the whole. That's where the crazy stuff and the new thinking comes from. Yeah, there are bad things that come along with it, but the American experience with the opening of the West tends to shape my viewpoint that having lawless places for fringe elements to hide is ultimately a good thing.

So, will IPv6 flush out all the bad guys, giving them no place to hide?

Re:About time..

[snoogans126]

Terrible visions trying to visualize what the non-electric hairdryers are like...

Towels?

Re:About time..

[igjeff]

Check out the privacy extensions to stateless autoconfiguration. Problem solved.

Jeff

Re:About time..

if the firewall is off, it's impossib;e to burn the toast. Have a look at a toaster and think about it...

Re:About time..

[Denis+Lemire]

I'm not sure what your instructor may have been referring to, possibly the hierarchal nature of IPv6's routing tables? In IPv6 things are a lot more organized, ie) given an IPv6 prefix one can generally determine the region and ISP that the prefix belongs to. This gives a slight improvement in terms of being able to determine the source of traffic at a glance, however there is nothing in IPv6 that eliminates the possibility of obscuring the source of something. Traditional encapsulation, tunneling and proxying methods are still very much workable without any real changes for one that wants to hide behind such methods.

Re:About time..

[arth1]

No, that only works around part of the problem, so saying "problem solved" is plain wrong. You still will be able to see a unique identifier per internal interface from the outside, as long as packets are not sent through a device that rewrites unique addresses to generic ones, i.e. a NAT.

Re:About time..

[fm6]

No, I don't think a NAT is required for a firewall. But it's the kind I prefer by a huge margin. NAT-based firewalls are more secure (much harder to penetrate a system when you can't access it) and less painful for the user. At least, I always found it less aggravating to not have to deal with proxies, often configured by someone with a very narrow notion of what kind of packets I should he sending.

(Not a youngling. Old enough to remember OS/360 and RSTS.)

Doesn't mean it's all IPv6.

[Besna]

It could just reverse lookup google's IPv6, and then go through IPv4.

Re:Doesn't mean it's all IPv6.

[AlexMax2742]

Yeah, but when could that happen? Seems to me that part of the 'transition process' would be to start people using IPv6 addresses instead of IPv4, even if the actual "behind the scenes work" is done on IPv4.

And actually, something else occoured to me. When will we be able to request an IPv6 IP from our ISP, so we don't have to deal with having Dynamic IP's?

Re:Doesn't mean it's all IPv6.

[cheater512]

All the IPv6 sources I know give away ips like cookies.
If your ISP is fairly decent (aka your not on a budget plan) then when they switch to v6 they should also give them away.

We wont really know what policies ISPs make until they get off their lazy asses and give us ipv6. :(

Re:Doesn't mean it's all IPv6.

[bendodge]

I don't know, but I just wrote an email to mine asking about it. If everyone starts bugging them, it might get something done. It would help to hint that you might move to a competitor if they get IPv6 support first. (Assuming you have more than one available.)

Also, write to "the other guy", and tell them that you might switch if they offer IPv6. Balking about things here on Slashdot don't do much; writing to companies and backing it up with you wallet does.

two of 'em, eh?

With this transition, it will finally be possible for two internet hosts to communicate without using IPv4 at all

Well, I guess that IPv6 transition is coming along nicely.

HAR HAR HAR.

Yeah, when slashdot drops it's IPv4 address, then I'll believe in this IPv6 nonsense.

Re:two of 'em, eh?

[shentino]

Actually, v4 and v6 are quite independent. A single host can have BOTH at the same time.

I'd hope /. keeps its v4's at least until my college switches to v6.

I think it's backward compatibility IIRC.

Re:two of 'em, eh?

[evanbd]

Yeah, when slashdot drops it's IPv4 address, then I'll believe in this IPv6 nonsense.

OK, admit it... how many of us would go figure out how to run IPv6 if it was required to get a /. fix?

Re:two of 'em, eh?

People get upset when Microsoft drops support for some proprietary 15-year-old file formats, but they won't believe that a new protocol is for real until support for a 1981 RFC is completely dropped?

Uh, yeah, right. Backwards compatibility isn't always a bad thing. (UTF-8 comes to mind.) As an IPv6 supporter, I think that dropping IPv4 support too early is about the only way in which the IPv6 transition could go any worse.

Re:two of 'em, eh?

[ManxStef]

And how many would figure out IPv6 to get some free porn?

Re:two of 'em, eh?

[hendridm]

I'd hope /. keeps its v4's at least until my college switches to v6.

Pfft, companies will keep v4 as long as we kept gopher around, even when nobody on the planet effectively uses it. I wouldn't worry, unless you're on the 100-year plan.

Re:two of 'em, eh?

[Blakey+Rat]

That would only work if there was no free porn on IPv4. I've done a lot of research in this area and I can say, beyond a shadow of a doubt, that there is.

Re:two of 'em, eh?

[Gazzonyx]

Actually... think of how fast we could learn all about IPV6, compile it in every program needed (assuming firewall, proxy, etc... not going to feed potential trolls!) along the chain, document policies, and implement it all - if we didn't spend so much time on slashdot! I suspect that I could get it done in less than a day at home and work, and then settle back to my ~2 LOC/day after having slash back! On a side note, is ~2 SLOC still the average for programmers, or is that an aged figure?

Best IPv6 Read ever (not the article)

But the off topic link I'm making to the wikipedia page...

IPv6

common to see examples that attempt to show that the IPv6 address space is absurdly large. For example, IPv6 supports 2128 (about 3.4×1038) addresses, or approximately 5×1028 addresses for each of the roughly 6.5 billion people[1] alive today. In a different perspective, this is 252 addresses for every star in the known universe [1] - a million times as many addresses per star than IPv4 supported for our single planet. These examples, however, have an underlying and inco

Re:Best IPv6 Read ever (not the article)

this is 2^52 addresses for every star in the known universe

Glad to hear it. Now Alpha Centauri can finally get off my back about when they'll have access to Earth pr0n.

Re:Best IPv6 Read ever (not the article)

[kindbud]

Yeah, yeah, yeah. But will it require boiling the oceans to fully populate IPv6 space?

Re:Best IPv6 Read ever (not the article)

[kindbud]

Hmmmmm..... boiling the oceans is how that was supposed to work.

No, no, chances are, I am NOT behind a firewall or proxy, I am trying to correct a post on a board that is too goddamn old-school, its own admins don't know how to fix it to offer modern features, like editing posts. :rolleyes:

Re:Best IPv6 Read ever (not the article)

[Captain+Nitpick]

Yeah, yeah, yeah. But will it require boiling the oceans to fully populate IPv6 space?

No, but you could make a good effort of trying.

Both ZFS and IPv6 are 128-bit systems. Populating an IPv6 address can probably be defined as a one-bit operation, unlike the multiple bits required for each ZFS block allocation. Adjusting his math for a one-bit allocation of an IPv6 address gives us an energy of 3.06x10^24 J, and thus 1.3x10^18 kg of water. This works out to 13 million km^3 of water that we can boil. This is roughly comparable to the volume of the Gulf of Mexico, Caribbean Sea, and Mediterranean Sea combined.

Although I probably hosed the math somewhere.

Re:Best IPv6 Read ever (not the article)

[gardarh]

A common mistake people make with IPv6 is considering it as only IPv4 with more bits for the address. That is not how the protocol was intended and it will not be used like that. The least significant 64 bits of an IPv6 address are meant only for hosts; the smallest possible subnet you can have in IPv6 consists of 2^64=1,8*10^19 IP addresses. It will never be practicle to have this many devices in a given network segment, in fact, from my experience it is not feasible to have much more than 1000 devices on a given subnet. This results in a great redundancy of the last 64 bits. The idea is that hosts can get a network prefix and then determine their own 64 bits (note that they are not obliged to use their EUI address (in other words the MAC address for most ethernet adapters) for determining the 64 bits). The IPv6 addresses do not replace arp, ICMPv6 does.

Currently, the only unicast IPv6 addresses that are publicly assigned are in the 2000::/3 range (http://www.iana.org/assignments/ipv6-unicast-address-assignments/) - so if you're gonna make jokes about obscure IPv6 addresses, please let them start by 2 or 3 (unless you're talking about multicast/link-local/site-local addresses in which case there are other ranges).

This whole root-servers-going-IPv6 news are not that big news though. More like a milestone on the way to IPv6. In any forseeable future v4 will be used along v6 - the world will probably have destroyed itself before IPv4 vanishes...

Re:Best IPv6 Read ever (not the article)

[lokedhs]

No, no, chances are, I am NOT behind a firewall or proxy, I am trying to correct a post on a board that is too goddamn old-school, its own admins don't know how to fix it to offer modern features, like editing posts. :rolleyes:

I don't care how "modern" the ability to edit posts is. It's utterly stupid, and messes up every single forum that uses it. When you say something publicly, you've said it. If you don't want to say it then don't publish it in the first place.

Especially on Slashdot this would be a total disaster (and has been elsewhere already). Typical troll:

1. Troll posts comment: "Microsoft are the good guys"
2. Baited user replies: "No, they're monopolists!"
3. Troll changes OP to: "Ubuntu are the good guys"

Public debate is founded upon the idea that when you say something, that thing has been said, and the content of the forum (or comments section) is a public record of what was said. When that is no longer true, anything you say can be taken out of context. And as a poster, I prefer it when that can't happen.

Re:Best IPv6 Read ever (not the article)

[kindbud]

Boards that allow editing typically allow edits only for a short while after the original post, specifically to allow posters to correct spelling errors, broken links, etc. that weren't caught on Preview. Then the post is locked into its lasting form.

Of course, if Slashdot's preview function was worth a damn.....

Re:Best IPv6 Read ever (not the article)

[lokedhs]

I don't mind that at all. That's actually a very decent way of implementing it. However, most boards that I have looked at does allow editing at any time, even years after writing the post.

Maybe karma loss, but...

[Besna]

I'm a subscriber, so maybe I'll get a break here. I've been seeing this link around slashdot for awhile. I'm curious if it is a robot that can manage to do somewhat relevant garbage around the link. Of course, could be some drone who doesn't even know English very well.

Re:Maybe karma loss, but...

It's not a robot, it's a person actually taking the time to write that shit, because they looove their stupid myminicity flash game. Talk about a waste of time, but oh well.

Slashdot - why won't you follow links for AC posts, and then after the link in the post display the domain of the *final* site after all the forwards and redirects?? That would be super!

Re:Maybe karma loss, but...

[nschubach]

A hit is a hit. Doesn't matter is a bot hits it or not. You'd have yourself an automated hit generator just by posting a few thousand links on Slashdot comments.

Re:Maybe karma loss, but...

[IamTheRealMike]

Oh, I get it now. Slashdot is being crap-flooded with these MyMiniCity things because you can only "grow" your city by getting hits to it.

Look. If you're willing to waste peoples time and generally be a moron about this dumb game, why not just rent a botnet for a few hours? You could max out your population that way. Failing that, the "population" ticker seems to be based on IP address, so just write a program that hits it via Tor or something and leave it running. There are soooo many possibilities that don't involve using obfuscated redirects it's not even funny.

Or are you just a natural troll, and if it weren't for MyMiniCity you'd be finding other ways to waste peoples time?

Re:Maybe karma loss, but...

[Poltras]

Not necessarily. You could end up fetching *.myminicity.com or goatse.cx and, before fetching it, check for the domain name. If it matches some list of banned domain, just remove the tag.

Also, another check would be easy to add removing of the google.com "feeling lucky" parameter.

Simple enough, and performed during submission it would be "fast enough". Add some stuff to prevent regex injection/evasion (which I'm sure is already included, like removal of illegal unicode characters), and you've got a pretty good system :)

honnestly, I don't know why porn websites haven't used bots for slashdot spamming yet. The demography here is right on target ;)

No, wait, not THAT game server...

[jackpot777]

I'm just hoping the Enemy Territory server I play on doesn't move too quickly to the switch to IPv6. It took me ages to load their map rotation, but it's a good selection and their bots are a nice challenge. It has taken me months already to remember the 216.27.112... wait, is it 112.48, or 48.112 at the end? And that 27 doesn't look right. It ends in :27962, I know that. Or is it :27964?

Ah crap, I forgot the number again.

Damn you, progress.

Re:No, wait, not THAT game server...

The 1980s called, they've got something called "/etc/hosts" for you to try out.

Re:No, wait, not THAT game server...

[VGPowerlord]

Don't worry, you'll have no trouble remembering the new address. It's b439:88fa:31d3:0507:613a:426c:99ba:02e2 .

Re:No, wait, not THAT game server...

[Denis+Lemire]

Sorry, thats not a valid IPv6 unicast address. The unicast block is 2000::/3 so 2000: - 3FFF. ;)

Also IPv6 addresses can be compressed if they contain contiguous 0's.

ie) 2610:0078:00ad:0001:0000:0000:0000:0001 -> 2610:78:ad:1::1.

Worry not though, this is what DNS is for... Humans need not memorize IP addresses.

Re:No, wait, not THAT game server...

[teslatug]

Indeed, just as easy as the new emergency number

Re:No, wait, not THAT game server...

[the_cowgod]

There's also a really nifty new system called DNS.

For some reason many gamers (or game server admins) don't seem to realize its possible to use DNS. A few years back, I was running a Medal of Honor server and would confuse the hell out of people by telling them the server address was, for example, moh.mydomain.org. A number of folks wouldn't accept that at all and insisted on using the actual IP address.

Re:No, wait, not THAT game server...

[value_added]

Don't worry, you'll have no trouble remembering the new address. It's b439:88fa:31d3:0507:613a:426c:99ba:02e2.

And to connect to Windows systems, you'll need too make regular and extensive use of sed with escaped escape characters to yield

\\\\b439-88fa-31d3-0507-613a-426c-99ba-02e2\\...

For anyone that hasn't used, for example, wakeonlan scripts, laugh. It's funny.

Re:No, wait, not THAT game server...

[Jarik_Tentsu]

Great, now Omniture's misleading DNS names will be even harder to notice...

~Jarik

Re:No, wait, not THAT game server...

Yeah, my new IPv6 address wont be difficult to remember either 09F9:1102:9D74:E35B:D841:56C5:6356:88C0

Re:No, wait, not THAT game server...

[the_one(2)]

You can only compress the address if it's unambiguous

Re:No, wait, not THAT game server...

[Alioth]

Enemy Territory does know how to resolve names... just put the server you like in /etc/hosts or your local DNS server and you're done.

MOD PARENT DOWN

[shentino]

If I hadn't just spent my mod points on something else besides a topic I figured I'd want to post in, I'd have slammed you for flamebait.

Please keep such racism off of /., thank you.

Re:MOD PARENT DOWN

[shentino]

To whoever modded P down:

I appreciate your vigilance, but better attention to timestamps is advised. I posted P before G got the flamebait mod, and said flamebait mod may even have been in response to P.

Honestly, an "overrated" may have been more accurate, if anything at all.

Why did they skip 64-bits?

[Besna]

I'm just curious. I know that the 128-bits are not meant to be densely filled, but surely somewhat thought of 64 bits before 128 was settled on. Given the same principle of sparse assignment, will 256 be far off?

Re:Why did they skip 64-bits?

The idea with IPv6 is that the address space will be large enough that we will never have to transition to a 256-bit (or greater) address space. Rather than build an "intermediate" 64-bit address space, the intention was to prevent any future exhaustion of IP addresses by using a very large space.

will 256 be far off Given that IPv6 would provide over 10^28 addresses for each of the 6.5 billion inhabitants of Earth, I think it will be sufficient for the foreseeable future.

But the intention with IPv6 was not merely to create an exhaustively large address space, but to fix a number of problems with IPv4, make routing simpler, etc.

(Whether or nto IPv6 achieves those intentions is a separate question.)

Re:Why did they skip 64-bits?

[romiz]

I belive that they skipped the 64-bits address to be able to fit the 48-bit MAC (Level 2) address inside the IP (Level 3/4) address, and thus avoiding the need for the router to use ARP to find the MAC address corresponding to a local IP address.

Re:Why did they skip 64-bits?

Not sure if you are kidding or not, but I am sure someone could use the explanation... the reason is they want this to be the For Real end all solution to IP address space issues. There is not only an IP address available for every person and every gadget they own in their home, but also for every dirt particle on their property as well. You can find some of the comparisons with a google search, but seriously unless we start giving electrons IP addresses or go intergalactic, this should be Good Enough, despite how comical such proclamations often look in hindsight.

A large part of the reason IPv4 even became scarce is because some of the founding institutions on the Internet took entire "Class A" blocks of addresses which means they took up 16 million in one shot! From what I understand, some later gave up parts of these huge blocks, but in general the way the IPV4 scheme was designed, it generally had allocation blocks that were far too large for the typical organizations scooping them up- it was designed with research labs, government orgs, large corps, uni's, etc in mind, not for millions of small e-commerce and personal sites. I forget if IPV6 solves this problem from a design standpoint (I no longer sysadmin, and haven't read up on the nitty gritty details), but this address space is so large that even taking up blocks 16 mil at a time should not matter. 64 bits is in the quintillions, which sounds like a lot until we start injecting mosquitos with internet accessible sensors. 128... should just get the job done once and for all.

In fact, the space is so large that IP Scanning in theory will no longer be feasible, at least from the standpoint of someone over the internet just looking for random IPs that are alive and then port scanning them for open/vulnerable ports.

Also, IIRC, the 128-bitness makes routing a whole shiatload easier. I read up on this stuff a long time ago when IPV6 was new, but routing tables will become far simpler, making Cisco's life easier.

Re:Why did they skip 64-bits?

[Just+Some+Guy]

I belive that they skipped the 64-bits address to be able to fit the 48-bit MAC (Level 2) address inside the IP (Level 3/4) address, and thus avoiding the need for the router to use ARP to find the MAC address corresponding to a local IP address.

Not even close. Those bottom bits are used for the completely optional autoconfiguration feature. You're equally welcome to hand-configure hosts or use DHCP6 to assign network::1, network::2, network::3 and so on without regard to MAC.

IPv6 is where all the good porn is...

IPv6, the net of the free. IPv4, the net of the plebs.

Er...

[shentino]

What about A6 records? Aren't those the ones that were to support aggregation and renumbering?

Re:Er...

[Olmy's+Jart]

Deprecated. Alone with ip6.int, bit fields for reverse look-ups, and site local addresses. Nice ideas that didn't work out in practice.

Re:Er...

site local addresses are really simple thanks to the IPv6 ip abbreviation, example:
host1: ff80::1
host2: ff80::2
host3: ff80::3
(ff80 is a reserved local space as 192.168.X is for IPv4)
also in a local network machinesconfigure itself as ff80::MAC where MAC is their MAC address

really complex, uh?

Re:Er...

That's funny...I checked recent RFC's mentioning A6 and found no technical deprecation. AAAA was even predicted to become Historic.

If there is a deprecation, it is either

1) not official
2) not technical in nature
3) not known by the RFC editor or the IETF

Unless things have changed recently, of course.

Re:Er...

[shentino]

That was me.

Stupid IE probably forgot to send the cookies...

*grumble*

Re:Er...

[shentino]

Here's the RFC header, straight from the IETF's website

Network Working Group Request for Comments: 2874 Category: Standards Track

And its current status is "experimental" so unless there's something not-so-technical deciding A6's fate, then you've made a mistake to call it deprecated.

Unless of course the IETF doesn't have this categorized right...

Actually

[everphilski]

If you were attempting to assign an IP to every molecule in the atmosphere, starting at the surface of the earth and working up, you'd only cover a thickness of 2.5 centimeters:

2^128 / 6.02E23 = 5.16E14 moles of IP-addressable gasses

5.16E14 * 22.4 = 1.226E16 liters worth of IP-addressable gasses at STP

1.226E16 / 1000 = 1.226E13 meters cubed of IP-addressable gasses at STP

1.226E13 / 5.1E14 = 0.024 meters height if you spread that volume over the surface of the earth.

Re:Actually

[cheater512]

12.26 petaliters of ips* aint bad. ;)

* at STP of course.

Re:Actually

[dyefade]

If you were attempting to assign an IP to every molecule in the atmosphere, starting at the surface of the earth and working up, you'd only cover a thickness of 2.5 centimeters

Well it hardly seems worth doing then. Only 2.5 centimetres - so not even an inch! Lame.

Irony

[Midnight+Thunder]

The irony in all this is that neither Cisco or any of the developers of IPv6 compliant OSs (Microsoft, Apple, Kernel.org, for example) actually have AAAA records themselves.

Re:Irony

netbsd and freebsd do.

New /. sig meme?

[mr_mischief]

"Me fail English? That's unpossible."

In Soviet Russia, grammar misuses you to brag about its use of you!

Re:New /. sig meme?

[Torvaun]

In America, we recognize a Simpsons quote when we see it.

IANAIANA

[PixelScuba]

I Am Not An Internet Assigned Numbers Authority.

Mixed up acronyms

[MarkGriz]

Certain obsolete software may face compatibility problems due to the change, but those issues are addressed in an ICANN report Wouldn't that be handled better with an ICANT report?

IPv4 ~ IPv6 eqiv

[zakeria]

every ipv4 address has an ipv6 address already so no need to worry about anything, ipv4 works with ipv6 and ipv6 works with ipv4....

Re:IPv4 ~ IPv6 eqiv

[Tango42]

The addresses work, the protocols are different, however, so there is more involved in switching to IPv6 than prefixing the address with ::ffff:.

Your argument is leaky.

[DrSkwid]

You do know that DHCP can assign a fixed IP don't you?

"Get IP address automatically" has nothing to do with dynamic / fixed assignment.

Re:Your argument is leaky.

[revlayle]

Man, I had mod points YESTERDAY... but parent is right. That IP may have been dynamically assigned to you the first time you used the service and has never changed. Just because it doesn't change now doesn't mean they won't change it to some other DHCP settings later if they need to, which *may* change your IP. For example, I have Cox here in Tulsa, my IP rarely changes, but to ENSURE it never changes, no matter what, I have to pay like about another $15-$20 a month.

Human readability

[ddoctor]

So, we've got lots of IPv6 addresses, thus we can assign static IP's to everything. Catch: IPv6 addresses aren't very readable/memorable. I can remember all of the IPv4 addresses on my network, but I wouldn't remember the v6 ones.

So, what's the solution there: well there's DNS and DHCP... man I hate DHCP. What if my local DHCP server or DNS server goes down? And, then I try to ping it to diagnose... oh, if only I could remember its address!

What about web hosting providers? Dear Hosting Support, can you please change my www IP to 2001:0db8:85a3:08d3:1319:8a2e:0370:7334? Much easier to screw up then if I say 66.35.250.151.

Also, IPv6 means we can throw away NAT... which is good, because NAT sucks, and its basically only there because we don't have enough IPv4 addresses. But, hang on ... so every machine I have on my local network has a public IP address. Great. Do I really want that? Yes, I have a firewall; yes, its secure... but its still more secure to have every machine (except 1) completely non-addressable from the internet.

I know a lot of less secure networks would be screwed if every machine was publicly-addressible. They may have a poorly-configured or nonexistent firewall, and are only getting a semblance of security by using NAT.

Don't get me wrong, IPv6 is definitely a good idea; the address space rocks, and there's a whole host of other benefits. There's just a bunch of simple, practical issues that IPv4 solves better.

*ducks* This has got to be flamebait on a place like /.

Re:Human readability

[gbjbaanb]

IP addresses:
I can't remember my IPv4 addresses without looking them up, so I'd be no worse off than with IPv6. You'll get older too son, then you'll agree with me :)

As for web hosting providers, they won;t ever have to 'change your IP address', they'll just have to tell you it in the first place, then you're done.

In both cases, IPv6 supports auto-registration so you won't have to fiddle with it anyway. As the IETF says "Since IPv6 addresses are too long to remember and EUI64-based addresses are too complicated to remember, they are not suitable for such identifiers"

IIRC you don't need DHCP anymore with stateless autoconfiguration.

NAT:
think for a moment what NAT does. All you have is your router attached to the internet, and all your computers connected to the router. Unless you explicitly allow incoming connections to pass through, your PCs are "firewalled" at the router.

If you have IPv6, you'll still have the router. I hope that all router manufacturers will be shipping them with incoming connectivity disabled by default, just like it is at the moment. Then, you'll be no less secure with IPv6 than you are today.

You will have the benefit of being able to "DMZ" as many of your PCs as you like, not just one of them. This is best of both worlds.

I think IPv6 will be a good thing, if it ever happens. I can't see that happening anytime soon though, there's too much infrastructure out there.

Re:Human readability

[jaa101]

So you're saying NAT gives security because machines are `completely non-addressable from the internet'. You could use static IP addresses and configure your firewall to achieve exactly the same effect. The firewall doesn't have to do translation any more but it can still remember which connexions have been initiated by your machines and only allow in packets related to those connexions. It's actually slightly simpler. This change should be just about the easiest part of a transition from NATted IPv4 to static IPv6.

Note that I'm not saying that either NAT or the firewall configuration I suggest are especially secure; merely that it's trivial to do at least as well as NAT for static clients. About the only excuse not to do this is that it's probably harder to find examples or off-the-shelf firewall configs as a starting point. The resources required by your firewall will, if anything, be slightly less, especially if it's currently running a dhcpd which is no longer needed. DHCP may, of course, still be needed for other reasons. It can do things that IPv6 can't do by itself. You can always keep DHCP and have it allocate static addresses. Then you can do things like adding firewall rules to allow incoming connexions for certain port/host combinations, e.g., allow some users to ssh in to some machines. This is harder to do with NAT.

Re:Human readability

[Alioth]

It also has a fringe benefit of wide tracts of IP addressing space can't be easily just scanned for vulnerabilities by people hunting for a botnet. Scanning an entire ISP's address pool at the moment is easy, so trojans and worms can just go looking for holes to exploit. When each ISP is likely to have at least 64 bits of address space, hopefully sparsely filled, it will take a long time to scan it for machines to exploit.

Re:Human readability

[marcosdumay]

"I can't see that happening anytime soon though, there's too much infrastructure out there."

Well, on a few years we'll have no option.

Re:Human readability

Problems in several area in IPv6 deployment:

Network:
- Backbone: mostly capable of handling IPv6 - it is matter of planning, configuration and implementation
- Access: very few device are ipv6 capable - especially SOHO/Home devices -
- Enterprise: except very expensive and very "good" firewalls almost all networking components are capable of handing ipv6 in some forms

Oeprating systems:
- opensource: all systems can handle ipv6
- closed source: most of the system can handle ipv6

Applications:
- opensource: mostly capable of handling ipv6
- closedsource: very few can handle ipv6

Actual tasks:
- Ask your favourite software vendors to handle ipv6.
- ask your access device/firewall vendor to handle ipv6....

Re:Human readability

[knorthern+knight]

A few questions

> In both cases, IPv6 supports auto-registration so you won't have to fiddle with
> it anyway. As the IETF says "Since IPv6 addresses are too long to remember and
> EUI64-based addresses are too complicated to remember, they are not suitable for
> such identifiers"

I have a main linux machine (which I call "m3000") and a newer machine as a hot backup ("d530"). In /etc/hosts, m3000 has IP address 192.168.123.252 and d530 has IP address 192.168.123.251. Those numbers are set up, and I can scp backups from 1 machine to the other, using the names "m3000" and "d530". I even have d530 set up to treat m3000 as its main Gentoo mirror, to lighten the overall load on the real Gentoo mirrors. It seems to me that if I let the machines pull IP addresses out of their rear ends with "autoconfiguration", I'm going to have a much harder time. Even under IPV6, I would still be better off using static IP addresses in /etc/hosts.

> If you have IPv6, you'll still have the router. I hope that all router
> manufacturers will be shipping them with incoming connectivity disabled by
> default, just like it is at the moment.

Given the security fiasco of wireless routers, I don't think you can safely assume that. I also find that it's getting difficult to find a wired router anymore, but that's another rant.

> You will have the benefit of being able to "DMZ" as many of your PCs as you like,
> not just one of them. This is best of both worlds.

And how many Joe Lunchbucket home users do you know of that...
- have several PCs?
- *NEED* to DMZ several PCs?
- know WTF a DMZ'd PC is in the first place?

ipV6?

[markass530]

Can anyone try and give a quick ipV6 (benefits?) overview for someone who (relative to the rest of the world) is smart & computer savvy, but has ADD like a mofo, and is (relative to most slashdotters) network stupid.

Re:ipV6?

[Todd+Knarr]

1. Makes address allocation a lot simpler. Most of this comes from the expanded address space having a lot more blocks available for allocation without having to play games with the bits.
2. Allows the address sub-netting hierarchy to mirror the physical routing structure. This makes the routing tables smaller and simpler, which makes life easier for the routers.
3. Address prefix independence. Fancy term for not having to reconfigure all your machines just because you've moved to a new netblock. This is part and parcel of the previous item, actually.
4. Things like IPSec were designed into the protocol from the start, rather than being bolted on afterwards as they were for IPv4. Makes VPNs and such a lot easier to configure and get running. The packet headers were also redesigned based on experience with IPv4, so routers have an easier time handling them and don't have to work so hard to do common things.

Re:ipV6?

[gbjbaanb]

not me, but you could use google. Or try this link: http://www.tcpipguide.com/free/t_MajorChangesAndAdditionsInIPv6.htm

Drove to the Levy

[GottliebPins]

Yeah, February 4th 2007, that was the day the internet died. I remember it like it was yesterday... Now where did I put my teeth? ;)

Umm... mods?

[bcat24]

Why in the world was the parent modded offtopic? IPv6 addresses are 128 bits in length. He was wondering if their use would eventually lead to CPUs with 128-bit native words. That seems ontopic enough for me.

Re:Umm... mods?

Why in the world was the parent modded offtopic? IPv6 addresses are 128 bits in length. He was wondering if their use would eventually lead to CPUs with 128-bit native words. That seems ontopic enough for me. ... because copying IP addresses around memory is one of the most significant bottlenecks in network traffic?

Of course it isn't. So why would this follow from IPv6? It doesn't make any sense.

are they really that hard to remember?

[pjr.cc]

When i think of the subnets i've used/worked in, i tend to believe that remembering ipv6 addresses isnt going to be that hard in reality.

Ok, they're long - but in my head right now i can remember 4 subnets, work, previous work, home and the university i went to. Now i tend to think in terms of subnets. For example lets say my home is 192.168.1.0/24, my router is 1, my dns is 2, my mailserver is 3, my printer is 4, etc etc. The bit at the front replacing the 192.168.1 may have got alot bigger, but i still only have to remember it once.

So even if its 2001:0db8:85a3:08d3:1319:8a2e:0001 you'll wrap your head around it. Am i going to remember the ipv6 addresses for slashdot, google and a dozen other public websites? No, but i dont know their ipv4 ones off the top of my head either, and its also why i have dns. The fact is the only place you're going to or should need to know ipv6 addresses is when your assigning them yourself and you'll probably memorize it out of use in any case.

Re:are they really that hard to remember?

[Kizeh]

Also, it's fairly common practice to not use autoconfigured or throwaway addresses for things such as gateways and DNS servers. Then you end up with ::1. Depending on your network, the prefix is going to always be the same, or only have a few changing portions, so suddenly the addresses are a lot more manageable.

Finally possible?

[crossmr]

"it will finally be possible for two internet hosts to communicate without using IPv4 at all." DNS has nothing to do with enabling to IPV6 hosts to communicate on the internet... it only provides name resolution. The routers make it possible for 2 IPV6 hosts to communicate... you just do so by using their IPV6 address instead of the name..

Re:Finally possible?

[lamegovie]

And how precisely would you resolve the IPv6 address without the IPv6 (AAAA) records in DNS? You cant...only IPv4 records are avalible, thus forcing you to use the IPv4 infrastructure, unless you somehow already knew the IPv6 address of a site...

Re:Finally possible?

[crossmr]

its called a routing table.. DNS is only domain name resolution, it ties easy to remember names to ip addresses. Regardless of whether those are IPV6 or IPV4. If you have the IP of an IPV6 and you have an IPV6 IP address, and all the routers in between you have complete routing tables, you can reach that other host no problem. DNS doesn't even get involved. The same way DNS doesn't get involved if I try to reach google by going to: http://64.233.187.104/

Already done ?

ICANN announced on 20 July 2004 that the IPv6 AAAA records for the Japan (.jp) and Korea (.kr) country code Top Level Domain (ccTLD) nameservers became visible in the DNS root server zone files with serial number 2004072000. The IPv6 records for France (.fr) were added a little later. This made IPv6 operational in a public fashion.

Re:Already done ?

You still had to get the AAAA records of these top-level domain name servers from a root domain name server which only talked IPv4. Now there are root DNS servers with IPv6 addresses (which are listed in the root zone file.)

Not true

[pinkfloydhomer]

You are right about them using DHCP etc. because it makes it easier for Joe Sixpack. But DHCP does not mean that we can't have a static address. DHCP and similar technologies can easily be set up to always assign the same address to the same customer/device/router.

I think the only reason providers differentiate between static and dynamic addresses is to make money. They can then sell static addresses for those that really need it, at a higher price. Not that it is more expensive for the provider to provide. /David

Re:Not true

[tgd]

I bunch of people said the same thing but I don't want to reply to all of them.

From the customers standpoint, the different doesn't really matter except as an inbound DNS address, however managing static IPs via DHCP is still complicated because you can't easily move machines around subnets as the leaves of your network change in terms of device concentration and data load.

You pay more for a static IP address because once you have it, they have to adjust the network around you.

(FWIW, I built out a number of large telco dial-up infrastructures as well as hosting environments in the last 15 years, so while I'm sure the reasons vary by company, I can say with certainty that this is the reason for an increase in price... the actual amount will be obviously adjusted for the market based on maximizing profit, but this is the core reason for it)

Wait... isn't this bad?

[Hangly+Man]

I thought I recalled reading that IPv6 was easier to throttle and censor than IPv4.

Connecting between IPv6 and IPv4 Devices

[billstewart]

You could go look up the variety of approaches for connecting between IPv4 and IPv6 systems - there are NAT-like things, and tunneling, and embedding IPv4 addresses into IPv6, etc. They've all got their own issues, because translation often breaks things. DNS is one of the issues - for instance, if you know an IPv4 address for a given destination, and also an IPv6 address, should you default to IPv6? What if your IPv6 doesn't successfully connect to theirs (which is a problem in hybrid-v6 environments, and seems to be the default behaviour for some systems)?

But fundamentally, the reason we need to switch to IPv6 is that we're going to run out of IPv4 addresses, so at some point you or some guy in China or mobilephone user in India are going to have an IPv6 address with no corresponding IPv4 address. That means that if you want to reach a server that only has an IPv4 address, you're going to need to use some NAT-like translation gateway, which can share its IPv4 address with a bunch of IPv6 users. It may be ok as a transition strategy, and one or more solutions like that will probably have to be deployed for transition, but it gets ugly in the long run. (Better than having everybody's DSL, cable, and mobile network using 10.x.x.x and NAT, though, since you'd be able to use native IPv6 to reach other v6 users for real applications.)

Actually, CPE is often IPv6-capable, Core isn't

[billstewart]

You've got your assertions pretty much backwards. Most general-purpose computers are IPv6-compatible, running either Windows XP (or occasionally Vista) or Linux or MacOS, though the user may not have a clue how to enable it or manage it and their ISP help desk may not know either. There are two different kinds of hardware that have problems with IPv6, for different reasons:

• Home NAT/Firewall boxes, which may not be upgradeable, and which the user almost certainly didn't save the instructions for even if they were. On the other hand, they cost $29, so you may not care.
• Big ISP routers often can't handle IPv6 well - for instance, Cisco software has supported IPv6 for a couple of years, but the routers perform as well as they do because most of the packet-routing grunt-work is done in ASICs that only know IPv4, not in the relatively slow CPUs which handle administration, routing protocols, and other applications that can't be done by the ASICs, including IPv6. Some of this is mitigated by ISPs that use routing at the edges and have a switched core using MPLS or ATM, so it's a bit more scalable, but they still need lots of IP routing hardware.
• There are other intermediate layers - cable head ends, routers that support DSLAMs, dialup infrastructure for anybody who still cares, etc., which may also have trouble, but the big issues are at the core.

Re:Actually, CPE is often IPv6-capable, Core isn't

[dodobh]

I wasn't referring to the edge nodes themselves, but the intermediate routing infrastructure.

Most large ISPs actually already route IPv6 in the core, but consumer grade equipment does not support IPv6. Older routers can't do IPv6 in hardware, but most of those aren't in the core itself (because most of them can't handle the packet rate currently).

As you said, it's the rest of the network which has problems. The core itself does v6, but as you go closer to the edge, less and less equipment is IPv6 capable (or even capable of being upgraded to something which supports IPv6). The DSLAMs, the cable headends ...

Re:Actually, CPE is often IPv6-capable, Core isn't

[billstewart]

From what I can tell reading NANOG and working at a Tier 1 ISP, most large ISPs can't realistically route IPv6 in the core - they're either tunnelling across IPv4 or using an MPLS core, but the edges that get onto the MPLS aren't quite ready for prime time. (Perhaps Juniper's in better shape on that? I haven't dealt with that tier of their equipment.)

DSL's in a bit better shape than cable modems, because cable modems are generally routed, while DSL is still often using ATM at the DSLAM and only getting routed at a concentrator layer, so DSL providers can upgrade to IPv6 without having to change the DSLAMs. But it's still an ugly world out there on the edges.

Reasons ISPs use Dynamic Addresses

[billstewart]

ISPs have a range of reasons for using dynamic IP addresses rather than static, some of which have been mentioned here.

• Administering addresses takes work and therefore costs money. Not that much work if you do it well, but a lot more work than running a DHCP pool.
• It's *definitely* the easy way to configure addresses on PCs, compared to talking a non-geek through Windows's network administration menus. Windows defaults to DHCP, and you plug it in and it works. That's especially important for people who have laptops that they sometimes connect at home and sometimes at work or school or Starbucks.
• It's also easier than talking a user through configuring a random-vendor NAT firewall box with their statically-assigned IP address using DHCP (which is how I run my home systems :-) In some cases, if the ISP manages the DSL/cablemodem box, they could administer it directly, but that's not universal and still takes work.
• Some ISPs have anti-server policies, originally because Comcast was afraid of bad PR from bad performance, but mostly because they're greedy, don't want to support Real Users instead of couch potatoes, and can usually get Real Users to pay extra for a static address.
• Renumbering a network is much much easier with DHCP, and ISPs occasionally need to renumber networks, either because they're changing equipment or getting bought or sold or doing different things with their architectures or getting larger blocks of addresses from ARIN, etc.

Re:Reasons ISPs use Dynamic Addresses

Well, my ISP assigns a fixed, public IP, allows servers and will even set up your reverse lookup record correctly, yet costs no more than others...so I consider the other ISPs to be screwing the customer by offering less; the problem is just that most people don't realize it.

IPv6 benefits - Theory vs. Practice

[billstewart]

In practice there's one benefit of IPv6, which is that sometime before the Mayan Calendar rolls over in 2012, we're going to run out of IPv4 addresses, so if you haven't switched over to IPv6 by then, it'll be like sailing off the edge of the world near the "Here Be Dragons" sign. It's not actually quite that abrupt, but it gets increasingly very ugly, and different parts of the net either won't be able to reach each other, or will have limited functionality through 6-to-4 NAT kinds of things. Basically, if you're doing full IPv6 by then, you can say "I'm not dead yet", but otherwise you'll have to stop saying it sometime soon. And of course you've got to get your plans all lined up and your staff trained first.

In theory there were a lot of cool things that IPv6 was going to give us, back when we were optimistically planning for them in the early 90s. Most of them got implemented in IPv4, either fairly similarly (like IPSEC), or using different mechanisms that get the same job done (like DHCP for address assignment compared to IPv6's Netware-like stateless autoconfiguration.) And address allocation is a bit simpler, because we've got enough bits that you don't have to keep stealing them all the time, so you can do a cleaner job. (Though apparently DHCPv6 has feature-crept its way into more complexity than IPv4's original DHCP.)

But some of those cool things just haven't really worked out. Letting the subnetting hierarchy mirror the physical routing structure so that routing tables are smaller and cleaner was supposed to be really cool, but it doesn't match how the US ISP market is interconnected (YMMV in Europe, where big-city exchange points dominate the market as opposed to overlapping wide-area Tier 1 ISPs), and it especially doesn't work if lots of end users are multi-homed to different ISPs for reliability reasons, which is basically most businesses that have their servers at their offices instead of colo centers. There's a horridly ugly kluge called "shim6" that's trying to fix that, with makes-NAT-look-good levels of ugliness, and there are other games that the mobile-IP people may be able to help with, but basically any multi-homed customer is likely to end up advertising at least one fairly-specific route to the whole world in addition to getting connectivity from their ISP's larger netblock, so for the most part we don't win.

The lack of success in simplifying routing tables through hierarchy is becoming increasingly frustrating to the ISP community as we keep hitting limits on router performance. In the past, some of the problems were simple (RAM costs an order of magnitude more if you put it into a box with teal paint on the front, so many routers couldn't do full BGP tables once the net hit ~100000 routes), but we're running into things like some very popular very-large-user hardware that only has enough CAM hardware to support ~256K routes, which is about how many a typical ISP backbone connection sees (depending on how many of their own customers' routes the same box also handles) so ISPs are starting to filter out longer route advertisements - which can have effects like interfering with customers' redundant-ISP reliability, or making some traffic load-balancing less effective. The alternatives are to spend large chunks of money now (and of course IPv6 addresses are 4x as big so the box can support 1/4 as many routes if you're doing pure IPv6 on it) or waiting another year or two for Moore's Law to help.

Users need name resolution before you can route

[billstewart]

Just because ping works doesn't mean that you can have useful communication. Sure, it's fun to say "My email address is myname@2001:dead:beef::42", but if you even want to access a website, you want to be able to support HTTP 1.1 virtual web servers and therefore you need DNS, unless you want to first put their IPv6 address into your HOSTS.TXT file. I guess there's alway UUCP, though :-)

....!timewarp!1985!ihnp4!houxd!wcs

Re:Users need name resolution before you can route

[crossmr]

If ping works, and no ports are blocked, any communication is possible, including websites, telnet, ftp, and any other service you can imagine. The summary implied that communication was impossible until now which is false.

Re:Users need name resolution before you can route

[billstewart]

It actually implied that *useful* IPv6 communication was impossible until now, which is true. HTTP 1.1 and SMTP _can_ be configured to work without domain name resolution, but it's very difficult to make it scale, because the most common configurations are virtual-server environments that serve lots of names behind one server (normally with one IP address, though IPv6 does give you the luxury of burning as many IPv6 addresses as you need, if your server OS can handle it.)

Re:Users need name resolution before you can route

[crossmr]

"With this transition, it will finally be possible for two internet hosts to communicate without using IPv4 at all" nowhere in there does it specify "useful" or "easy". It simply claims possible.

Host: blahblah.com

[Safiire+Arrowny]

Only to be thwarted by needing to type the domain name anyway in the Host: http/1.1 header on every server running multiple domains.

ORSN has IPv6

[c_g_hills]

I am surprised that so far no-one has mentioned the Open Root Server Network. It serves exactly the same data as the ICANN root servers, and has supported IPv6 for some time now. The root hints is available from http://european.nl.orsn.net/tech-hint.php. I have been using it for a few years now without problems.

localhost

Whats the new localhost IP then? 127.0.0.0.0.1 ?

Re:localhost

It's just ::1

Notice, they also skipped...

[themoneyish]

IPv5

OT: more memery

[mr_mischief]

If you remember every line from 19 seasons, then I really pity the Star Wars, Lord of the Rings, Buffy, and Star Trek geeks around you who have to put up with that. ;-)

Besides, I don't get Fox where I live, and my wife only has three or four seasons on DVD so far, you insensitive clod!

Re:OT: more memery

[Torvaun]

I don't actually watch the Simpsons. I know that line because it is heavily used on Slashdot.

Purpose of language

[The+Monster]

Most people will continue to use the phrase "incorrectly", because they know that everybody else will understand what they mean, which is the purpose of language.

Actually, that's only one purpose of language, and not even the primary purpose. Before one can communicate with another, one must understand the idea to be communicated. Even when no communicating with others is intended, thinking employs language. Allowing a word or phrase to have two meanings that are related and similar, and clearly distinguishable by context, does not hinder that process. But when the two meanings contradict each other, such as in "begs the question", "comprised of", or "That jives with what I already know", it hinders thinking.

I do tech support for a living, and get very frustrated when I hear people abuse terminology they don't understand. It could be as simple as calling a slash a "backslash", or as complicated as saying "This format defaults to that printer" when describing a format file that specifies a printer to override what default printer may have already been assigned; in any event, by using a word to mean something diametrically opposed to the original meaning, they sow confusion. Eventually, the word or phrase loses meaning entirely, and must be abandoned.

It's similar to the debate over "kilobyte" meaning 1,000 or 1,024 bytes.

Perfect example. I no longer can use that word. Instead I say "thousand bytes" or "two to the tenth bytes" instead of "kilobyte"; "million bytes", "one point zero two four million bytes", or "two to the twentieth bytes" instead of "megabyte" (because all three of those have been used, primarily for HDs, FDS, and RAM respectively); or "billion bytes" or "two to the thirtieth bytes" instead of "gigabyte", etc.

A6 is dead (Re:Er...)

[mibh]

there is no native support for aggregation or renumbering in IPv6. it's basically just IPv4 with more bits. all the fancy stuff promised in the original IPv6 goal documents from IETF had to be jettisoned to make the 10-year schedule achievable.

kernel.org can have an AAAA just for the asking

[mibh]

like freebsd.org, netbsd.org, isc.org, and a bunch of the other stuff ISC hosts. (kernel.org has been here for a while, but has not asked us for IPv6 connectivity for pub.kernel.org yet.)

Re:kernel.org can have an AAAA just for the asking

[Midnight+Thunder]

like freebsd.org, netbsd.org, isc.org, and a bunch of the other stuff ISC hosts. (kernel.org has been here for a while, but has not asked us for IPv6 connectivity for pub.kernel.org yet.)

Doing a dig I confirm freebsd.org and isc.org, but not netbsd.org or kernel.org? Other hosts I tried with negative success were apple.com and microsoft.com.

Re:kernel.org can have an AAAA just for the asking

[mibh]

www.netbsd.org. 84382 IN AAAA 2001:4f8:4:7:2e0:81ff:fe52:9a6b

i can't speak for apple or microsoft's IPv6 availability since we don't host them at ISC.

Re:kernel.org can have an AAAA just for the asking

[Midnight+Thunder]

Any idea why the AAAA record might be missing for me? The following link points to what I see, when I do (dig www.netbsd.org):

http://ajmas.dyndns.org/misc/dig-netbsd.txt

I would have included it here, but /. complains about junk characters.

Re:kernel.org can have an AAAA just for the asking

[mibh]

"dig netbsd.org" looks for A RR's. you want "dig www.netbsd.org aaaa".