Four Root DNS Servers Go IPv6 On February 4th

I Don't Believe in Imaginary Property writes "On February 4th, IANA will add AAAA records for the IPv6 addresses of the four root servers. With this transition, it will finally be possible for two internet hosts to communicate without using IPv4 at all. Certain obsolete software may face compatibility problems due to the change, but those issues are addressed in an ICANN report (pdf)."

Routers!

[arth1]

The main problem isn't obsolete software, but hardware. Changing routers to some that support IPv6 isn't done over night. And even if you do, and get IPv6 assigned, it doesn't help unless your provider also supports IPv6 -- else you might as well be tunelling the old way anyhow.

Regards,
--
*Art

Re:Routers!

[Just+Some+Guy]

else you might as well be tunelling the old way anyhow.

What's so awful about that? OK, so it's not native, but none of your apps or services can tell the difference. The advantage is that when you do get native connectivity, you've already done your testing and you're ready for the world.

Re:Routers!

[palegray.net]

I ask this because I honestly don't know. How many routers on the net are embedded devices capable of receiving firmware updates to cope with the additional functionality? Or, how many full-fledged "router in a box" style server systems are capable of receiving software updates, or already support IPV6?

Re:Routers!

[ArsonSmith]

This may beg for the question, but it does not beg the question.

Re:Routers!

Part of the problem is that, even though most routers can get software updates in the field, older models only have hardware accelerated IPv4 support. If you upgrade these routers to IPv6, they have to do everything with their puny CPU, which means the same router can handle fewer IPv6 packets than IPv4 packets.

Re:Routers!

[zsau]

"To sticketh" is not grammatically correct. The "to" signifies that we are using an infinitive of the verb, yet the "-eth" is a finite ending. -eth is simply the original form of the -s suffix on verbs: it marks the singular third person present tense. So "he sticketh", "John sticketh" are fine, but "have to sticketh" is not.

Finally

[elsJake]

Hopefully ISPs will start to offer IPv6 as standard pretty quick, I'm getting tired of dynamic IP allocation.

Re:Finally

[CastrTroy]

They don't do dynamic IP addresses because they don't have enough addresses. They do it for stopping you from running a server on your home computer. Sure you can still run a server, but it's harder to run one when your IP address keeps changing.

Re:Finally

[tgd]

No... if that was the case, your IP would change.

IP changes, in my experience from both Comcast and Verizon FIOS, are so rare that they effectively don't happen. I've never had a change with FIOS from the day the service was fired up, and although I can't recall ever having my previous Comcast one change except when I physically moved, its possible it did once or twice.

If they want to block servers, they'd block inbound ports.

Dynamic IP addresses are used because its the only possible way to do it without having techs setting up every joe six pack or grandmothers computer.

Re:Finally

[raju1kabir]

I think many of us geeks know that you can also use methods like DHCP to configure static IPs. What you are benefiting from here is DHCP, not your dynamic IP.

Pave way for 128-bit registers?

[Besna]

First of all--this is great news. We need breaks from the past like this. Maybe we'll see computers natively handle 128-bit words. UUIDs are already there. I'm sure the custom networking hardware already has it down, but this could be something that drives it. 128-bits seems like overkill for addressing, but it could be put to use as well.

So when will I be able to connect?

[AlexMax2742]

So when will this mean that I can actually use IPv6 for connecting to servers?

Like, when will I be able to open my browser window, type in an IPv6 address, and connect to...say..google?

Re:So when will I be able to connect?

[dmayle]

Right now.

No, really.

There are tunnel brokers who will give you an IPv6 address now, and tell you how to create an IPv6 over IPv4 tunnel and keep it up. I've got one public server already set up on IPv6 by tunnel.

Some ISPs are starting to offer native IPv6, as well. My ISP from when I lived in France, Free.fr, offers 30Mbit/2Mbit ADSL with unlimited calling to 40 odd countries with 300 odd channels for 29.99 Euros. They just added IPv6 addresses for those who request them. Makes my Optimum Online service look like the absolute crap it is...

Re:So when will I be able to connect?

[discogravy]

if you're browsing by IP now anyway you're doing it wrong.

Re:So when will I be able to connect?

[Chris+Mattern]

Right now.

No, really.

You appear to have misspelled your answer: the correct answer is "Real soon now. Not really."

Google has no IPv6 address to connect to. Nor have most other major net sites. IPv4 is still the only way to connect to almost all of the internet.

Chris Mattern

About time..

[ch-chuck]

Great, now we can soon get on with the job of assigning static ip addresses to all our toasters, refrigerators, furnaces, thermostats, tv sets, electric hairdryers, etc.

Re:About time..

[Denis+Lemire]

That's odd, I can't seem to ping your toaster... Its almost like a route doesn't exist... Unfortunate!

You and your kind (those ignorant of IP networking and the concept of true end to end connectivity) may enjoy non-routeable addresses, but I happen to like the flexibility that incoming connections permit.

I could rant about all the things your lousy NAT setup breaks but arguing about this over and over again is just getting tiresome.

Re:About time..

[Denis+Lemire]

What is so difficult about adding a default rule to your firewall that blocks all incoming connections to your subnet and then adding rules specifically for the devices and services that do require incoming connections?

ie) deny ip from any to 2610:78:ad::/48

With NAT you are eliminating the possibility of incoming connections, with IPv6 you can deny connections all you want but can allow incoming connections where required or desired. Sure you can setup a port forwarding rule to allow a service for a given machine, but what happens when you need the same service to go to more than one host? You know need to accommodate for that by changing the incoming port on your real IP.

Not to mention all the issues raised by protocols that embed IP's that are not routable within the protocol themselves (take the SIP protocol for example). Work-arounds need to be put in place for many protocols on an individual basis in a NAT'd environment. This is a pain in the ass that would be highly unnecessary in a post IPv4 world.

If you're so fond of the kludge that is NAT, nobody is stopping you from using NAT with IPv6 in combination with a non-routable unique-local prefix (fc00::/7).

Dragging your feet on adoption of a superior technology that works for every situation in favor of a broken setup that happens to meet YOUR rather limited requirements is delaying progress for the rest of us. ;)

Generally speaking the consumer world isn't ready for IPv6 yet anyway (Too many Windows machines with limited IPv6 capabilities)... but I still get annoyed with all the anti-IPv6 commentary by those that have not fully investigated the specifics.

Just the personal pet peeve that is looking forward to moving behind the network design of choice for the 1980's.

Re:About time..

[growse]

Everyone, lets all hold hands and repeat now:

Firewalling and NAT are different things...
Firewalling and NAT are different things...
Firewalling and NAT are different things...

Re:About time..

[Denis+Lemire]

What exactly is simpler in your viewpoint about IPv4? I'd like to see just one single pointer from you. Remember, just because you lack understanding of a technology doesn't mean it is more complex. In fact, in many ways IPv6 is simpler to deploy and maintain than IPv4. How many people that have deployed a network fudge up a subnet mask? With the large address space of IPv6 it is no longer necessary to deal with subnet masks, every subnet is 64 bits. Isn't that easier then having subnets of length somewhere between 8 and 30 bits and requiring the administrator to calculate the required number of hosts and the subnet masks to go along with that? What happens when a large network that does require end to end connectivity (think hosting provider network or the like here) provisions their network for 254 hosts and later outgrows this limitation? They need to re-number. Is re-numbering your network every time it grows to exceed an arbitrary limitation imposed by an obsolete standard "simple?" Thats only a couple examples.

Also, what part the word firewall makes you think that the firewall has to run on the host that you are trying to protect? I agree 100% that would not be ideal. Your gateway in IPv6 would still handle all the firewalling needs of your subnet. It is still a single point of administration at the edge of your network, nothing changes here!

You could turn my argument around, but you'd be dead wrong. How many people wonder why transfers over IM networks are so painfully slow or don't work at all? With both endpoints being behind NAT the IM clients need to each establish a connection to a third outside host to relay the transfer for them. How many people wonder why their SIP phone doesn't work properly in their hotel room. How many people wonder why a given game won't work behind their NAT. The examples are damn near countless. A lot of things happen behind the scenes to alleviate these issues to an extent but these are all added complexities. Here I thought your goal was to simplify things.

Have a look some day at how many protocols and standards exist, each to find yet another way around the limitations of NAT for a particular service or protocol (STUN, UPNP, NAT-PMP, etc, etc).

The thing is, there is nothing in the IPv6 spec that breaks functionality that you are used to today. There are however a great many things that are simply impractical with IPv4 unless you are one of the lucky few that has a sufficiently sized chunk of globally routable IP space.

Perhaps when you've administered a network larger then your personal home network you'll have a better grasp of what some of these issues entail.

two of 'em, eh?

With this transition, it will finally be possible for two internet hosts to communicate without using IPv4 at all

Well, I guess that IPv6 transition is coming along nicely.

HAR HAR HAR.

Yeah, when slashdot drops it's IPv4 address, then I'll believe in this IPv6 nonsense.

Re:two of 'em, eh?

[shentino]

Actually, v4 and v6 are quite independent. A single host can have BOTH at the same time.

I'd hope /. keeps its v4's at least until my college switches to v6.

I think it's backward compatibility IIRC.

Re:two of 'em, eh?

[evanbd]

Yeah, when slashdot drops it's IPv4 address, then I'll believe in this IPv6 nonsense.

OK, admit it... how many of us would go figure out how to run IPv6 if it was required to get a /. fix?

Best IPv6 Read ever (not the article)

But the off topic link I'm making to the wikipedia page...

IPv6

common to see examples that attempt to show that the IPv6 address space is absurdly large. For example, IPv6 supports 2128 (about 3.4×1038) addresses, or approximately 5×1028 addresses for each of the roughly 6.5 billion people[1] alive today. In a different perspective, this is 252 addresses for every star in the known universe [1] - a million times as many addresses per star than IPv4 supported for our single planet. These examples, however, have an underlying and inco

No, wait, not THAT game server...

[jackpot777]

I'm just hoping the Enemy Territory server I play on doesn't move too quickly to the switch to IPv6. It took me ages to load their map rotation, but it's a good selection and their bots are a nice challenge. It has taken me months already to remember the 216.27.112... wait, is it 112.48, or 48.112 at the end? And that 27 doesn't look right. It ends in :27962, I know that. Or is it :27964?

Ah crap, I forgot the number again.

Damn you, progress.

Re:No, wait, not THAT game server...

[VGPowerlord]

Don't worry, you'll have no trouble remembering the new address. It's b439:88fa:31d3:0507:613a:426c:99ba:02e2 .

Re:No, wait, not THAT game server...

[Denis+Lemire]

Sorry, thats not a valid IPv6 unicast address. The unicast block is 2000::/3 so 2000: - 3FFF. ;)

Also IPv6 addresses can be compressed if they contain contiguous 0's.

ie) 2610:0078:00ad:0001:0000:0000:0000:0001 -> 2610:78:ad:1::1.

Worry not though, this is what DNS is for... Humans need not memorize IP addresses.

Re:No, wait, not THAT game server...

[teslatug]

Indeed, just as easy as the new emergency number

Re:Why did they skip 64-bits?

The idea with IPv6 is that the address space will be large enough that we will never have to transition to a 256-bit (or greater) address space. Rather than build an "intermediate" 64-bit address space, the intention was to prevent any future exhaustion of IP addresses by using a very large space.

will 256 be far off Given that IPv6 would provide over 10^28 addresses for each of the 6.5 billion inhabitants of Earth, I think it will be sufficient for the foreseeable future.

But the intention with IPv6 was not merely to create an exhaustively large address space, but to fix a number of problems with IPv4, make routing simpler, etc.

(Whether or nto IPv6 achieves those intentions is a separate question.)

Re:Why did they skip 64-bits?

[romiz]

I belive that they skipped the 64-bits address to be able to fit the 48-bit MAC (Level 2) address inside the IP (Level 3/4) address, and thus avoiding the need for the router to use ARP to find the MAC address corresponding to a local IP address.

IANAIANA

[PixelScuba]

I Am Not An Internet Assigned Numbers Authority.

Re:Er...

[Olmy's+Jart]

Deprecated. Alone with ip6.int, bit fields for reverse look-ups, and site local addresses. Nice ideas that didn't work out in practice.

Mixed up acronyms

[MarkGriz]

Certain obsolete software may face compatibility problems due to the change, but those issues are addressed in an ICANN report Wouldn't that be handled better with an ICANT report?

Your argument is leaky.

[DrSkwid]

You do know that DHCP can assign a fixed IP don't you?

"Get IP address automatically" has nothing to do with dynamic / fixed assignment.

Human readability

[ddoctor]

So, we've got lots of IPv6 addresses, thus we can assign static IP's to everything. Catch: IPv6 addresses aren't very readable/memorable. I can remember all of the IPv4 addresses on my network, but I wouldn't remember the v6 ones.

So, what's the solution there: well there's DNS and DHCP... man I hate DHCP. What if my local DHCP server or DNS server goes down? And, then I try to ping it to diagnose... oh, if only I could remember its address!

What about web hosting providers? Dear Hosting Support, can you please change my www IP to 2001:0db8:85a3:08d3:1319:8a2e:0370:7334? Much easier to screw up then if I say 66.35.250.151.

Also, IPv6 means we can throw away NAT... which is good, because NAT sucks, and its basically only there because we don't have enough IPv4 addresses. But, hang on ... so every machine I have on my local network has a public IP address. Great. Do I really want that? Yes, I have a firewall; yes, its secure... but its still more secure to have every machine (except 1) completely non-addressable from the internet.

I know a lot of less secure networks would be screwed if every machine was publicly-addressible. They may have a poorly-configured or nonexistent firewall, and are only getting a semblance of security by using NAT.

Don't get me wrong, IPv6 is definitely a good idea; the address space rocks, and there's a whole host of other benefits. There's just a bunch of simple, practical issues that IPv4 solves better.

*ducks* This has got to be flamebait on a place like /.

Re:Human readability

[gbjbaanb]

IP addresses:
I can't remember my IPv4 addresses without looking them up, so I'd be no worse off than with IPv6. You'll get older too son, then you'll agree with me :)

As for web hosting providers, they won;t ever have to 'change your IP address', they'll just have to tell you it in the first place, then you're done.

In both cases, IPv6 supports auto-registration so you won't have to fiddle with it anyway. As the IETF says "Since IPv6 addresses are too long to remember and EUI64-based addresses are too complicated to remember, they are not suitable for such identifiers"

IIRC you don't need DHCP anymore with stateless autoconfiguration.

NAT:
think for a moment what NAT does. All you have is your router attached to the internet, and all your computers connected to the router. Unless you explicitly allow incoming connections to pass through, your PCs are "firewalled" at the router.

If you have IPv6, you'll still have the router. I hope that all router manufacturers will be shipping them with incoming connectivity disabled by default, just like it is at the moment. Then, you'll be no less secure with IPv6 than you are today.

You will have the benefit of being able to "DMZ" as many of your PCs as you like, not just one of them. This is best of both worlds.

I think IPv6 will be a good thing, if it ever happens. I can't see that happening anytime soon though, there's too much infrastructure out there.

Re:ipV6?

[Todd+Knarr]

1. Makes address allocation a lot simpler. Most of this comes from the expanded address space having a lot more blocks available for allocation without having to play games with the bits.
2. Allows the address sub-netting hierarchy to mirror the physical routing structure. This makes the routing tables smaller and simpler, which makes life easier for the routers.
3. Address prefix independence. Fancy term for not having to reconfigure all your machines just because you've moved to a new netblock. This is part and parcel of the previous item, actually.
4. Things like IPSec were designed into the protocol from the start, rather than being bolted on afterwards as they were for IPv4. Makes VPNs and such a lot easier to configure and get running. The packet headers were also redesigned based on experience with IPv4, so routers have an easier time handling them and don't have to work so hard to do common things.

Re:Er...

[shentino]

Here's the RFC header, straight from the IETF's website

Network Working Group Request for Comments: 2874 Category: Standards Track

And its current status is "experimental" so unless there's something not-so-technical deciding A6's fate, then you've made a mistake to call it deprecated.

Unless of course the IETF doesn't have this categorized right...

Re:Not true

[tgd]

I bunch of people said the same thing but I don't want to reply to all of them.

From the customers standpoint, the different doesn't really matter except as an inbound DNS address, however managing static IPs via DHCP is still complicated because you can't easily move machines around subnets as the leaves of your network change in terms of device concentration and data load.

You pay more for a static IP address because once you have it, they have to adjust the network around you.

(FWIW, I built out a number of large telco dial-up infrastructures as well as hosting environments in the last 15 years, so while I'm sure the reasons vary by company, I can say with certainty that this is the reason for an increase in price... the actual amount will be obviously adjusted for the market based on maximizing profit, but this is the core reason for it)

Actually, CPE is often IPv6-capable, Core isn't

[billstewart]

You've got your assertions pretty much backwards. Most general-purpose computers are IPv6-compatible, running either Windows XP (or occasionally Vista) or Linux or MacOS, though the user may not have a clue how to enable it or manage it and their ISP help desk may not know either. There are two different kinds of hardware that have problems with IPv6, for different reasons:

• Home NAT/Firewall boxes, which may not be upgradeable, and which the user almost certainly didn't save the instructions for even if they were. On the other hand, they cost $29, so you may not care.
• Big ISP routers often can't handle IPv6 well - for instance, Cisco software has supported IPv6 for a couple of years, but the routers perform as well as they do because most of the packet-routing grunt-work is done in ASICs that only know IPv4, not in the relatively slow CPUs which handle administration, routing protocols, and other applications that can't be done by the ASICs, including IPv6. Some of this is mitigated by ISPs that use routing at the edges and have a switched core using MPLS or ATM, so it's a bit more scalable, but they still need lots of IP routing hardware.
• There are other intermediate layers - cable head ends, routers that support DSLAMs, dialup infrastructure for anybody who still cares, etc., which may also have trouble, but the big issues are at the core.

Re:Why did they skip 64-bits?

[Just+Some+Guy]

I belive that they skipped the 64-bits address to be able to fit the 48-bit MAC (Level 2) address inside the IP (Level 3/4) address, and thus avoiding the need for the router to use ARP to find the MAC address corresponding to a local IP address.

Not even close. Those bottom bits are used for the completely optional autoconfiguration feature. You're equally welcome to hand-configure hosts or use DHCP6 to assign network::1, network::2, network::3 and so on without regard to MAC.