Slashdot Mirror
One Step Closer to IPv6
gbjbaanb writes "IPv6 came a step closer yesterday as ICANN added IPv6 host records to the root DNS servers, reports the BBC. 'Paul Twomey, president of Icann which oversees the addressing system, told the BBC News website there was a need to start moving to IPv6. "There's pressure for people to make the conversion to IPv6," he said. "We're pushing this as a major issue." The reason for the urgency, he said, was because the unallocated addresses from the total of 4,294,967,296 possible with IPv4 was rapidly running out. "We're down to 14% of the unallocated addresses out of the whole pool for version 4," he said. Projections suggest that this unallocated pool will run out by 2011 at the latest.'"
Its sad to look at the list of class a allocations and know that we're almost out. All this was done before NATs became popular. I think ICANN/IANA should work on wrestling some of those class As back from companies like Ford, Apple, HP, etc. None of those companies are going to ever have 16,000,000 hosts on public IPs. I know some of those companies have already made sub allocations. We could probably buy 5-10 years if they could reclaim just the 3, 9, 13, 17, 19, 20, 34 and 40 class As and get over 130,000,000 IPs back.
I mean, if those companies complain, who cares. They wouldn't get such large and prestigious allocations in an IPv6 network anyways. So what's the difference.
I know, I know, we should move to IPv6 anyways. Just a suggestion. Poor initial planning warrants changes down the road.
Just like how when we run out of oil, solutions will come along, when we run out of IP addresses, solutions will come along. The only problem is people don't get very motivated until we're really on the edge. I don't have much hope for IPv6 for another few years yet. Still, progress is progress.
-mrxak
Onions Will Kill You
Seriously, though, I have a feeling that IPv4 will be saved by an ingenious tech solution far in advance of the world running out of addresses.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
Sadly, it can't Talk dirEctly to my Next-DOor neighbor, who runs an equally large neTwork.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why punish those companies for investing in (and giving a boost to) the early internet? If IPV4 is that important and ISPs need that many more addresses, it wouldn't be difficult for some ISPs to purchase blocks of IPs from those companies. Let the market do its thing. Besides, my NetBSD toaster is still waiting for a public IP...
As we keep hearing in other circles, "change" is in. As a software engineer who doesn't want to slow down for IT support, I have to do my own wrestling with the network. The more I can focus on the real job, the more productive I'll be.
It will be the year of IPv6, the Semantic Web, Perl 6 and rocket cars. It will also be the year of Linux on the Desktop.
Maybe we can finally get rid of the abomination that is NAT. Then all those Windows machines will become exposed to the Real Internet, and the false sense of security granted by their little home router will shatter the illusion of Windows stability once and for all.
Either that, or router manufacturers will start including SPI firewalls that aren't completely useless.
just switch to IPv5 until things get sorted out
So just because people waste IPv4 addresses by not using NAT and not recycling unused addresses, we want to force everyone to go to a solution that won't work correctly on existing devices that don't support v6, has a completely silly address, makes people get out from behind the elegant and awesome solution of NATs, and is basically poorly conceived, designed and executed?
/. LOVES change for the sake of change and anything shiny and new MUST be awesome, therefore I'll be modded down as an idiot and a troll for telling the goddamn truth.
Forcing v6 will be a disaster. It's better to force people to better implement v4 and take that time to design a system that will expand the address space while not causing so many issues.
This will be anonymous coward because I know almost everyone on
The only justification you ever hear for moving to IPv6 is address exhaustion in IPv4. There's a lot of other stuff built into the protocol that will make the net a much better place. Even if IPv4 had the same amount of addresses as IPv6 it would still be worthwhile to switch. Just give this a once over for an introduction
http://en.wikipedia.org/wiki/Ipv6#Features_and_differences_from_IPv4
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
They're not going to be very eager to give up their position as a gatekeeper of a limited resource just so their customers can frolick in a vast address space for free. Since most of them operate in a monopoly or duopoly situation, the proverbial "free market" won't force them to move off IPv4 either.
Which is 1 less than 11 which is 1 less than 100.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Look, IPv6 is all well and good, but apart from typing 1:: for localhost, how am I going remember my outside IP?
Oh, and the line "There's no place like 1::" just don't sound right. http://www.thinkgeek.com/tshirts/generic/5d6a/
Take Nobody's Word For It.
Its the latest internet growth industry, IP Address squatting. For a slight, yearly fee I'll rent some of my IP addresses to you. :-)
If only Apple and IBM and stuff were to give back some of their A network space.
Religion is what happens when nature strikes and groupthink goes wrong.
Why don't we use the 32 bit source address in each IP packet as an extension of the destination address? That way we can get 64 bit destination address.
Oh, wait...
Have we reached Peak IP?
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
This is all Al Gore's doing, I just know it. Go make the internet again, and this time do it right!
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-
IPv6 is not quite there yet, with some of the popular web sites still not accessible via IPv6.
If you are stuck behind a home router, with NAT then you will probably find yourself unable to access IPv6 sites. In the meantime there are two solutions:
- Teredo. If you have Vista this is standard. For everything else there is Miredo
- Aiccu. A litte more work and bureaucracy to get up an running, but a solution non-the less
Of course there is also Apple's Airport Extreme, which is one of the few home routers out there that support IPv6. I believe some of the third-party firmwares will do this too, but I don't think the IPv6 support is mature. As for Linksys, D-Link, et al. I think you are out of luck for the moment.
Also, if you running Apache, you will need a minium of Apache 2 and specify IPv6 support, using the configure script, prior to building it.
Jumpstart the tartan drive.
The sad part is, most of the IP addresses in question are... dark. Nothing there. Even though we're approaching 85% allocation, utilization is probably around 1-2%. No, I'm not kidding.
Try it yourself - hack up some script to randomly generate IPs and then ping sweep the network blocks. You'll probably be quite surprised at the result.
A while back, I wanted to have a way to detect if a host was "offline" so that it could modify its behavior. (EG: halt outgoing SOAP requests if the server's network connection was disrupted, preventing bogus error messages from entering the system)
My first thought was to randomly generate 10 IP addresses, then ping them to see if they were offline, guessing that at least 50% would respond. Basically, none did. So, then I tried randomizing addresses and keeping a list of only those that had, at one time, responded. Even that turned out to be unfruitful. So finally, I took a dictionary and randomly created domain names from 1-2 normal dictionary words, pinging those, and keeping a list. That yielded some 40% usable responses, allowing me to keep a list of fairly trustworthy ping hosts to determine the online status of the server in question.
Bottom line: The shortage in the global IP pool is an artifact brought on by grossly inefficient/incompetent management of the global IP pool. The idea that we're running out of addresses purely ignores the fact that the vast, vast majority of the addresses we now have are simply unused.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Wake me up when I can pull up the main page of Google using nothing but packets with IP6 headers.
That means that I can do a DNS query using nothing but IP6 packets - NOT IP4 packets.
That means that I can do an HTTP transfer from Google's servers using nothing but IP6 packets - NOT IP4 packets.
Hell, wake me up when there's a AAAA record for Slashdot.
This is a *baby* step towards IP6 being useful.
www.eFax.com are spammers
I've been waiting a while for Netgear, Linksys and that crowd to add 6to4 support to their home NAT routers as a way to help jump start IPv6 adoption. There would be no security issue if incoming connections were blocked by default and people could turn it off if they didn't want it. But 6to4 can be set up automatically by any machine with a publicly routable IPv4 address.
Well, I'm happy to say that my wait is finally over. They didn't make a big deal about it, so I don't know exactly when they did it, but Apple added that support to their Airport Extreme. So now when I go anywhere that has one of those, I can directly SSH into those inside machines that I've opened ports for without undue muss or fuss.
Apple has been a stalwart supporter of IPv6, from my observation. It's been possible to use AFP file sharing over IPv6 since at least Tiger and the built-in VNC stuff works over IPv6 too (though there is a naming lookup bug that requires you to connect using the IPv6 address literal if you use the command-K "Connect to" dialog).
So, Netgear and Linksys, what's holding you guys up?
I get a surprising number of IPv6 hits on my webserver at home. Most of these appear to be XP or Vista boxes with Internet connection sharing turned on that automatically assign themselves a 6to4 addresses when they have an interface with a public IPv4 address.
IPv6 with 6to4 is easy to set up, and I'd recommend it to anybody who has a static IPv4 address. You can use NAT-PT so all your IPv6 hosts can still get to the IPv4 network. If you have a couple of DNS servers, you can even set up reverse DNS for your IPv6 network just the way you want using this nice web interface from the NRO.
I maintain some good links to stuff about IPv6 on del.icio.us.
I hate NAT. And I think IPv6 can be just as secure. Partly because a 64-bit address space is really hard to effectively randomly probe working addresses and partly because it's fairly easy to configure a firewall to not allow incoming connections.
Need a Python, C++, Unix, Linux develop
Before IPV6 gets popular, it needs:
1. Home routers that support it.
And/or
2. DSL and cable modems that support it.
I'd love to convert my home network to IPV6, but as long as I connect through an IPV4 ISP, and my wireless router only does IPV4, I'm hosed.
Joe D
So when IPv6 finally does become the norm, will there be any need for NATs on home routers, or will ISPs simply give you many addresses?
Lest anyone think this jackass is correct:
IPv6 barely supports firewalls or NATs, allowing any Joe Sixpack to see what your secured corporate network topology is like from anywhere.It is not up to the protocol to support the hardware. And anyway, all good firewalls support IPv6 already. NAT? It's there if you're dumb enough to want it.
It also does not support reserved IP blocks... change ISPs, and you are forced to re-ip your whole network.Step one: update your router to the new netblock.
Step two: sed -i'' 's/^old:net:block/new:addr:ess/' db.mydomain.com; rndc reload
Step three: laugh at people who go around changing ISPs all the time.
Of course, IPv6 has -zero- hooks for IP level encryption, so this has to be handled at the trensport or app level.If only it support IPSec, "the goal of [which] is to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 environments." Oh, wait...
Dewey, what part of this looks like authorities should be involved?
NAT is, well, better than nothing, which, currently, is your alternative. But I'd hardly call it an "elegant and awesome solution". IMO, ultimately, NAT sucks because you *do not have a globally routable address* for devices in your network. Sure, that gives some security benefits, but makes it a PITA when you do want to open connections directly to a computer or consumer electronic device in your network.
A few reasons you might want to have a public address inside your network:
* Direct VOIP telephony (SIP, Skype, various instant messenger clients, run a TeamSpeak Server), etc
* Running game servers, web server, mail server, etc
* Remote access (VNC, SSH, etc)
* Direct file transfer with a friend (I've, from time to time, run into problems with things like instant messenger client based file transfers not working behind a NAT - though they do seem to have somewhat alleviated that problem - I suspect by routing my file transfer through the IM network instead of directly to the other person), or P2P file sharing systems, like Bittorrent - yes, they can usually work behind NATs; but they work better if direct connections could be more easily made).
Yes, yes, I know about port forwarding. That's fine and dandy as long as you only have a single device per port that you want to allow incoming traffic to. Ultimately, IPv6 is a much better solution to the problem of address space limitations than is NAT. NAT usually requires software to do ugly hacks to get around the limitations of only allowing outbound connections. A simple firewall with every device having a global address is a better solution, because then I can open up as many ports to as many devices as I like, without having to worry about only allowing one device per port.
I've had a number of times where I've been extremely frustrated by NAT. Often times, if software isn't explicitly written with NAT in mind, and the problems it creates, then it won't work well in a NAT'ed network.
I work for them (but obviously do not speak for them) and I personally have 8 machines with 9. IP addresses. Times that by a third of a million staff and add in whatever servers, managed services, infrastructure etc, you're getting to needing a class A.
Lets find out!
can you ping me at fe80:806f:0:SomeShit123... oh just frack this crap... I'll FAX you the IP!
"Projections suggest that this unallocated pool will run out by 2011 at the latest.'"
Riight. Last I read it was 2011 for ARIN, 2012 for RIPE, assuming current allocation procedures. If allocation- and revocation-procedures are changed before then, "at the latest" suddenly becomes "at the earliest".
There is a problem, but it's not got a final due-by date attached to it just yet.
Interesting post... but totally irrelevant.
With no ability to NAT or firewall in IPV6 , anyone on the external Internet can find out exactly what you have, theb stage targeted attacks on every single host on a private network.
As for the stated IPsec, it was a nice draft... but never made in the standard.
IPV6 is a net admin's worst nighmare for security, next to unpatched machines.
Hi, Jeff Immelt here. We here at GE own the 3.0.0.0/8 (and other misc. /16's and such). Basicly, as we're the 4th largest company in the world, you can suck it. We like to allocate willy-nilly and/or as we see fit these networks on our internal infrastructure. So what if it is rarely in a contiguous manner so that it is impossible to summarize in our routing tables. We got money, we'll buy bigger stuff.
Now that I just PWND your face I have to go see about maybe implementing this cool new technology called "vlans" I keep hearing about. IPV6. PSSSHHHH...maybe around 2040.
-Jeff
Not only the IPv4 IP space is running on empty, at the last AusNOG conference (a must for everybody who is into internetworking) a talk was given about the similarities and differences in the allocation of AS numbers.
:-)
Where the IP space allocation graph shows an exponential line since 1990something, the AS number allocation graph shows a linear line.
The interesting thing is that somewhere in 2010/2011, when the IPv4 IP space is running out, also the double byte AS number allocation is running out. At around the same time!
So while the big world has to deal with the IPv6 (which by now should be common knowledge and practise), the ISP world has to deal with the four byte AS numbers.
That last part isn't 100% true: If you have a double byte AS number and your BGP speaker doesn't understand four byte ASN numbers, you will see some strange things in your BGP table but everything will keep working. On the other hand, if you have been handed out a four byte AS number, you'd better make sure you got a speaker which supports four byte AS numbers
bash$
I'm sorry, but this seems like a whole bunch of arrogant cluelessness rolled into one.
First of all, it certainly used to be easy to be an ISP, and there used to be a whole slew of mom 'n' pop ISP operations. The fact that a lot of those closed up shop has much more to do with the fact that they just couldn't compete with the cutthroat pricing the telcos (and to a much more limited extent) the cable companies were rolling out to acquire market share. If you're living in an area with only one or two ISP choices, it's very likely to be the fault of you and your peers in ranking low price above every other possible consideration. When customers do that, they drive everyone out of the business except the largest and most diversified company, which alone can turn a reliable profit by multiplying teensy-weensy margins on each account by zillions of accounts, or can even take a loss on providing network service because they make it up on portal ad revenue, selling add-on services, whatever.
If you think a market exists for ISP service with fixed IPv6 addresses, nothing's stopping you from opening up shop, hiring the necessary network engineers, and trying to cover their salaries, medical benefits, and 401k's with your subscription fees. And if you aren't willing to give that a spin, 'cause you lack expertise to even know WTF you're talking about, or you do actually realize that people generally won't pay for that kind of service, then you're being cynical and dishonest in complaining that other people won't go into the business and lose their life's savings trying to shovel back the tide for your temporary benefit.
Secondly, the reason ISPs charge more for fixed IP addresses is just because it makes some of their network administration more complicated. My ISP (Cox cable) used to give out fixed IP addresses ten years ago, but switched over to DHCP and variable addresses as their customer base grew, and presumably the complexity of administering fixed addresses when customers might add the service and then drop it a week later, and then add it again in three months (and demand their old address back) became incompatible with charging a price not too far above what Pacific Bell charged for DSL.
Finally, your complaint where it isn't uninformed seems to boil down to the complaint that people in the business of selling Internet access want to charge as much as possible for doing so. Uh...and so? Did you just fall of the turnip truck yesterday? Is it an outrageous surprise to you that people everywhere want to maximize the price they get for their labor? Don't you want to get the highest salary you can for the work you do? What makes the people who work for ISPs, or who start them, any different?
The solution is clearly the WDS (WorldDHCPServer). One to rule them all.
The problem with the proponents of IPv6 is the rabid focus on eliminating NAT in the network. Rarely have I seen such an enthusiasm for cutting one's own throat.
Let's take a hypothetical example of IPv6 actually fulfilling the dreams of its proponents, such that NAT is removed, every device on the network has its own directly reachable IPv6 address, and there are indeed enough addresses that every household appliance can have its own address.
Congratulations. What do you do when IPv8 comes out? Or even IPX (sic)? When you have locked every device on the planet into a single network protocol with a dead-end to dead-end design, how do you ever manage to upgrade that to something better? Unless people want to claim that IPv6 is the ultimate perfection of network protocols and will never be surpassed, ever. Otherwise, you have to assume that some day, something better will come along. If people think the transition from IPv4 to IPv6 has been painfully slow, that's nothing compared to the idea of the transition time required for upgrading an IPv6 network to something else, when you would have to convince everyone to upgrade every single gadget they have with an IPv6 stack to the new technology? The concept of NAT and its associated technologies are a requirement to allow people to continue to develop new networking protocols and to allow transitions between technologies.
Without NAT, how do people plan on upgrading from a global IPv6 network to what comes next? The harder people make it, the more it slows down any future network protocol innovation.
Network protocols and applications should be designed to be NAT-friendly, not NAT-hostile. The easier it is to provide on-the-fly translation between protocols, the easier it is to deploy new technologies in networking protocols faster. Arguing against NAT is like arguing that people shouldn't use document converters because they break on MS Word documents, and everyone should just use MS Word documents, only, as a dead-end to dead-end solution. People should be striving to use protocols and applications that can be translated/converted cleanly between networks (yes, it's hard) to allow people to choose the technology/protocol of their own choice while still being able to interoperate with everyone else.
End-user netblocks are 2^64 addresses in size. If an attacker could ping a billion hosts per second, it would still take them 585 years to scan a single block.
So, again, NAT-as-security is even dumber on IPv6 than it is on IPv4.
As for the stated IPsec, it was a nice draft... but never made in the standard.From Wikipedia:
Wow. Guess you're wrong there, too.
Dewey, what part of this looks like authorities should be involved?
Look at this:
/8 for them (3.x.x.x).
003/8 May 94 General Electric Company
So GE has a whole
And now, look at this:
www.ge.com has address 216.74.131.56
Insert obligatory statements about why NAT is bad and why people who argue in favor of NAT don't know a damn thing about networking.
Watch all your SSL certificates break, all your SSH configs break... hopefully one isn't using any software that is licensed to a specific address.
Laugh at people stuck with being rate-raped by ISPs because the internal costs of managing all of their *internal* applications that depend on things like SSL and SSH are too high to allow them to easily change ISPs. If only they could have used an internal private address space that allowed them to isolate their own network from such changes, so they could always threaten to take their business else where if an ISP is not responsive...
I firewall ipv6 very nicely, thank you very much.
And you're last comment proves you're not a net admin.
There is nothing interesting going on at my blog
So, in short, not all ILECs abuse the USF. Some of us actually use it for the purposes in which it was intended.
Oh, and I'm working on having IPv6 deployed this year. Good luck finding more than a handful of residential ISPs offering IPv6 in this country.
Um, why? "myhost.example.com" won't change hostnames just because its address changes.
hopefully one isn't using any software that is licensed to a specific address.Name one. Seriously. Name a package that is bound to a particular IP.
Dewey, what part of this looks like authorities should be involved?
Mobile nodes will have the last 48 bits in their address equal to their MAC address, but ISPs that support mobility cannot pre-allocate anything in the valid range of MAC addresses. So, any IPv6 address whose ISP is known and whose suffix is arguably in the range for MAC addresses but is not a valid MAC address is connected to an ISP that does not support mobility. Likewise, if the ISP is know to support mobility, you can examine the last 48 bits to determine the nature and type of network device being used. Converseley, if multiple machines on that segment have resolvable MAC address style addresses, it's certainly autoconfiguring and probably suppoting mobility. Where routers fall into this category, the routers are autoconfigured and network mobility (NEMO) is probably supported. Network mobility is not useful except for failover (explained later) for fixed systems, so you're likely looking at a router that has a wireless connection upstream and must cross between two providers, so is most likely on a vehicle with moderate range and multiple on-board networked devices. An aircraft or a train is realistic, as is a military vehicle acting as the group's servive provider, but a car is unlikely (not enough machines inside), as are mass transit buses (they don't have the budget) and roller coasters (nobody's stupid enough to use wifi on one, and the entire circuit would probably be in range of a single router with a bunch of wireless access points to extend the range, if they were).
As one of the first IPv6 system admins, I can say that the biggest change is that you will need to learn the new syntax for using numerical addresses in a URL. It changes, because of a rather careless piece of symbol overloading. Actually, only an idiot would use the number if a name is present. Names work the same way. Adding in static IP addresses into BIND becomes a pain, so don't. Use a dynamic system, which means either DHCPv6 or IPv6' own automatic configuration and discovery. Then, you will never have to concern yourself with manually entering in IPv6 addresses backwards, one byte at a time, for no obvious reason besides someone having a sadistic moment.
For routing, the differences between RIPv2 and RIPng, or OSPFv3 and OSPF6, are very small. Most routes can be discovered, as they always have been. The routing protocols were developed before IPv6 had a default route - for a long time, it was believed you should have paths discovered as far as possible, so that you don't end up hard-coding single points of failure that don't exist in the network topology itself. (If some upstream router A fails, then traffic moves to upstream router B, as if the router was mobile. The NEMO protocol allows all upstream routers to re-adjust the paths to get to the router concerned efficiently without dropping too many packets.) Otherwise, current IPv6 routing is nearly identical to IPv4 routing.
For multicasting, service discovery is done via multicast, so it'd better be available over more than a local network, otherwise everyone is going to have to provide everything. Either that, or users will need to configure things for different networks. Which they aren't going to like. A VoIP cellphone should be capable of working over any wireless tower and get a service identical to the one they receive on their local service, though not necessarily at the same cost. IPv6 would not eliminate roaming, but it would eliminate the need to lose provider-specific capabilities when doing so.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I can think of one: CheckPoint.
That's why any software that licensed to an IP address gets a private address from me. It's complete crap that companies think IP addresses couldn't change.
My bad, I should have said IPSec (which I think you boast about in IPv6), which can use IP addresses.
Uh, you've never used a license manager, have you? Let's see... hmm. I seem to recall HP Openview used IP address information in generating a license key (good heavens, can you imagine the fun it would be to have a network management tool running on a good sized network and then changing all the IP addresses on it at once?) I seem to recall Oracle also using such a license manager... oh, right! It's that little thing called FlexLM, node-locked licenses based on IP addresses... though to be fair it seems they may now support hostnames, too, sort of. I mostly remember the installations auto-generating license keys based on IP addresses, though.
I noticed the AAAA records when I did a dig the other yesterday to get updates of my root servers. I thought I needed to update something cause it looked off, while I realized it was ipv6 addresses, I said those shouldn't be there. As far as needing to get allocations, your current ipv4 allocations will work fine on the ipv6 network once its fully meshed will it not? After all all the ipv4 addresses are just grouped under one ipv6 allocation block...so why would they want people to rush out and get ipv6 allocations, or do they just mean new network allocations?
look. I've been on the IPv6 wagon for as long as i can recall (so maybe thats ;-) ) - I've got the IPv6 on our nets, I've got our main servers :::: address is! if we all get together
:-(
not that long
doing the v6. I've got the firewalls doing it etc etc but I still find
horrible broken apps and appliances around every damn month. I spend
most of my free time trying to submit patches to fix small utils
that have NO CLUE as to what a
onto this one requirement... and get everyone who runs winXP to run 'ipv6 enable'
in their DoS box then we might start getting somewhere.
oh yeah. all those wireless captive portals. how many of those you reckon do
IPv6?
This is off topic, not a troll. It is a genuine problem! There should be a setting to load (n > 10) messages. I turned off the Discussion 2 system because it only allows me to load 50 post at a time. There are only a limited number of posts worth reading.
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
I'm sure these bureaucrats have never seen an IP address.
It sure is going to be fun dealing with shit like 45345:34523587:1375:1209:4812aej:f3r:13298fh2:8h:f238hfwf:329:0fh13:98hf9:18h:f18hf:13:f8983hf.
Get all the myspace kids off the Internet along with all the other worthless trash and we'll have an abundance of IPv4 addresses.
VOTE RON PAUL - ONE HOUR LEFT [ronpaul2008.com]
I admit that I was unaware there was any software that broken by design. Honestly, that's the kind of thing that needs to cause heartache to its users and authors to discourage more of it from being written.
Dewey, what part of this looks like authorities should be involved?
"Little does he know, but there is no 'I' in 'Idiot'!"
http://www.ipv6.com/articles/military/Military-and-IPv6.htm
is just one example showing how the U.S. Military is required to be all ipv6 by 2012, in fact there's large chunks of the network that are supposed to be moving to IPv6 before then. So I'd say that's your "ball-rolling" starter. I have no idea how many networks and computers the U.S. Military represents, but considering they have an entire TLD, I assume they have a few. And I'd also be willing to bet that all the big router & OS vendors out there don't want to loose a big fat juicy customer like the U.S. Military, and therefore will do whatever it takes to get that network up and running.
You know in some senses, I think using the military as a guinea pig for things like this is a good thing for federal tax dollars to be spent on.
Sig 'em boy!
End-user netblocks are 2^64 addresses in size. If an attacker could ping a billion hosts per second, it would still take them 585 years to scan a single block.
So, again, NAT-as-security is even dumber on IPv6 than it is on IPv4.
Wrong. It only takes one PING to be successful. Remember - security through obscurity (which is all that your suggestion would be) is not security at all. Use NAT and control your network better. It's not a dumb solution - it's smart security practice and helps limit the foot-print of a network on a larger network - also smart as it minimizes the points someone has to compromise and maximizes what they have to figure out/know to do so.Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Your main point seems to be that of controlling your network, and with that I wholeheartedly agree. I just think it's ironic that you're both advocating NAT and claiming that I'm for obscurity through obscurity. It's not inherently more secure than a proper stateful firewall.
Dewey, what part of this looks like authorities should be involved?
I know of one organization that has two class B's. They use about 150 addresses in one and none on the other. I know of another class B thas was bought for 100K frm a private party about 7 years ago. It's about 3% used.
I'll all for V6 addressing but will never use V6 addresses. There are other schemes besides V6 that work as long as hosts can process V6 addresses. They've worked for a couple of years now. So, hurry up and adopt V6 so we can bypass ARIN/RIPE etc.
Need Mercedes parts ?
Localhost (127.0.0.1) has a 32-bit subnet mask, so 127.0.0.1/32.
I'm not sure we'll ever completely run out of ipv4 addresses... think of it like toothpaste in a tube. We never really run out, it just gets harder and harder to extract a large enough quantity to become useful.
Ipv6 will eventually become *easier* - and it's at THAT point that we'll all clamor aboard the train.
Another would be the IP management software from Lucent, VitalQIP, but it has supported IPv6 for a while now.
IPv6' own automatic configuration and discovery
I'd normally write this off as a typo, but I've too often seen an apparently deliberate omission of the "s" in "-'s", which forms the English possessive. In fact, a major bank is currently having an advertising campaign in their branches involving great big banners that use "-'" where they mean "-'s". I'm therefore not aiming this post at you, jd, but at anyone and everyone who happens across it.
In English, the possessive is spelt "-'s" in almost every case --- the only expections is if the final -s is serving double duty as both the plural and the possessive, and optionally in a few primarily biblical names like Jesus or James. Thus: "James' (or James's) house's entrance's address's IPv6's" are all correct if we are referring to something owned by one instance of James, house, entrance, address or IPv6. On the other hand, the following are correct if we have multiple instances: "houses' entances' addresses'".
But it's important to note that in spite of the fact that in English individual words don't always bear a particularly strong relationship to the spelling, when you combine words or inflections, they almost always do. "An" is only used if the next word begins with a vowel in pronunciation — sometimes, there'll be an unwritten consonant before the vowel, or a consonant will be silent. "-es" is used for the plural if the word ends in a sibilant (a hissing consonant, like "(dre)ss (ja)zz (ma)tch (bri)dge"). If English isn't your native language, then you really must learn the pronunciation first, before you can become a good speller.
Look out!
From some IPV6 tutorials, I understand that the RIR is identified in the header. Does this mean that a simple iptables rule could allow me to block all of AFRINIC or LACNIC or APNIC? If so, bring it on.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
While we are looking at your list, and before we complain to Ford, HP and the likes, what about the US Government? As far as I can tell from that list, a hefty chunk of addresses sit comfortably at various US Government agencies (8 of those, if I am counting right). Same goes the 2 held by the UK government.
I regard "s's" to almost always be a crime against humanity, names included, so "James'" is valid but "James's" makes me want to hurl. Most of this was very strict English lessons at school, where "s's" was punishable by death, no matter what the context, and some from rapidly figuring out that many rules were based on phonetics, not spelling. You rapidly learn shortcuts when teachers think nothing of throwing scissors or chairs. (No, Ballmer didn't go there.).
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Before I actually read what IPv6 was about years ago, I assumed it would be like the phone number extension we had in France (we added a two number prefix before all phone numbers) and that say 62.165.135.248 would become 0.0.62.165.135.248 (or a well-thought and defined prefixing scheme) and that new IPv6 addresses would be assigned to full xxx.xxx.xxx.xxx.xxx.xxx adresses, and I thought that sounded great.
Only I read about what the IPv6 would really be and I knew I didn't want it. Why? Because it's more complicated, as in much longer, and it uses hexadecimal numbers, and well, it's too unlike IPv4. Why couldn't IPv6 be a mere extension of IPv4? Why does it have to be so different? Wouldn't it have been more widely adopted if it was a more simple evolution?
You just got troll'd!
C'mon... Grandparent wrote "right" instead of "write". Answering sensibly with the word "left" is genious!
THANK YOU!!! Mod parent up!!
How do you turn it off if you don't care to have a user account?
Hey Taco,
You also do realize that once you submit a post, YOU START FROM SQUARE FUCKING ONE AND HAVE TO LOAD THE WHOLE DISCUSSION AGAIN TO CONTINUE READING
Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.
THAT'S BECAUSE I AM YELLING!!
More importantly, the model that the IPv6 folks want you to follow is for end-users to get address space from their ISPs, who can handle addressing hierarchically, rather than rebuilding the IPv4 Class C Swamp, where everybody not only has an address block that belonged to them, but insists that every public router in the world needs to know how to reach them and people who have large address blocks split them up into multiple parts they advertise for traffic-engineering purposes. That's led to the BGP4 address space expanding rapidly, to the point that popular large Cisco switches that can route 244000 address blocks are running out of content-addressible memory. It's not a perfect model - there's still no good solution for companies that want to have multiple ISPs for redundancy - so you may need to get your own space if you're big enough. But for what most people are doing, it's fine.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But yes, IPv4 has already been saved by a variety of ingenious (or evil) tech solutions in advance of running out of addresses. We've got CIDR, and proxy firewalls, and Variable-Length Subnet Masking, and NAT, and Many Ugly NAT-Traversal Solutions, and HTTP1.1's virtual hosts (which let you have multiple web server domain names at a single IP address), and SMTP's virtual hosts. We've done that already.
We're now reaching the point that if you don't switch over to IPv6 soon, you're not going to be able to get a real IPv4 address, but instead you'll be stuck behind NAT for everything.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks