US Has More IPv6 Eyeballs Than Asia, Because of Apple

An anonymous reader writes "Google has been checking to see who's using IPv6. According to the company's tracking, half of all IPv6-capable systems seen by Google are Macs, helping the US land in fifth place in percentage of IPv6 users world wide, ahead of China and Japan."

Linux much

[Enderandrew]

Apple has a far greater market share than Linux desktops, but you can't completely ignore that Linux has been pushing IPv6 for some time.

Re:Linux much

[LincolnQ]

Except I'm under Linux and no ipv6 sites seem to work for me (default Ubuntu installation). If Apple is making it work by default, well, that's better than what Linux has been doing.

Re:Linux much

[Brian+Gordon]

I use linux- does that mean that I have IPv6 support? Is it built into recent kernels?

Re:Linux much

you can't completely ignore that Linux has been pushing IPv6 for some time.

Yes, yes we can.

Re:Linux much

[jonfr]

Yes, it has been build in into the kernel for several years now. I have IPv6 network already, works like a charm.

You need to get a ISP that supports native IPv6 or a IPv6 PoP to connect to IPv6 sites. Like http://ipv6.google.com/

LAN IPv6 is already build in, no need to configure that.

Re:Linux much

[RalphBNumbers]

This isn't just a matter of Mac vs Linux desktop market share.
Google's numbers say that the following percentages of users are IPv6 capable, broken down by OS:
2.44% for Mac OS
0.93% for Linux
0.32% for Vista

The article I saw on this at Ars Technica attributed this difference(despite the fact that all three OSes are IPv6 capable by default) to the fact that mac users have a tendency to use other Apple hardware, and Apple's Airport routers use 6to4 to tunnel IPv6 by default.

If linux has been pushing ipv6 (what does that even mean? does your kernel complain when it has to handle ipv4 packets?), perhaps it's been pushing in the wrong place, i.e. on the desktop, or as an end to end solution, rather than in routers, and with tunneling.

Re:Linux much

[lysergic.acid]

don't you need both? if you have a router that supports IPv6 but your OS isn't configured to use IPv6 then you're still not going to be able to access IPv6 hosts. Windows XP still doesn't have IPv6 enabled by default--you need to go to network connection properties and add the protocol "Microsoft TCP/IP version 6" in order to enable IPv6 support.

so it's not a matter of it being IPv6 pushed in the wrong place, but a matter of networking hardware manufacturers being too slow to adopt IPv6. that's not really up to OS developers.

most existing networking equipment can probably already support IPv6 with a firmware update. but a lot of consumer networking equipment vendors are probably waiting for IPv6 to gain more traction so that they can a separate line of "new and improved" IPv6-enabled routers/switches/etc. to cash in on unnecessary equipment upgrades.

Re:Linux much

[aliquis]

The BSDs has had IP v6 support forever to (and OS X has probably had it as long as it has existed to.) But what good is it if you can't get a real IP anyway. Proxy ftw? For what reason? *care* as long as the ISP don't give me an IP v6 network.

Re:Linux much

[jonbryce]

It doesn't work on my Mac - Tiger, or my Ubuntu or my Vista.

I think it is the fact I'm using a Netgear router rather than an Airport router.

Re:Linux much

Connect to Anonet, and you should be able to use IPv6 inside it.

Re:Linux much

[rvw]

you can't completely ignore that Linux has been pushing IPv6 for some time.

Yes, yes we can.

Sorry? It's the change we need!

Re:Linux much

OpenBSD was the first free *nix with a working IPv6 stack in the default install, long before Linux. That doesn't mean it should be taking credit ahead of Apple.

Re:Linux much

[csnydermvpsoft]

Sorry? It's the change we need!

No; it's the change you deserve.

Re:Linux much

[JesseMcDonald]

If your PC has a public IPv4 address you can follow these simple instructions to configure an 6to4 anycast tunnel. That allows you to access IPv6 sites via the nearest 6to4-capable public router, whether or not your ISP supports IPv6 (provided they don't actively block 6to4 packets). Some scripting will be required if you want the tunnel to be persistent.

Note that the PC itself needs to have a public IPv4 address; this won't work if you're behind a NAT router. In my case I had already moved the PPPoE and NAT functions from the DSL router to my workstation, so setting up 6to4 was relatively easy. (The router didn't have enough RAM to track every connection, causing it to stall periodically.)

sounds damn scary

IPv6 Eyeballs! Run!!!!

Re:sounds damn scary

[pescadero]

Every single grain of sand on earth can have its very own assigned eyeball.

Re:sounds damn scary

Not only that, more eyeballs than Asia. It's like an IPv6 Shoggoth!

Re:sounds damn scary

[caitsith01]

You're kidding, but why do stories have to use lame 'industry insider' phrases when an ordinary one would do just as well ("actual users" might fit the bill)?

Re:sounds damn scary

[mattytee]

Eyeball revenueization is how we leverage marketicompetencies to extendify the bottom line.

Re:sounds damn scary

[neoform]

Well, this proactive anecdote brings closure to the industry insider paradigm.

False negatives abound

OK, so I have 7 computers in my house. They all run either Linux or Vista. (Some both as two are dual boot). They are all IPv6 capable. However, my Linksys NATing router is not. So unless my machines find an ISATAP server somewhere, there is going to be no information that Google gets showing that all my machines could do it if I just sprung for a new router. I would imagine there are a lot of people in the same situation. I guess if they are trying to find out how many homes are capable - then maybe this is the right way. But if they are trying to just see how many COMPUTERS - then it isn't going to be correct.

Re:False negatives abound

[Spy+der+Mann]

However, my Linksys NATing router is not.

Exactly. I feel like left out - what use is having an IPv6 capable machine, if my ISP blocks all my IPv6 traffic simply because they don't support it?

Re:False negatives abound

[B4light]

Well then obviously some people should start pushing for their ISPs and routers to upgrade to IPv6.

Re:False negatives abound

[Chandon+Seldon]

That's not a false negative, that's you misunderstanding the test. They are testing users who are actually IPv6 enabled, not just users running IPv6 capable hardware.

Re:False negatives abound

ISPs don't like IPv6 as it "flattens" the internet. NAT is good for them, keeps clients clients and servers servers, also makes it easy to install what are really shaping / deep packet inspection / logging black boxes as "NAT" appliances, etc.

Re:False negatives abound

[Joe+U]

Yeah, TimeWarner/Roadrunner tech support will get right on that, I'm amazed they support ping.

Re:False negatives abound

False. IPv6 is a paradise for network crackers.

It doesn't support NAT (unless you fall back to v4), so anyone in the world can go and grab your network topo, nmap every host on it by figuring out your IPv6 addresses from what your ISP has. Then, they can do highly targeted attacks against every single router, host, server, and network attached toaster.

IPv6 has no support for encryption. Its talked about, but not really part of the standard. Packets are always in plaintext, and they assume another layer like SSH will handle that.

IPv6 shows your physical location to all comers.

IPv6 forces you to re-IP every single machine you have including your servers if you change ISPs. This means you are shackled to your ISP unless you want to do an enterprise level renumbering of every single static IP you own.

All and all, IPv6 is great for those spying upon the masses, but there doesn't seem to be much thought or design in security.

Re:False negatives abound

[Tubal-Cain]

On one side, we have logged-in members of the highly technical Slashdot, all people in technical careers that I know IRL, and even Wikipedia claiming that IPv6 will help security.

On the other side, we have a single AC saying otherwise.

AC must be right

Re:False negatives abound

[batkiwi]

Firewalls and routers existed well before NAT became mainstream. You do realize that just because NAT acts as a firewall doesn't mean that it is a GOOD firewall, nor the ONLY type of firewall? (most NAT routers now allow in UDP packets from ANY source once a port is opened, for example, to allow for games to work)

Re:False negatives abound

[Lennie]

You do realize it will take months to map a LAN with IPv6 through nmap ? Because the IPv6-address space for the LAN is bigger then the whole IPv4-internet.

Re:False negatives abound

Just a sidenote, what is the rationale for making the IPv6 address spaces for LANs so freaking large? It's unlikely even the largest of organizations will need an address space as big as the entire IPv4 address space, much less individuals....

Re:False negatives abound

[3p1ph4ny]

Unlikely, but the probability is not zero. The differential cost is very small, and the potential gain (not having to migrate everyone to IPv8 when we run out of address space again) is huge.

It's exactly like a 128 bit filesystem. We will never be able to use 2^128 locations on a FS, because there's not even that many atoms in the known universe. But, you'll never have to upgrade again.

Basically, IPv6 needs to be future proof.

Re:False negatives abound

[jeffb+(2.718)]

Just a sidenote, what is the rationale for making the IPv6 address spaces for LANs so freaking large? It's unlikely even the largest of organizations will need an address space as big as the entire IPv4 address space, much less individuals....

In fact, they should never need more than 640K.

Re:False negatives abound

[squiggleslash]

my ISP blocks all my IPv6 traffic simply because they don't support it?

IPv6 is available via 6to4 on IPv4 connections, or if your ISP really does block it (rather than just not support it), you can also try a tunnel broker.

The big advantage of the Apple set up is that their Airport routers have 6to4 support built-in. (The article is a little confusing, it's Apple's routers that are providing the advantage, not their desktops.)

Re:False negatives abound

[squiggleslash]

Plug and play. Most IPv6 set ups base IPv6 addresses on MAC addresses. This means everyone ends up with a predictable globally routeable static IP address (on each network they connect through) from the start. Plug and play functionality on IPv4 requires dynamic IP addresses (making them subject to change and unpredictable)

Re:False negatives abound

You do realize this argument assumes that people like Fyodor will never, ever, ever find a way around this particular problem?

You also realize this argument depends on IPv6 addresses being assigned in a non-predictable manner?

Re:False negatives abound

[Hatta]

What good is a phone call... if you're unable to speak?

Re:False negatives abound

[Dolda2000]

Most likely to make it easier for people to set up routing. If you have a /64 subnet, it's easy to take 8 or 16 bits in some steps to partition the space into the subnets you want for different department and other things, all while keeping the possibility for automatic assignment of addresses.

Re:False negatives abound

[cwt137]

What good is a phone call... if you're unable to speak?

TTY/TDD, you insensitive clod!

Re:False negatives abound

[WeblionX]

Obviously he plans to use a TTY service.

Re:False negatives abound

[noahm]

You do realize this argument assumes that people like Fyodor will never, ever, ever find a way around this particular problem?

Possibly, but the basis of our entire crypto system relies on very similar assumptions. If we were too worried that maybe somebody somewhere someday might think of a way to find a shortcut for something that today is considered very hard, we'd have problems much bigger than worrying about how much time it takes to map a LAN.

You also realize this argument depends on IPv6 addresses being assigned in a non-predictable manner?

Not really. Even if you can predict what the next valid IP address might be, there's no guarantee that there's anything listening on that address. The current standard for IPv6 address autoconfiguration on Ethernet right now bases the host component of an address on the interfaces's MAC address. That might make things a little bit easier to predict, since certain ranges of MAC addresses are reserved or otherwise unused, but there's still a ton of address space to be scanned.

Or, to put this a differently, I've seen how long it takes a scanner to walk through an IPv4 /16. A /64 is a whole lot bigger no matter how you look at it.

noah

Re:False negatives abound

Um, that's my point? In the beginning of IPv4, organizations were handed out A-class ranges left and right, which is certainly part of the problem with IP-shortages. Why start handing out 64-bit addresses now? Especially to individuals? Sure, it's not as bad as handing out 96-bit ranges, but it's cutting the 128-bit range in half nearly, since most people have absolutely no need at all for such a huge address space! Just wondering what the idea was here. "We've got so many of these things we don't know what to do with 'em and 64-bits ought to be enough for everyone" ???

Re:False negatives abound

[mollymoo]

ISPs don't like IPv6 as it "flattens" the internet. NAT is good for them, keeps clients clients and servers servers, also makes it easy to install what are really shaping / deep packet inspection / logging black boxes as "NAT" appliances, etc.

ISPs won't like it because multicast has a good chance of actually working in the real world with IPV6. Multicast would be a bitch to charge for and is a radically more efficient way to broadcast information, which would lead to less data transfer and lower revenues. As TV over the intertubes ramps up, do you really think ISPs will want to let go of the revenues they get from a one-connection-per-viewer model?

Multicast is possible with IPv4, but so much of the infrastructure doesn't support it it'll take the switch to IPv6 to make multicast a viable alternative.

How can they tell?

[pembo13]

I have 4 machines at home, all run Linux and do are IPV6 capable. Most mac users have one mac though. I'm guessing they are only checking the external facing router?

Re:How can they tell?

Why on earth would you use NAT on an IPv6-capable connection? Sort of defeats the purpose, doesn't it?

Re:How can they tell?

[networkBoy]

not at all.
While NAT is not a be-all end-all security measure, it certainly helps, as my router provides a (stupid-basic) blank face at port-scan attempts.
Layers of defense. My router is the drawbridge of my castle.
-nB

Re:How can they tell?

[Brian+Gordon]

Yes; just because you can give every molecule in the solar system an IP address doesn't mean you should. There's no reason to let your home networked devices face the internet directly- it's a very bad idea to even open any ports, since you shouldn't need to. You shouldn't be providing any services to the internet from your home, even remote desktop or a network share; it's bad practice and you won't sleep well at night- it's against your ISP's terms of service anyway, if you're in America. Get a virtual server somewhere if you really need something while on the go. I'm sitting comfortably in my NAT fortress knowing everything within the physical space of my house is nmap-proof.

Re:How can they tell?

[Yosho]

While NAT is not a be-all end-all security measure, it certainly helps

No it doesn't. It's not a security measure at all. Having your computers behind a NAT provides absolutely no advantage over having public IPs behind a router that disallows incoming connections by default. The only difference is that in one situation you have to set up port forwarding to allow any incoming connections, and in the other you just have to allow connections on a particular port to a particular IP. Oh, and you can't have multiple computers that listen on the same incoming port if you're using NAT.

Port scanning would be practically infeasible with IPv6, anyway; the address space is so large that even your own little subnet would take longer to scan than any potential attacker would be willing to spend.

My router is the drawbridge of my castle.

And you will still have a router whether or not you use NAT.

Re:How can they tell?

[MacColossus]

I have multiple macs and am using a linksys router using NAT. I also run Vista 64 Business (bootcamp) on my Mac Pro desktop for games, XP (Vmware Fusion) on my Macbook Pro laptop for the trouble ticket database my work uses that require Microsoft Access. I also play with Ubuntu Server on my network from time to time. Most mac users I know have a desktop and laptop. My parents have a Athlon based Windows XP machine I built them and a Macbook Pro laptop sitting behind a Netgear router. I'm not sure how google culls the IPv6 data, but most people have multiple computers sitting behind a router. If not, they usually have only a laptop and a wireless router.

Re:How can they tell?

Layers of defense. My router is the drawbridge of my castle.

Let me guess, your inner keep is Goatse/tubgirl/lemon party montage, deceptively labelled "secretpasswordstomybankaccountsandthat.png"

Anyone cracking yo' stuff will be sick for a week.

Re:How can they tell?

[Brian+Gordon]

And yes, it's probably against your terms of service to offer any kind of internet services from your home without a hosting service account. That doesn't mean you can't forward ports- you can still netcat data into your network and stuff like that- but you can't provide services. Of course it's absurd and unenforcable, but it's not good to break the ToS for years at a time; play it safe.

Re:How can they tell?

[clang_jangle]

Most mac users have one mac though.

That doesn't sound right to me. What is your source for that statistic? I would think the percentage of multiple computer owners is probably roughly the same. I've had multiple Macs (and PCs running Linux and FBSD) for years, and so do several people I know. I realize Apple is often perceived as being more of a CE manufacturer recently, but there are still plenty of Mac-using geeks -- in fact, I think there are more than there used to be.

Re:How can they tell?

I would especially expect Mac developers to have multiple machines right now - a fast, modern Intel machine to get work done, and a PPC Mac for testing purposes.

Re:How can they tell?

[Annymouse+Cowherd]

Having your computers behind a NAT provides absolutely no advantage over having public IPs behind a router that disallows incoming connections by default.

Nobody knows how to do this.

Re:How can they tell?

[ArbitraryConstant]

You can get a similar level of security by using a stateful firewall. The main security advantage to NAT is really the property of limiting inbound packets to those that are associated with existing connections, and that's what you get with a stateful firewall. You don't have to have disjoint address spaces to get this feature.

Re:How can they tell?

[AKAImBatman]

Most mac users have one mac though

Nonsense. I've visited the homes of Mac-only users. They usually have two or three. Where things get interesting however, is that they tend to be using an Airport Router. (Which caused me no end of grief when I didn't spring to have WiFi added to my last laptop.) As someone mentioned higher up in the discussion, Airport routes IPv6 by default. Something that most other consumer routers (typically paired with Windows and Linux machines) do not.

Re:How can they tell?

[LingNoi]

That's a firewall.

Re:How can they tell?

[LingNoi]

You can still do that with a firewall. I think you need to change your religious believe in NATs.

Re:How can they tell?

[LingNoi]

It's almost the same thing, just no NAT! Damn you people are fucking morons..

Re:How can they tell?

[TheLink]

Actually it is.

The difference between a "NAT router" and a "stateful firewall with public IP stuff behind"

You need the NAT working in order to reach the stuff behind it.

You don't need the stateful stuff working in order to reach the stuff behind it.

So in event of bugs, the hacker is more likely to have to work harder to exploit the stuff behind a NAT.

Now the issue with "just NAT" is the ISP can usually access the stuff behind the NAT - just as long as they know what IP range you have behind- they just have to get IP packets with dest=your.private.ip to your NAT device and _typically_ it will pass it through (some NAT devices also have a stateful firewall so they may not pass it through).

This means a 3rd party could get past your NAT if they have control over your ISP's routers route tables. But if they achieve that control you're probably screwed anyway.

Anyway, it's good enough protection, the hackers and malware bunch hardly do direct network attacks anymore against Joe User, much easier to convince Joe User to run stuff :).

Re:How can they tell?

[hedwards]

Except he's ultimately right. There's no reason why I should have to replace any network devices on my home network because everybody else is using IPV6. That would be costly and wasteful. And for the near term that's going to be supported by most ISPs out of cheapness, no reason to drag people's home networks into it needlessly.

I prefer to spend my extra cash on death rays and doom devices. Also large quantities of obscure computing equipment bits.

Re:How can they tell?

Most mac users have one mac though

We've got 6...

Re:How can they tell?

[LingNoi]

No where does the GP mention anything about replacing equipment...

The GP was talking about devices facing the internet which isn't true if you set to disallow incoming connections.

It's a myth that NAT stops incoming connections, your firewall does this, which is my point you can still do this with a firewall.

Re:How can they tell?

[aliquis]

Or like, they could ship OSes and servers only listening to local IPs by default, or none at all, and that point wouldn't matter at all.

Re:How can they tell?

[aliquis]

I doubt it's really not allowed where I live (not in USA though), and the first three months I had only plugged in the TP-cable without signing any paper or anything. No login required, just plug the machine in and voila Internet with DHCP.

Re:How can they tell?

[aliquis]

Replace? Why would you need to replace anything? (Ok, people have mentioned some routers is crap and can't handle IP v6, but except that?)

Re:How can they tell?

[edalytical]

I have 5 machines, all Mac. What are you talking about?

Re:How can they tell?

[ceoyoyo]

Okay, I've got four macs, an airport and an iPhone. Each one gets an IP. I know the airport and the Macs support IPv6. Not sure about the phone.

My anecdote cancels your anecdote?

Re:How can they tell?

[A+beautiful+mind]

NAT is causing fucked up problems that are serious but aren't given enough publicity, like making the big DNS vulnerability of the year still apply, even if the software side is fixed due to NAT's tendency to line up/reuse port numbers instead of randomizing them - even if the application side did randomize.

NAT is a horrible, horrible thing that shouldn't be used because it's causing subtle but ultimately very bad things to happen. Besides, home routers could just come with a default denial of all incoming packets unless they are related to an open connection rule to substitute the "firewalling" people enjoy with NAT.

Re:How can they tell?

[TheLink]

1) You still need to use IPv4 if sites you need to use still don't support IPv6 or are unreachable from your network.

For example - say you have a machine without an IPv4 address at all. How would you access the following sites:
mail.google.com
www.windowsupdate.com
security.ubuntu.com
mail.yahoo.com

I can list more.

2) You still need NAT if you are using dynamic IPv4 addresses.

Why?

Imagine what happens if the ISP gives you public IP range 4.5.5.0/252

But you drop and reconnect and are given public IP range 4.6.6.0/252

How long will it take for your machine to realize that it's IP address, DNS server and default gateway settings are wrong?

3) You still need NAT even if you are using static IPv4 addresses

There is an IPv4 shortage, so you need NAT to share the address(es) you get from the ISP.

If you think we can ignore the IPv4 shortage by switching your machines to IPv6, see 1).

Lastly, saying that DNS problem still applies because of NAT is wrong. NAT devices could randomize port numbers, there is nothing about doing NAT that requires a NAT device to not randomize port numbers. It's just like BIND could have randomized port numbers like djbdns did, but it didn't, so whose fault was that?

Re:How can they tell?

[A+beautiful+mind]

1.) Once IPv6 kicks in at the ISP level proper, it's their responsibility from there on to provide connectivity between IPv4 and IPv6 space. IPv4 ip addresses are embedded in IPv6 btw, so addressing them is not a problem.

2.) There are established procedures for that. Otherwise, how could your cable modem/router doing the NAT tell? :) The keyword here is "drop and reconnect". You can use DHCP the same way your modem/router can.

3.) It would only help the IPv4 shortage if large swaths of ISPs would be behind NAT, multiple levels of NAT actually. It is not practical to do so on the global scale and therefor does nothing to help conserve IPv4 addresses. Your reasoning in 1. is flawed, IPv6 does solve shortage problems.

NAT devices can't really do that, not if they want to carry on working properly - at least not in a busy environment. NAT if you think about extending the numbering of IPv4 just by mapping ports to machine addresses. Once you have a number of non-trivial machines running inside NAT, like the environment where you'd be running DNS servers, that's the environment exactly where you have a shortage of ports to randomize from. Tough luck, innit?

Re:How can they tell?

[Ilgaz]

I think the future means every single device having a IP, perhaps even human beings if you are paranoid. :)

Don't think about today, think about the future. Can you imagine every cell phone user somehow browses the net and plays some games?

It is not like today's concept, it is about the very weird and connected future. I agree demanding IPV6 from a consumer level ISP today is a bit overkill but recently my heater company called me and asked if I wanted my combination heater (Vaillant) to be connected to net. I asked if it is Windows some sort, they said "yes" and I said "good luck with that".

Re:How can they tell?

[rugatero]

My anecdote cancels your anecdote?

I call your anecdote and raise one poll. More than 80% of Mac owners polled own more than one - of course the sample is rather small and not necessarily representative, but it does weaken the GP's uncited claim.

Re:How can they tell?

[grahamm]

1) You still need to use IPv4 if sites you need to use still don't support IPv6 or are unreachable from your network.

Actually the problem is the other way round. It should be possible to access an IPv4 service from your IPv6 network. What would not be possible would be for an IPv4 only host to access a serv(er|ice) on your IPv6 only network.

Re:How can they tell?

[mikael_j]

2) You still need NAT if you are using dynamic IPv4 addresses. Why? Imagine what happens if the ISP gives you public IP range 4.5.5.0/252 But you drop and reconnect and are given public IP range 4.6.6.0/252 How long will it take for your machine to realize that it's IP address, DNS server and default gateway settings are wrong?

I take it someone has never encountered an ISP that provides more than one IP address to each customer? Back in 1998 when I first got ADSL the ISP I used handed out 5 IP addresses per connection, and I've worked with ISPs that will gladly hand out up to 10 IP addresses per (physical) connection, so a lot of their more knowledgeable users are actually skipping NAT altogether and instead using public IP addresses for all their computers. And guess what, this is how the internet used to work and how it was intended to work. End to end connectivity.

/Mikael

Re:How can they tell?

[aoteoroa]

You shouldn't be providing any services to the internet from your home

Where's the fun in that?

Sure a virtual server somewhere might have more bandwidth than my home cable but at home I can experiment with different setups. Some people play video games. . .I like to play with new distros, or software. If running a http or ssh server from home is wrong then I don't want to be right :-)

Re:How can they tell?

[Nevynxxx]

1) You still need to use IPv4 if sites you need to use still don't support IPv6 or are unreachable from your network. For example - say you have a machine without an IPv4 address at all. How would you access the following sites: mail.google.com www.windowsupdate.com security.ubuntu.com mail.yahoo.com I can list more.

1) Have one of your machines be a 6to4 gateway...It has a single IPv4 address, and no NAT. 2) use someone elses 6to4 gateway...

Re:How can they tell?

[3p1ph4ny]

I'm curious, has anyone ever been nailed for this? I've been running an SSH/SFTP server on my machine for as long as I've had the account (three years), and my cable company has never said anything to me.

Of course, I also have incredibly high volumes of traffic each month too, and they don't complain about that. The cable service is expensive even for residential customers like me, but you get what you pay for in my case.

Re:How can they tell?

[mzs]

What has happened to /.!? This is moderated at 5! All that fear mongering stuff about 'just NAT' (WTF) is plain wrong.

Let's think about it. Let's say you have a bunch of windows boxes on a private net like 192.168.1.x and you are using cifs. Do you think the NAT on the router makes an entry in it's table for that? Nope.

Okay so say you connect to cifs outside your LAN, say back to work. So now there is an entry in the NAT that links that TCP port, routable IP to your routable ip and port back to local ip and port. So some dude from some arbitrary IP is going to be able to use that how? Yeah I didn't think so.

Okay let's just say for the sake of argument that the bad guy is on the server at work. He's gotcha now, right? No you fail, how the f*ck is he going to know the TCP sequence numbers to use?

Okay so assume that your ISP is evil and is watching all the traffic, bwahhha. Now they can use whatever tcp seq numbers that are expected by you to take advantage of some security flaw in the file sharing on your windows box. But wait how is that any different from what would need to happen if there was firewall in place? Not different at all eh?

Re:How can they tell?

[Hatta]

That's what a firewall is for, not NAT. NAT adds nothing to your security beyond what a simple firewall does.

Re:How can they tell?

[Hatta]

There's no reason to let your home networked devices face the internet directly- it's a very bad idea to even open any ports, since you shouldn't need to.

And there's no reason not to let your home networked devices face the internet directly, since you're not opening any ports.

Re:How can they tell?

[knorthern+knight]

> No where does the GP mention anything about replacing equipment...
> The GP was talking about devices facing the internet which isn't true
> if you set to disallow incoming connections.

    To achieve what you want, I'd have to throw away my consumer-grade router, and replace it with a multi-port firewall. Ever try pricing one of those out?

    Replacing a NATing router/gateway with a firewall also means...
    - I will have to log in manually to my ISP
    - ADSL users (there are a lot of us) will have to run a PPPOE driver as part of our networking stack
    - many North American ISPs charge extra for additional IP addresses; some don't offer them period; sucks to be a large family in that case

> this, which is my point you can still do this with a firewall.

    OK, so an expensive stateful multi-port firewall will sort of emulate a cheap consumer-grade NATing router, whilst allowing a family to log on to an ISP and pay extra for using multiple IP addresses. I am underwhelmed. It may make sense when the ISP offers IPV6 natively, but not before then.

Re:How can they tell?

[JesseMcDonald]

1) Once IPv6 kicks in at the ISP level proper, it's their responsibility from there on to provide connectivity between IPv4 and IPv6 space. IPv4 ip addresses are embedded in IPv6 btw, so addressing them is not a problem.

Actually, addressing is a problem unless you also have a public IPv4 address. Sure, IPv6 systems can send packets to IPv4 systems without any trouble -- all IPv4 addresses are also IPv6 addresses -- but where do those IPv4 systems send response packets? Connecting an IPv6-only client to an IPv4-only server would require at least some form of NAT to keep the connections straight.

Re:How can they tell?

[Kadin2048]

The last time I heard about anyone getting disconnected for running a server, even anecdotally, was back in the mid-90s. This was also when the local cable internet provider was threatening to disconnect anyone who had multiple computers sharing the same connection using DNSMasq. (They wanted you to rent multiple modems and pay for essentially separate lines of service for each computer in your house.) And even then, the only person I ever heard of who actually got disconnected was pretty egregious: trying to cash in on the dot-com boom running a domain-squatting porn operation from his house.

In general, nobody really gave a crap about either restriction -- servers or DNS masquerading -- then, and nobody cares now; the only reason why I suspect they've left the bit about "no servers" in the TOS is because the providers don't want to deal with support issues, and it's an easy way to push home-office customers up to the high-priced "Business" tiers. I have never seen or experienced any effort at trying to enforce it, and even the dumbest ISPs -- at least those I've ever had -- seem to realize that ham-fistedly blocking all incoming connections would break a wide variety of applications.

And on the whole, I don't think most ISPs really care. Most home users aren't going to spring for a Business-class connection no matter what, so it's squeezing blood from a stone in any case, and so long as a few geeks running servers doesn't result in a lot of support calls or harm the network, they seem content to ignore it.

Re:How can they tell?

[Brian+Gordon]

The PPPoE driver argument is most convincing IMO. There's no reason clients on a home network should have to worry about what's going on outside the gateway.

Re:How can they tell?

[Brian+Gordon]

Wait, what? Your heater connected to the internet? By any chance, might this new initiative be called SkyNet?

Re:How can they tell?

[Brian+Gordon]

See the posts above. A NAT provides a common gateway that all home devices can connect to. You don't need to configure PPPoE modem drivers for each client; all you need is a simple IP stack. And of course there's no reason to use more than one IP address if one will do.

Re:How can they tell?

[TheLink]

Dunno if you'd see this (haven't had a net connection for nearly a week).

Anyway reread my post - it does say NAT provides some security BUT with some caveats.

Try this yourself:

Get a "NAT router" with a ethernet "WAN" port and "LAN" ports. Let's assume that the LAN IP range is 192.168.1.0/24, and the router WAN IP is 4.1.1.1 and the LAN IP is 192.168.1.1.

Plug a machine to the WAN port to simulate the ISP. We call this "A"

Plug another machine to the LAN port to simulate your server, leave an open port listening say on 192.168.1.3:80. On the server ensure you have a default gateway to 192.168.1.1. This simulates your supposedly your protected Intranet server that has some internet access.

Now on machine A, add a route to 192.168.1.0/24 via WAN port IP (4.1.1.1).

If your NAT router is typical (and without a firewall), you'll find that on machine A you can connect to 192.168.1.3:80.

This would not be possible if it was a stateful firewall that just allowed outbound connections with no inbound possible.

Anyway, the rest of the IPv6 people posting replies to me seem to be assuming that we would be able to magically move away from IPv4 very quickly. Good luck with that.

Re:How can they tell?

[TheLink]

1) You still need a public IPv4 address.

If you already have enough public IPv4 addresses and the NAT/proxy sort of stuff is acceptable, then the ISP could just as easily do IPv4 NAT. The IPv4 to IPv4 NAT stuff is likely to be more mature and reliable than the IPv6 to IPv4 stuff.

2) Your 6to4 gateway will have to do something very similar to NAT (keep track of connections, translating addresses) or proxying.

The IPv4 packets from the IPv4 only server are not going to reach your IPv6 only clients behind that 6to4 gateway.

They may reach the 6to4 gateway, but the gateway needs to do some NAT/Proxy style stuff.

Yes I know we are running out of IPv4 addresses. But the world doesn't appear to be in a hurry to move to IPv6.

RTFA

[Wesley+Felter]

Google modified their home page to try to load a URL over IPv6; if it works then the client supports IPv6.

Do Macs automatically setup a 6over4 Tunnel?

[JSBiff]

I don't believe any US ISPs have begun providing IPv6 connections yet, have they? So, does this statistic reflect that not only are Macs IPv6 capabable, but all of them are automatically setting up an IPv6 tunnel over their IPv4 connections? If so, what tunnel broker are they using as an endpoint (is Apple itself providing a tunnel broker service for them)?

Or, instead of using a tunnel, are they using the technology (don't remember the name, maybe 4to6?) where an IPv6 address is automatically generated from the public IPv4 address, and then IPv6 packets are sent to an IPv4 anycast address which automatically routes them to the nearest 'public' 4ot6 gateway? Unfortunately, I don't believe the latter solution works well behind NATted connections, which I think would dramatically reduce these statistics, so the sheer size of the Mac IPv6 'population' suggests to me that tunnels are being used instead?

I've recently been playing with IPv6 via Hexago Freenet6, but truth be told, there's really not much use for IPv6 yet, since very few apps (like IM clients [skype: I'm looking at you], network games, etc) or websites actually support IPv6 on the other end yet. I've also noticed a problem with packet loss and high latency with Freenet6, so I'm thinking I'm going to try to find a different tunnel broker.

Re:Do Macs automatically setup a 6over4 Tunnel?

[JSBiff]

Guess I should have read the article first. Looks like this result is because Apple's Airport Extreme AP automatically sets up 6to4 (which is the 'anycast' based system I was referring to previously, but got the name backwards), and because the router itself supports 6to4, there's no problem giving the systems behind the router a public IPv6 address in the sub-net of the 6to4 address.

I didn't realize there were any IPv6-capable home routers on the market (other than routers that have been hacked to replace the OEM firmware with OpenWRT or DD-WRT). Kudos to Apple for showing some leadership here. Anyone know of any other makers with affordable home routers with IPv6?

Re:Do Macs automatically setup a 6over4 Tunnel?

[Gruff1002]

If you read TFA "It turns out that no less than 52 percent of all IPv6 users have a Mac and use 6to4. Apparently, those users have an Airport Extreme Wi-Fi base station / home router, which has the 6to4 tunneling mechanism enabled. (6to4 creates IPv6 addresses from an IPv4 address and "tunnels" IPv6 packets in IPv4 packets.)"
This answers the question about 6to4.

Re:Do Macs automatically setup a 6over4 Tunnel?

Well, you went through

• Denial (No way! Apple would have to be tunneling)
• Anger (Damn it, I shoulda read the article... Apple IS tunneling. Why hasn't anyone told me!!), and
• Bargaining(So is anyone ELSE doing tunneling? I'd like to get one, but Apple's so expensive)

After you Google for it, it will be Depression (*SIGH* No, nobody else is doing it any cheaper.) and finally Acceptance (Apple is so Awesome! I really shoulda switched sooner)... so, spare yourself the depression and just buy one. k? :)

Re:Do Macs automatically setup a 6over4 Tunnel?

[ArbitraryConstant]

I got a /48 from Hurricane Electric, I used OpenVPN to become my own tunnel broker. Probably the most useful thing so far for me has been making machines behind NATs accessible without having to get ports forwarded (this is often a pain if the eg someone doesn't remember their router's password).

This could obviously be done with RFC1918 addresses on v4, but it's hard to pick a range there because someone somewhere will end up being incompatible with it.

Re:Do Macs automatically setup a 6over4 Tunnel?

Then I'll prepare for homosexual anal sex until I'm like Mr. Goatse with the "Married to Mac" wedding ring.

Or, I'll just get pussy and forget about it. Everything works with IPv4 on Firefox Windoze anyway.

Re:Do Macs automatically setup a 6over4 Tunnel?

I don't believe any US ISPs have begun providing IPv6 connections yet, have they?

Sonic.net has been offering IPv6 tunneling to DSL subscribers for years at no additional charge.
I like that VPN endpointing is included with dialup and DSL accounts too.

Re:Do Macs automatically setup a 6over4 Tunnel?

[halcyon1234]

Hate to break it to you, but owning an Apple is the depression stage. =) (/negative mod-bait comment)

This result seems to be because of Apple routers

[JSBiff]

From the article, I picked up the reason for this result (but not until after posting a similar question, I must confess). Most home computer users, regardless of their platform, tend to connect to the internet through some sort of router device. Most of these routers use IPv4 only, and use NAT to share the Internet connection.

Many Mac users, instead of using some 'generic' WiFi access point, instead use Apple's Airport Extreme router. Per the article, Airport Extreme's have support for IPv6 built right into the router, and the router will *automatically* route IPv6 traffic using the 6to4 standard (which basically tunnels the traffic over the IPv4 connection from the ISP).

I suspect that if you connected your Ubuntu computer (or Vista, or XP if you installed IPv6 manually) to the Internet using an Airport Extreme, then IPv6 would work fine under Ubuntu too. That is, I think the 'magic' here that makes IPv6 "just work" is in the router, not in the OS.

Something Mildly Amusing

[tekiegreg]

The fact that according to this chart, the country in Africa most adapted to IPv6 is Nigeria. Guess those scamsters are getting more sophisticated daily, or maybe the 400k this woman gave them upgraded a few routers.

Mac market share?

[Valdrax]

I know that most of the people registering as Mac users with IPv6 are actually Mac users with an Airport Extreme wireless base station (which many Mac users like myself don't have), but is there anything that can be extrapolated about Mac market share from this?

By Default...

[actionbastard]

IPv6 is enabled on all OS X installs as the default. Few, if any, users -either at home or in a corporate setting- turn it off. At my site, IPv6 is not enabled on the network so all Macs have it disabled in all system images.

Re:By Default...

Same with linux distros for several years, including debian. The fact of the matter is it all comes down to what router your use supports, and your hookup to the net.

You're not so smart yourself

[TheLink]

Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP (or other means) to Joe User's WinXP/Mac box, BEFORE it manages to get that public IP range from the ISP?

A public IPv4/IPv6 range that needs to be preconfigured on the router, is one more thing for the ISP and router manufacturers to deal with and one more thing for Joe User to screw up or have trouble with.

Go think about that.

My guess is you can't be a fucking moron since you're a slashdotter.

Re:You're not so smart yourself

[LingNoi]

Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP

What... the... fuck?

Re:You're not so smart yourself

[ArbitraryConstant]

> Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP (or other means) to Joe User's WinXP/Mac box, BEFORE it manages to get that public IP range from the ISP?

Before it connects to the ISP you'll be using link-local addresses. The router will then get a prefix from the ISP via DHCP prefix delegation and begin sending router advertisements so internal computers can configure themselves with public addresses (though they retain their link-local addresses).

Re:You're not so smart yourself

[jandrese]

Uh, because you tell it which set of IP addresses is your local subnet? Firewalls aren't magic, people have been using them for years and years now. In the worst case scenario, there's a port labeled "WAN" and it has the firewall. In fact that's how most home routers work already!

Re:You're not so smart yourself

[aliquis]

What's the problem with passing the DHCP request when needed?

Re:You're not so smart yourself

[TheLink]

So either you'll keep getting router advertisements on your network indefinitely, or your computers will have to keep requesting for it (instead of eventually giving up- which is what happens now).

Next question: What url does Joe Public enter on his browser to get to the router config page, so that he can enter the username and password in order to get access to the ISP's network?

Re:You're not so smart yourself

[TheLink]

"because you tell it which set of IP addresses is your local subnet? Firewalls aren't magic..."

Wrong answer.

With the current NAT router+ISP stuff, Joe Public at the most needs to provide the username+password. And in some ISP configs, Joe doesn't even need to provide that- they just plug it in and it works "like magic" - and the sort of magic that Joe Public barely notices.

That's why it's far from "almost the same thing".

Re:You're not so smart yourself

[TheLink]

In order for Joe Public's PC to talk to other computers on the Internet, it needs an address.

Joe's ISP's routers all have addresses of their own which are fairly fixed in practice. The ISP can't just change them and automatically expect the rest of the Internet to still be able to reach them.

Without NAT, Joe's PC needs addresses that belongs to Joe's ISP before it can talk to the rest of the Internet.

BUT before Joe's router is connected to the ISP, how does his router or PC know what address they should be using?

With the popular NAT stuff, Joe's PC can be given important stuff like DNS server, default gateway, IP address - all using RFC1918 addresses, way before Joe's router connects to the ISP.

And then stuff can work for Joe almost immediately after connection.

Joe would not have to wait for "dhcp renewal time" seconds, or "some other public IP update period" seconds, before his PC realizes that "Oh I'm supposed to be using this public IP address and this gateway".

In short, with the NAT system when Joe sees the "Internet" LED lit on his router, he knows that PCs connected to the router should be able to access the Internet - if they can't there is a problem somewhere.

With the "public IP" system, when Joe sees the "Internet" LED lit, if the PCs can't access the internet it doesn't mean there is a problem or there isn't a problem. He has to wait a few minutes first (timeouts, renewals etc). Go ask an ISP call center manager how much a few minutes of waiting costs.

Maybe to you that's "almost the same thing", but to me it's not.

Re:You're not so smart yourself

What the hell are you talking about? You're using link-locals till the route gets a real IP, then it advertises the new route, the clients get new IPs and everything functions just as normal the whole time.

And the URL Joe Public types in is the same as now. "http://name.your.router", supplied by the manual, provided by the DNS server in the router, the same as he does now. You don't think he types in cryptic ip adresses, do you?

Re:You're not so smart yourself

[TheLink]

I'm curious - how long would it take for the clients to get new IPs?

Secondly "router." isn't a reserved TLD. So what RFC compliant TLD should be used?

Many years ago I personally tried convincing ICANN etc to reserve .here for free private use just like RFC1918.

But they didn't listen - maybe it's because I didn't give them lots of $$$.

Re:You're not so smart yourself

You mean different as "Plug In, Functioning." with IPv6 routers? Yeah, totally different.

Re:You're not so smart yourself

IIRC the router advertises the change, so i guess instantly.

And 192.168.0.1 isn't reserved for the router either. Mine has 192.168.178.1, guess that. The router has its own DNS Server, reserving e.g. my.router or something similar as this.

Re:You're not so smart yourself

Except for the teenie, weenie detail that it does.

Re:You're not so smart yourself

[mikael_j]

Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP (or other means) to Joe User's WinXP/Mac box, BEFORE it manages to get that public IP range from the ISP?

Well, the IPv6 subnet to be handed out can be configured automatically, and with IPv4 the common method is to simply have one ISP-level DHCP server that hands out IP addresses to all hosts (since there is no pesky NAT to screw things up).

/Mikael

Re:You're not so smart yourself

[mikael_j]

So either you'll keep getting router advertisements on your network indefinitely, or your computers will have to keep requesting for it (instead of eventually giving up- which is what happens now).

Ok, you clearly should never be put in charge of any ISP's backbone.

Next question: What url does Joe Public enter on his browser to get to the router config page, so that he can enter the username and password in order to get access to the ISP's network?

Well, there are lots of ways of solving this, the first option (which is commonly used in europe) is to simply not require a username and password for the connection (what's the point if it's an always-on connection anyway?

Also, why would joe user even need a router? A transparent packet filtering firewall could work just as well. But I'm assuming you want to be able to have a machine act as the default gateway, well in that case the IP address of the default gateway will be known when the clients are auto-configured.

/Mikael

Re:You're not so smart yourself

[chrome]

Ding ding ding We have a winner.

Re:You're not so smart yourself

[chrome]

Perfectly valid for ipv4. Ipv6 is a different story. Go read up on how it works. Ipv6 needs no dhcp server.

Re:You're not so smart yourself

[amorsen]

BUT before Joe's router is connected to the ISP, how does his router or PC know what address they should be using?

This is actually a topic of debate on IPv6 lists right now. There are basically two camps: One says that Joe's router should give out unique local addresses, the other says that a LAN only needs link locals. Both sides are, as far as I can tell, supporting their stance with really good arguments.

Joe would not have to wait for "dhcp renewal time" seconds, or "some other public IP update period" seconds, before his PC realizes that "Oh I'm supposed to be using this public IP address and this gateway".

That's not how IPv6 works. Joe's computer gets a Router Advertisement message as soon as the Internet LED lights up and everything instantly works.

Like most criticism of IPv6 on Slashdot, your criticism is founded on ignorance.

Re:You're not so smart yourself

[amorsen]

Next question: What url does Joe Public enter on his browser to get to the router config page, so that he can enter the username and password in order to get access to the ISP's network?

Another topic of debate on IPv6 lists. Apple believes that mDNS+a special configuration program is the solution here. Others have talked about reserving an IP address for this purpose. I believe that mDNS advertising something like router.local or linksys.local will be the most common method.

Re:You're not so smart yourself

[squiggleslash]

I don't think you understand how a default IPv6 set up works and I don't think the guy who's insulting you is being terribly helpful.

With IPv6, you get a huge block of addresses (as high as 2^80, approximately, though 2^64 is generally what people actually use and is often the limit for tunnel broker negotiated links) allocated to each network (that is, if your router is responsible for connecting to the Internet, then right now when it connects it gets 1 IPv4 address. But if it supports IPv6, it'll get, via 6to4 or a tunnel broker or a PPP-negotiated setup, a BLOCK of between 2^64 and 2^80 addresses. It can grab any of these for itself.)

That's your home network with all those IPv6 addresses. Your router accepts configuration requests by prepending the network prefix (the first 48 or 64 bits of your network's address) to a mangled version of the client's MAC address. It can then talk to the outside world. It has a globally routeable address. Any traffic with the first 48 bits of your client's IPv6 address will be routed to your router, and your router will send it to the client machine.

It's actually SIMPLER than your average NAT+DHCP router.

This isn't theory BTW, this is what I use at home. I have a bog-standard Earthlink DSL connection. Earthlink doesn't currently support IPv6. It doesn't do anything other than route IPv4 packets. The only block is does is on outgoing port 25 connections. That's it. It's your basic ISP.

My router understands 6to4 (I built it myself.) It turns the IPv4 address I get from Earthlink into a 6to4 network block. It tells every computer on my network what that computer's IPv6 address(es - yeah, more than one is allowed) are and that it does all the routing. Those addresses are static. They are ALL globally routeable, that is, they're real IP addresses, not equivalents of 10.x.x.x. My firewall set-up decides which machines should be allowed to receive incoming connections from the outside world. I have forward and reverse DNS set up for the IPv6 addresses.

My Powerbook, Ubuntu Desktop, Ubuntu Thinkpad, Ubuntu VMs, and my wife's Vista machine are all connected and do not have any problems using it, and they "just worked" - I didn't have to configure them. I've noticed the Wii has an address but doesn't use it. My Dish Network box and HD DVD player do not ask for IPv6 addresses, so aren't routeable (though they do the IPv4 thing with NAT and 10.x.x.x.), my Nokia N800 also doesn't have any inbuilt IPv6 support though it's apparently a third party firmware update away from doing so.

This is what the situation is now. It's a working system. It doesn't use DHCPD, it uses RADVD. The router has lots of IPv6 addresses, it knows how to give them out, and the computers on my network that know IPv6 can get those addresses.

Does that help?

Re:You're not so smart yourself

[ArbitraryConstant]

So either you'll keep getting router advertisements on your network indefinitely, or your computers will have to keep requesting for it (instead of eventually giving up- which is what happens now).

Correct. New computers can use router solicitations to get this information immediately, router advertisements can be used once the initial prefix delegation is complete (eg, the public prefix to use is know) and periodically thereafter to prevent autoconfig addresses for expiring.

I'm curious why you seem to regard this as a big deal.

Next question: What url does Joe Public enter on his browser to get to the router config page, so that he can enter the username and password in order to get access to the ISP's network?

I like the mDNS method personally.

Reserved by RFC or not, .local is sufficiently common for mDNS that it's basically unusable for any other purpose.

Re:You're not so smart yourself

[TheLink]

Maybe so.

But the Internet is currently IPv4, and doesn't look like it's moving to IPv6 in a hurry.

Currently it's hard to get an IPv6 only client to talk with an IPv4 only server. AFAIK you need an proxy/NAT with an IPv4 address in between.

And the last I checked there are lots of very popular servers that are IPv4 only. I'd be surprised if they all start supporting IPv6 before 2013 and more importantly are _reachable_ via IPv6 through major ISPs around the world.

Ironically what appears to be more likely is that there will be more use/abuse of NAT. Whether IPv4-IPv4 or IPv6-IPv4 NAT.

As it is IPv6 networks are as much part of the Internet as Novell IPX networks that are tunnelled through the Internet.

Re:This result seems to be because of Apple router

[Dolda2000]

Many Mac users, instead of using some 'generic' WiFi access point, instead use Apple's Airport Extreme router. Per the article, Airport Extreme's have support for IPv6 built right into the router, and the router will *automatically* route IPv6 traffic using the 6to4 standard (which basically tunnels the traffic over the IPv4 connection from the ISP).

Indeed. I was quite impressed to read about that. I have been thinking for quite a while that router makes should be doing exactly that, so it's good to see that at least one of them does.

On the quite opposite hand, there's Vista. While the article pointed out that Vista sets up 6to4 automatically when it has a globally routable IPv4 address (which is a good thing, of course), there's an annoying other side to that coin. See, Vista announces that it routes through its 6to4 address, but then in actual fact doesn't (it just drops the packets silently). It has been annoying me quite some times when I've connected to a public WiFi access point at my university, only to see every IPv6-enabled site (including my own!) fail miserably since my Linux laptop will try to route through one of these Vista black holes. That's Microsoft for you...

Pushing IPv6

[jd]

I don't know about anyone else's definition, but I would consider distros marking themselves as Phase 2 Certified as one way you could define "pushing IPv6". Another might be to enable IPv6 by default in the kernel (since we're talking about IPv6 capability in the article, rather than usage), or to use IPv6 by default on all connections where it is supported at the kernel and application level, whether or not it is genuinely supported end-to-end. Far as I can see, very few distros are certified for IPv6 (I can't honestly remember seeing the logo anywhere), those that provide it don't take advantage of it, and those that do don't make it easy to take advantage of it (Ubuntu provides some IPv6 tunneling software, but nothing that works with any of the IPv6 gateways I'm using, and network administration using IPv6 under Ubuntu is a pain -- and it's by far the best distro I've used in this regard).

Re:This result seems to be because of Apple router

Can we get a list of home wireless routers that will support this?
I didn't see it in any Belkins or D-Links I purchased in the last 2 years, though IPv6 was somewhat of a hot topic.

So I have to ask. In this age of "Now supporting Draft N!!!" and "MIMO ANTENNAE ARE GOOD FOR YOUR MULTIMEDIA HOME!" "I'M TWICE AS FAST AS G ROUTERS IF YOU BUY MY SAME BRAND G-RECEIVER!" With all the excuses to upgrade your router, where are all the much wanted "NOW WITH IPV6! FUTURE PROOF YOUR HOME LAN SO YOU'LL NEVAARR RUN OUT OF IP ADDRESSES" (wink)

I know cash is hard to come by these days, but geeks in the US are slaves to gadgets.

Sonic.net supports IPv6, sort of

[Animats]

Sonic.net will, if requested, deliver IPv6 packets to their DSL subscribers. Unfortunately, their upstream connections are IPv4, so they're just offering tunneling at their end.

Re:Sonic.net supports IPv6, sort of

[j+h+woodyatt]

Yeah, but you say that like it's not as good as the real thing. I'm a Sonic.Net customer, and I use an AirPort base station as my IPv6 tunnel endpoint. My home network is fully dual-stack, and the Sonic.Net tunnel is just as reliable as the rest of their service. I'm a huge fan of Sonic.Net.

"Than Asia"?

What is Russia then? Or does all the IPv6 traffic come from Moscow?

Re:"Than Asia"?

[rugatero]

According to Wikipedia, roughly 78% of the entire Russian population lives in European Russia.

Anonymous Coward

This may be the answer

Apple's secret "Back to My Mac" push behind IPv6

http://www.appleinsider.com/articles/08/08/19/apples_secret_back_to_my_mac_push_behind_ipv6.html

Re:Anonymous Coward

[Ash-Fox]

I wouldn't rely on information from a article that gets simple things wrong, such as:

Routers typically run BSD or Linux; Microsoft's software dominance on the desktop isn't even relevant in the world of routers.

The majority of routers do not typically run Linux or BSD.

Re:Anonymous Coward

[SimonTheSoundMan]

Lynksys, Belkin, Apple, Netgear, Draytek and D-Link (and more) which account for most of the market run Linux.

Usually Busybox Linux.

Re:Anonymous Coward

[Ash-Fox]

Lynksys, Belkin, Apple, Netgear, Draytek and D-Link (and more) which account for most of the market run Linux.

Majority of TCP routers in the world run on Cisco which use IOS. The 'routers' you have brought up aren't really considered real routers. They're home consumer devices which tend to serve as a NAT gateway to the Internet.

I hate your future

Every device having an IP address? *shudders*

Re:This result seems to be because of Apple router

[the_womble]

Given that so many routers (virtually every one I have bought) see to run Linux, and the Linux kernel supports IPv6, why do they not support IPv^ as well?

Are there any real costs or difficulties in the way, or is it just that they cannot be bothered to do until customers actually demand it.

!won thgir 6vPI no ma I

!PASA 6vPI tuo yrt ot enoyreve egaruocne ylgnorts I .smelborp yna deciton t'nevah I dna pu tes ot hguone ysae demees tI .yppah yllaer neeb ev'I dna ,won thgir 6vPI gnisu m'I

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:This result seems to be because of Apple router

[Andy+Dodd]

I think it's more likely due to the fact that Apple has typically had an advantage in educational institutions. Most residential ISPs still don't provide IPv6 support, but I would not be surprised if nearly every college and university in the U.S. supported IPv6 to the end user.

Doesn't matter if your router supports IPv6 if your ISP does not.

What about the ISP? (I know prob stupid question)

[pcfixup4ua]

Don't ISPs have to support IPv6 at the modem level for consumers to have true IPv6 connectivity?

Dell Axiom..

[h.ross.perot]

Dell Axiom Palm tops had IPV6 capabilities.. if I recall.. Let me dig one out of the "Freebie" bin at the thrift store and find out.. Stay here.. wait for me ..

Re:This result seems to be because of Apple router

[squiggleslash]

That's exactly right. To get IPv6 working on my system at home, I just set up the router. My Powerbook, my Ubuntu machines, and my wife's Windows Vista machine, all automatically picked up IPv6 and can all connect to http://ipv6.google.com/

For those rolling their own router boxes, you can see what I did here (caution - it's my blog and this is a tag that brings up a bunch of articles, start reading at the bottom...) I used 6to4 as well. It's worth getting a static IP address if you plan to use 6to4, and it's also worth noting that some ISPs, notable BellSouth/AT&T FastAccess, actually block use of 6to4, for reasons I don't really understand. Before wasting any time on it, try to ping 192.88.99.1 from a machine directly connected to the Internet. If you get responses, you can do 6to4. If you don't, you're going to have to try one of the IPv6 tunnel brokers, which is a supremely inefficient way of doing everything and makes you dependent upon the goodwill of a third party.

Big Whoop.

IpV6 is about as exciting as changing your home address to 13::13 Mockingbird Lane. Big Whoop. Oh, I guess DHCP is in danger, Oh nos!

Re:This result seems to be because of Apple router

[TheRaven64]

Have the security issues (i.e. the fact that it makes it trivial to forge addresses) with 6to4 been fixed yet? If not, enabling 6to4 by default is not a great idea...

Re:This result seems to be because of Apple router

[Kadin2048]

Unless you are looking at a fairly strange cross-section of consumer routers, most of them do not run Linux. Only a handful of the ones offered by Linksys, D-Link, etc. do. The majority run VxWorks, I believe.

A few years back there were actually more Linux-based routers but as cost pressures and competition have increased the manufacturers seem to have moved away in order to reduce the parts count. Broadband routers are the only pieces of equipment I've seen where the hardware specs have actually fallen, year over year, for comparable pieces of gear.

Anyway, if you do happen to get a real Linux router (like the Linksys WRT54GL, or early *G editions) and reflash the firmware to DD-WRT, you can enable IPv6. I don't think it does automatic 6to4 (at least it doesn't in the version I'm running) so it's not quite as slick as the Apple routers, but the capability is definitely there if you're running a decent load of software. I don't know if the capability is actually been removed from the kernel in stock firmwares or just not enabled.

I don't know what VxWorks' support for v6 is like, so I'm not sure how trivial it is for manufacturers to enable it, if they wanted to.

A quick shout out for Sonic.net (my isp)...

[rthille]

They've offered IPv6 for years now:
http://www.sonic.net/features/ipv6/

Re:This result seems to be because of Apple router

[blitzkrieg3]

Have the security issues (i.e. the fact that it makes it trivial to forge addresses) with 6to4 been fixed yet? If not, enabling 6to4 by default is not a great idea...

Oh right because I forgot that it's very hard to forge addresses with ipv4...

Re:This result seems to be because of Apple router

[QuantumRiff]

FYI, for those running routers that can run DD-WRT:

http://www.dd-wrt.com/wiki/index.php/IPv6#6to4_Setup

Re:This result seems to be because of Apple router

[noahm]

Doesn't matter if your router supports IPv6 if your ISP does not.

Sure it does. The whole point, and what makes it so cool, is that the AirPort sets up 6-to-4 tunnelling automatically. So you *can* have IPv6 connectivity even if your ISP doesn't provide it.

noah

Re:This result seems to be because of Apple router

[riceboy50]

I would be. Maybe some of the leading high-tech universities, but almost certainly the minority rather than the majority. Most educational institutions aren't going to spring for more expensive IPv6 equipment at this juncture.

Re:This result seems to be because of Apple router

[mikkelm]

More expensive IPv6 equipment? You'd be hard pressed to find any contemporary, decent quality networking equipment without support for IPv6. The majority of this gear is even IPv6 capable with basic software licenses.

Re:This result seems to be because of Apple router

[phoenix.bam!]

Universities have little reason to move to IPv6 beyond novelty. They generally have huge IPv4 blocks already.

Re:This result seems to be because of Apple router

[riceboy50]

You assume that people are going to spring for new equipment just so they can get IPv6? Not likely. Perhaps in five more years the equipment of today will be making up a significant portion of equipment in use.

Re:This result seems to be because of Apple router

[mikkelm]

Most educational institutions aren't going to spring for more expensive IPv6 equipment at this juncture.

It's your hypothesis. Not mine.

Re:This result seems to be because of Apple router

[the_womble]

Thanks for the explanation, I have probably not seen enough to see a representative sample, and several of them would have been old, so more likely to be Linux.

Re:This result seems to be because of Apple router

[Andy+Dodd]

Have you ever heard of Internet2? There's quite a large number of schools that are involved with I2, and I'm 90% certain that I2 requires IPv6 capability.

Re:This result seems to be because of Apple router

[riceboy50]

Yeah, I am aware of the I2 project. According to them IPv4, IPv6, and others are supported. Also, their list of 213 participating universities would make that about 5% of the total number of universities. It also begs the question of what subset of the participants are actually running IPv6?

What about I2 and R&E users

I see all this talk about tunnels and brokers. I can argue that the biggest US group that uses IPv6 (other then military pushing it) is Research and Education. Look at Intenet2 it has been running a dual stack and natively routing IPv6 for years.

In a dual stack native v6 environment, yes Vista has v6 enabled by default, but often it still doesn't work without still having to screw with it. The Macs just work, so much so that the users don't even know v6 is working and they are using it.

And before anyone makes the K12 cracks, those of us in the R&E community are using Macs more and more. A lot of College students are also switching. I'm a Unix/Linux guy, but with the switch to OSX and Intel I get to have my cake and eat it too. A decent BSD Unix under the hood, a decent graphical environment that vendors support and I don't want to kill my self getting multi-media to play in, and oh yea Windows when I have to.

Corporate guy who love their NAT are scared to death of v6 anyway and try to kill any of it that they see. Never mind the fact you could just run a statefull firewall and be more secure then NAT anyway.