Slashdot Mirror
US Has More IPv6 Eyeballs Than Asia, Because of Apple
An anonymous reader writes "Google has been checking to see who's using IPv6. According to the company's tracking, half of all IPv6-capable systems seen by Google are Macs, helping the US land in fifth place in percentage of IPv6 users world wide, ahead of China and Japan."
Apple has a far greater market share than Linux desktops, but you can't completely ignore that Linux has been pushing IPv6 for some time.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
IPv6 Eyeballs! Run!!!!
OK, so I have 7 computers in my house. They all run either Linux or Vista. (Some both as two are dual boot). They are all IPv6 capable. However, my Linksys NATing router is not. So unless my machines find an ISATAP server somewhere, there is going to be no information that Google gets showing that all my machines could do it if I just sprung for a new router. I would imagine there are a lot of people in the same situation. I guess if they are trying to find out how many homes are capable - then maybe this is the right way. But if they are trying to just see how many COMPUTERS - then it isn't going to be correct.
I don't believe any US ISPs have begun providing IPv6 connections yet, have they? So, does this statistic reflect that not only are Macs IPv6 capabable, but all of them are automatically setting up an IPv6 tunnel over their IPv4 connections? If so, what tunnel broker are they using as an endpoint (is Apple itself providing a tunnel broker service for them)?
Or, instead of using a tunnel, are they using the technology (don't remember the name, maybe 4to6?) where an IPv6 address is automatically generated from the public IPv4 address, and then IPv6 packets are sent to an IPv4 anycast address which automatically routes them to the nearest 'public' 4ot6 gateway? Unfortunately, I don't believe the latter solution works well behind NATted connections, which I think would dramatically reduce these statistics, so the sheer size of the Mac IPv6 'population' suggests to me that tunnels are being used instead?
I've recently been playing with IPv6 via Hexago Freenet6, but truth be told, there's really not much use for IPv6 yet, since very few apps (like IM clients [skype: I'm looking at you], network games, etc) or websites actually support IPv6 on the other end yet. I've also noticed a problem with packet loss and high latency with Freenet6, so I'm thinking I'm going to try to find a different tunnel broker.
not at all.
While NAT is not a be-all end-all security measure, it certainly helps, as my router provides a (stupid-basic) blank face at port-scan attempts.
Layers of defense. My router is the drawbridge of my castle.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Yes; just because you can give every molecule in the solar system an IP address doesn't mean you should. There's no reason to let your home networked devices face the internet directly- it's a very bad idea to even open any ports, since you shouldn't need to. You shouldn't be providing any services to the internet from your home, even remote desktop or a network share; it's bad practice and you won't sleep well at night- it's against your ISP's terms of service anyway, if you're in America. Get a virtual server somewhere if you really need something while on the go. I'm sitting comfortably in my NAT fortress knowing everything within the physical space of my house is nmap-proof.
Let me guess, your inner keep is Goatse/tubgirl/lemon party montage, deceptively labelled "secretpasswordstomybankaccountsandthat.png"
Anyone cracking yo' stuff will be sick for a week.
And yes, it's probably against your terms of service to offer any kind of internet services from your home without a hosting service account. That doesn't mean you can't forward ports- you can still netcat data into your network and stuff like that- but you can't provide services. Of course it's absurd and unenforcable, but it's not good to break the ToS for years at a time; play it safe.
From the article, I picked up the reason for this result (but not until after posting a similar question, I must confess). Most home computer users, regardless of their platform, tend to connect to the internet through some sort of router device. Most of these routers use IPv4 only, and use NAT to share the Internet connection.
Many Mac users, instead of using some 'generic' WiFi access point, instead use Apple's Airport Extreme router. Per the article, Airport Extreme's have support for IPv6 built right into the router, and the router will *automatically* route IPv6 traffic using the 6to4 standard (which basically tunnels the traffic over the IPv4 connection from the ISP).
I suspect that if you connected your Ubuntu computer (or Vista, or XP if you installed IPv6 manually) to the Internet using an Airport Extreme, then IPv6 would work fine under Ubuntu too. That is, I think the 'magic' here that makes IPv6 "just work" is in the router, not in the OS.
Nonsense. I've visited the homes of Mac-only users. They usually have two or three. Where things get interesting however, is that they tend to be using an Airport Router. (Which caused me no end of grief when I didn't spring to have WiFi added to my last laptop.) As someone mentioned higher up in the discussion, Airport routes IPv6 by default. Something that most other consumer routers (typically paired with Windows and Linux machines) do not.
Javascript + Nintendo DSi = DSiCade
Actually it is.
:).
The difference between a "NAT router" and a "stateful firewall with public IP stuff behind"
You need the NAT working in order to reach the stuff behind it.
You don't need the stateful stuff working in order to reach the stuff behind it.
So in event of bugs, the hacker is more likely to have to work harder to exploit the stuff behind a NAT.
Now the issue with "just NAT" is the ISP can usually access the stuff behind the NAT - just as long as they know what IP range you have behind- they just have to get IP packets with dest=your.private.ip to your NAT device and _typically_ it will pass it through (some NAT devices also have a stateful firewall so they may not pass it through).
This means a 3rd party could get past your NAT if they have control over your ISP's routers route tables. But if they achieve that control you're probably screwed anyway.
Anyway, it's good enough protection, the hackers and malware bunch hardly do direct network attacks anymore against Joe User, much easier to convince Joe User to run stuff
IPv6 is enabled on all OS X installs as the default. Few, if any, users -either at home or in a corporate setting- turn it off. At my site, IPv6 is not enabled on the network so all Macs have it disabled in all system images.
Sig this!
Except he's ultimately right. There's no reason why I should have to replace any network devices on my home network because everybody else is using IPV6. That would be costly and wasteful. And for the near term that's going to be supported by most ISPs out of cheapness, no reason to drag people's home networks into it needlessly.
I prefer to spend my extra cash on death rays and doom devices. Also large quantities of obscure computing equipment bits.
Many Mac users, instead of using some 'generic' WiFi access point, instead use Apple's Airport Extreme router. Per the article, Airport Extreme's have support for IPv6 built right into the router, and the router will *automatically* route IPv6 traffic using the 6to4 standard (which basically tunnels the traffic over the IPv4 connection from the ISP).
Indeed. I was quite impressed to read about that. I have been thinking for quite a while that router makes should be doing exactly that, so it's good to see that at least one of them does.
On the quite opposite hand, there's Vista. While the article pointed out that Vista sets up 6to4 automatically when it has a globally routable IPv4 address (which is a good thing, of course), there's an annoying other side to that coin. See, Vista announces that it routes through its 6to4 address, but then in actual fact doesn't (it just drops the packets silently). It has been annoying me quite some times when I've connected to a public WiFi access point at my university, only to see every IPv6-enabled site (including my own!) fail miserably since my Linux laptop will try to route through one of these Vista black holes. That's Microsoft for you...
> Without a NAT, how does a "NoNAT router" know what public IP range to give via DHCP (or other means) to Joe User's WinXP/Mac box, BEFORE it manages to get that public IP range from the ISP?
Before it connects to the ISP you'll be using link-local addresses. The router will then get a prefix from the ISP via DHCP prefix delegation and begin sending router advertisements so internal computers can configure themselves with public addresses (though they retain their link-local addresses).
I rarely criticize things I don't care about.
I doubt it's really not allowed where I live (not in USA though), and the first three months I had only plugged in the TP-cable without signing any paper or anything. No login required, just plug the machine in and voila Internet with DHCP.
Okay, I've got four macs, an airport and an iPhone. Each one gets an IP. I know the airport and the Macs support IPv6. Not sure about the phone.
My anecdote cancels your anecdote?
NAT is causing fucked up problems that are serious but aren't given enough publicity, like making the big DNS vulnerability of the year still apply, even if the software side is fixed due to NAT's tendency to line up/reuse port numbers instead of randomizing them - even if the application side did randomize.
NAT is a horrible, horrible thing that shouldn't be used because it's causing subtle but ultimately very bad things to happen. Besides, home routers could just come with a default denial of all incoming packets unless they are related to an open connection rule to substitute the "firewalling" people enjoy with NAT.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
1) You still need to use IPv4 if sites you need to use still don't support IPv6 or are unreachable from your network.
For example - say you have a machine without an IPv4 address at all. How would you access the following sites:
mail.google.com
www.windowsupdate.com
security.ubuntu.com
mail.yahoo.com
I can list more.
2) You still need NAT if you are using dynamic IPv4 addresses.
Why?
Imagine what happens if the ISP gives you public IP range 4.5.5.0/252
But you drop and reconnect and are given public IP range 4.6.6.0/252
How long will it take for your machine to realize that it's IP address, DNS server and default gateway settings are wrong?
3) You still need NAT even if you are using static IPv4 addresses
There is an IPv4 shortage, so you need NAT to share the address(es) you get from the ISP.
If you think we can ignore the IPv4 shortage by switching your machines to IPv6, see 1).
Lastly, saying that DNS problem still applies because of NAT is wrong. NAT devices could randomize port numbers, there is nothing about doing NAT that requires a NAT device to not randomize port numbers. It's just like BIND could have randomized port numbers like djbdns did, but it didn't, so whose fault was that?
I think the future means every single device having a IP, perhaps even human beings if you are paranoid. :)
Don't think about today, think about the future. Can you imagine every cell phone user somehow browses the net and plays some games?
It is not like today's concept, it is about the very weird and connected future. I agree demanding IPV6 from a consumer level ISP today is a bit overkill but recently my heater company called me and asked if I wanted my combination heater (Vaillant) to be connected to net. I asked if it is Windows some sort, they said "yes" and I said "good luck with that".
I take it someone has never encountered an ISP that provides more than one IP address to each customer? Back in 1998 when I first got ADSL the ISP I used handed out 5 IP addresses per connection, and I've worked with ISPs that will gladly hand out up to 10 IP addresses per (physical) connection, so a lot of their more knowledgeable users are actually skipping NAT altogether and instead using public IP addresses for all their computers. And guess what, this is how the internet used to work and how it was intended to work. End to end connectivity.
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Where's the fun in that?
Sure a virtual server somewhere might have more bandwidth than my home cable but at home I can experiment with different setups. Some people play video games. . .I like to play with new distros, or software. If running a http or ssh server from home is wrong then I don't want to be right :-)
Perfectly valid for ipv4. Ipv6 is a different story. Go read up on how it works. Ipv6 needs no dhcp server.
BUT before Joe's router is connected to the ISP, how does his router or PC know what address they should be using?
This is actually a topic of debate on IPv6 lists right now. There are basically two camps: One says that Joe's router should give out unique local addresses, the other says that a LAN only needs link locals. Both sides are, as far as I can tell, supporting their stance with really good arguments.
Joe would not have to wait for "dhcp renewal time" seconds, or "some other public IP update period" seconds, before his PC realizes that "Oh I'm supposed to be using this public IP address and this gateway".
That's not how IPv6 works. Joe's computer gets a Router Advertisement message as soon as the Internet LED lights up and everything instantly works.
Like most criticism of IPv6 on Slashdot, your criticism is founded on ignorance.
Finally! A year of moderation! Ready for 2019?
Next question: What url does Joe Public enter on his browser to get to the router config page, so that he can enter the username and password in order to get access to the ISP's network?
Another topic of debate on IPv6 lists. Apple believes that mDNS+a special configuration program is the solution here. Others have talked about reserving an IP address for this purpose. I believe that mDNS advertising something like router.local or linksys.local will be the most common method.
Finally! A year of moderation! Ready for 2019?
!PASA 6vPI tuo yrt ot enoyreve egaruocne ylgnorts I .smelborp yna deciton t'nevah I dna pu tes ot hguone ysae demees tI .yppah yllaer neeb ev'I dna ,won thgir 6vPI gnisu m'I
I think it's more likely due to the fact that Apple has typically had an advantage in educational institutions. Most residential ISPs still don't provide IPv6 support, but I would not be surprised if nearly every college and university in the U.S. supported IPv6 to the end user.
Doesn't matter if your router supports IPv6 if your ISP does not.
retrorocket.o not found, launch anyway?
That's exactly right. To get IPv6 working on my system at home, I just set up the router. My Powerbook, my Ubuntu machines, and my wife's Windows Vista machine, all automatically picked up IPv6 and can all connect to http://ipv6.google.com/
For those rolling their own router boxes, you can see what I did here (caution - it's my blog and this is a tag that brings up a bunch of articles, start reading at the bottom...) I used 6to4 as well. It's worth getting a static IP address if you plan to use 6to4, and it's also worth noting that some ISPs, notable BellSouth/AT&T FastAccess, actually block use of 6to4, for reasons I don't really understand. Before wasting any time on it, try to ping 192.88.99.1 from a machine directly connected to the Internet. If you get responses, you can do 6to4. If you don't, you're going to have to try one of the IPv6 tunnel brokers, which is a supremely inefficient way of doing everything and makes you dependent upon the goodwill of a third party.
You are not alone. This is not normal. None of this is normal.
I don't think you understand how a default IPv6 set up works and I don't think the guy who's insulting you is being terribly helpful.
With IPv6, you get a huge block of addresses (as high as 2^80, approximately, though 2^64 is generally what people actually use and is often the limit for tunnel broker negotiated links) allocated to each network (that is, if your router is responsible for connecting to the Internet, then right now when it connects it gets 1 IPv4 address. But if it supports IPv6, it'll get, via 6to4 or a tunnel broker or a PPP-negotiated setup, a BLOCK of between 2^64 and 2^80 addresses. It can grab any of these for itself.)
That's your home network with all those IPv6 addresses. Your router accepts configuration requests by prepending the network prefix (the first 48 or 64 bits of your network's address) to a mangled version of the client's MAC address. It can then talk to the outside world. It has a globally routeable address. Any traffic with the first 48 bits of your client's IPv6 address will be routed to your router, and your router will send it to the client machine.
It's actually SIMPLER than your average NAT+DHCP router.
This isn't theory BTW, this is what I use at home. I have a bog-standard Earthlink DSL connection. Earthlink doesn't currently support IPv6. It doesn't do anything other than route IPv4 packets. The only block is does is on outgoing port 25 connections. That's it. It's your basic ISP.
My router understands 6to4 (I built it myself.) It turns the IPv4 address I get from Earthlink into a 6to4 network block. It tells every computer on my network what that computer's IPv6 address(es - yeah, more than one is allowed) are and that it does all the routing. Those addresses are static. They are ALL globally routeable, that is, they're real IP addresses, not equivalents of 10.x.x.x. My firewall set-up decides which machines should be allowed to receive incoming connections from the outside world. I have forward and reverse DNS set up for the IPv6 addresses.
My Powerbook, Ubuntu Desktop, Ubuntu Thinkpad, Ubuntu VMs, and my wife's Vista machine are all connected and do not have any problems using it, and they "just worked" - I didn't have to configure them. I've noticed the Wii has an address but doesn't use it. My Dish Network box and HD DVD player do not ask for IPv6 addresses, so aren't routeable (though they do the IPv4 thing with NAT and 10.x.x.x.), my Nokia N800 also doesn't have any inbuilt IPv6 support though it's apparently a third party firmware update away from doing so.
This is what the situation is now. It's a working system. It doesn't use DHCPD, it uses RADVD. The router has lots of IPv6 addresses, it knows how to give them out, and the computers on my network that know IPv6 can get those addresses.
Does that help?
You are not alone. This is not normal. None of this is normal.
Have the security issues (i.e. the fact that it makes it trivial to forge addresses) with 6to4 been fixed yet? If not, enabling 6to4 by default is not a great idea...
I am TheRaven on Soylent News
Unless you are looking at a fairly strange cross-section of consumer routers, most of them do not run Linux. Only a handful of the ones offered by Linksys, D-Link, etc. do. The majority run VxWorks, I believe.
A few years back there were actually more Linux-based routers but as cost pressures and competition have increased the manufacturers seem to have moved away in order to reduce the parts count. Broadband routers are the only pieces of equipment I've seen where the hardware specs have actually fallen, year over year, for comparable pieces of gear.
Anyway, if you do happen to get a real Linux router (like the Linksys WRT54GL, or early *G editions) and reflash the firmware to DD-WRT, you can enable IPv6. I don't think it does automatic 6to4 (at least it doesn't in the version I'm running) so it's not quite as slick as the Apple routers, but the capability is definitely there if you're running a decent load of software. I don't know if the capability is actually been removed from the kernel in stock firmwares or just not enabled.
I don't know what VxWorks' support for v6 is like, so I'm not sure how trivial it is for manufacturers to enable it, if they wanted to.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
FYI, for those running routers that can run DD-WRT:
http://www.dd-wrt.com/wiki/index.php/IPv6#6to4_Setup
What are we going to do tonight Brain?
Doesn't matter if your router supports IPv6 if your ISP does not.
Sure it does. The whole point, and what makes it so cool, is that the AirPort sets up 6-to-4 tunnelling automatically. So you *can* have IPv6 connectivity even if your ISP doesn't provide it.
noah