Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation Says All Major Distros Are IPv6 Compliant

Posted by Soulskill on from the getting-things-done dept.

ruphus13 points out news from the Linux Foundation, which announced that all major Linux distributions meet certification requirements for the US Department of Defense's IPv6 mandates. The announcement credits work done by the IPv6 Workgroup, whose members include IBM, HP, Nokia-Siemens, Novell and Red Hat. Quoting: "Linux has had relatively robust IPv6 support since 2005, but further work was needed for the open source platform to achieve full compliance with DoD standards. The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."

6 of 241 comments (clear)

  1. Embedded Linux does ipv6 too by dattaway · · Score: 4, Insightful

    Many embedded linux devices are IPV6 compliant. Even my AXIS webcam can talk ipv6.

    Unfortunately, my ISP, RoadRunner is stuck in dark ages.

    1. Re:Embedded Linux does ipv6 too by klapaucjusz · · Score: 3, Insightful

      Would you stop giving the damn ISP's more reasons to slack off on implementing IPv6!!!

      When their customers do their own tunnelling, ISPs loose the ability to perform their own traffic engineering, and loose money.

      Once they see that they are loosing money because people are implementing their own tunnelling, ISPs will rush to implement native IPv6, in a form that they can control.

  2. Maybe by Midnight+Thunder · · Score: 3, Insightful

    In reality IPv6 is about infrastructure, so if it is all done right then your average Joe shouldn't see much of an impact. In most cases the average user leaves their setting in automatic mode, so as long as the OS and corresponding application are already IPv6 aware then they won't notice until they need to use a numerical address. If they have a home router, then they may find that they need to buy a new one as the manufacturer is only releasing IPv6 aware firmware for routers manufactured after a certain date.

    There are still plenty of issues before everything is working right on both the client and server front. Issues still in place:
      - network hardware not IPv6 compliant (the only compliant home router for the moment is the Apple Airport)
      - network administrators oblivious to IPv6
      - ISPs not preparing for IPv6
      - libraries for popular computer programming languages not IPv6 ready. Take Perl libwww for example.
      - people saying that no one else is doing anything, so they won't do anything either - the classic sheep mentality

    I would like to see stuff like Zeroconf (aka Bonjour, Avahi) become common place on all OSs (this include Windows), or at least if these routers could add the names of computers in their DHCP table (including themselves) in their DNS directory, so typing in numerical IP addresses should not be necessary.

    --
    Jumpstart the tartan drive.
  3. Re:so i see talk of ipv6 more and more.... by sjames · · Score: 3, Insightful

    NAT for firewalling is really an abuse of the protocol. Instead, dump it and use IPv6, then have the router filter the packets. That way, instead of having to rewrite the packets, the router just has to make a drop or forward decision.

    If you make DROP the default decision and then add specific ALLOW rules, you'll get the same semantics as NAT with a lower load on the router

    AN added benefit (FOR NOW anyway) is that most ssh dictionary attacks are against IPv4 addresses. If your internal machines can only be reached through v6, you won't have to worry about those.

    Even if the crackers update to use v6, they won't be nearly as successful since they would first have to guess which dozen or so v6 addresses out of the possible billions on your 6to4 prefix actually have something listening. Sending out a few billion probe packets wouldn't really be a good option for them, especially when someone might have a honeypot assigned hundreds of IPs (making it by far the most likely machine to be attacked).

  4. Re:IPv6 has been known to be needed since 1991 by Blakey+Rat · · Score: 3, Insightful

    IPv6 isn't backwards-compatible with IPv4, and a lot of networks have been really slow to convert over. In most case, they have to spend money to do this conversion, because they have older hardware without full IPv6 compatibility.

    Adoption is slow because IPv6 isn't backwards-compatible, and because it doesn't have enough benefits to outweigh that problem. No conspiracy or anything. (I think it's damn stupid that IPv6 has approx. 40 kajillion IP addresses, and yet they didn't bother to map the existing 4 billion there anywhere.)

    --
    Comment of the year
  5. Re:IPv6 has been known to be needed since 1991 by neirboj · · Score: 4, Insightful

    Section 2.5.5.2 of RFC-4291: IP Version 6 Addressing Architecture describes what in IPv4 terms one might call a super-network prefix that does exactly that: map the existing Internet onto an infinitesimal corner of the huge IPv6 address space.