Slashdot Mirror
Linux Foundation Says All Major Distros Are IPv6 Compliant
ruphus13 points out news from the Linux Foundation, which announced that all major Linux distributions meet certification requirements for the US Department of Defense's IPv6 mandates. The announcement credits work done by the IPv6 Workgroup, whose members include IBM, HP, Nokia-Siemens, Novell and Red Hat. Quoting:
"Linux has had relatively robust IPv6 support since 2005, but further work was needed for the open source platform to achieve full compliance with DoD standards. The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."
Many embedded linux devices are IPV6 compliant. Even my AXIS webcam can talk ipv6.
Unfortunately, my ISP, RoadRunner is stuck in dark ages.
is it something i as an end user of some linux distro or other ipv6 supporting OS can make use of, some option i can toggle in some options somewhere to improve something, or is it all just something in the backbone for admins and people with servers to worry about? i want to know what ipv6 means to your average jo
. . . when you see IPv6.
Until your ISP starts offering it, don't worry about it.
Everything that is worth buying has been IPv6 compliant for years.
The only thing that is missing for IPv6, is well, how about an IPv6 net, to the end user.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
The BSDs had full support for IPv6 long before M$
I tend to believe your statement - but a link to a source verifying this would have been nice anyway...
maybe, but IPv6 is still not fully adopted by the market, and certainly 5 years ago had only very small adoption rates. That they are compliant now makes more sense.
-- All this knowledge is giving me a raging brainer.
And for the majority of users, for whom ipv6 is at best useless and at worst an annoyance, blacklist the ipv6 module. E.g. in Debian / Ubuntu add the line
blacklist ipv6
to /etc/modprobe.d/blacklist
While you're at it, you might also want to blacklist pcspkr (get rid of annoying console beeps), lp, parport and parport_pc (parallel port printer) and joydev (unless you have a joystick of course).
Well Apple and MS has had some IPv6 support for a while but they are shades to the amount of support. I believe that IPv6 has been available in Linux before MS or Apple (since 1996). However it was deemed "experimental" until 2005 even though it worked well enough for most people and distros. MS has had limited IPv6 starting with Win2K and has had some IPv6 support with XP in 2002. As for DoD compliance, only Vista with SP1 is partially compliant and OS X does not to appear to have been tested.
Well, there's spam egg sausage and spam, that's not got much spam in it.
MS and Apple have wasted a lot of resources on a lot of systems for the past 5yrs then, since IPv6 hasn't been used on ~99.9% of the systems it has been installed on.
Source: http://www.mit.edu/hacker/part4.html
So why the fuck hasn't it been adopted yet?
------
Anyway, does anyone have any sources as to know the other "big" OS's (MS Windows, Mac OS, the BSD's etc.) were able to speak IPv6 (if they are able to at all?)?
Also, I've tried to find information about whether FreeDOS can do IPv6, but couldn't. Could anyone help there?
-----
Finally, the beauty of FLOSS.
I wank in the shower.
Vaporware is when some software is promised and is not programmed/available yet. In this case, the programming is already all over there, is available for all major platforms and probably involved hardware too, you just need the world to actually use it.
Exist a migration roadmap for it? or there are still showstoppers?
I mean seriously, what idiot would tell their developers to push ipv6 as early as 2000 when there was utterly no reason to do so other than a threat from DoD about compliance or something.
:D
But yeah, here come the history I-did-it-before-you wars, look in the thread below you, someone already said BSD did it first before MS.
Oh snap.
Promote true freedom - support standards and interoperability.
http://en.wikipedia.org/wiki/IPv6#Major_IPv6_announcements_and_availability
'nough said.
Until Vista, SMB/CIFS didn't support IPv6, so sharing resources over an IPv6 local network didn't work. On top of that, 2005 is the year the "experimental" status was removed. In fact this status is rather conservative and many distros routinely ship kernels with experimental options enabled (e.g. tickless kernel, the WMI drivers, etc.)
Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
Now that I know Linux joins the ranks of IPv6 compliant OSs, I just need an ISP that supports IPv6. The problem is, in North America at least, is that there are still few to no ISPs providing IPv6 addresses. Instead I have to resort to tunnel providers (some listed here). What we need is a list of major internet service providers in North America and an indication of their IPv6 readiness and what they excuse is for not starting the migration.
In order to get ISPs moving we could each mail the one we use and ask them when the plan to offer IPv6 addresses.
Some 'cool stuff' using IPv6: https://www.sixxs.net/misc/coolstuff/
Jumpstart the tartan drive.
Apple didn't spend much at all. They use the KAME stack, which was developed by a consortium of Japanese companies for BSD-family systems. It was started in 1998 and achieved full compliance in 2006. Apple just pulled in the code and merged it. Since it already ran on BSD/OS, FreeBSD, NetBSD, OpenBSD and DragonflyBSD, this was not a huge undertaking.
I am TheRaven on Soylent News
and I am a General Disagree and I totally disagree with you
I am General Failure, reading your hard disk.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I am Colonel Panic, halting ur systemz.
Ignore this signature. By order.
"Unfortunately, my ISP, RoadRunner is stuck in dark ages."
It's a bummer when your toilet can't get it's own IP address.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
In reality IPv6 is about infrastructure, so if it is all done right then your average Joe shouldn't see much of an impact. In most cases the average user leaves their setting in automatic mode, so as long as the OS and corresponding application are already IPv6 aware then they won't notice until they need to use a numerical address. If they have a home router, then they may find that they need to buy a new one as the manufacturer is only releasing IPv6 aware firmware for routers manufactured after a certain date.
There are still plenty of issues before everything is working right on both the client and server front. Issues still in place:
- network hardware not IPv6 compliant (the only compliant home router for the moment is the Apple Airport)
- network administrators oblivious to IPv6
- ISPs not preparing for IPv6
- libraries for popular computer programming languages not IPv6 ready. Take Perl libwww for example.
- people saying that no one else is doing anything, so they won't do anything either - the classic sheep mentality
I would like to see stuff like Zeroconf (aka Bonjour, Avahi) become common place on all OSs (this include Windows), or at least if these routers could add the names of computers in their DHCP table (including themselves) in their DNS directory, so typing in numerical IP addresses should not be necessary.
Jumpstart the tartan drive.
Well, there's 'support' and 'support'. See this post in this very thread...
http://linux.slashdot.org/comments.pl?sid=1046105&cid=25933393
MS Vista claimed broken, IPv6, Apple AND Linux?
I'm getting the popcorn...
Apple didn't spend much at all. They use the KAME stack, which was developed by a consortium of Japanese companies for BSD-family systems. It was started in 1998 and achieved full compliance in 2006. Apple just pulled in the code and merged it. Since it already ran on BSD/OS, FreeBSD, NetBSD, OpenBSD and DragonflyBSD, this was not a huge undertaking.
While the OS itself is IPv6 compliant, stuff like the Finder and certain GUI based applications (Network Utility) is still oblivious to IPv6. Although not an Apple product, Samba the last time I tried did not seem to be IPv6 ready - if anyone knows otherwise please correct me. Other than the Finder and Network Utility, are there any other Apple provide applications that are failing IPv6 compatibility?
Jumpstart the tartan drive.
Linux had IPv6 long before either MS or Apple, it was present by default in the 2.2.x kernels which came out last century, and was probably available as patches long before that.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Corporal Punishment is sending Major Pain to ur Private Parts.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The support in win2k was an experimental addon published by microsoft research, it was never an official feature.
It was XP which first introduced support in the base distro, but it was not turned on by default and if autoconfig didn't work you had to use the cli tools to configure it. Also it wouldn't do DNS over ipv6 so you still need ipv4 connectivity for your dns at least.
Linux had support a lot earlier as you pointed out, as did digital unix (aka tru64 unix), the bsd's got support fairly early too. It was only market experimental because there was really no other reason to use it, you could pretty much only get tunneled ipv6 from a free tunnel broker with no guarantee you would keep the addresses etc. In terms of functionality, the stack worked great even in the 2.2.x kernel, ipv6 has long been popular on IRC because you can create more vanity hostnames more easily, and its a little harder for some of the script kiddies to dos you.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I believe DEC were doing a lot with ipv6 early on too, they had ipv6 support in digital unix and even had an ipv6 enabled version of altavista available.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
That's Private Perks. Private Oliver Perks.
Ignore this signature. By order.
I wouldn't say Apple's time spent on this has been wasted. After all more than 50% of the client machines on the IPv6 network are Macs.
Do you care about the security of your wireless mouse?
I am Colonel Mustard and I am waiting in the study with a candlestick.
I'm not not licking toads.
There's support and support. The first OS to have certified DOD compliant IPV6 support (what this topic is about) was Vista. Solaris 10 came second. Neither had IKEv2 capability. Then came Novell and RedHat, both with IKEv1 and IKEv2.
So it's not only a neck-to-neck race, but you can also be first, and you can be first (with IKEv2).
You can find the list, with certification dates, here.
WTF? XP autoconfig works just fine.. every XP machine here has a working ipv6 stack and I wouldn't even know what the cli commands were as I've never had to use them.
Samba works on ipv6 but I think the OSX version doesn't. Things go *really* screwy if you use an ipv6 enabled samba in a Win2003 domain, so they probably disabled it to avoid problems.
Apple also hasn't been very diligent about updating their IPv6 stack. They've been taking security patches, but that's about it. Most of the useful features of IPv6 are not available on Mac OS X, e.g. MLDv2, DHCP6, source address selection, mobility, etc. Apple also doesn't have a public roadmap for its IPv6 features in future OS X releases.
jhw
From MS Technet:
"You can manually configure IPv6 addresses and routes by using the Netsh commands for Interface IPv6 command-line tool. Manual configuration might be required in a network that has multiple IPv6 network segments within which routers are not configured to send router advertisements."
Just because it works fine on *your* network doesn't mean that no-one will have problems. And you really should know how to use netsh if you're administrating Windows machines: it will almost certainly come in handy some day.
Igor Presnyakov stole my hat
If your routers aren't sending router advertisements then you have bigger problems. *no* OS will autoconfigure in that situation.
I'm using IPv6 just fine for several years now. Oh, and NetBSD had IPv6 since 1999 or so.
Just get involved, everyone can get IPv6 right now: http://www.sixxs.net/
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."
So this statement of compliance is as of which mainline kernel revs (2.4 and/or 2.6) or which distro versions?
Now, just make a certain highly corrupt organization charge less then several years revenue for a IPv6 address block.
Wait, you though just because there are 2^64 blocks they aren't trying to make 2^128 dollars off of them?
It's about the money, your ISP cannot possibly afford an address allocation, so you're not getting IPv6.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
I could, but why would I want to?
I don't want the potential vulnerabilities that keep cropping up for IPv6 on my servers. Nor the potential abuse from the unlimited allocation of IP addresses that people can use to evade bans on my services. Any ISP providing IPv6 only has a ipv4 NAT to fallback on for IPv4 usage.
Change is certain; progress is not obligatory.
ISP may try to make $5 /m per ipv6 so people will still NAT then.
ISP may try to make $5 /m per ipv6 so people will still NAT then.
That would be disaster and a good reason for reprimanding them. IPv6 has been designed so that NATs will not be required. NATs are a major pain in networking applications.
Jumpstart the tartan drive.
ipv6.google.com has been running for quite a while (bouncing logo and all) and I use it as much as possible just to boost the stats on it, but really, slashdot is a perfect candidate to help boost adoption. It's pretty easy to get on ipv6 through a tunnel to someone like sixxs.net these days, especially for the likes of a slashdot reader.
Come on already! Naysayers be damned!
And? We're talking about using the cli in windows. Obviously there's going to be *some* problem if the autoconfig doesn't work, and other OSs have nothing to do with it. The point was that you'll be using the cli in this situation.
Igor Presnyakov stole my hat
I don't know exactly what to think about those protocols you really want to stay within your own network. On one hand I think that you are not going to share your resources with the entire world, so why would you need to do that with a protocol that allows you to communicate with the entire world. Some people even go as far as using protocols that you can't even route across an IPv4 router. On the other hand I know this is not the right way to do it. You may have a network that is large enough that you have multiple segments, so you do need something that can be routed between those segments. And using IPv4 doesn't really protect you from communicating with the outside world. Also we do want the use of both IPv4 and IPv6 at the same time to be a temporary solution for the transition. Running these protocols over IPv6 and filtering them at the edge of the network does sound like the correct solution. But of course each machine acting as a server should also verify that the client is authorized, filtering at the edge of the network is supposed to be an additional layer of security, not the only one. Getting all of that right seems like an awful lot of work, and I can understand why you would not make that your first priority. After all there is no need for that to be fully done before a world wide deployment of IPv6 happens. The point where supporting those protocols over IPv6 become a high priority is when you are no longer using IPv4 to communicate across the backbone and you consider turning it off completely within your local network.
I have been thinking about PXE booting as well. That is something you rarely want to involve more than a single ethernet segment, and which is currently done over IPv4. And there is hardware around that have a ROM which is unlikely to ever be upgraded to IPv6. But OTOH, does it really hurt to keep things like that on IPv4 indefinitely. Maybe some time in the future the IPv4 stack gets ripped out of the kernel and replaced with a socket interface that will allow one application to receive all IPv4 packets from an ethernet interface and generate IPv4 replies as well. At that point the IPv4 stack could live inside an application that does DHCP, TFTP, and what other things you need to boot diskless machines.
But again this is low priority. We should focus on what we need to get the backbone communication to be all IPv6. Supporting IPv6 only hosts can happen at a later point.
Do you care about the security of your wireless mouse?
http://www.gnu.org/fun/jokes/ed.msg.html
Well, you can see the routes your computer knows about by running ip -6 route. The routes that the Vista machines are advertising should be listed there.
So, say I have a rogue route like this:
I should be able to run:
I don't know what to do if it keeps reappearing, though.
Yeah, well, if that had actually been the point you might have been right. Since it wasn't, you're just showing yourself to be incapable of reading.
Igor Presnyakov stole my hat
Not very bloody likely. What you're likely to see is ISP's charging per DHCP6 lease, with maybe a little bit extra (but probably not) if you want a prefix delegation for your router.
Your ISP has a huge incentive to give you a routable prefix for your network: they want to be able to sell you application services that depend on their ability to communicate with nodes on your network that you put there for them to manage or query.
jhw
but IPv6 isn't a better solution than NAT. It's annoyingly long. How's this - since we've got 65000 ports per IP why can't we just give each machine a few ports and advertise stuff that's available using DNS. Sure there's things to work out with that, but it's not difficult to do. IPv4 didn't have to push so hard to be accepted - it took over from NCP pretty much as soon as it was completed. Sure there were less hosts, but it was still a big job. People are only willing to change when something appears better and IPv6 really seems like it's harder to remember IP's that will make my life more difficult when DNS is broken (which will almost certainly happen at some point). What if an automated script breaks both my DNS servers and I need to ssh into them to fix them? Oh too fucking bad, you forgot your ffas:3qrr:r2f223:dada:fdsda cunty number. It really feels like everyone's trying to sell me a lemon with this IPv6 bullshit.
"if autoconfig didn't work you had to use the cli tools to configure it"
sure it works fine if you have a router advertising ipv6 correctly, but what if you don't or you have multiple routers or you want to set up a tunnel?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The point was that support for ipv6 in xp is lacking behind the supported offered by vista...
Windows users don't expect to have to use the CLI for anything, remember the CLI is bad and that's why Linux sucks... Don't forget that any OS which forces you to use the CLI for anything must suck.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I'm not describing Zeroconf. That works through broadcast, so that will never work on the internet at large, or even on a network with more than one vlan. I'm describing this to minimize ip's in a server network, not a client network. Clients don't need routable IP addresses, because they don't need or want to be servers. If you're a client and you want to be a server, get yourself a proper network.
;; QUESTION SECTION:
;example.net. IN TXT
;; ANSWER SECTION:
Currently through virtual hosting you need an IP address for each SSL certificate used. This is a complete waste of IP's. With the following description, I could take the the thousands of IPs that I use and turn them into 60ish.
You have DNS txt records that describe a service, say http or https. It defines a port for this service.
In the interest of explaining this well:
example.net. 86400 IN TXT "http:380,https:3443"
A browser picks this up and connects to the alternate ports for https and http. Easy and no security concerns.
The server could be configured through a control panel or manually decided. Only one IP should be used on a virtual hosting machine, not the stupid amounts there currently are due to SSL certs. I neglect to see how this is any less secure and frees up, for me at least, about 4000 Routable IPs. That might be a drop in the ocean, but where else could this solution be used?
I know IPv4 needs to go, but IPv6 isn't a great answer. The addressing is too long, it's trying to be too many things at once. When you introduce even a smidge more complexity than you need, things tend to fuck up. You use the most simple option.
Sure there's 300 Million hosts, but there's a shitload more money in the internet now. You'd think that the ISP's would be trying to establish themselves as IPv6 compatible if it were such a great thing. You know like Multimedia compatible back in the day, or IBM compatible. These things sold - IPv6 isn't selling.
You seem to think I'm just complaining because the addressing is long. I'm complaining because the current solution works and the only issue is we don't have enough addresses. You're taking this to jam IPv6 down the throats of people. It's going to make a whole lot of diagnosis a lot more painful.
Also you seem to think I'm running an internal network. No, I run an AS. ASNs are being used up as well. What was the solution there? Oh make them 4 byte instead of 2.
At home my NAT box is a Linux machine. I just SSH into it.
PS: Your suggestion of running an IPv4 address alongside an IPv6 address just plays further to my point.
Clients end up being servers all the time.
But not in the traditional sense. Clients benefit a lot from having a publicly routable ipv6 address.
Many applications are peer to peer. Bittorrent, the xbox, msn for file transfer/webcam, skype. But instead they have to use a host that isn't behind a nat box. Or even do nat punching.
This is called triangle routing, it uses up bandwidth and takes a lot more time to do. Nat punching isn't much better either.
Imagine how much faster I could be matched up with other players if I could be directly routed to their console. Instead of trying a few tricks then failing.
The hosts will make their own address's based on what the router is advertising. But really with zeroconf all you need to know is the hosts name then use hostname.local that's easier then numbers. If your needs are to access that machine remotely then assign it a domain name. Most users won't need that.
ipv6 isn't really that complicated, in a lot of places it's simpler then ipv4 just seems complicated because it's different something people aren't used to.
The dns trick you show is interesting, but really apache solved that problem with virtual hosts. I like the port numbers being standard, instead of spread all over.
I have read over your posts most of your complaints are about "I don't like how big it is." or "I like my nat firewall" Then keep running a statefull firewall and the long ipv6 address is really not that big of an issue.
Could always block the persons 64bit prefix. Or whatever will happen to get allocated.
Bans shouldn't be for too long. kiddies get bored and will leave
But then I end up blocking a lot of legitimate users who expect the service to work. It's like blocking all of comcast, AOL etc.
I don't think you've ever experienced kiddies on IRC before.
Change is certain; progress is not obligatory.
XP cannot function on a v6-only network. It cannot perform DNS queries over IPv6, nor can it obtain Kerberos tickets or query LDAP over IPv6. So, no DNS and no Active Directory. For those abilities, you need Vista.