Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation Says All Major Distros Are IPv6 Compliant

Posted by Soulskill on from the getting-things-done dept.

ruphus13 points out news from the Linux Foundation, which announced that all major Linux distributions meet certification requirements for the US Department of Defense's IPv6 mandates. The announcement credits work done by the IPv6 Workgroup, whose members include IBM, HP, Nokia-Siemens, Novell and Red Hat. Quoting: "Linux has had relatively robust IPv6 support since 2005, but further work was needed for the open source platform to achieve full compliance with DoD standards. The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."

27 of 241 comments (clear)

  1. Embedded Linux does ipv6 too by dattaway · · Score: 4, Insightful

    Many embedded linux devices are IPV6 compliant. Even my AXIS webcam can talk ipv6.

    Unfortunately, my ISP, RoadRunner is stuck in dark ages.

    1. Re:Embedded Linux does ipv6 too by PolygamousRanchKid+ · · Score: 5, Funny

      With the US auto industry going down the shitter, some /8s could be reassigned real soon.

      Viva IPv4!

      You mean, they are going to be ".gov" domains, real soon, at your expense.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    2. Re:Embedded Linux does ipv6 too by ArbitraryConstant · · Score: 3, Informative

      We're going through a /8 about every month. Even if several of these are freed up it doesn't push the exhaustion date back very far.

      --
      I rarely criticize things I don't care about.
    3. Re:Embedded Linux does ipv6 too by mrsteveman1 · · Score: 3, Funny

      Water is a liquid.

      Your turn

    4. Re:Embedded Linux does ipv6 too by mqduck · · Score: 5, Funny

      GNU is not UNIX.

      --
      Property is theft.
    5. Re:Embedded Linux does ipv6 too by Daimanta · · Score: 3, Funny

      GIMP is an utterly stupid name.

      There, I said it.

      --
      Knowledge is power. Knowledge shared is power lost.
    6. Re:Embedded Linux does ipv6 too by Gorgonzolanoid · · Score: 5, Funny

      EMACS is a decent operating system, but it could use a better text editor.

    7. Re:Embedded Linux does ipv6 too by dadragon · · Score: 5, Funny

      Water is a liquid.

      I'm Canadian, you insensitive clod!

      --
      God save our Queen, and Heaven bless The Maple Leaf Forever!
    8. Re:Embedded Linux does ipv6 too by ArbitraryConstant · · Score: 4, Informative

      > What happens if NAT is used all over the place? You could imagine a bunch of
      > subnets that use one address to the outside world but have hundreds or
      > thousands of machines internally.

      It *is* used all over the place. It's even used on an ISP-wide scale (expect that to become more common in the west). NAT delayed IP address exhaustion for a few years, a few years ago. The current rate of IP usage is what's happening *with* widespread use of NAT.

      > There's a lot to be said for NAT from a security point of view too. Since you
      > need to open up holes manually for incoming services, incoming connections
      > for anything else will be blocked which makes it impossible for people to
      > exploit most security flaws on the machines behind the router.

      You can get all of that from a stateful firewall that blocks inbound connections by default.

      > Reading between the lines it seems like IPv6 was a revolutionary solution to
      > running out of address space. NAT was an evolutionary one. As usual the
      > market has picked the evolutionary solution and more purist types are whining
      > about it.

      NAT isn't a solution at all, it's a way to delay the inevitable. It has successfully done that, into approximately 2011-2012. What it doesn't do is change the fundamental problem, it's not possible to use it *enough* to hold off exhaustion indefinitely.

      Breaking end-to-end connectivity isn't the primary concern. This has already largely happened with NAT, and will continue to happen to a certain extent with IPv6 because we'll be using stateful firewalls. We can deal with this for most home users.

      The problem is that NAT still consumes IPs, and other hosts like servers really do need to be reachable. The market prefers NAT now because exhaustion hasn't happened yet, and as the last few months have demonstrated, the market is remarkably good at ignoring problems for as long as possible.

      Purist types *are* whining about it. But pragmatic types like me are also concerned that people like you seem to think NAT is something we can use later as a solution, when we've already been using it for years as a way to buy time.

      --
      I rarely criticize things I don't care about.
    9. Re:Embedded Linux does ipv6 too by j+h+woodyatt · · Score: 3, Interesting

      "The right way would have been to extend the address space while still obeying to the KISS principle."

      The IETF has considered so many proposals along this line that it just produces eye-rolls from the greybeards now. They don't work any better than IPv4 w/ NAPT extensions, they still don't preserve backward compatibility with IPv4, and they don't solve the problems that IPv6 does.

      If you think you're smarter than everybody who's tried to do this before, then write up an Internet Draft. What's stopping you?

      --
      jhw
    10. Re:Embedded Linux does ipv6 too by klapaucjusz · · Score: 3, Insightful

      Would you stop giving the damn ISP's more reasons to slack off on implementing IPv6!!!

      When their customers do their own tunnelling, ISPs loose the ability to perform their own traffic engineering, and loose money.

      Once they see that they are loosing money because people are implementing their own tunnelling, ISPs will rush to implement native IPv6, in a form that they can control.

    11. Re:Embedded Linux does ipv6 too by fireman+sam · · Score: 3, Funny

      Yes, your toaster does need its own IP as part of its TRM (toast rights management). "Smart" toasters are subsidized by bread manufacturers, and as such require you (the user) to only install certified bread into the device. TRM was designed so the bread manufacturers can be assured that their (subsidized) product (the smart toaster) is being used in the legal manner.

      Note that GNU/Bread will not operate in TRM enabled toasters as this reduces the proffitability (sp?) of smart toasters.

      --
      it is only after a long journey that you know the strength of the horse.
    12. Re:Embedded Linux does ipv6 too by Anonymous Coward · · Score: 3, Funny

      Water is a liquid.

      I'm Canadian, you insensitive clod!

      ok then... beer is a liquid

    13. Re:Embedded Linux does ipv6 too by darthdavid · · Score: 4, Funny

      I'm American you insensitive clod, our beer is water!

  2. Re:Catching up on the competition by UnknowingFool · · Score: 5, Informative

    Well Apple and MS has had some IPv6 support for a while but they are shades to the amount of support. I believe that IPv6 has been available in Linux before MS or Apple (since 1996). However it was deemed "experimental" until 2005 even though it worked well enough for most people and distros. MS has had limited IPv6 starting with Win2K and has had some IPv6 support with XP in 2002. As for DoD compliance, only Vista with SP1 is partially compliant and OS X does not to appear to have been tested.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  3. Re:Let's not forget by mwoliver · · Score: 3, Interesting

    Yup. In fact, back in the day, the IPv6 support in FreeBSD was the determining factor in my choice to run FreeBSD rather than any then-current distribution of GNU/Linux. Being focused on networking, I didn't have a dog in the OS race, I just needed IPv6 support, and FreeBSD won hands-down. I have enjoyed the blessings of FreeBSD ever since. Even so many years later, IPv6 support on my DD-WRT (Linux) access point is quite non-intuitive and hackish.

    Big shout-out to the fine KAME team, especially the late Itojun.

    --
    Mike O, KT2T
  4. How about a report on ISPs? by Midnight+Thunder · · Score: 4, Interesting

    Now that I know Linux joins the ranks of IPv6 compliant OSs, I just need an ISP that supports IPv6. The problem is, in North America at least, is that there are still few to no ISPs providing IPv6 addresses. Instead I have to resort to tunnel providers (some listed here). What we need is a list of major internet service providers in North America and an indication of their IPv6 readiness and what they excuse is for not starting the migration.

    In order to get ISPs moving we could each mail the one we use and ask them when the plan to offer IPv6 addresses.

    Some 'cool stuff' using IPv6: https://www.sixxs.net/misc/coolstuff/

    --
    Jumpstart the tartan drive.
    1. Re:How about a report on ISPs? by Shikaku · · Score: 3, Informative

      https://www.sixxs.net/faq/connectivity/?faq=native

      ISP IPv6 listing.

  5. Re:so i see talk of ipv6 more and more.... by Dolda2000 · · Score: 5, Interesting

    I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).

    See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic! My laptop, not knowing that, though, will try to route IPv6 traffic through them nevertheless, which just makes every IPv6 site (including my own) stop working. Viva Vista!

    Does anyone know why Vista does this, and whether it's possible to prevent or work around it somehow?

  6. Re:You'll see IPv6 . . . by treuf · · Score: 4, Interesting

    A major French ISP - Free (second largest ISP after Orange) - is offering IPv6 to anyone asking for it (it's an option in their control pannel, disabled by default).
    It would be interesting to see how much peoples activated that option :)

    Another smaller one here have been offering IPv6 since ages (can't remember its name though)

    A major mass-hosting facility - OVH (doing buiness in France and doing massive deployment currently in europe) is providing IPv6 to all its servers (hosted or housed).

    They are both new-commers (compared to the country operator / old hosting facilities) - which may explain such massive deployment (they have only new hardware everywhere)

  7. Re:Catching up on the competition by TheRaven64 · · Score: 5, Informative

    Apple didn't spend much at all. They use the KAME stack, which was developed by a consortium of Japanese companies for BSD-family systems. It was started in 1998 and achieved full compliance in 2006. Apple just pulled in the code and merged it. Since it already ran on BSD/OS, FreeBSD, NetBSD, OpenBSD and DragonflyBSD, this was not a huge undertaking.

    --
    I am TheRaven on Soylent News
  8. Maybe by Midnight+Thunder · · Score: 3, Insightful

    In reality IPv6 is about infrastructure, so if it is all done right then your average Joe shouldn't see much of an impact. In most cases the average user leaves their setting in automatic mode, so as long as the OS and corresponding application are already IPv6 aware then they won't notice until they need to use a numerical address. If they have a home router, then they may find that they need to buy a new one as the manufacturer is only releasing IPv6 aware firmware for routers manufactured after a certain date.

    There are still plenty of issues before everything is working right on both the client and server front. Issues still in place:
      - network hardware not IPv6 compliant (the only compliant home router for the moment is the Apple Airport)
      - network administrators oblivious to IPv6
      - ISPs not preparing for IPv6
      - libraries for popular computer programming languages not IPv6 ready. Take Perl libwww for example.
      - people saying that no one else is doing anything, so they won't do anything either - the classic sheep mentality

    I would like to see stuff like Zeroconf (aka Bonjour, Avahi) become common place on all OSs (this include Windows), or at least if these routers could add the names of computers in their DHCP table (including themselves) in their DNS directory, so typing in numerical IP addresses should not be necessary.

    --
    Jumpstart the tartan drive.
  9. Re:Embedded Toilets do ipv6 too by Teun · · Score: 3, Funny
    Why the whole toilet?

    The large AND small flush want their own, just like the lid and seat!

    Don't get me started about the light switch, extraction fan and deodorant dispenser...

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  10. Re:You'll see IPv6 . . . by Tony+Hoyle · · Score: 3, Interesting

    Everything that is worth buying has been IPv6 compliant for years.

    Hmm..

    iphone - nope.
    xbox 360 - nope.
    PS3 - nope.

    That's 3 things worth buying that definately aren't.. and I'm not even including home routers on that list which are a glaring example of 'not ipv6 compliant'.

  11. Re:so i see talk of ipv6 more and more.... by sjames · · Score: 3, Insightful

    NAT for firewalling is really an abuse of the protocol. Instead, dump it and use IPv6, then have the router filter the packets. That way, instead of having to rewrite the packets, the router just has to make a drop or forward decision.

    If you make DROP the default decision and then add specific ALLOW rules, you'll get the same semantics as NAT with a lower load on the router

    AN added benefit (FOR NOW anyway) is that most ssh dictionary attacks are against IPv4 addresses. If your internal machines can only be reached through v6, you won't have to worry about those.

    Even if the crackers update to use v6, they won't be nearly as successful since they would first have to guess which dozen or so v6 addresses out of the possible billions on your 6to4 prefix actually have something listening. Sending out a few billion probe packets wouldn't really be a good option for them, especially when someone might have a honeypot assigned hundreds of IPs (making it by far the most likely machine to be attacked).

  12. Re:IPv6 has been known to be needed since 1991 by Blakey+Rat · · Score: 3, Insightful

    IPv6 isn't backwards-compatible with IPv4, and a lot of networks have been really slow to convert over. In most case, they have to spend money to do this conversion, because they have older hardware without full IPv6 compatibility.

    Adoption is slow because IPv6 isn't backwards-compatible, and because it doesn't have enough benefits to outweigh that problem. No conspiracy or anything. (I think it's damn stupid that IPv6 has approx. 40 kajillion IP addresses, and yet they didn't bother to map the existing 4 billion there anywhere.)

    --
    Comment of the year
  13. Re:IPv6 has been known to be needed since 1991 by neirboj · · Score: 4, Insightful

    Section 2.5.5.2 of RFC-4291: IP Version 6 Addressing Architecture describes what in IPv4 terms one might call a super-network prefix that does exactly that: map the existing Internet onto an infinitesimal corner of the huge IPv6 address space.