Slashdot Mirror
Windows 7 May Finally Get IPv6 Deployed
Esther Schindler writes "According to this article at IT Expert Voice, Windows 7 and IPv6: Useful at Last?, we've had so many predictions that this will be 'the year of IPv6' that most of us have stopped listening. But the network protocol may have new life breathed into it because IPv6 is a requirement for DirectAccess. DirectAccess, a feature in Windows 7, makes remote access a lot easier — and it doesn't require a VPN. (Lisa Vaas interviews security experts and network admins to find out what they think of that idea.) The two articles examine the advantages and disadvantages of DirectAccess, with particular attention to the possibility that Microsoft's sponsorship may give IPv6 the deployment push it has lacked."
Uhh... 3 letters for you. D.N.S.
It pains me to think it, but how long before we see "IPv6 shortening services"?
Why type either? You should look at getting DNS up and running on your systems. It's a bit cutting edge, but well worth it.
Hmmm... Looks like the tiny URL problem all over again. We need tiny IP! :)
You don't need NAT to run a firewall that has the same security functionality as NAT
Do you seriously believe "the addresses are really long" is going to be the main thing blocking IPv6 adoption? Or even something the average person will care about in the slightest?
I have to say that this is what struck my eye :
In addition, DirectAccess can be integrated with Network Access Protection (NAP). NAP, which was introduced in its current version in Windows Server 2008, automatically checks that a remote PC has up-to-date software and the proper policy-set security settings.
OK, it checks for software status, which I guess is cool, but what makes me suspect that there is a "Refuse to operate unless the licenses appear OK" aspect to this ?
By the way, this sets up an IPSEC VPN, so I am not sure why the OP says it doesn't require a VPN.
.... right now they're a necessary evil. There's no reason why you couldn't eliminate VPNs altogether if you ran every service over SSL and verified the client certificate before granting access. Though of course that's of limited benefit unless you can configure every application that needs to be accessed remotely to do this, regardless of server or client OS (...or you don't need to care because you only run applications which can be configured like this).
Knowing Microsoft, this is only useful if all your clients are Windows 7 and all your servers are Windows Server 2008. Can any early adopters confirm whether or not this is the case?
the even versions are stable, the uneven are testing, so i'd like to ask the question what happened to ipv2?
I might be in the minority here, but I'd rather type "www.whatever.com" than either of the other choices.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Theres lots of places that don't really use DNS tho, for example game servers or other servers run by individuals. In some games you even have to manually type in the address if you want to connect to your friends server. Maybe we see a major increase in those FreeDNS type of services.
But at least one pain in the ass there is; if you need to transfer the address on paper or otherwise manually (setting up or fixing networking etc)
Your average Joe probably doesn't even know what IPv4 is, let alone the reasons for going to 6
-EL
Mod parent up. If you can map between the "inside" and the "outside" of your organization you can drop packets coming from the outside just as readily.
The World Wide Web is dying. Soon, we shall have only the Internet.
Here's a brief explanation
And here's a snarkier internet response
Yeah, typing in IP addresses is a pain in those situations. Maybe in future Microsoft will add a "cut" and "paste" feature to Windows 7, like they have in OSX - that should make life easier.
Even worse is the fact that a lot of routers still can't handle it.
This has caused a lot of problems for users of Ubuntu Karmic Koala, which enabled IPv6 by default.
After upgrading to Kubuntu 9.10 I was getting huge delays and failed connections (but not all the time) on everything from Konqueror to apt-get.
It turns out the problem was a bug in my DSL modem, causing it to choke when trying to connect to a host that has IPv6 enabled.
I was able to work around it, but a lot of people are still having trouble.
Let's see how Microsoft deals with all the older installed hardware.
We won't run out. It's like peak oil - we won't just have one random guy scrape and hit rock bottom and suddenly the world panics. It'll become gradually harder and harder to find and prices will slowly go up, reducing consumption. Essentially, we'll never use 100% of our oil until it is completely superseded by newer technologies. Same with IPv4 addresses. They'll become more and more valuable, universities with 16.7 million each will be forced to give them up, and we'll have more and more bureaucracy surrounding the IP address system. IPv6 will come in slowly.
We looked at deploying DirectAccess, but after months of talks and discussions with Microsoft, they finally came out and told us that it wouldn't work unless we rolled out IPV6 (and pushed other MS services (CA, DC) externally). We passed. We decided to stick with SSL VPN for most and Cisco AnyConnect client for our Win7 64 bit rollouts. Maybe next time, Microsoft?
Yeah.. I'll just toss out my vpns and start using the MS solution which greatly simplifies remote access security.. I can see lots of people will be running to this.. Yeah..
Dynamic DNS, then. I use that for remoting into my computer and router from other places.
Hail Eris, full of mischief...
E pluribus sanguinem
While it will be useful, I don't think widespread usage of IPv6 will start before we run out of IPv4 addresses.
I rather type in 49.1.4.22 than 2001:db8:85a3::8a2e:370:7334
I don't think that'll happen until we run out of words and names!
--Greg
"According to this article at IT Expert Voice, Windows 7 and IPv6: Useful at Last?, we've had so many predictions that this will be ,'the year of IPv6' that most of us have stopped listening."
Kind of like Linux on the desktop!
Uhh... 3 letters for you. D.N.S.
I've been involved long enough to remember people saying DNS A6 records were the wave of the future, and look where they are today.
(Yes I know, use AAAA now, I'm just pointing out the turmoil)
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Offtopic, but I'd much rather you typed in whatever.com.
--- Mr. DOS
IP6 (and DirectAccess) in no way require you to remove a firewall between you and the rest of the universe. NAT however, can go away.
"I use a Mac because I'm just better than you are."
I'm not a big fan of djb but he hit this nail right on the head.
http://cr.yp.to/djbdns/ipv6mess.html
Who the hell needs 13 Gazillion addresses on their LAN? On the internet sure, ok....who the fuck going to connect a Windows box to the internet without NAT/Firewall?
Network address translation came into use because you had limited supply of IP addresses, pigeonhole problem basically. With IPv6 that's not needed, because surely 3.4×10^38 addresses should be enough for anyone. You'll just need a firewall to reject requests from outside your own assigned block.
Off-offtopic, but I'd much rather you typed in example.com. Don't refer to what might be a real URL as an example when you've got a name reserved by RFP for that purpose.
Do you seriously believe "the addresses are really long" is going to be the main thing blocking IPv6 adoption? Or even something the average person will care about in the slightest?
I agree to the 'average' person IP4 addresses are already too long.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Except that it doesn't work with the networking you have.
http://ipv6.youtube.com/watch?v=oHg5SJYRHA0
I'll just leave this here. Although the URL isn't currently valid, it will be once ipv6 rolls out.
It is a very tough feature to code however, just ask the guys who failed to add it to the iphone for several years...
BGP filters are hard enough in v4 can you imagine doing this crap?
ipv6 prefix-list ipv6-ebgp-strict permit 2a00::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict permit 2801:0000::/24 le 48
ipv6 prefix-list ipv6-ebgp-strict permit 2c00::/12 ge 19 le 32
ipv6 prefix-list ipv6-ebgp-strict deny 0::/0 le 128
Forget it.
I couldn't fail to disagree with you any less.
And that was just by paragraph four. I gave up -- this person can't write. I'm certainly not going trust that this "Expert Voice" can assemble facts correctly.
IPv6 is only required for the VPN side. The Internet connection on both sides may still be IPv4 however. Read TFA for more details. I have a feeling Time Warner will be in no rush to upgrade my neighborhood to IPv6 no matter how many companies start using DirectAccess.
IPv6 is very useful the same way electricity in a socket is useful. The two things both provide basic infrastructure for running more sexy, feature-laden things that consumers actually want.
Users didn't opt for opting out of IPv6. Large telcos didn't spend enough money soon enough to get the upgrade rolling in a tragedy of the commons kind of situation.
Apart from leaving CIDR out of the picture, the second sentence is simply not true. The upper limit of usability is around 30-50 computers / public ip these days, if those computers are using the internet. NAT breaks so many things...
This sentence might give you the impression that you can run IPv6 with Windows XP. That's not the case, it misses DNS resolution through IPv6 and DHCPv6, so while it supports some things, the IPv6 support is far from complete.
No, when the technical people at large telcos are given the money and mandate to deploy IPv6 that's when it'll happen. When the head honchos who held back the upgrade for financial reasons and the lack of government regulation in a classic example of the tragedy of the commons realise that IPv4 blocks will be gone by 2011 fall from the IANA pool and a year later from the regional registries, they'll panic and start throwing money, excuses and horrible stopgap solutions at the problem, which could have been avoided to head for this bloody showdown we're going to see in the next couple of years as everyone will a. try to grab as many addresses as possible to keep telco projects in the pipeline from sinking b. franctically scramble to upgrade.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
On the internet sure, ok....who the fuck going to connect a Windows box to the internet without NAT/Firewall?
If you've never had a problem with NAT, you don't have enough uses for the internet. I used to be a firm believer that NAT was a seemless solution to the problem of not having enough IP's.
Once you try implementing it in the professional world, where you have to worry about not just NAT but NAPT, because you've got Webservers, Print Servers, Email Servers, Backup Servers, File Servers, Application Servers - and then you've got to implement some service such as Remote Desktop from a WebApp (that has to get past the Proxy, no less), so that those who want to work from home can Remote into their PC without a VPN - lets just say that even a small handful of extra IP's would help, and if we COULD get each PC it's own individual IP, it'd be much appreciated.
It's not that it's impossible to do what you want, its just that as things grow, things get more convoluted, and doing such tasks take far more troubleshooting.
From a security point of view, I'm probably going to blackhole all IPv6 into a honeypot now. Think about what this technology does. It allows unsolicited connectivity into your network without audit. And I quote:
Admin Tom Perrine, chiming in on the LOPSA forum when asked to contribute thoughts for this article, had four major DirectAccess concerns: As an Enterprise customer, he needs to be able to at least:
. set specific policies (no split tunneling)
. force specific VPN technology including encryption algorithms (IPSEC, AES, etc.)
. ensure proper key and credential management, including two-factor or challenge/response
. audit activities while user is connected to the VPN.
The article goes on to discuss the first one. Nothing whatsoever on the other three. Not to mention that if the machine fails to get the updated GPO it fails OPEN. Everything here I see says it 'just works' and there is almost no talk of admin control. I'm having trouble coming up with a good enough string of expletives to cover my emotions. Wow. Just wow.
What exactly is the security mechanism, then? Username/Password? I see comparisons in TFA being drawn to web portals. Well I don't know about your shop, but around here we have planned for the web portal to be compromised at some point, and have limited the data available. We have NOT made that assumption for the heart of our network, and I'm unsure how long I'd keep my job if I made that case.
As stated in TFA it sounds much easier to just shut the protocol off until there's a pressing and urgent business need to enable it again.
Theres lots of places that don't really use DNS tho, for example game servers or other servers run by individuals. In some games you even have to manually type in the address if you want to connect to your friends server. Maybe we see a major increase in those FreeDNS type of services.
Pretty much every machine has a DNS name these days. They aren't usually authoritative... But for a LAN game it'll do.
For non-LAN games you've frequently got some kind of server listing service or match-making service out there that can help you find your buddy's server. Or you could always use DynDNS/No-IP/whatever to get yourself a DNS name.
But at least one pain in the ass there is; if you need to transfer the address on paper or otherwise manually (setting up or fixing networking etc)
Again, many (most?) devices have a DNS name of some sort.
If not... Yes, it can be a pain to write down an address. And the extra address space in IPv6 is going to make that more painful... Although there are shortcuts built into IPv6 that let you shorten the address...
But, seriously, is that a reason not to adopt IPv6? There's too many digits, it's too hard to write out by hand?
"Work is the curse of the drinking classes." -Oscar Wilde
Yes NAT is a pain..and some cases breaks business apps. Hair Pin turns are the bane of my existence. But you are saying place thing either outside a firewall because its easier, or place your support staff on the Internet with out VPN?
I agree that ISP have a need for IPv6. But why would a Windows 7 user need it? Default out of the box? Or did I miss read that MS has that service on by default?
IPv6 is actually the anti-Y2K. This is a problem mainly ignored by mainstream media that has the potential to affect the global economy, while Y2K was a relatively minor issue compared to this, which got overhyped by the media.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Who the hell needs 13 Gazillion addresses on their LAN? On the internet sure, ok....who the fuck going to connect a Windows box to the internet without NAT/Firewall?
While I don't think I'd recommend connecting any machine - Windows or otherwise - to the Internet without a firewall... I don't see why you think you need NAT.
NAT is Network Address Translation. It has absolutely nothing to do with security. It's a way to overload a single public IP address and funnel multiple private IP addresses through it.
Yes, NAT gives you a default, basic firewall just because you have to explicitly define incoming translations. But there's absolutely no reason you need NAT in order to do a firewall.
I've got dozens of servers sitting behind firewalls with absolutely no NAT going on at all.
"Work is the curse of the drinking classes." -Oscar Wilde
In some games you even have to manually type in the address if you want to connect to your friends server.
Either you're playing some older games, which came out when TCP/IP Was just starting to Boom and didn't have any DNS functionality built in - or your friends aren't hosting their server on the web, and thus DNS wouldn't resolve it - or your friends aren't port forwarding properly for that games specific host-finding service to pick it up.
In any case - if you are willing to go through the trouble of communicating an IPv4 Address to join a game, making it an IPv6 address will either be the smallest most miniscule inconvenience that you'll forget after its deployed
OR
You'll learn to set up servers and DNS in such a way that they will work without you needing to memorize and jot down IP addresses.
Either way, its moving forward.
until I installed windows 7 and it got an ipv6 adress automatically without a hitch.. (only used straight XP boxes and a FreeBSD with static ipv4 ip before)
Apparently my isp has been doing native ipv6 for almost a year now and it works like a charm.. for ipv6 enabled sites and services that is. ;)
(Bahnhof in Sweden)
Actually, I'm surprised that Google's current IPv6 roll-out (by attaching AAAA records to their domains for qualifying name servers) doesn't include youtube.com yet.
Meh, we need a solution to let regular business dev reps to Remote in from home (not the support staff) without a VPN. It'd be nice if it was hosted in a web app so that we don't have to install anything on Client machines. (Something Like Remote Web Workplace).
Windows 7 has DirectAccess or whatever they're calling it, which supposedly allows for this to happen, and it needs IPv6 to run I guess.
I hate lazy people, and I'd much rather you typed "http://www.whatever.com". I mean, otherwise how is your web browser supposed to know to use hypertext transfer protocol??
"But this one goes to 11!"
Will ISP give more then one IPv6 IP? or will they make you pay? comcast may want $5 per pc.
also how many DSL and cable modems even can do IPv6? how many rented ones? routers? cable phone and HSI modems (that are forced rented?)
The funny thing is, however, that NAT isn't entirely obsoleted by ipv6... because it is almost inevitable that ipv6 space will be almost as poorly managed as ipv4 space was in the beginning, we will probably still run out of ipv6 space sooner than we otherwise would. Of course, due to the sheer size of ipv6 space, I suspect that's not likely to happen in most of our lifetimes.
Notwithstanding, however, thanks to this quaint little notion of "extension headers" in ipv6, it is even entirely possible to route _THROUGH_ a NAT... directing packets to specific machines inside of the NAT as long as the NAT is configured to act like a router and to process the appropriate extension headers... an upshot of this is that it would effectively increasse the total number of usable IP's, because the effective IP address length would be extended by however many bits of address you put into the extension header. This process could even be chained through multiple levels of NAT's _theoretically_ indefinitely, but in practice would always be limited by the sizes of the routing tables involved, and whatever the minimum MTU for an IP packet is at the time (which is theoretically as small as 68 bytes today, but nobody uses them anywhere close to that small). Individual IPv6 packets have a maximum size of 64K each, so there's a hard limit in how big it can get regardless of how much the MTU goes up.
File under 'M' for 'Manic ranting'
IPv6 wont become widespread until the millions upon million of existing routers that do not support it die of old age.
"His name was James Damore."
Have you looked at the Sonicwall SSL/VPN appliance? I'm sure that there are probably other vendors and even open source solutions that provide similar functionality. With the Sonicwall device all you need is a web browser and you can have a secure remote desktop connection into anything on the private network. I think you can also publish individual applications (a la Citrix, etc) but I never had to get that fancy with it.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Anyone can type a DNS name. An ipv4 address is a bit cooler. But just imagine your coworker's respect when they see you telnet to 2001:db8:85a3::8a2e:370:7334
.sig: No such file or directory
I actually do that http thing. It's not that I'm espeically diligent, or think the browser won't guess correctly, it's somewhere between a persistent habit and a neurosis. On the other hand, I am diligent about getting the https:/// ones right.
2*3*3*3*3*11*251
-- three Microsoft related stories out of four.
I hereby dub Slashdot "Microdot!"
Oh, wait....
Yeah, I'd be right there with you *if* it wasn't an error to make the root record for a DNS zone a CNAME (which would apparently break mail services, among other things - I'm not a DNS *or* E-mail expert, ymmv)
So if your hosting infrastructure is managed separately to your customer's DNS records, they can either only point HTTP requests at your entry point (load balancer du jour) or they have to statically configure it as an A (or A6) record - and then it becomes *your* problem when you retire an old uplink and their website doesn't work anymore.
Also, a redirect is at *least* one extra round-trip; so if your brain-dead clients (see: 'Webmins') put the 'www' in their phpbb or Gallery configuration - adding extra round trip to every resource in a request - they start complaining about hosting performance...
The modems are layer 2 and below devices. They don't know or care.
Routers are the real problem as far as customer premise equipment goes; however, the relevant functionality is typically in software on most consumer routers. Ostensibly this means that manufacturers can release a firmware upgrade.
I find that the turnover on those router boxes is rather high, so I suspect that newer routers will ship with it and the problem will slowly go away.
0:0:0:0:0:0:0:1
or ::1 shorthand.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
IPv6, with its 128-bit addresses and the resulting astronautical address range seemed the perfect answer.
Along with the last vestiges of privacy in IP space. Every single connection you make traced directly to you instantly. Joy.
For the sake of argument, I will suppose that your ISP gives you IPv6. What makes you think they'll give you more than one working address? Verizon and Comcast are known for their greed an ineptitude. For competition you need at least 3 viable choices.
Yoghurt
Yeah, we wimmin shouldn't oughta write about tech stuff. It just remind youze guys how much smarter than you we iz. And makes youze cry. ::Removing tongue from cheek with prybar::
By definition joining a Friends' server shouldn't be any more difficult than clicking "Join Friend's Game". That's what Steam and Live are for.
Even in my home network with only 4 machines I use DNS. moocow, the cowlaptop and eatingcows. Easy to remember and spell, and i run both ip6 and ip4.
The Grey Goo disaster happened 3 billion years ago. This rock is covered in self replicating machines!
an upshot of this is that it would effectively increasse the total number of usable IP's, because the effective IP address length would be extended by however many bits of address you put into the extension header. This process could even be chained through multiple levels of NAT's _theoretically_ indefinitely, but in practice would always be limited by the sizes of the routing tables involved, and whatever the minimum MTU for an IP packet is at the time (which is theoretically as small as 68 bytes today, but nobody uses them anywhere close to that small). Individual IPv6 packets have a maximum size of 64K each, so there's a hard limit in how big it can get regardless of how much the MTU goes up.
In the context of extending available address space, there's also a hard limit on number of addressable entities (such as atoms or Planck length grid positions in space-time) in our universe. Just a small fraction of 64K maximum packet size should be plenty for having enough extension header space for addressing whatever you can imagine to address.
cut&paste sort of works everywhere. except where it doesn't.
for example, there's still no cross platform cut and paste support in sdl (http://www.libsdl.org/), which is a major pain in some cases.
Rich
Maybe oil won't run out, but it can (and likely will) be superceded by something superior, regardless of whether there's still some left or not.
I think the same can be said for IPV6. It's not just more of the same, but something better.
I wonder why no one has asked; does i4i make the whole world blind?
I'm sorry, but you're simply uninformed. This is exactly like global warming and I made the analogy before in reverse.
In both cases, the experts say it's happening and it's a problem, while layman continue to have a flawed and incomplete picture. For example, you're stating that "it'll be harder and harder to find", however there is no market in IPv4 addresses, they are not sold or bought at the ISP level, but rather they are supplied on demand by the registrars. Market analogies do not apply. It is a finite resource with extremely low elasticity in supply. Partitioning IPv4 addresses to small chunks and coming up with a procedure to reclaim them would be extremely hard, for routing reasons. Even if you'd attempt to set up a market for IPv4 addresses, you'd need global agreement (the Copenhagen Climate Summit showed recently how well that works out) and you'd risk fracturing the Internet due to conflicts of interests when it turns out that you can't get IPv4 addresses anymore unless you pay for them. The question who gets the money is a big open question. To put it simply, you just can't apply market schemes to a finite addressing scheme. It does not work.
Oh, and just to lay the "universities with large address spaces" argument to rest, even if we'd reclaim the legacy spaces, we'd extend exhaustion by 3-5 months. No, an IPv4 address market is not viable, is not going to happen and we're better off focusing on migrating to IPv6 instead of picking the "do nothing" option and waiting for a panic solution when the IPv4 addresses run out in 2011 (IANA pool)/2012 (RIRs). Besides, why meddle with temporary solutions? Data shows that IPv4 address space consumption is accelerating. We simply need IPv6 to provide for the increasing addressing demands.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
They'll become more and more valuable, universities with 16.7 million each will be forced to give them up, and we'll have more and more bureaucracy surrounding the IP address system. IPv6 will come in slowly.
The problem with breaking up a /8 is that you can't just spread around 16.7 million addresses to the individual machines around the globe that need them -- not unless we're ready to handle the massive explosion of routing table entries that would require (and we're not). CIDR still defines a routing hierarchy, where the huge swaths of free addresses exist within that hierarchy isn't necessarily geographically where they are needed, or where the systems that need them are going to be able to connect to them.
Not to say that some breaking up of largely unused /8's and /16's can't be done -- just that it's nowhere near as trivial a problem as most people seem to assume it is. It isn't like there is an abundance of resources in one area, so we can put them on a ship and send them to an area where the resource need exists.
Of course, all of this presumes that the holder of the /8 is using it in some sane manner where is it even possible to break the address space into routeable blocks...
Yaz.
"According to this article at IT Expert Voice, Desktop and Linux: Useful at Last?, we've had so many predictions that this will be 'the year of Linux on the Desktop' that most of us have stopped listening. But Ubuntu may have new life breathed into it because Ubuntu is a requirement for my mom."
I kid, I kid.
It will be a cold day in Hell before I plug a Windows system in both outside and inside the firewall.
Seriously, is Microsoft suggesting you hang pwn me signs on your servers too?
To be clear. Best practices has been and always will be to place a firewall between all your servers and the internet.
It would make more sense if the requirement was to plug one NIC into a trusted DMZ for remote access users to attach to (and gain slightly-elevated privileges), and another NIC into a less-trusted DMZ, to accept only valid DirectAccess traffic.
it won't be this bad live. first 64bits are your country/state/city/isp, the last 64 bits is you. It will be more like ABCD:DEAD:BEEF:1234::1
Since I'll have 18,446,744,073,709,551,616 IPs for my personal use, I would subnet my home network quite nicely. Yay for no more NAT
Not sure about sonicwall, but other ssl/vpn setups i've seen required that your browser support activex and you permit the site to execute arbitrary code, where it installs a kernel driver (like a normal vpn client would)... I always thought the idea of allowing your browser sufficient privileges to load kernel drivers seemed extremely insane.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Can you recommend any implementation of cut & paste that works over the phone? Preferably open source of course.
Comcast will give out /64s from what I recall. That's the smallest allowed network size for most IPv6 tools (radvd etc).
That leaves 2**64 addresses for your home network, or just let your hosts auto-create their local address which is the default config.
Normally, I would use example.com; in this case, I was imitating the parent. I do understand what you're saying, though.
--- Mr. DOS
Sad but true. For some reason I just had a thought that at some point when we run drastically low on IPv4 space, the US gov might, much like it did with the analog to digital TV transition, be handing out coupons for low end crappy IPv6 routers.
Along with the last vestiges of privacy in IP space. Every single connection you make traced directly to you instantly. Joy.
You have never had privacy in IP space. Not even behind a NAT. Whoever is maintaining that NAT could have every packet you've ever sent (extreme, but possible), and if it is you who are maintaining the NAT, then at best you've obfuscated your topology but it will be traced back to you. Besides, it isn't like proxy servers and services like Tor will stop working when IPv4 becomes a legacy protocol.
nice one!
Off-offtopic, but I'd much rather you typed in example.com.
universities? if it was just universities. /24 subnets and making no real use of them, hiding them completely behind firewalls. how about these fuckers just use 10.* and give their huge blocks to providers that are in real need (like qsc), having to let go of business opportunities otherwise because of the shortage.
what really drives me mad is corps like ford, general electric, daimler, merck,... having
I can easily identify the host internal to my ipv6 network, they all get the same prefix. With ipv6 your not getting random addresses assigned, instead you will normally get a block of adresses to use inside your network.
I tried to help those iPhone guys, by sending them the contact of the SE guys, who implemented that feature even on my cheap little walkmanmobile, ... but all they got was sms with garbage vcard code...
That's only 3. What's the 4th?
who the fuck going to connect a Windows box to the internet without NAT/Firewall?
Teeming multitudes of clueless users who only have one computer and therefore never got a router. Every one of their boxes is totally owned, but they're oblivious.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
I've got several reasons to expect a proper ipv6 netblock from my ISP:
1. Thats what I'm currently already getting from my ISP.
2. Thats how ipv6 is supposed to work.
3. Thats will be the default configuration of big routers.
4. Ipv6 addresses will not be scarce, so handing out single addresses instead of blocks will not save any money.
5. Actually, not using the default mac-address based numbering scheme will complicate configuration and will raise the requirement on end-point routers, so it's actually likely to be more expensive.
6. I won't pay any ISP which offers 'ipv6' and then hands out single addresses, so should you.
Last I checked, their IPv6 trial networks were handing out prefixes shorter than /64. I'm predicting either /56 or /60 myself.
jhw
a feature of Win7 requires IPV6. gb
I've been involved long enough to remember people saying DNS A6 records were the wave of the future, and look where they are today.
(Yes I know, use AAAA now, I'm just pointing out the turmoil)
Quite clearly not there yet. Who needs ipv6 if it doesn't have /.?
But frankly, ipv6 is still growing. Way to slow, but it's far from dead. My ISP is currently experimenting with native ipv6 on there DSL lines, google is also pushing towards ipv6:
For now that's on selected ISPs only, but I'm using it daily. And more stuff like that is popping up regularly, all small steps, but moving in the right direction.
Respect the Constitution
I think the site you did link to was pretty appropriate.
I didn't even know the effort existed, but I applaud it.
Is there a more difficult letter to say 3 times fast than w w w?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Good, simple VPN solutions are a commodity nowadays. VPN is easy to do, easy to manage, easy to deploy. DirectAccess does let you be 'on the network' at boot time, but outside of that, it's just a more complicated and vendor and version specific way to do something that is already cheap and easy to do in a universal, vendor-neutral way.
s/can go away/should go away/ There, fixed that for you :-)
thereisnocowlevel
The funny thing is, however, that NAT isn't entirely obsoleted by ipv6... because it is almost inevitable that ipv6 space will be almost as poorly managed as ipv4 space was in the beginning, we will probably still run out of ipv6 space sooner than we otherwise would. Of course, due to the sheer size of ipv6 space, I suspect that's not likely to happen in most of our lifetimes.
In most of our lifetimes? Per Wikipedia:
The very large IPv6 address space supports a total of 2^128 (about 3.4×10^38) addresses—or approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.5 billion (6.5×10^9) people alive in 2006. In a different perspective, this is 2^52 (about 4.5×10^15) addresses for every observable star in the known universe.
It will take way more than poor management to use up all those numbers in any timescale with meaning to a human life.
Do what thou wilt shall be the whole of the Law
Quick question re: IPv6. Those groups of four hex characters, is there an "official" name for them? I call them quads.
When our name is on the back of your car, we're behind you all the way!
Or this:
And, even better:
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
ipv6 already has an addressing scheme for private networks, Unique Local Addresses.
There's no justification for using that as support for need for nat.
The recommendations have been that end-users get a /64 (a single subnet with 64 bits worth of addresses to work with)
Originally when more subnets were required the recommendations were to allocate a /48 per business customer (65,535 /64 subnets) but that has been since relaxed to /56 (256 subnets) for small businesses.
Quite clearly not there yet. Who needs ipv6 if it doesn't have /.?
The problem is that on the client side there are a ton of computers with broken IPv6 routing (6to4 for example fails for me with a large number of hosts). So if you have a server with AAAA record and a client with broken IPv6 routing the webpage will stop working or at least be pretty slow, as you have to run into a timeout before falling back to IPv4. Without an AAAA record stuff just works and as there is zero benefit of IPv6 for a service like slashdot.org its just wise to not use it.
The benefit of IPv6 lies in P2P communication, not in the classic client->serverfarm webpage.
I rather type in 49.1.4.22 than 2001:db8:85a3::8a2e:370:7334
Meh. Besides the question about why you'd type either given the existence of DNS, my machine's IPv6 address is 2001:470:c:36b::1. Since pretty much EVERY IPv6 address in use in the near future begins with 2001, you don't really have to remember that, which means all I really have to remember is 470:c:36b. I think that's easier than any IPv4 address I've ever had.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Last I read, which was a few years back, that only the first 64bit of the 128bit address space is actually assigned. The other 64bit of the space is for the end user to use. This may have changed, not sure.
I found this while looking around
"Globally addressable IPv6 unicast addresses are in the IPv6 Global Unicast Address Format which has a three level hierarchy that includes a Public Topology (the 48 bit external routing prefix), a Site Topology (typically a 16 bit subnet number), and an Interface Identifier (typically an automatically generated 64 bit number unique at least on the local LAN segment)."
From what I'm reading, the first 48bits is routing info, so like to the local ISP segment; if i remember correctly, this part is based on geographical locations. The next 16bits is for the ISP to subnet for that location. The last 64bits is for the local "LAN" aka end user??
yes? no?
Set up a network properly and you very rarely ever need to type an IP once its been set up.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
So you're expecting all the people who set up private LANs to also setup a DNS on that LAN? Like that will happen.
Not to mention the games have to support IPv6 too...
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
You do know that not everyone, and especially the casual gamers, don't pay for a gaming service like Steam and Live, right?
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
What happened to IPv1, IPv2, IPv3 and IPv4 The short answer is that they never existed.
Get your free Dropbox account with 2 GB Free storage!
Just looking for someone who has any idea on what the state of adoption of IPv6 is at?
Is there anyway for me to tell if my ISP and similar has adopted it?
Are there gateways which translate IPv6 to IPv4, so users can adopt ONLY IPv6 while maintaining backwards compatibility at the ISP level?
One impediment to adoption is that, even nerds like me, who are interested in it, but aren't die hard fans, don't know much about it. The best thing I see from it, is having an address space that is public and under my control. Looking forward to that!
This is my footer. There are many like it, but this one is mine.
Umm... We tried Sonicwall's SSL VPN functionality and it SUCKS eggs!!
Frankly I wouldn't touch Sonicwall with a 10 foot pole!!
I am sticking with open source such as PfSense
I'm pretty sure I've heard that before.
The only reason I think we should have an IPvX, or an extensible standard that allows longer strings, is that you never know what people will use it for in the future. Anticipating future needs and then saying "This is good enough, forever" has never, ever worked. And people have said largely the same thing about every past technology.
Who would ever need four billion addresses? Only COMPUTERS will be using them and only universities and big businesses have those!
The only thing that is exhausting is the manifest stupdity of the IETF. The world is running out of IPv4 addresses so lets direct the reserved class E block (1/16th of total IPv4 address space) to be released for use as private network space because god knows the current allocations for that purpose are not more than enough for even the worlds largest corporations.
We need a new IP protocol so lets forget the fact payload size of 50% of all Internet traffic is 40 bytes and invent a protocol with an absurdly unecessary 128-bit addressing scheme.
Then lets fuck up the deployment, not take interop seriously and change our minds WRT transition mechanisims so many times it hurts. Can someone please tell me WTF the difference between ffff::x.x.x.x and ::x.x.x.x are and then think about what you just said.
Then while we are at it lets break cardinal rules of decoupling ISO layers with %interface designations as if we didn't already learn our lessons on why breaking the network knowledge rule with IPSec and SIP tend to lead to extraordinary deployment disasters.
Now that we're on a stupid streak lets make it so IPv6 computers can't address themselves using their own frigging network facing address.
All of this while rejoicing the end of NAT without understanding people don't want to pay for OR expose knowledge of individual systems within their network..let alone this link-local IPv6 MAC mapping nonsense.
Sorry just blowing off steam... on the bright side at least slapper worm type propogation will no longer be feasable with such a massive address space.
Oddly enough I've found most programs that won't let you cut and paste with the mouse will happily let you do it with the keyboard shortcuts.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
Microsoft fielded this stuff in windows 2000. It will work just fine the same way, controlled by gpo's configuring ipsec settings, the same way it would have with ipv4, except that since almost all ipv4 internal networks are behind a nat firewall it doesnt work for vpn remote access. Instead it was touted as a way to harden your internal network.
To work across the internet this requires that the entire internal network be publicly ipv6 addressed and accessible, at least for the ipsec protocols and no ipv6 nat, which currently isnt expected to be in any real use, but who knows?
Many of us have patched SDL ourselves with the functionality. I cribbed code from tightvnc and got it work on x11(well linux), osx and win32. but I didn't try to support any other platforms.
a function to set a selection string(SetClipboardData). a function to get the current clipboard(GetClipboardData). to do a cut or to end a selection I just handle setting an empty string as a special case (EmptyClipboard).
the linux and osx version was easiest. I took a lot of liberties with pasting in a bunch of win32 source I didn't understand. Other patches out there are much better than mine, and don't have questionable copyright/license status.
(I don't use SDL anymore, preferring my own OpenGL wrapper or GLFW.)
“Common sense is not so common.” — Voltaire
In most of our lifetimes? Per Wikipedia:
The very large IPv6 address space supports a total of 2^128 (about 3.4×10^38) addresses--or approximately 5×10^28 (roughly 2^95) addresses for each of the roughly 6.5 billion (6.5×10^9) people alive in 2006. In a different perspective, this is 2^52 (about 4.5×10^15) addresses for every observable star in the known universe.
It will take way more than poor management to use up all those numbers in any timescale with meaning to a human life.
That quote from Wikipedia you pulled, is immediately followed by this:
"While these numbers are impressive, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses allow a better, systematic, hierarchical allocation of addresses and efficient route aggregation."
If we could arbitrarily ignore the network structure and special ranges assigned in IPv4, we have 4.2 billion possible IP numbers (2^32). Do we have 4 billion computers on the Internet? No. Do we have IPv4 shortage? Yes. In fact we had IPv4 shortage even back in the early 90-s when Internet was far from being mainstream yet (which prompted the jump from classful network to CIDR).
Field has a specific headache he’s hoping DirectAccess will ease: file synchronization. “Someone might take their laptop home for weeks or months at a time, and it won’t synchronize their files on the network until [the laptop] is brought back in.” He anticipates that DirectAccess will make his life easier because he “won’t need to worry about people losing files because they rarely bring in their laptop,” he says.
What!!!- has he actually tried file sync-ing over something that's more than about 10ms latency away....and thats most people off LAN these days.
I read with interest Mr Field talking about GP and all things M$, he needs to get out more. GPO's are good but they can be complemented by other technologies, not just what M$ gives you in this particular release. monocultures bad and being brain washed into a single vendors view is not a good idea.
Then again, some of us dont use the randomized ipv6 addresses but rather get to choose the numbers ourselves (especially for servers which you may need to enter ips for), and in those cases, you can get away with having to remember five "octets" instead of four, like 2001:abc:def:123:: which means it will be possible to learn for you to use when the DNS is unusable.
-- I'm as unique as everyone else.
bah, my neat < > disappeared. After the ::, you get to choose your own number, just like as if you would on a v4 subnet.
-- I'm as unique as everyone else.
Besides: if you really want, you can NAT IPv6. IPv6 has private address blocks just like IPv4.
Honestly, NATing might be useful just to avoid network renumbering if you're not big enough to get an AS number.
It's not *that* evil, because with IPv6, we'll have enough public addresses to make a one-to-one NAT scheme feasible, which will allow incoming connections to work transparently.
Ya know, I looked and I don't see any IPv6 support on DynDNS. Until more DNS servers support IPv6 it's adoption will still fall short. Fundamentally changing how you network is no small feat. I predict organizations will deploy IPv6 internally first, then upgrades will move further out. For instance, my 4 month old top-end Sonicwall doesn't have IPv6 support. Not exactly a fringe piece of hardware. My Barracuda load balancers don't support IPv6. My Cisco 2811s don't support IPv6 without paying for a software upgrade. My HP Procurves at least support IPv6 but at this stage that's about it which fortunately for me, my primary routing is done on a Procurve so internally I can do IPv6 without much hassle. None of my gear is terribly old and I'm not afraid of learning new ways of networking which are more efficient and eliminate problems. Right now it will cause more problems than it solves.
And as an answer to your question, I write down product keys for software without much trouble so I imagine adapting to right out IPv6 addresses in hex wouldn't be that much harder than what I write down now. So no, I don't think that is hurting the adoption of IPv6.
My router has local DNS configured out of the box. I don't know any that don't. I play ioquake3 a bit. On ip6. Don't know about other games. ip6 will make games easier since it will get rid of the dirty evil hack that is NAT.
If information wants to be free, why does my internet connection cost so much?
NAT does not provide any measure at all of anonymity. In fact if you are not using TOR you don't have any anonymity. /. knows your IP, and can probably buy the database of time/ip/address allocations from your ISP. I am on a static IP, you could probably get the phone number on my desk within 30 mins without a warrant.
Also IP6 does provide for "randomized" addresses. So when you travel for example, your laptop would get different addresses( if you want). Or your home network would if thats what you want. But this is still not the same as anonymity.
If information wants to be free, why does my internet connection cost so much?
NAT and ipsec......now thats a nightmare...
If information wants to be free, why does my internet connection cost so much?
So why can't qsc get IP addresses from RIPE?
I can throw myself at the ground, and miss.
You haven't met my managers.
DRM 'manages access' in the same way that a prison 'manages freedom'
Will ISP give more then one IPv6 IP?
My ISP currently allocates (and routes) me 18446744073709551616 IPv6 addresses. They will increase this on demand up to a maximum of 1208925819614629174706176 addresses. Once I've used those I'll start to look for a new ISP.
This message coming to you from 2001:8b0:e9:1:21c:bfff:fe92:17c9
Why is anything bad said against IPv6 a troll? It's not like we're trolling, the addressing scheme is annoying, especially if your DNS is down.
He seems to have an obsession with cows, so my guess is "mywife". Badum dum
You're partially right, but the pain will be alleviated a lot by the fact that IP addresses will no longer be so precious that people cannot have fixed ones for lots of purposes... the main motivation for Dynamic DNS type services is for situations where people don't have fixed addresses which can be tied into DNS.
http://rareformnewmedia.com/
Ya know, I looked and I don't see any IPv6 support on DynDNS. Until more DNS servers support IPv6 it's adoption will still fall short. Fundamentally changing how you network is no small feat. I predict organizations will deploy IPv6 internally first, then upgrades will move further out.
It's kind of a chicken/egg problem right now.
Individual businesses don't want to upgrade to IPv6 because there's no real return on the money. It doesn't really enable them to do anything new and amazing.
Various web sites don't want to upgrade to IPv6 for the same reason. Since hardly anyone is using IPv6, there's no return for their money.
And ISPs don't want to roll out IPv6 for the same reason. Their customers aren't demanding it, and the websites don't generally support it, so there's no reason to roll it out.
For instance, my 4 month old top-end Sonicwall doesn't have IPv6 support. Not exactly a fringe piece of hardware. My Barracuda load balancers don't support IPv6.
I suspect that they're capable of IPv6... If the world were to suddenly switch over tomorrow I'm sure there'd be a software update available to keep them functional.
What worries me are all the crappy little home routers... The Netgear WGR614s and similar... I doubt if they'd have any kind of software update. You'd have thousands of people required to buy new hardware.
Right now it will cause more problems than it solves.
Which is why nobody really uses IPv6. And nobody will use it, until it solves more problems than it causes.
"Work is the curse of the drinking classes." -Oscar Wilde
So you're expecting all the people who set up private LANs to also setup a DNS on that LAN? Like that will happen.
Nope.
When you set up a Windows PC you give it a host name... Or sometimes it comes pre-configured with one from the manufacturer. Windows is able to communicate with other machines on the network, by host name, without actually setting up a private DNS server. Right out of the box.
Not to mention the games have to support IPv6 too...
They do, but I suspect that isn't terribly hard for your average game. There might be some packet optimization to reduce latency or something like that... But unless you're talking about the server side of some massive MMOG, they're probably just using somebody else's library or pushing the calls off to the OS.
"Work is the curse of the drinking classes." -Oscar Wilde
http://en.wikipedia.org/wiki/SMS
But on a more serious note, I see your point. Passing an IPv6 address between people would be a gigantic PITA. Now I'm not 100% sure here but can't you use IPv6 and IPv4 simultaneously? On IPv6-enabled LANs computers have both a v6 and a v4 address. Doesn't that mean that if you were at a LAN party, you'd only have to type in an IPv4 address to connect to the server? Still a PITA over the Internet (which obviously couldn't support v4 and v6 simultaneously...or at least it would be a pointless mess), but that's what DNS and DynDNS are for.
"When information is power, privacy is freedom" - Jah-Wren Ryel
IPv6 will be widespread when Comcast + Company support it natively, the webservers of the world are using it, and they decide to shut ipv4 off. At that point, every mom and pop still using a WRWT54G with default firmware will need to either upgrade, or buy a new router.
Either way, it's going to happen. The only question is when.
NAT is not useful. Before the advent of NAT, you had straightforward network topology. You had one DNS server telling the outside world your public hostnames, and that same DNS server telling your inside hosts all of your hostnames. And every machine had it's own network adddress.
And your firewalls did all sorts of smart filtering. Oh Johnny on the internet can get to the web server, but not the database backend.
NAT needs to die. NAT is a kludge, a hack. I for one will not be sorry to see it go.
And such was the case LONG before NAT came along.
The problem is that not using NAT prevents you from using the unroutable address space.
It also supports Java. Like the next responder said, he doesn't like Sonicwall and is sticking with PfSense. I've never heard of that product but it is probably worth looking into.
Pff, I routinely telnet to port 22 and do the encryption by hand. Copying pictures is a bit of a drag...
That's the SMB+netbios protocol. Not sure how well it plays with IPv6, though there do seem to be at least some patches for SMB for Samba; so it's likely to support it at least on the non-Windows side of the CIFS/SMB networking. However, that only works for games that recognize SMB, which is not all - though likely most.
Also, that relies on them being able to see each other via SMB, which can sometimes be very problematic - especially when systems are set up for different work groups, domains, etc.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
Uh, Vista (including Windows 7) and Mac OS X have had IPv6 enabled by default for quite a while now.
Also important to note is that NAT is a poor security method.
As I said earlier in this thread, both Windows Vista and Mac OS X have both had IPv6 installed and enabled by default for quite some time.
This has been done on the Mac via Back to my Mac since Leopard (2007).
Thank you for the info!