Slashdot Mirror
Why You Shouldn't Worry About IPv6 Just Yet
nk497 writes "While it's definitely time to start thinking about IPv6, it's not time for most to move up to it, argues Steve Cassidy, saying most can turn it off in Windows 7 without causing any trouble. Many network experts argue we're nearing network armageddon, but they've been saying that for years.'This all started when Tony Blair was elected. The first time. Yep, that's how long IPv6 has been around, and it's quite a few weeks ago now.' He says smart engineering has avoided many of the problems. 'Is there an IPv6 "killer app" yet for smaller networks? No. Is there any reason based on security or ease of management — unless you're running a 100,000-seat network or a national-level ISP — for you to move up to it? No. Should you start to do a bit of reading about it? That's about the stage we're truly at, and the answer to that one is: yes,' he says."
While I didn't experience it on my last 2 installs, I had to disable ipv6 in Fedora to get networking to work properly. I've since had it enabled no problem, but from my the perspective of most end users like me, we probably won't even notice when things start using ipv6.
Absolute power corrupts absolutely. indymedia
Is there any reason based on security or ease of management – unless you're running a 100,000-seat network or a national-level ISP – for you to move up to it? No.
What if you're writing web applications that monitor IP addresses? Shouldn't you be making sure that your regexp fits for IPv6 as well? What if you're storing IP addresses and your sanitizing your data? What if you're doing anything at all with IP addresses? Like monitoring logs for abuse? Shouldn't be preparing for the inevitable move to IPv6? What if you collect metrics so you can report to management your country by userbase? I say this because we've started to account for IPv6 in our coding and auditing.
What if you write any sort of firmware or software for network devices?
And if you're a consumer and you're about to purchase something that's going to last you more than three years you should probably make sure it supports IPv6 in case the computer you buy down the line can only handle IPv6 addresses allocated to it.
Go ahead and tell your readers that it's cool, Microsoft's got it covered. I'm going to err on the side of safety whether the armageddonists are right or wrong about the ETA.
My work here is dung.
Torrenting is the killer app. Very unlikely all the spooks have updated to ipv6 snooping.
Yeah, IPv6 solves some problems, but then causes others.
Anonymity is lost pretty quickly with IPv6, along with ISPs seeing how many systems you have running on their network, and it exposes systems to OS flaws. no more "hardware firewall" that I can see. The logic in fact seems to be nothing but a really big switched network.
In short, I dont like what IPv6 gives us over what we lose with IPv4.
Why do I feel like a Yo-Yo? One minute the sky is falling, the next it's no big deal! How about this, lets just get IPv6 implemented ASAP, and not worry about whether we need it right now or not. We're going to need it eventually, and frankly it's better to have it and not need it than vice-versa.
Word on the street is that some major cable/internet providers and content delivery networks (CDNs), and I do mean major, are quickly moving to get limited availability online to major customers within the next 12 months or so, and general availability by early- to mid-2012.
Procrastinate at your peril.
First of all, you are already using IPv6. Your computer is auto-picking an FE80 address, and every other machine on your switch could be talking to it (or attacking it) via this address. Bonus: many host-based firewalls let this right through.
Secondly, it is easy to set up IPv6. Just get an ISP with the addresses and set up AAAA DNS records for your servers.
Third: you need to have IPv6 working in the next year. In 2011, all v4 addresses will be assigned. Some people will be getting v6 internet addresses but NO v4 internet addresses. So if you want to be able to connect to them, you need v6.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Roll it out in the cell phones and the problem is solved! Most of the growth in the adress space is in the mobile space, so if the telecom backbone is made IPv6-compatible and all our fancy iPhones and Android phones resolve IPv6-adresses instead, we won't run out of adresses.
I'm still writing my Y2K compliance docs. I want to make sure they're detailed and complete before I turn them in to management. Have to get the font and formatting just right. Too soon to worry about the latest fads.
get word out that some site is streaming hd 3d porn, only available over ipv6, and whether its true or not, ipv6 adoption will go through the roof
porn always leads the way in the adoption of new high tech, every nerd worth their salt knows that
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Who the hell wouldn't like their toaster to have its own ip unique ip address?
I realize this article is coming from a corporate perspective but from a home user's perspective, I am really getting quite a lot from IPV6. I once had to poke holes in my firewall to get at internal machines on nonstandard ports when away from home. Now that they are IPV6 enabled,, I can address them directly. I can also access my Samba shares (ISP port blocking) and the SIP protocol works much better now that NAT is not involved.
The tunneling does add latency though so here's hoping the ISPs get native connectivity soon now.
The lack of SNAT/DNAT targets in Linux ip6tables makes it quite impossible to use ipv6 for any serious enterprise networking. Ipv6 multihoming can't be done without BGP, other solutions like mobile ipv6 or shim6 are - at best - a big mess, also who wants to broadcast his internal network topology/numbering scheme to the whole internet ?
There seems to be some kind of religious taboo here, where the only - supposedly - evil use of NAT (N-to-1 mapping) being taken into consideration, but this is IMHO just plain wrong. Also the NAT haters main argument is that it doesn't preserve end to end reachability (which is not even true for N-to-N mappings), but without NAT everyone is gonna use a stateful firewall for ipv6, and guess what ... the effect on reachability is almost exactly the same.
The other problem I have is with anonymity, without NAT every PC in your local network may be identified individually, there are many cases where this may not be desirable.
IMO ipv6 brings some nice new stuff to the table, the most obvious being the xxl address space, but takes away too much for me to consider using it for myself or my customers at the moment.
You are free to decide to put ipv6 or not in your internal network.IPv6 tries to simplify internal networks too, but if you have that already solved, no big deal. But you should be ready to deal with ipv6 when talking with other networks and, specially, internet. Having already ipv6 addresses in your servers that can be accessed from internet, having in your DNS the definitions for the ipv6 ips, and being able to connect to external ipv6 sites is something that still can be done
with time, and just because of that, should not be delayed to other moment when you will not have it.
As all can move gradually to ipv6, maybe big companies and content providers should give special services/content that make migrating early extra attractive, making users, not network admins, the ones to push forward the support of it.
A tad short-sighted ...
I don't much care about the address space issue, or how it has been largely surmounted by little numbers like NAT or whatever. Hey, when it comes down to it the switch will be made for that reason when necessary.
And IPv6 does have some cool features for content providers ... like multicasting, network auto-sensing, QoS header data, a much bigger header space, some additional packet security and socket management and the like. Other than that the experience for the user is pretty much IPv4 with some added niceties (like being able to log on from any network location or pipe completely transparently for example).
The downsides of course are the lack of sophisticated network tools and utlities (they'll come with use), managing that new address space (an administrative issue), and the fact that it's a pretty raw platform on which to base critical infrastructure at the moment.
The armageddonists will be wrong as usual ... but they only have to get it right just once ... and all will proceed pretty much as normal.
For three big reasons.
a: Its actually ubiquitous in the LAN these days. Both Apple and Microsoft use IPv6 link local operations very heavily, because it Just Works with nice stateless autoconfiguration and multicast.
b: You can have things screw it up if you don't have V6 deployed, and you have to worry about V6 even if you don't 'have' V6: EG, a Windows box with connection sharing and 6to4 enabled will happily try to "share" the 6to4 connection with everyone else on the LAN, so everyone else gets a V6 address that doesn't actually work. And with Apple prefering a 6to4 IPv6 address over a V4 address, the macs on the same network will now see horrible behavior going to any dual-stacked site, as it will try V6 first, take a timeout, then revert to V4.
c: Address space exhaustion is real, and IPv6 + DS-Lite (or even just IPv6 + IPv4 NAT) allows an ISP to get around address space exhaustion in a much cleaner way than the alternatives.
Test your net with Netalyzr
"Many network experts argue we're nearing network armageddon, but they've been saying that for years." Say what?
"Network armageddon" is already here and we've been living in it for years. The horrors of NAT, the crampedness of addresses making configuration a pain, public addresses expensive, and so on. It's just not been a sudden catastrophe, it's been more like boiling a live frog by putting it in cold water and then slowly heating it.
I think comcast is doing limited trials of ipv6.
But it will take time to replace all the modems, boxes ,and so on with stuff that can do IPv6.
Sure, ipv4 addresses were a little cumbersome but at least they were numbers and dots. 192.168.0.1. I can type that out on the numeric keypad. 2001:0618:71A3:0801:1319:0211:FEC2:82DC is just awful. Yeah, I know you need to have more characters in there to represent the value and a larger address space means it's going to be a larger number. Keeping the old ipv4 decimal scheme would make addresses look like 128.91.45.157.220.40.0.0.0.0.252.87.212.200.31.255. But I don't really see the hex as an improvement!
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
That it is not yet necessary to migrate is irrelevant. One may argue with the time frame (next year or in five years or ten), but nobody denies that IPv6 will eventually become commonplace, and before most of us retire. That means it is now necessary for software to support IPv6. Writing a network-using program now that does not support IPv6 addresses is like storing the year in two digits in the nineties. It will come back to bite you.
It won't be armageddon. Slowly parts of the Internet will be become unavailable and inaccessible to you as some sites become IPv6 only since they can't even get a valid IPv4 address. It won't be a disaster, it will be a slow loss of connectivity to the Internet as a whole.
Turning it off is horrible advice. You won't notice much of a difference right away, not until you start getting hits in search results that you can't actually fetch when you click on them. Talking to the entirety of the rest of the human race isn't a killer app exactly, but it is what the Interent is for, and by turning off IPv6 you are cutting yourself off from this benefit. Currently in a small way, but in an ever increasing way over time.
Need a Python, C++, Unix, Linux develop
You can find it here: http://www.potaroo.net/tools/ipv4/
Is there really anything to worry about?
Afaik all modern Linux distros are fully up to the task of IPv6. TFS mentions even Windows can do it.
At this moment I am connecting my computers to the Internet via a wifi router/firewall - not likely this is going to change. Router is old, may not do IPv6 yet. My ISP also doesn't. But I guess the time will come that ISPs start to switch.
Will it really make a difference for me as end-user? Is my browsing going faster? Will I get less spam in my mailbox? Will it be easier to find the information I am looking for on the net? Probably none of the above.
At the moment I know I'm on IPv4 but on a daily basis I don't care as it just works. I don't know my IP address, it's not important to me what it is really. My home and office networks are internally IPv4, wouldn't make a difference if it's IPv6 except that addresses get harder to enter in BIND but that's one-off only. I suppose my uplink there also uses IPv4, not v6. I always approach my web site and mail server by entering an URL, not entering an IP address. Again what would I care? Let DNS take care of that part.
Don't get me wrong I understand it's time to move on: we run out of address space, soon there are more devices/networks connected to the Internet infrastructure than that there are unique addresses to find them. But from an end user perspective... I say let the ISPs take care of that. It's their job. Get me the connection, make sure your hardware works, preferably understands both IPv6 and IPv4 (backwards compatibility; and mostly it's not broken in the first place), and use on your network whatever works best.
There is always the talk of IPv6 will give any ISP subscriber a complete range of addresses instead of just one, so you can connect every computer, printer, whatnot directly to the Internet. I don't understand why an end user would want to connect their printer directly to the Internet. Their second computer maybe if they have one (makes torrenting easier) but then you lose the benefit of a hardware firewall in between. Simply because of security for my home network I prefer a single point of entry, not a dozen. Much easier to keep an eye on. So one external IP address is simply enough for most of us.
So while IPv6 is important for developers and ISPs, for the end user it's not. I totally agree with this Steve Cassidi that it's simply not something to worry about. He says not yet, I'd argue not ever, unless you're developing network gear/software or work for an ISP or so.
Also, from a user's point of view, hosts file ad-blocking would become somewhat problematic (or at least more unwieldy) with IPv6. But fortunately or otherwise, it seems IPv4 is more than sufficient for ad-servers to make everyone's lives a burden and an affliction.
Everybody knows this world is run by its lowest common denominator, the PHP!
As long as the $_SERVER['REMOTE_ADDR'] spews out IPv4, I'm not a believer.
sigh ... there probably be a another PHP setting that makes it spew out IPv6. Have they outlined that yet? PHP Settings are so much fun.
The biggest problem with IP address availability is web sites that use SSL annoyingly needing a single IP address per site. However, in the not too distant future it will become more feasible to use SNI (virtual hosting for SSL sites basically) as web browsers out there start having more support for it and people stop using IE6, certainly on XP, and the IPv4 address problem will ease.
Apart from that I see no reason to panic right now.
If you disable IPV6 on Windows 7, you loose the Homegroup functionality. So "saying most can turn it off in Windows 7 without causing any trouble" is far by a mile!
I don't know what artificial reality you guys are living in, but IPv6 is running in many research universities worldwide, and on virtually every Linux box in the military and university community.
The fact that it's not being provided by your local residential networks is not our problem.
-- Tigger warning: This post may contain tiggers! --
it makes it easier to better identify unique users and devices
With IPv6 I can use NAT if I want. I can use a stateful firewall that breaks end to end reachability. Or I can use a stateful firewall that preserves end to end reachability. I can configure some hosts to have end-to-end reachability and some not.
If people want anonymity within their local network, then there will be a market for devices that do IPv6 address cloaking and you can buy one and use it to hide your addresses.
http://lkml.org/lkml/2005/8/20/95
And NAT all ingress traffic to IPv4 and egress traffic to IPv6.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Ok, here's a stab.
The internet backbone becomes IPv6. However, your precious private network remains an insular IPv4 network behind a hardware IPv4 router, and an IPv6 gateway.
This way your whole IPv4 space looks like a single IPv6 address, and your network topology remains a secret. (Requires that you NOT directly connect the v4 network to the v6 network, because the v6 space has provisions for back-support of v4 space addresses. this is part of why there is a security issue.)
I somehow find it highly unlikely that IPv4 would be "Too constrained" for private use; it supports over 4 billion unique addresses. I somehow doubt that your private enterprise network would exceed that. A global internet? yes-- I can see that. A private corporate LAN? No.
Much like private networks have been using the private "reserved space" (192.168.x.x) for years now behind NAT hardware, we would just decommission the whole v4 space, and use it as the reserved pool. The v6 address space is an order of magnitude greater than the v4 space, so doing this is a drop in the bucket. That would solve the whole problem.
"most can turn it off in Windows 7 without causing any trouble" Anyone should definitly have IPv6 turned off inside your network on any machines, doesn't make any sense to be running v4 and v6 at the same time. "Should you start to do a bit of reading about it? That's about the stage we're truly at, and the answer to that one is: yes" No you shouldn't even have to think about it, the only place it's needed is from your modem to your ISP, which when they upgrade to v6 they will take care of it. Slow day???
Who is this Steve Cassidy guy anyway, and how did he get a gig writing about network technologies for a magazine?
Distilled, what this nimrod's article amounts to is:
While I agree with Mr. Cassidy about the runout exaggerations, I'm willing to give the exaggerators some benefit of the doubt with respect to intent, since they're just trying to motivate people to move to IPv6, which is clearly superior from a technical perspective. NAT is evil, breaks many applications, and is not the long-term solution to our runout problem. Perhaps if Mr. Cassidy would actually educate himself on the horrors of NAT -- what he refers to as "hiding" -- he would understand why IPv6 is not just an academic pipedream being foisted on the rest of us. I would invite him to try to integrate two large enterprise networks (not over his arbitrary theshold of 100,000 "seats", but still large nonetheless) which are both extensively using 10.*.*.* addresses, with tons of overlapping address space. This is something I personally struggle with every day, so I don't exactly appreciate some ignoramus telling folks to ignore IPv6. Many enterprises need it yesterday. What's ironic is that one of the co-authors of RFC 1918 actually worked here at the time of its publication -- classic case of "be careful what you wish for".
As for Mr. Cassidy's whining about the format of default addresses and about documentation slant/quality, I really don't see those as particularly relevant to the core argument that NAT is evil and must die
We first need to get BGP on board - only a small percentage of ASNs are announcing both ipv4 and ipv6 space.
If i was supreme dictator of the internet I would tell ARIN that in 7 years, no multihomed ASN renewals would be accepted unless the ASN announces at least one prefix in IPv6.
By doing this you would force the core network infrastructure to begin migrating and userland would eventually follow...
Won't corporate transition to IPV6 free up IPV4? For example once IBM, Apple, GE, Ford and HP transition to IPV6 for there internal networks will they not give back their class A networks. They can move to class b networks since I doubt they have 16777214 active connections to the internet at any one time.
Exaggerating threats is a necessary component of making change. You exaggerate beyond your REAL target knowing people will disbelieve the threat even if presented honestly.
If you present it honestly then people will indeed wait until too late.
It is damn dangerous though because if this meta-consideration is made aware to those being given the threat analysis, they will distrust ANYTHING you have to say even if you move to an honest and realistic assessment after the exaggerations.
I've seen a number of situations where the DHCP servers on older home routers or the entire router itself will crash if you have IPv6 enabled on Windows Vista. It appears that the DHCP servers on some older home routers freak-out when IPv6 clients make DHCP requests to them.
Before turning it on on your home LAN, make sure that your older home routers can handle it.
"This all started when Tony Blair was elected. The first time."
Wow! Are there still people alive who remember back that far? I mean, that was before the first Harry Potter book came out, which was like forever ago!
http://alternatives.rzero.com/
To be very, very clear, IPv6 will happen. There is no way around it. There is almost no IPv4 address space left. The folks who are at the top of the structure that assigns addresses will run out in the middle of next year. The next tier, call Regional Internet Registries may have addresses available for another year. By the end of 2012, there will be no address space available to assign. For the gory details, see the IPv4 Countdown Page. Especially, look at Figure 35. That is reality.
As an end users, you may not care. Comcast is already beta testing IPv6 to its customers. I assume others are or soon will be doing so soon, but this should be mostly transparent to users as their system will only require IPv4 and that will be NATed behind an IPv6 address. But it must happen or people will not be able to get new addresses. That is the bottom line. IPv4 will remain in use for many years, but the net will start getting smaller and smaller for those who don't implement IPv6.
Kevin Oberman, Network Engineer, Retired
Many network experts argue we're nearing network armageddon, but they've been saying that for years.
That's a retarded argument against IPv6 adoption. If the experts have all been warning about an immanent problem for a several years, it's possible that all the experts are wrong. Or it might be that we're several years closer to that "network armageddon", making quick adoption even more important.
I found Windows 7 HomeGroup failed when IPv6 was disabled. While this isn't a killer app, is pretty nice to have some domain-like sharing features available at home. So while it's not a killer app, I wouldn't counsel end users to disable it.
I saw a presentation given by the president of ARIN recently on the Research Channel. He predicted that IPV6 and IPV4 will run in parallel for about a decade, so I don't see corporations giving up their IPV4 address space anytime soon.
I'm not worrying about it, I'm using it every day. I use it for my ISP, google and google mail. Facebook, and several other websites. it just works,
You can find it here: http://www.potaroo.net/tools/ipv4/
You can't recycle IP addresses because it's a lot more work then you think it is that could be spent simply putting more machines on IPv6. A lot of router hardware has be set to direct traffic a specific way with those IPs so if it requires changing router settings / hardware anyway what's the point?
You are an idiot.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
NAT breaks the end 2 end nature of the network especially when deployed at large scales. There just isn't enough IPs for the numbers of people and devices coming online. Its really not a conspiracy its just basic math. Mobile and the rise of emerging nations is putting more strain on the remaining unallocated IPs today than at any time in history.
Everyone should have the opportunity to publish data from their machines or host a game server or accept direct connections for data transfers with others. Its about freedom and choice and this does have value to people.
Its not about NATing your own networks to conserve space within your household or company or overlapping addresses in an internal network. The issue is that when we run out its about a NAT for your whole neighboorhood and you loosing any ability to accept incoming connections period.
People are exceptionally bad at acting now to avoid problems in the future. The issue is that if you take TFA's advice and wait until it starts to become a problem then and only then start to deploy IPv6 then what have you gained by your procrastination? Another fire to put out?
ISPs, network equipment vendors and software houses no longer have a choice. Several have already lost sales, market position and future business from being lazy WRT IPv6 deployment as large forward thinking organizations plan resources for the future.
Privacy extensions WRT SLAAC are avaliable and enabled by default on at least windows vista to prevent the external leakage of local MAC address issue raised in TFA.
There's a more accurate and detailed IPv4 depletion blog: http://www.ipv4depletion.com/
It predicts that we'll run out of address space a little bit sooner. Either way, the difference between predictions is in the order of a few months.
IT professionals -- the sort of people who would be reading Slashdot, or PC Pro -- should be past the stage of just reading about IPv6. They should be using it on the systems they can experiment upon. IT professionals should be ahead of regular users in understanding and using new technologies. This is doubly true for a technology whose implementation is already certain to occur in the next few years, and for which the infrastructure is already in place.
If you haven't already, go get an IPv6 tunnel set up, via Tunnelbroker, and start configuring IPv6 connectivity on your system.
I expect a lot of corporations are going to suddenly become irritated when they find they need IPv6, and it hasn't already been set up, when it could have been years in advance.
This all started when Tony Blair was elected.
I guess it's fair. Al Gore invents the internet, Tony Blair invents IPv6. Next: Sarah Palin invents TCP/IP Enhancement Architecture and throws a TEA party.
Anybody want a peanut?
Turning IPv6 off is the easy solution, though the real question you should be asking is what is causing these IPv6 issues. As an IT professional I believe it is important to understand how IPv6 works and fits into the infrastructure, so when it comes time switch IPv6 support back on you understand all the important factors.
Jumpstart the tartan drive.
IPv6 and IPv4 will have to run in parallel, with most systems using dual-stacking, so a system will need both an IPv4 address and an IPv6 address. So, we'll still need a lot of IPv4 addresses available to manage the transition to IPv6
If each node has a unique IPv6 address, but it's mostly just routers using globally unique IPv4 addresses, with most nodes using RFC1918 addresses, perhaps it won't be too horrible.
ip6tables -i eth0 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
I'm going to email that to my mom so she can get her new dsl modem set up right.
Thanks!
Is it just my observation, or are there way too many stupid people in the world?
It might not be time for residential networks and ISPs to flip the switch yet. . . but it's *definitely* time for all new home routers, DSL/Cable gateways, etc, to include full IPv6 compatibility. That way, when the ISPs decide it's time to turn on IPv6, they and their customers don't need to replace most of the hardware already deployed. IPv6 support at the vast majority of network endpoints needs to already be present before you can actually make the switch - you can't change the protocol and just force people to suddenly change.
ISPs need to start configuring networks to run in a dual-stack mode (at least as far as the end-user is concerned - once it hits the first ISP owned router, it could be all IPv6 from that point on), so that those who are ready to use IPv6 can start using it (yeah, you can use tunnel providers or 6to4 [which is really another sort of tunnel], right now, but that usually adds additional hops and latency to your connections - basically, if you are tunneling IPv6 traffic over IPv4, why bother using it to begin with).
New devices are being added to the internet faster than Mexicans buy lottery tickets
Classy. If the author had an actual point worth hearing, I suspect he might not have needed to write anything like the above.
Must have a really good editorial staff at PC Pro too.
Isn't this a re-post from 1999?
If you have an internet reachable device, enable v6 on it, configure the same filtering rules as you do for v4... you've nothing to lose by doing so, perhaps nothing to gain either but the more people using v6 the more useful it will get.
All my websites and email servers are available via both v6 and v4, v6 accounts for maybe 2-3% of traffic but it used to account for much less a year ago...
My workstation has a v6 connection as well as a v4, and even my printer (a samsung model) is using v6, all my traffic to my own servers goes via v6 by default.
I also saw a windows 7 system earlier today, just a random user's laptop (was removing malware from it) and it had an ipv6 tunnel enabled on it, is this enabled by default?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The consequences of misuse are even more damaging and I happily pay extra for the privilege.
Let's see, under the current regime my ISP can keep me from accessing all of my devices from anywhere in the world. With ipv6 all of my devices get their own address and the isp can't make money off of selling ip addresses.
So tell me why they'll ever want to give me ipv6? We need to force them.
I want ipv6 addresses on everything in my house. I want remotes that work over wifi. Or from my remote office. I want the innovation that ipv6 will give me.
ipv6 is the next game changer and will allow massive new innovation. Sure we don't *need* it. But we didn't *need* the world wide web either.
I Hope noone in any sort of IT role reads this article and decides to put off their IPv6 projects.
The IPv6 killer app is IPv4 address space runout. http://www.potaroo.net/tools/ipv4/index.html
Unless you are a person who has actually applied for IPv4 address space for a project ( eg. new ISP broadband product, new co-location room, planning for next years subscriber growth etc. ), you are going to have alot more work to do to imagine what is going to happen when the first bunch of IPv4 space applications are declined ( more likely approved but put on the waiting list ).
People who actually use up big wads of IPv4 space are either going to have to decide that you have to push IPv6 into the project in some form, or you are going to design up some sort of multi layer NAT monstrosity along with the huge mess that is going to make. The IPv6 doom sayers are just trying to convince people to choose the one off pain of the IPv6 migration over a giant mess of NAT forevermore. If you really love the multilayer NAT and don't want to live without it, then be consoled by the fact that you probably are going to get it along side your IPv6 for at least a while anyway.
If you are the editor of some PC mag, you aren't actually going to get to choose what happens and you probably should just shut up.
I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
"Shouldn't you be making sure that your regexp fits for IPv6 as well? "
I learned from Y2K.
The answer to this is, hell no - they can pay me a shitload of money to fix it later.
D-Link routers have IPv6, as does the Apple AirPort.
IPV6 == less privacy by design.
The issue with IPv6 is that everything is put together and network admin do not want to touch it with a 10 feet pole...
Here is my recipie:
-Disable IPv6 on all your servers
-Connect your router to IPv6 (direct or via tunnel to HE.net or others)
-Advertise IPv6 from the router to your network
-Add a filtering rule to not allow any IPv6 TCP connection from outside to inside
Voila!
It takes about 15mn to go over this deployment plan (1 hour if you like slow mo). It just works, and then you say, this was it? What was the issue?
Your users will not notice you are on v6, your engineers will be curious and start to understand v6, be familiar with it, and start to plan to get the code/configs in your servers for v6. You can then slowly enable your servers on v6, one by one...
Franck
http://www.avonsys.com/IPv6
If IPv6 were to just work without having to go through all the trouble of tunnel brokers it would be used more often. No, I don't want to write a fucking essay as to why I want IPv6 just to get an IPv6 address (looking at you SixXS).
Ah. Ingres being GPLed isn't open enough for you?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
No, you're an idiot. If it's not the GPL,then it's merely a "compatible" license and it isn't really Open Source.
Anything that doesn't enforce freedom for the modified code is not really Open Source. It's being a fence-sitting coward.
Real Open Source developers aren't afraid to make a statement and stand up for what's right.
.icannsucks is probably safe.
Adult Role Playing Forum
Not even RMS himself would back you up on that shit. Open Source does not imply copyleft. The word you are looking for is "Free Software". The distinction exists for a reason, use the correct words. If you only support copyleft licenses then fine, proclaim your support for Free Software. Everyone in the world considers BSD-style licenses to be perfectly Open Source except for you.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
No, you're an idiot. If it's not the GPL,then it's merely a "compatible" license and it isn't really Open Source. Anything that doesn't enforce freedom for the modified code is not really Open Source. It's being a fence-sitting coward. Real Open Source developers aren't afraid to make a statement and stand up for what's right.
You're confusing "Free Software", as in the Free Software Foundation that started the GPL, with Open Source. Free Software licences use copyright to enforce source distribution requirements for redistributed modified code. Open Source just indicates that the source is available. For the BSD/MIT/PostgreSQL licences they also state that the authors are not liable, and original development credit has to be given in any derivative work. The key words are right there in the names: Free, as in the defence of freedoms and associated rights, vs. Open Source, where the source is made available with the code (i.e. open for viewing).
"PostgreSQL is released under the PostgreSQL License, a liberal Open Source license, similar to the BSD or MIT licenses"
The BSD and MIT open source licences precede the GPL by quite a time margin. The PostgreSQL licence doesn't coerce developers to release the source for any updates that they make, just to give appropriate credit to the PostgreSQL developers. However, many of the same software freedoms exist with BSD/MIT/PostgreSQL as with GPL. At any time, should anybody take core PostgreSQL development into a direction which is unacceptable to the rest of the community, or should the main organizations involved in PostgreSQL development terminate their support for continued open development (either due to business goals or lack of funds), any group can take over the existing code base, fork it and continue development in an open manner. The PostgreSQL licence doesn't coerce the release of modifications or patents back into the commons the way the GPL does, but it provides many of the other freedoms available from the GPL. This process has been successfully demonstrated, most notably with the double forking over a span of decades from X Consortium->xFree86->x.Org, through the use of the X11/MIT licence
Oh well, IHPBT since you now appear to be trying to start a flame war.
Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
Turning IPv6 off now just means you have to turn it on in a few months. I would rather avoid making two changes to all the hosts in my network.
The simpler solution for the basic network where IPv6 doesn't matter yet is to make sure your router null routes the IPv6 default (::/0), get valid IPv6 addresses, build a basic subnetting plan and put it in place on your routers with appropriate RAs. That will prevent hosts from trying to build 6to4 or Teredo or ISATAP or other bizarre kinds of autotunnels and give quick negative responses to attempts to reach IPv6 hosts resulting in timely fallback to IPv4. Simple, efficient, and, when you do actually need IPv6 connectivity, you just need to change the configuration on your routers (which you'd have to do anyway).
As to when to deploy IPv6, if you're running a network full of end users behind an IPv4 NAT using RFC-1918 space, then, no, you probably don't need to convert that network over right away, but, you will want to deal with all those systems that are now shipping with IPv6 on by default as I have described above or you will see user complaints as a result of their attempts to reach a growing mass of IPv6 content.
However, if you have any public facing content or services (as most businesses do at this point), then, you're going to want to make sure that those are reachable via IPv6 as well as IPv4 as soon as possible. Certainly within the next 12 months or so.
The people depending on the current address calculators and an 18-month clock to RIR runout after IANA exhaustion are in for some rude awakenings.
First, the clocks are wrong. They don't seem to correctly account for current utilization rates, nor do they account for the fact that 5 of the 14 remaining /8s are reserved to be distributed one to each regional internet registry when the others are exhausted.
IPv4
At the beginning of 2010, there were 21 IPv4 /8s in the IANA IPv4 free pool and 5 in the reserved section described in the last paragraph. Today, less than 9 months later, there are only 9 /8s remaining in the IANA free pool and 5 still in the reserved section. (Note that the clocks all talk about 14/224 which is 9+5).
At the current rate of consumption, we're not talking about 285 days to IANA runout, we're talking January or February of 2011. Feb. 28, 2011 is 194 days from now in my current timezone (Thursday, 20 September, 2010). (Notice the 91 day (or more) error in the countdown clock).
Additionally, once IANA runs out of IPv4, the RIRs aren't going to simply coast for 18 moths. APNIC, RIPE, and ARIN will likely be in a race to see who runs out first. I think the smart money is on APNIC. However, whichever one runs out first, you can bet that the multinationals (i.e. the largest consumers of IPv4 addresses) in any one of those three regions will start pulling space from the other regions too. As a result, whichever one runs out first will accelerate the other two rather abruptly. I predict that the first RIR will run out on a timeframe more like 6 months after IANA exhaustion rather than 18.
It's less clear what will happen with space in the AfriNIC and LACNIC regions due to unique circumstances.
IPv6 is no longer an option, it is a requirement. Time to stop with the FUD and misinformation and start facing the cold hard facts staring us in the face.
Yes, the earliest predictions of runout turned out to be wrong (only because NAT was developed _AFTER_ those predictions were issued, btw).
However, the predictions today are mostly wrong too, but, not in the direction you want and certainly not as far off.
Failure to deploy IPv6 at least to your public content and services within the next 12 months will place you at a competitive disadvantage against other companies that do. That disadvantage will only increase with time. It is also critical to deploy IPv6 capabilities to your support staff and your IT
departments so that they can become familiar with it and learn to trou
You're confused about both VPNs and SIP. VPNs are for privacy, not just for carrying your own RFC1918 address space around. Ostensibly you could get the privacy with IPv6's security features, but VPNs make it much cleaner and provide fine-grained access control.
SIP is a connection setup and management protocol. You need that even if everybody's in the same IPv4 address space, like back in the days before NAT and RFC1918, to provide connection management functions, name and number translation, and access management. It's a lot more complex than just DNS. My PBX at work knows where the phones are, knows how to translate between phone numbers I dial on my phone and IP addresses for other PBXs in my company, knows that if somebody calls me and I'm busy that it should redirect my call to voice mail, knows how to translate to public telephone network numbering, knows how to negotiate codecs, and knows how to do things like not put 500 phone calls on a single T1 phone line at the same time, and does all of this using SIP (or earlier VOIP protocols such as H.323 or vendor proprietary protocols like SCCP.) SIP also knows how to negotiate with other SIP servers, so my company's PBX can talk to some other company's PBX even though they're not managed by the same people.
When you said SIP, were you thinking of SKYPE instead? Their claim to fame was that they did NAT and firewall traversal very well and very aggressively. But just getting rid of NAT because you've got IPv6 doesn't change 90% of its functionality.
Also, IPv6 doesn't provide a universal global address space. Ok, it does provide one of those, but it also provides several kinds of local address spaces, so if you want a private network for privacy reasons, or if you just want to hook a couple of boxes together without getting IPv6 addresses from ICANN and routing them to the public Internet, you can do that too.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"There's no reason to pay any attention to this Internet Protocol and the anarchistic ARPAnet. It's all a fad, and what could you use it for anyway? X.25 does anything you might need, and unlike the "best effort" Approach of IP, X.25 _guarantees_ your datagram is delivered. Even at speed as high as 1.5 megabits per second! Smart people are ignoring the Internet, and putting their money in reliable proprietary networks." -telephone company executives, circa 1990
Right now if you're paying too much money to get static IP addresses, it's because your ISP wants lower administrative costs or simply thinks you can be conned into paying more for perceived value, not because you're using fewer IP addresses than if you had dynamic addressing. (Unless you're using dialup connectivity, of course, but really, it's not 1995 any more.)
If you have to start paying through the nose to get N IPv4 addresses, where N>=1, that'll be because unassigned IPv4 addresses will have run out. They'll be no more, they'll have ceased to be, they'll have shuffled off this mortal coil, they'll be ex-addresses, they'll not only have been pinging for the fjords, but they'll have sailed so far off into the sunset that they've crashed into the "Here Be Dragons" sign and fallen off the Edge where they can see the elephants and the giant space turtle. Of course, just because there aren't any more unassigned addresses, that doesn't mean you won't be able to rent them from people who have spares, in spite of whatever restrictions are thought to exist on official ownership of the space, because the things are fungible, and companies will find ways to funge the ones that aren't, and will charge money for doing so.
And yeah, IPv4 internal-use addresses are going to stick around for decades - there are probably still people using Netware IPX in production systems. But they'll have to support IPv6 on the edges, because there will be ISPs that are only giving their end users IPv6 addresses, and aren't necessarily using 6to4 NATs to reach the IPv4 world, and you may want to let some of those eyeballs reach your servers.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The argument for IPv6 is mainly, "We must have it because we must have it!" That is not good enough, noone has pointed out WHY its needed. Only that everything that can be done with IPv4 can be done with IPv6 (it will be more complex, but it can be done) and that NAT is "evil" and not needed with IPv6 larger address space. Am I the only one who find these arguments a bit thin?
The problem isn't just your SOHO router, though that's actually a very big problem for ISPs.
And the problem isn't just ISP and enterprise routers that are much slower at routing IPv6 than IPv4 (the longer address space is a problem even if you weren't using ASICs to do the routing, which you were.)
And the problem isn't just application systems like MySQL that don't have native IPv6 address handling APIs.
Think about every application you've ever written that stores IPv4 addresses in a 32-bit integer, either in working variables or in databases, or displays them to a user as a 15-character dotted-quad string, or sends an A-record query to a DNS server to get an IP address, and every application your ISP might be using to keep track of what equipment is where with what addresses on it, and every network management application your company or ISP is using to monitor equipment health or configuration. Now go fix them all to store both IPv4 and IPv6 addresses. Preferably before the people who want to access your website only have IPv6 at home.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Roll it out in the cell phones and the problem is solved!
What happens if you give all cell phones IPv6 addresses only and the rest of the internet stays IPv4?
How will the cell phones access facebook/slashdot/google/... when all those services don't listen for IPv6 traffic? I'm quite sure you don't IPv4 NAT the traffic ;-) // but seriously, you put it in an encapsulation layer, who decapsulates? Is that really a viable option?
It's not clear to me how your scenario would play out. Care to give (more of) your thoughts? Thank you :)
The main benefit of assigning dynamic IP addresses to consumer-like end users is that it's a lot easier to administer them - you don't have to explain to the user how to configure the static IP address into their router, or deal with the help desk call when they change something in their Windows 98 box or networked laser printer or 68030 Macintosh or Linux machine that's using KDE instead of GNOME or whatever. You tell them "Plug it on, watch the lights blink, DHCP magic happens, you're done."
There's also the benefit that people only use as many IP addresses as they need, as opposed to configuring as many as they think they *might* need in the future. (So yeah,. I'm not using all 8 of my static addresses, but it was only $5/month more than dynamic addressing.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The original goal of stateless autoconfiguration looked so nice and clean back the early 1990s - it was one of the really nice features of Novell Netware IPX. You just plug in your box, it sees a router announcement so it knows the network and subnet portion of its address, and the host portion was a padded version of the MAC address (and sorry about the ugliness when they switched from 48-bit MAC to 64-bit EUI-64, because it made the subnet length part of the ISP's problem, rather than the end users, but it's still close enough.) IP didn't have that, but we got that same level of convenience when DHCP came out, plus or minus some nitpicking.
But you don't need to use the simple stateless auto-config - there are privacy-protecting variations that let your PC pick a new 64-bit host portion for every connection it initiates instead of always using the MAC-based EUI-64. So Google can't track how many machines you've got at home simply by counting the MAC addresses in your /64 block.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Maybe the cellphone carriers or other specialized environments will limit you to one IP address per service, but that battle was long since abandoned by major broadband ISPs, even the really anal-retentive ones that don't let you run home web servers, as people started having networked printers and NAT routers so they could have their kids' computers or their Wifi devices at home.
IPv6 isn't going to bring that back. Some ISPs may only give you a /64 prefix, as opposed to a /56 or some ugliness like a /60, but nobody serious is going to restrict what happens inside the /64.
If ISPs see spam, they'll probably block your whole /64 or /56 rather than individual IPv6 addresses (and if they don't, the spammers will start using IPv6 privacy options so each piece of spam has a different host address, so they'll have to do it soon enough anyway.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Exactly:
http://lwn.net/2001/0301/a/rms-ov-license.php3
Dilbert RSS feed
it has been designed so badly, that a recipient of a bogus message cannot tell if that message was intentional or just a result of corruption.
ie ipv4 has checksums of the the data and headers. ipv6 has no checksum of the header.
with ipv4 you can look at a corrupted packet and see that it is corrupted (based on the checksum) and discard it.
if it has a valid checksum and is still dodgy in some way, you can deduce that it could be part of an attack.
with ipv6 you can receive these dodgy packets and you have no way of determining that a dodgy packet was just due to a bad link or due to an attack.
An example of this is that an n bit error (for example 3 bits) in some physical link may be mostly corrected by hardware but leave a hidden 1 bit error.
If that bit is in the address field, that packet will then be routed around the world to completely the wrong person or device.
If that corrupted address is a valid adress for a device somewhere in the world, not only does that device then have to deal with this spurious message coming through to it - the contents of the original intended recipients packet has been leaked to this other device.
Quite simply, whatever its merits, IPv6 has been made completely useless by the removal of the header checksum.
But the retards won't admit this and instead have been working tirelessly to get the whole world to adopt their flawed protocol. In my opinion it should be criminal.
As an eager IRC user, something that bothers me to death is that ISPs must give out random IP addresses in order not to waste addresses that aren't in active use *right now*, although some ISPs even go as far as brutally disconnecting all clients once a day and shuffle addresses. This makes banning of troublesome users a terrible range banning, especially if the ISP doesn't manage to properly reverse-resolve IP addresses. Since the IPv6 address space is ridiculously huge, the shuffling may even be unneeded, since IP addresses CANNOT run out as long as we only have humans on this planet and not as well in outer space. I fear, however, that ISPs will simply keep the IP address shuffle so they can pointlessly gain money from people for a static IP address, being the evil blood sucking non-sparkly vampires they are.
It's true that for the average network manager, IPv6 is likely a non-event for some time. There's no particular reason to upgrade your internal infrastructure to IPv6, unless you run across an application that requires it.
However, the public Internet is going to IPv6; the principle reason it hasn't happened (despite IPv6 being standard and available since 1999) is that the problem solved by IPv6 is running out of globally unique IPv4 addresses, and that's only happening next year. Look at the work being done by Global Crossing, NTT, Verizon, Google, Comcast, Facebook and others and you'll see that this is not a fad, it's a significant change that's going to happen slowly over the next few years.
For this reason, the typical network manager does need to look at the external servers (those outside the wonderful NAT) and decide when they'll add IPv6 addresses to those servers that are IPv4-only today. Why bother adding IPv6? It's simple: new broadband customers globally are going to start being connected via IPv6 (out of necessity) and if you want the same end-to-end connectivity you enjoy today, adding IPv6 to your public servers is the quickest route. The alternative is accessing via central carrier-sized NAT devices, which really have unknown performance at scale. This has audio/video streaming, games, geolocation and other implications.
I already run IPv8 so i'm good until the year 3000. Not much will have changed except we live under water.
I saw a presentation given by the president of ARIN recently on the Research Channel. He predicted that IPV6 and IPV4 will run in parallel for about a decade, so I don't see corporations giving up their IPV4 address space anytime soon.
The fact that I said it doesn't make it true, but I definitely believe that there will be many organizations running IPv4 internally for years to come, and it's only when its commonplace to use IPv6 will organizations think about turning off IPv4. Your mileage may vary.
/John
President and CEO, ARIN
Good try.
Problem with that example is - the source route option is disabled by default in essentially everything these days. More importantly: unlike an expansive allow, enabling source routing isn't in the typical mistake path. And even if you intentionally enabled it, someone would still have to guess or scan through a substantial amount of address space to even find your internal address since your internal address is not routinely revealed by your externally available traffic.
I'll give you credit for a solid try. Want to take another shot at it, with functionality you would reasonably expect to exist and be enabled on the firewall after mistakenly entering an allow-all rule?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.