Slashdot Mirror
Why You Shouldn't Worry About IPv6 Just Yet
nk497 writes "While it's definitely time to start thinking about IPv6, it's not time for most to move up to it, argues Steve Cassidy, saying most can turn it off in Windows 7 without causing any trouble. Many network experts argue we're nearing network armageddon, but they've been saying that for years.'This all started when Tony Blair was elected. The first time. Yep, that's how long IPv6 has been around, and it's quite a few weeks ago now.' He says smart engineering has avoided many of the problems. 'Is there an IPv6 "killer app" yet for smaller networks? No. Is there any reason based on security or ease of management — unless you're running a 100,000-seat network or a national-level ISP — for you to move up to it? No. Should you start to do a bit of reading about it? That's about the stage we're truly at, and the answer to that one is: yes,' he says."
Is there any reason based on security or ease of management – unless you're running a 100,000-seat network or a national-level ISP – for you to move up to it? No.
What if you're writing web applications that monitor IP addresses? Shouldn't you be making sure that your regexp fits for IPv6 as well? What if you're storing IP addresses and your sanitizing your data? What if you're doing anything at all with IP addresses? Like monitoring logs for abuse? Shouldn't be preparing for the inevitable move to IPv6? What if you collect metrics so you can report to management your country by userbase? I say this because we've started to account for IPv6 in our coding and auditing.
What if you write any sort of firmware or software for network devices?
And if you're a consumer and you're about to purchase something that's going to last you more than three years you should probably make sure it supports IPv6 in case the computer you buy down the line can only handle IPv6 addresses allocated to it.
Go ahead and tell your readers that it's cool, Microsoft's got it covered. I'm going to err on the side of safety whether the armageddonists are right or wrong about the ETA.
My work here is dung.
Torrenting is the killer app. Very unlikely all the spooks have updated to ipv6 snooping.
Why do I feel like a Yo-Yo? One minute the sky is falling, the next it's no big deal! How about this, lets just get IPv6 implemented ASAP, and not worry about whether we need it right now or not. We're going to need it eventually, and frankly it's better to have it and not need it than vice-versa.
Word on the street is that some major cable/internet providers and content delivery networks (CDNs), and I do mean major, are quickly moving to get limited availability online to major customers within the next 12 months or so, and general availability by early- to mid-2012.
Procrastinate at your peril.
There is nothing in IPv6 which precludes the use of proxies and/or NATing. Its just that adoption of IPv6 no longer mandates the use of NAT'ing. Nothing is lost. There is only gain to be had from an IPv6 upgrade.
Many people are already using ipv6 by default without even knowing it!
One important reason to use it is for small devices that you really don't want to have to have a user interface to enable Static IP / Router Info / DHCP configuration on.
Also, if you use use Apple MobileMe's Remote Desktop feature, you are using ipv6 only - MobileMe provides an IPv6 VPN to access all of your devices wherever they may be.
So in fact there are many many users of Ipv6 out there, just not much sending packets over the un-vpn'd internet.
ipv6 is my vpn
Roll it out in the cell phones and the problem is solved! Most of the growth in the adress space is in the mobile space, so if the telecom backbone is made IPv6-compatible and all our fancy iPhones and Android phones resolve IPv6-adresses instead, we won't run out of adresses.
You and many others desperately need to read more about v6 before regurgitating the same old myths.
* Read up on RFC 4941 - Privacy Extensions for Stateless Address Autoconfiguration in IPv6
* Their is NOTHING in IPv6 that negates a hardware firewall. You get a prefix routed to your 'router' it can have whatever allow or deny rules you like.
* If you want to use NAT and non-routable IPs for whatever reason, however misguided, there is nothing in IPv6 preventing you from doing so, see also FC00::/7 link-local addresses
* Whether a network is routed or switched has as little to do with IPv4 as it does with IPv6, these topology decisions have nothing to do with the protocol.
I'm still writing my Y2K compliance docs. I want to make sure they're detailed and complete before I turn them in to management. Have to get the font and formatting just right. Too soon to worry about the latest fads.
Anonymity is lost pretty quickly with IPv6
RFC 3041 dated January freaking 2001, assuming you're talking about using MAC addresses in the ipv6 address. Frankly I feel this is paranoia combined with ignorance of current ISP logging technology, in other words you don't have anonymity with ipv4 either.
along with ISPs seeing how many systems you have running on their network
Rates somewhere between 1) who cares 2) See RFC 3041 3) News to me that proxy servers are impossible on ipv6
exposes systems to OS flaws.
I suppose there are / will be bugs in v6 that would not happen in v4.
The logic in fact seems to be nothing but a really big switched network.
Thank god. Die NAT die! Can't happen soon enough. Some people will still want stateful "one way" firewalls. No problemo.
In short, I don't like what IPv6 gives us over what we lose with IPv4.
Given your list of misconceptions and misinformation, I'm not surprised.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Who the hell wouldn't like their toaster to have its own ip unique ip address?
You can deny all incoming TCP SYN segments and all incoming UDP and ICMP traffic if you so desire, then punch holes at the router's firewall when needed. This will give you essentially the same effect as NAT under IPv4. Also, use the privacy extensions of IPv6, whose random addresses on my machines last for about a day until being replaced, and are valid for incoming traffic for 6 days thereafter.
NAT is still a cancer upon networking. It partially intertwines mechanism and policy, which is a backwards step.
For three big reasons.
a: Its actually ubiquitous in the LAN these days. Both Apple and Microsoft use IPv6 link local operations very heavily, because it Just Works with nice stateless autoconfiguration and multicast.
b: You can have things screw it up if you don't have V6 deployed, and you have to worry about V6 even if you don't 'have' V6: EG, a Windows box with connection sharing and 6to4 enabled will happily try to "share" the 6to4 connection with everyone else on the LAN, so everyone else gets a V6 address that doesn't actually work. And with Apple prefering a 6to4 IPv6 address over a V4 address, the macs on the same network will now see horrible behavior going to any dual-stacked site, as it will try V6 first, take a timeout, then revert to V4.
c: Address space exhaustion is real, and IPv6 + DS-Lite (or even just IPv6 + IPv4 NAT) allows an ISP to get around address space exhaustion in a much cleaner way than the alternatives.
Test your net with Netalyzr
"Many network experts argue we're nearing network armageddon, but they've been saying that for years." Say what?
"Network armageddon" is already here and we've been living in it for years. The horrors of NAT, the crampedness of addresses making configuration a pain, public addresses expensive, and so on. It's just not been a sudden catastrophe, it's been more like boiling a live frog by putting it in cold water and then slowly heating it.
I think comcast is doing limited trials of ipv6.
But it will take time to replace all the modems, boxes ,and so on with stuff that can do IPv6.
So if you want a NAT router to keep network wormable flaws away from the OS you can still do it.
you're confusing NAT address translation with stateful firewalling. Linux has been able to do that for ages on ipv4 or ipv6.
A side effect of ipv4 NAT is providing stateful firewalling, in that obviously the fw has no idea what to do with incoming traffic that doesn't belong to a flow you've already set up. All you need is one line to do this in v6.
You're looking for a line vaguely similar to this:
ip6tables -i eth0 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
And try not to forget to drop by default anything coming in thru eth0 that doesn't match the line above, of course.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Sure, ipv4 addresses were a little cumbersome but at least they were numbers and dots. 192.168.0.1. I can type that out on the numeric keypad. 2001:0618:71A3:0801:1319:0211:FEC2:82DC is just awful. Yeah, I know you need to have more characters in there to represent the value and a larger address space means it's going to be a larger number. Keeping the old ipv4 decimal scheme would make addresses look like 128.91.45.157.220.40.0.0.0.0.252.87.212.200.31.255. But I don't really see the hex as an improvement!
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
That it is not yet necessary to migrate is irrelevant. One may argue with the time frame (next year or in five years or ten), but nobody denies that IPv6 will eventually become commonplace, and before most of us retire. That means it is now necessary for software to support IPv6. Writing a network-using program now that does not support IPv6 addresses is like storing the year in two digits in the nineties. It will come back to bite you.
The sooner we get to IPv6, the better. If not, if someone wants a static IP, much less a /29 subnet with five usable host IPs, they will be paying through the nose, for it just due to artificial scarcity.
I just fear that companies are going to spend big bucks for routers that can do NAT traversal (dev subnet gets NATted to another subnet which then gets translated to the outside IP), as opposed to going to IPv6 where one can keep firewalls up and the traffic isolated and secure, but keep NAT is an option, not a must-have. If a company is worried about the IPv6 stack having issues, just use IPv6 as an edge routing protocol and keep the internal network on v4 and use Toredo. Yes, this is still not optimal, but it is better than dealing with having to bid for v4 statics so one can have their own webserver online.
It won't be armageddon. Slowly parts of the Internet will be become unavailable and inaccessible to you as some sites become IPv6 only since they can't even get a valid IPv4 address. It won't be a disaster, it will be a slow loss of connectivity to the Internet as a whole.
Turning it off is horrible advice. You won't notice much of a difference right away, not until you start getting hits in search results that you can't actually fetch when you click on them. Talking to the entirety of the rest of the human race isn't a killer app exactly, but it is what the Interent is for, and by turning off IPv6 you are cutting yourself off from this benefit. Currently in a small way, but in an ever increasing way over time.
Need a Python, C++, Unix, Linux develop
Too many people think Port Address Translation is NAT.
Go green: turn off your refrigerator.
Is there really anything to worry about?
Afaik all modern Linux distros are fully up to the task of IPv6. TFS mentions even Windows can do it.
At this moment I am connecting my computers to the Internet via a wifi router/firewall - not likely this is going to change. Router is old, may not do IPv6 yet. My ISP also doesn't. But I guess the time will come that ISPs start to switch.
Will it really make a difference for me as end-user? Is my browsing going faster? Will I get less spam in my mailbox? Will it be easier to find the information I am looking for on the net? Probably none of the above.
At the moment I know I'm on IPv4 but on a daily basis I don't care as it just works. I don't know my IP address, it's not important to me what it is really. My home and office networks are internally IPv4, wouldn't make a difference if it's IPv6 except that addresses get harder to enter in BIND but that's one-off only. I suppose my uplink there also uses IPv4, not v6. I always approach my web site and mail server by entering an URL, not entering an IP address. Again what would I care? Let DNS take care of that part.
Don't get me wrong I understand it's time to move on: we run out of address space, soon there are more devices/networks connected to the Internet infrastructure than that there are unique addresses to find them. But from an end user perspective... I say let the ISPs take care of that. It's their job. Get me the connection, make sure your hardware works, preferably understands both IPv6 and IPv4 (backwards compatibility; and mostly it's not broken in the first place), and use on your network whatever works best.
There is always the talk of IPv6 will give any ISP subscriber a complete range of addresses instead of just one, so you can connect every computer, printer, whatnot directly to the Internet. I don't understand why an end user would want to connect their printer directly to the Internet. Their second computer maybe if they have one (makes torrenting easier) but then you lose the benefit of a hardware firewall in between. Simply because of security for my home network I prefer a single point of entry, not a dozen. Much easier to keep an eye on. So one external IP address is simply enough for most of us.
So while IPv6 is important for developers and ISPs, for the end user it's not. I totally agree with this Steve Cassidi that it's simply not something to worry about. He says not yet, I'd argue not ever, unless you're developing network gear/software or work for an ISP or so.
I don't know what artificial reality you guys are living in, but IPv6 is running in many research universities worldwide, and on virtually every Linux box in the military and university community.
The fact that it's not being provided by your local residential networks is not our problem.
-- Tigger warning: This post may contain tiggers! --
The hosts file blocks whichever HOST NAMES you put in (and give an unreachable address). This works equally well with ipv6 and ipv4, and the number of host names doesn't magically increase with ipv6.
Finally! A year of moderation! Ready for 2019?
Same here. There have been several instances where IPv6 has caused a lot of problems. I work for a local government and have 5000 new PC's being installed on my network and they are all getting IPv6 turned off on their images because it is annoying, to say the least.
As a network engineer I am not worried about IPv6. The most that will have to be done is our main firewall and/or router will maybe eventually have to be setup to accept incoming IPv6 addresses. But for our internal network, IPv4 won't go away anytime soon. I doubt if it ever will. There is just no reason to run IPv6 on an internal network unless you need some specific function of IPv6 on your internal network (which other than the mandatory IPsec integration and multicast additions I can't see anyone needing the larger address space or any other features on an internal network).
IPv6 seems to be more for ISPs and super-large networks than for the rest of us.
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
First of all, you are already using IPv6.
Who is? The author only said he experienced it, he didn't say he migrated to it! He's using internal addressing, which by assumption IPv4 is meant. If you disable IPv6 on your system, you are not using IPv6. This goes for both Windows & Linux.
The whole meltdown thing and needing and IPv6 address is a little perplexing to me since you get your IP from your provider. If you receive an IPv6 address, I can almost guarantee you that there will be a layer of IPv4 tunneling because there isn't going to be some mass exodus where people just stop communicating with IPv4 addresses. (the ultimate utopia, we're free of those lowlife IPv4'ers! *rolls eyes*) The two will coexist, and there will be a migration period where providers have 6to4 routers to communicate with between address schema. Maybe not perfectly, but better than the concept of having two disparate schema that don't communicate.
In 2011, all v4 addresses will be assigned.
I'm sure the blocks assigned to the providers will continue to be used in the same way during the migration. There isn't some master DHCP server in Frankfurt, Germany that's providing addresses to everyone "logging onto the IntArweb". Address blocks were assigned years ago, and it's just a matter of them being assigned by the owning provider since they own the routing equipment with addresses that route that block.
What will happen is once all IP addresses have been assigned to the last ISP/Megacorp, there will be no more to assign in that way. Then, the only place to get an IPv4 address will be from the megacorps or the ISPs that have the addresses because they've horded them. Basically a shift of power.
IPv6, or whatever pops up as something logical, will indeed be the next addressing used. However, a worldwide shift instantly is asinine. We have enough problems with culture & accepted practices of just about everything, let alone addressing.
We're still a young and struggling world, 500 years since the dark age. I think IPv6 is a minor problem in comparison.
-- This space for lease, low setup fee, inquire within!
NAT is NOT a firewall, and a firewall most certainly doesn't require NAT at all. You absolutely don't lose any security at all with IPv6.
Yes, but since you don't know what you're talking about...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
NAT address translation
Network Address Translation Address Translation? Is that like an ATM machine or a PIN number?
More like an ATM Teller Machine or a PIN Identification Number.
I've seen a number of situations where the DHCP servers on older home routers or the entire router itself will crash if you have IPv6 enabled on Windows Vista. It appears that the DHCP servers on some older home routers freak-out when IPv6 clients make DHCP requests to them.
Before turning it on on your home LAN, make sure that your older home routers can handle it.
Correction. Teredo tunneling.
IPv6 shouldn't be that hard to switch to. Macs are happy with it. Windows machines grok it. The only issue would be a number of SOHO routers, and some applications that don't understand V6 (MySQL is a good example.)
"This all started when Tony Blair was elected. The first time."
Wow! Are there still people alive who remember back that far? I mean, that was before the first Harry Potter book came out, which was like forever ago!
http://alternatives.rzero.com/
To be very, very clear, IPv6 will happen. There is no way around it. There is almost no IPv4 address space left. The folks who are at the top of the structure that assigns addresses will run out in the middle of next year. The next tier, call Regional Internet Registries may have addresses available for another year. By the end of 2012, there will be no address space available to assign. For the gory details, see the IPv4 Countdown Page. Especially, look at Figure 35. That is reality.
As an end users, you may not care. Comcast is already beta testing IPv6 to its customers. I assume others are or soon will be doing so soon, but this should be mostly transparent to users as their system will only require IPv4 and that will be NATed behind an IPv6 address. But it must happen or people will not be able to get new addresses. That is the bottom line. IPv4 will remain in use for many years, but the net will start getting smaller and smaller for those who don't implement IPv6.
Kevin Oberman, Network Engineer, Retired
It's not a religious taboo, it's just you not knowing what the hell you're talking about (and this happens every damn time an IPv6 story on slashdot shows up).
Except NAT doesn't do that. PAT does that.
Except NAT doesn't do that. A firewall does that.
You should not be doing any job involving networking with your current level of knowledge. If you don't even understand how current technology works how can you determine what is or isn't better for your customers.
I found Windows 7 HomeGroup failed when IPv6 was disabled. While this isn't a killer app, is pretty nice to have some domain-like sharing features available at home. So while it's not a killer app, I wouldn't counsel end users to disable it.
I saw a presentation given by the president of ARIN recently on the Research Channel. He predicted that IPV6 and IPV4 will run in parallel for about a decade, so I don't see corporations giving up their IPV4 address space anytime soon.
Network Address Translation Address Translation? Is that like an ATM machine or a PIN number?
I think its a fair phrase to use, since the whole point of the post was some people confuse the concepts of NAT and stateful firewalls. So I'm writing about the "address translation" part of NAT not the helpful side effect of stateful firewalling.
"NAT address translation" is obsolete with ipv6 vs "NAT stateful firewalling" is better just called "stateful firewalling"
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Having worked for as a software developer for comScore, a major web metrics company, I can tell with absolute certainty that the concerns about anonymity and IPv6 stateless autoconfiguration are neither paranoid nor ignorant. Privacy extensions (RFC 3041) help but they create a problem inside the large enterprise where the sysadmin wants to track his users while denying Internet-based entities the ability to do the same.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Bonjour (ZeroConf) does do this automatically. Since I just use the bonjour name (server.local, mac.local, plug.local, etc). However the problem arises with Linux when it insists on trying IPv6 first.
I went out and spread the word about Ubuntu to my girlfriend. The install went ok. But the second she started it up the first complaint was that browsing the web was slow. So I go diggind and find out it's IPv6's fault. Apple's figured out how to make the internet not suck and use both, why the hell can't Linux? Even a cron job once a day, if it can get to google via ipv6 enable it. If not, disable it.
Until this is resolved I'm definitely not suggesting Ubuntu for any one else, just because I don't want to have to help them solve it or risk them trying to type in some "cryptic" commands on their own. (Not to mention, one suggested method didn't work).
Overloading outbound traffic from multiple machines onto a single IP address (what you call port address translation) *is* NAT, if only because most of the vendors appropriated the name from that other kind of address translator that was hardly ever used and few even remember (RFC 1631).
PAT was never really a correct name for it anyway; that was a cisco-ism. What we call NAT today derived primarily from the stateful transparent proxies of the mid-90's and as the word "stateful" implies, it remains as much a proxy as a translator.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
The v6 address space is an order of magnitude greater than the v4 space, so doing this is a drop in the bucket. That would solve the whole problem.
Twenty-nine orders of magnitude, if I did the math right.
I don't want to have to help them solve it or risk them trying to type in some "cryptic" commands on their own. (Not to mention, one suggested method didn't work).
Let me guess... sudo rm -rf?
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Back to reality, where you're just a pedantic twit. Anyone with any network experience knows exactly what he was talking about.
NAT is ubiquitously used as a synonym for PAT. I'd hate to work at the place where term nazis like you actually succeeded in getting folks to say "PAT" instead.
I have been in the industry for 12 years, worked with numerous large customer networks, going to Interop, read lots of articles and research (- i'm a network architect) . Not once, can I ever remember someone using the term "PAT" in a sentence. They'd say "Port address translation" or "NAT".
And saying that NAT does not obscure internal identities, only "firewalls" do is just stupid pendantics that ignores the actual usage of vocabulary in the industry.
IPv6 and IPv4 will have to run in parallel, with most systems using dual-stacking, so a system will need both an IPv4 address and an IPv6 address. So, we'll still need a lot of IPv4 addresses available to manage the transition to IPv6
If each node has a unique IPv6 address, but it's mostly just routers using globally unique IPv4 addresses, with most nodes using RFC1918 addresses, perhaps it won't be too horrible.
> ... the effect on reachability is almost exactly the same.
Not true. There are significant differences between NAT/PAT and stateful end-to-end.
To expose an internal service you need a NAT entry plus a firewall rule to allow the traffic versus only a rule with end-to-end.
If the protocol in use embeds IP addresses, then a special content mangling module has to be written to fix these embedded IP addresses while in transit. FTP is the canonical example of this insanity but there are plenty of these modules in existence that had to be written and the effect has been to force protocol designers to simplify because they want their traffic to pass through NAT/PAT setups. I think simple is better but who knows how things would have evolved differently had NAT taken such a large role in the IPv4 internet?
If two parties, both behind PAT, want to communicate directly then a firewall rule isn't enough to make this happen. You need a 3rd party or you have to switch to NAT on both ends. In and end-to-end setup if the rule is in place the packets can flow from either direction.
ip6tables -i eth0 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
I'm going to email that to my mom so she can get her new dsl modem set up right.
Thanks!
Is it just my observation, or are there way too many stupid people in the world?
It might not be time for residential networks and ISPs to flip the switch yet. . . but it's *definitely* time for all new home routers, DSL/Cable gateways, etc, to include full IPv6 compatibility. That way, when the ISPs decide it's time to turn on IPv6, they and their customers don't need to replace most of the hardware already deployed. IPv6 support at the vast majority of network endpoints needs to already be present before you can actually make the switch - you can't change the protocol and just force people to suddenly change.
ISPs need to start configuring networks to run in a dual-stack mode (at least as far as the end-user is concerned - once it hits the first ISP owned router, it could be all IPv6 from that point on), so that those who are ready to use IPv6 can start using it (yeah, you can use tunnel providers or 6to4 [which is really another sort of tunnel], right now, but that usually adds additional hops and latency to your connections - basically, if you are tunneling IPv6 traffic over IPv4, why bother using it to begin with).
NAT breaks end-to-end connectivity. Its main purpose in IPv4 is to deal with the limited address space. In the massive address space of IPv6, NAT is no longer necessary.
You can still NAT everything behind non-routable ULA addresses if you wish, but I see no reason to do so. If one takes this approach and later decides they need a specific port opened to more than one machine, ie) port 80 for a couple new web servers, they won't be able to do this without re-numbering or setting up a a couple new static NAT rules. Note: I specifically say a couple (or more than one) as this is specifically where dynamic NAT based port forwarding breaks down.
A much better approach is to keep everything on globally routable IPs and adding a quick (hopefully default) firewall rule to deny all incoming traffic. This way you still protect your network from undesired incoming connections but still have an easy option later to open ports as needed without any of the limitations. This is exactly how I would set my IPv4 networks up today, if real IPs were actually available.
There MAY be niche scenarios where non-routable IPs are desirable in the IPv6 world, I honestly can't think of any. Can you?
I don't think ubuntu would use v6 by default unless it actually had a v6 connection...
I have ubuntu boxes at home and at work, at home i have a v6 router with a valid v6 link running a route advertisement service and the ubuntu box will pick up an address from it and use it...
At work, there is no route advertisement service so ubuntu boxes never pick up a v6 address or route (neither do macs for that matter)...
The only place i can imagine it being slow in the way you describe, is if it picks up an address but doesn't have a valid route, which it would only do if there is a misconfigured ipv6 router present on the network.... I've had this happen at home if the v6 link drops but the v4 stays up (ip transit providers dont provide the same uptime guarantees for v6) and the system is not receiving network unreachable errors back...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Those PCs will sit there looking for an ipv6 router, effectively the same as an ipv4 client looking for a dhcp server... If there is nothing there to answer the request, they will keep sending it but never acquire an address and therefore never try to use the protocol in question.
The only time you would ever have a problem is if someone installs a device that answers those requests with invalid responses (eg it advertises an ipv6 route that doesn't go anywhere, which clients then try to use and have to wait while it times out)... The exact same problem could occur if you install a rogue ipv4 dhcp server.
If your clients only know about ipv4 then they won't be able to access any ipv6 services except via a proxy (you cant nat from v4 to v6 but you can go the other way round). its quite possible to use ipv6 internally, with a gateway that provides a nat-pt service that effectively works just like ipv4 nat, except that the internal addresses are ipv6.
As a network engineer, you really should already know all of this, although you're already several steps ahead of most of the network engineers i know who don't even realise ipv6 exists.
When it comes to uses, a lack of conflicting addresses is the biggest use, a lot of small company or individual networks are interconnected via vpn links and MANY use the same ipv4 address ranges, ranges such as 10.0.0.0/24 or 192.168.0.0/24 are popular... it's not uncommon that people have been forced to renumber their home networks because they conflict with the work vpn for instance, and i know companies who have vpn links to other organisations and all kinds of extremely complex nat rules to get around duplicate use of the same internal addresses. V6 solves this by ensuring that everything has its own globally unique address...
It's also a common misconception that v6 addresses are more open than nat, yes they *can* be openly routable but typically you would configure your internal addresses with a statefull filter to not permit inbound connections and only permit data which is part of already established outbound connections - effectively the same as ipv4 nat but without the extra complexity.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Topology hiding.
My hypothetical organization is NATted. How many computers are on my network? You can't tell. Or, at least, I'm not just giving away that information.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Don't know where in the world you are, but...
I work for an ISP. We're busy pushing HARD to get IPv6 out into the wild. Our first set will be the cable set-top-boxes, then internet cable modems. Internally, we're moving some of our systems to IPv6.
We don't make money off of selling you IPs, we make money by selling you bandwidth. We limit IPs because we have to (with IPv4). Moving to IPv6 is going to be a royal pain in the ass for us, but we NEED to do it. You "forcing" us is laughable - we'd love to be there already, and we're only not because it's a huge undertaking in addition to our normal day-to-day operations.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
The only time you would ever have a problem is if someone installs a device that answers those requests with invalid responses
I think it's fixed now, but when Vista was launched it would always advertise itself as a 6to4 tunnel provider, even if it didn't have a publicly routable IPv4 address. This broke every other dual-stack machine on the local network.
I am TheRaven on Soylent News
I was being sarcastic. I know the IPv6 NAT isn't in Linux yet. That was my point. IPv6 will be more deployable once NAT is not only possible at the technical level but also available in the products I routinely use.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
This is *exactly* what RFC3041 discusses.
Microsoft has already implemented a solution, in Windows 7 at least -- which is to say, Microsoft is actually ahead of the curve in implementing an RFC standard. Good on them. That covers the majority of home and office desktop users. The Linux folks will catch up.
Turning IPv6 off now just means you have to turn it on in a few months. I would rather avoid making two changes to all the hosts in my network.
The simpler solution for the basic network where IPv6 doesn't matter yet is to make sure your router null routes the IPv6 default (::/0), get valid IPv6 addresses, build a basic subnetting plan and put it in place on your routers with appropriate RAs. That will prevent hosts from trying to build 6to4 or Teredo or ISATAP or other bizarre kinds of autotunnels and give quick negative responses to attempts to reach IPv6 hosts resulting in timely fallback to IPv4. Simple, efficient, and, when you do actually need IPv6 connectivity, you just need to change the configuration on your routers (which you'd have to do anyway).
As to when to deploy IPv6, if you're running a network full of end users behind an IPv4 NAT using RFC-1918 space, then, no, you probably don't need to convert that network over right away, but, you will want to deal with all those systems that are now shipping with IPv6 on by default as I have described above or you will see user complaints as a result of their attempts to reach a growing mass of IPv6 content.
However, if you have any public facing content or services (as most businesses do at this point), then, you're going to want to make sure that those are reachable via IPv6 as well as IPv4 as soon as possible. Certainly within the next 12 months or so.
The people depending on the current address calculators and an 18-month clock to RIR runout after IANA exhaustion are in for some rude awakenings.
First, the clocks are wrong. They don't seem to correctly account for current utilization rates, nor do they account for the fact that 5 of the 14 remaining /8s are reserved to be distributed one to each regional internet registry when the others are exhausted.
IPv4
At the beginning of 2010, there were 21 IPv4 /8s in the IANA IPv4 free pool and 5 in the reserved section described in the last paragraph. Today, less than 9 months later, there are only 9 /8s remaining in the IANA free pool and 5 still in the reserved section. (Note that the clocks all talk about 14/224 which is 9+5).
At the current rate of consumption, we're not talking about 285 days to IANA runout, we're talking January or February of 2011. Feb. 28, 2011 is 194 days from now in my current timezone (Thursday, 20 September, 2010). (Notice the 91 day (or more) error in the countdown clock).
Additionally, once IANA runs out of IPv4, the RIRs aren't going to simply coast for 18 moths. APNIC, RIPE, and ARIN will likely be in a race to see who runs out first. I think the smart money is on APNIC. However, whichever one runs out first, you can bet that the multinationals (i.e. the largest consumers of IPv4 addresses) in any one of those three regions will start pulling space from the other regions too. As a result, whichever one runs out first will accelerate the other two rather abruptly. I predict that the first RIR will run out on a timeframe more like 6 months after IANA exhaustion rather than 18.
It's less clear what will happen with space in the AfriNIC and LACNIC regions due to unique circumstances.
IPv6 is no longer an option, it is a requirement. Time to stop with the FUD and misinformation and start facing the cold hard facts staring us in the face.
Yes, the earliest predictions of runout turned out to be wrong (only because NAT was developed _AFTER_ those predictions were issued, btw).
However, the predictions today are mostly wrong too, but, not in the direction you want and certainly not as far off.
Failure to deploy IPv6 at least to your public content and services within the next 12 months will place you at a competitive disadvantage against other companies that do. That disadvantage will only increase with time. It is also critical to deploy IPv6 capabilities to your support staff and your IT
departments so that they can become familiar with it and learn to trou
The problem isn't just your SOHO router, though that's actually a very big problem for ISPs.
And the problem isn't just ISP and enterprise routers that are much slower at routing IPv6 than IPv4 (the longer address space is a problem even if you weren't using ASICs to do the routing, which you were.)
And the problem isn't just application systems like MySQL that don't have native IPv6 address handling APIs.
Think about every application you've ever written that stores IPv4 addresses in a 32-bit integer, either in working variables or in databases, or displays them to a user as a 15-character dotted-quad string, or sends an A-record query to a DNS server to get an IP address, and every application your ISP might be using to keep track of what equipment is where with what addresses on it, and every network management application your company or ISP is using to monitor equipment health or configuration. Now go fix them all to store both IPv4 and IPv6 addresses. Preferably before the people who want to access your website only have IPv6 at home.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
And if you ever noticed, when you get that 169.x.x.x private address then you have no network access at all under Windows. At that point, it'd be better to just mark the connection as disabled since it's functionally disabled even though its configuration looks like it shouldn't be. Very deceptive; and a bad way of doing configurations.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)