Slashdot Mirror
There Is No Plan B, the Ugly Transition To IPv6
An anonymous reader writes "The Internet is running out of IPv4 addresses — not at some point in the future, but right now. But the only solution to the problem, IPv6, is just now really starting to be deployed. That's why we're all in for some tough times ahead."
Maybe we should reclaim some of AOL's massive block of addresses. It would help a little in the short run. And they sure aren't using them.
What? We're running out of IPv4 addresses? Why are we only learning this NOW? This is an outrage! Why haven't tech sites told us about this problem sooner...say, several times a year?
Article invalid: Author considers NAT to be a security mechanism, and specifically cites Windows ICS as the example... I've personally had Windows machines owned by infected machines on the same segment.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1980s Real Estate
1990s Tech Stocks
2000s Commodities
2010s IPv4 addresses
...how many patents related to IPv6 were filed until now?
http://cr.yp.to/djbdns/ipv6mess.html
-paul
Why is it that problems never seem to get corrected until they are well and truly disastrous in scope.
We should just censor half the internet and reclaim those IP addresses! That should solve the problem and give us plenty of time to move to IPv6!
Hey, it looks our "tech-aware" government is already trying that -- never mind!
Finally we will no longer have to use this IPv4 NAT garbage with all it's limitations!
Have routers use IPv6 and regular computers use IPv4 and reclaim the IPv4 addresses used by the routers. Use IPv4 tunnelling. I think I've got that right.
Nobody cares, nor needs to, except the ISP's and hosting outfits. If they provide a nice 6-4 proxy (or whichever way around it is), 99.999% of users can continue doing everything they normally do. I've done it on several of my machines in the past, been in the IPv6 net and browsed IPv6 websites to confirm it, and I never once had to touch my IPv4 config or do anything too fancy - certainly nothing that an ISP couldn't do transparently from their side of the net.
It's an issue if you're hosting websites, because then your site needs to be accessible from the IPv6 addresses, but that's an issue for the hosters, most of the biggest of which are managed hosting outfits that can switch that on overnight if they haven't already - if they are allocating static IPv4 addresses, it's just a matter of translating and passing on IPv6 requests for a recognised IPv4 equivalent address to an internal IPv4 network. The root DNS servers are running IPv6 already, etc. There's absolutely nothing to stop this just working on most people's machines today and, no, not every machine needs to upgrade to IPv6 addressing in order to do that. In fact, if anything, suggesting that internal business networks suddenly become IPv6 addressable is the most stupid suggestion in the history of the world - most places just want an "4-6 convertor" in layman's terms and they'll tick along quite nicely on their internal 10, 176, and 192's without caring. Most places would run absolutely fine, the only place it matters is the extreme borders of the Internet.
People don't run IPv6 not because of any of those reasons in the article but because a) they haven't heard of it, b) ISP's don't support it or won't do it for them automatically and c) a lot of OS's never come preconfigured to use IPv6 if it's available. Oh, and of course, d) nobody will care until their IP address allocation requests start getting turned down.
It's not a big deal, it's not going to kill NAT's and 30 years from now there will STILL be local networks, internal VoIP systems, print-servers and whatever else using IPv4 addressing because it's a damn sight easier to leave a working config alone than to upgrade/replace every bit of hardware that touches IP. I can use IPv6 today. There's absolutely no need to until every link in the chain supports it and that's still YEARS away even with US government backing. And even then, IPv4 isn't going anywhere - it's just being superceded. It's like saying that all SSH servers have to switch to SSH2, or all wireless LAN's to 802.11n - it'll happen, and a little nudge won't hurt, but overall people just don't care enough for the majority of cases and their old stuff will still work on IPv4 in 20-30 years time if it's still operational.
Tell me when even 5% of the websites that I use regularly are available over IPv6 and I'll look at setting up my VPS to do the same.
And at every job I've worked in the past 5 years, management has completely had their head in the sand about it. :-( And none of the developers understood enough about IPv6 to push in an even faintly credible way. :-(
I've been running IPv6 on my home network since about 2002. It's just not that hard. In fact, it's a lot easier than running IPv4. My IPv4 home network has a seriously contorted configuration because of the constrained addressing. When I wasn't even given a block of IPs but instead given X number of individual IP addresses it was even worse. My IPv6 network, OTOH, is configured quite simply and obviously.
OTOH, even though I've had an IPv6 DNS server for ages, my stupid registrar STILL does not support IPv6 glue records. It's ridiculous. The standard has been stable enough to do something like that for at least 3-4 years now. I just want to strangle them.
Last I checked, we only have about 200 days before ARIN stops being able to hand out new IPv4 addresses. It's around 7 months. After that, hosts start appearing on the Internet that only have IPv6 addresses. The connectivity breakage will be slow, subtle and inexorable. I bet it takes the tech industry at least another 5 or 6 years before they have to fix the problem or not have customers, and I bet it won't be fixed before then. So very very stupid.
Need a Python, C++, Unix, Linux develop
As an employee for a major electronics retailer, I can see that this whole situation is going to be brutal on the general internet going public, but more importantly it's going to be brutal on me when I have to try and explain to grandma Jones why her internet doesn't work right anymore on her 10 year old computer and how she's going to have to buy a new router/modem/network card/computer. People don't want to deal with ugly inconvienent stuff like the switch to ipv6 (no matter how needed it might be) they just want their stuff to work. I really hope this transition goes a lot smoother than it looks like it's going to, but I don't have a lot of faith that it will.
In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
Just force all porn sites on the internet to be accessible from IPv6 addresses only.
Serious question. I already have an IPv6 address, why doesn't Slashdot have one?
Follow your Euro bills at EBT
I see it a little like domains. If a domain is already taken, you contact the owner and pay for it. If an IP is already taken...
So, what are the best ways to profit from this crisis?
Hoarding IP addresses is an obvious way, but that market seems pretty crowded already.
Actually you might say we've been running out of them since the moment the first one was assigned...
Maybe if you spelled slashdot correctly?
Yeah? WTF is slahsdot.org?
Learning HOW to think is more important than learning WHAT to think.
Exactly. Haven't we been running out of them for at least the last 10 years?
Awesome that no-one ever cared.
It will be like this as well for oil and clean water and air. Populations need to learn to dis-trust their businesses and governments more, that would be a good start and a help. It would also help a lot if people learned to look themselves in the eye.
attackers don't only come from the Internet. The "hard shell, gooey centre" security model is doomed now that people are buying laptops, ipads, iphones etc. Mobile devices need to protect themselves, and since everybody is buying mobile devices, upstream network located firewalls are losing their effectiveness.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
we're running out of ipv6 addresses!
buy your *now*
Is it not entirelly impossible that IP vendors, network providers, ISPs and hosting companies have already accumulated or say squattered enough 4byte IPs to take advantage of the upcoming IP shortage situation and are not rushing the much needed IPv6 hardware deployment as they should?
What are you for posting the answer to your question in the title of your post, but then posting the question in the body of the comment below it, and then failing to properly end your question with a question mark?
Finally had enough. Come see us over at https://soylentnews.org/
It's the unnecessary use of IPv6 on private networks.
I participated in a RIPE training 4 years ago and according to their statistics, we were supposed to deplete the IPv4 address space during 2009. Well guess what..
The low estimates for running out of addresses are the ones that usually get quoted, but both low and high bounds on the estimate have been available for a while and while they tighten taking a midpoint has been quite stable for some time now. 4 years ago the estimates were 2009-2013. IIRC the bounds are now something like June 2011 - December 2012.
15 years ago I first heard about IPv6. IP4 was running out of address space, and IP6 would save the day. A bright new future with enough addresses for every single object on earth. For years I've lived in continuing surprise that it still hasn't bee implemented yet, and now it's too hard to implement because of weird crap that's been added to IP4 in last 15 years?
I'm thinking this will be just as huge a problem as the y2k bug was. Hold on to everything you can and... only some minor issues pop up.
Here's the secret to immortality:
It will be like this as well for oil and clean water and air.
Off-topic:
I discussed politics/what party and old man at the gym had voted for last time I saw him.
Useless information:
He voted for Moderaterna and talk about how we couldn't do without nuclear power, needed it and how good it was nowadays. Which was rather ok (I don't know much about modern technologies but as far as my own reasoning goes running the power plant and storing the waste is kinda ok, but I think we need to accept mining our own raw material if we are ok with nuclear power instead of having someone else do it, and do we want to? Haven't read up on Thorium and don't know much about newer reactor designs but it doesn't matter much atm.)
Point: ...
But then he started talking about global warming and how obviously they where so wrong because the last winter was so cold!
You got plenty of people here who are permanant residents of the state of denial. So why not ask them?
Ask the idiots who year after year come up with "reclaim a handful, that will delay the inevitable for a couple more weeks, so nothing needs to be done" or "NAT, I heard that solves everything! Yeah, I nat my windows XP machine and everything is windows XP so that is the solution!"
People HATE change and HATE having to learn new stuff.
And the longer they put it off, the more they got to keep denying it, else they look silly.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
is why didn't we just go for an extension?
Normal IPv4 is 4 sections, for IPv6 we could have added 2 sections, making IPs such as:
150.150.150.150.150.150
Simple to understand, minimal hardware & software changes. Of course, some new features will be lacking but in any case...
Putting the remaining 2 sections on separate portion of the packet, keeping the first 4 sections normal, would allow legacy hardware to route these, yet trivial to make new hardware to understand.
We could have even gone for extensible protocol, address minimum if 4 sections, but at will the endpoint can allow for extension of N length.
Thus we'd need only a *single* IPv4 address per ISP for example, and they are free to give out as many as they want from that.
All the midpoints would route these trivially, and the endpoint is the only one needing to translate the last sections, making no tunneling necessary as you could visualize tunnels created automaticly, without any problems.
This would have made minimal to no impact whatsoever for backbone networks at this moment, all it would have needed are:
- Some new edge routers for those who wish to extend
- Software update to operating systems of trivial level
- Instead of Class Cs given for new applicants, you give just a Class D (what is now single IP address)
The transition would have been smooth and easy, and if started when IPv6 came around, it would be supported by now widely by all operating systems, switches etc. only a marginal group of legacy systems do not understand.
Legacy system support:
- They are made to believe they have IPv4 address "Class D"
- Something like NAT is used to translate this based upon MAC address of the NIC.
- No downsides of NAT
- All benefits of NAT
- Basicly the same method "extensions" are being done, this time just in reverse.
- Lightweight
- Downside: Still needs packet manipulation at the switch (edge switch in case of ISPs)
This would have been *über* easy to accomplish, and can be easy to accomplish EVEN TODAY.
New software for some DSLAMS or Edge switches: Do reverse extension address translation. Done deal, no OS updates required for typical home user. Of course, that is very limited support.
OSs need to be updated for full feature set, such as extensible addresses used in typical lower level network tools (ping, traceroute as an example, which typical users DO NOT use).
On Phase 1 it would act 100% just like NAT. No support for servers as of yet tho.
Getting servers of extended IP address to work for OSs not supporting extended IPs is the tricky portion, but as of today is not required (enough IPs to go around for servers at the moment), and could follow up in several years. Those left behind, are left behind, nothing around that.
There are multiple solution routes for that aswell if legacy system are needed to make connection to extensible IP addresses, translations done on the switch. All of these needs to be researched what their impact is.
One solution is to dynamically map reserved areas of IPv4 space, or 1 class A set aside for this. The switch assings for extended IP address an regular IPv4 address from this space, allocated for this MAC address at request time. We manipulate DNS results according to this data from regular response.
- System requests dns for slashdot.org
- Switch detects this and waits for response
- Response is arriving, switch looks into the results: (changed to extended)
slashdot.org. 3583 IN A 216.34.181.45.100.100
Changes response IP to:
224.216.100.100
- connects to 224.216.100.100 (224.x.x.x is reserved/unusable space)
- switch translates that to 216.34.181.45.100.100 and does NAT for the connection
How this is *NOT* done for modern system: Modern systems in the initial request (origin IP) had the extended IP. NAT disabled for this system.
Acquiring IPs:
I'm not familiar with DHCP protocol enough to envision a proper scenario, but my guess is we can extend the protocol trivially.
Please proof me wrong this wouldn't work so i can rest easy.
Pulsed Media Seedboxes
For your information, plan B is ISP NAT and a zero-sum game address transfer market. That would allow us to reallocate upwards of 80% of IPv4's addresses, extending the life of IPv4 some 10 to 20 years. It's not a fun prospect, but it's eminently workable -- perhaps even more so than IPv6.
So, anyone who says there's no plan B doesn't know what they're talking about.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Corollary:
If it weren't for the last minute, nothing would ever get done.
Until recently (and probably today still) there was no mechanism to allow a IPv4 host to talk to a IPv6 machine, even if there is address space reserved for the former in IPv6. NAT64 was not being seriously worked on until recently, yet it's obviously absolutely needed; without it, IPv6 hosts need to be dual stacked, ergo have an IPv4 address. What happens when you have both? If IPv4 gets broken for some reason, nothing useful works, so it gets fixed. If IPv6 gets borked, you probably won't even notice because everything is still using IPv4. So in the end many theoretically dual stacked machines are actually single stacked.
How long did we know that the year 2000 would pose a problem for legacy and other craptacular computer systems? How long before that date did the industry actually begin to address them?
It's always a problem for "next quarter". Unless it damages (profits|revenues|share price) right now, fixing it is just a cost center.
Welcome to the Panopticon. Used to be a prison, now it's your home.
I'll never switch to IPv6 with its cold, digital precision rendering of data. The lower resolution of IPv4 just provides a better rendition of old favorites like slashdot, to my eyes anyway. Sure, there's some noise, some clicks and pops, but nothing matches wikipedia seen through a nice tube monitor.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
It's all thanks to IPv6 being designed to poorly that no one wants to deal with it.
If IPv6 were a reasonable upgrade, people would have already done it. No one wants to memorize or type 128 bit addresses.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
December 2012.
man those Mayans sure were smart
Really?
Well, ok, a little recap:
IPV6 has been resisted by virtually all major players, with few exceptions.
IPV6 is poorly tested in the real world. We will see massive problems getting it working.
IPV6 WILL WORK. It will take some time.
IPV6 will coexist with IPV4 poorly, and we will see a dramatic changeover as the critical mass of IPV6 nodes comes online, and IPV4 is more trouble than it's worth to keep around for a little while longer. My estimate, 3 years.
Asia will lag behind in IPV6 adoption.
Some interesting points:
The U.S. Department of Defense holds 11 Class A blocks. If they could reduce their usage to just 3, we could give IPV6 another 3 years of grace. But:
- If we give IPV6 3 more years, it will still take 3 years from then to substantially implement it. And the industry will take those 3 years to avoid the pain.
- The DOD will need at least 5 years to reorganize and give back those Class A blocks. The Navy alone will need 2 years to negotiate with EDS/HP to make the changes. Read up on NMCI and you will recognize a genuine military-grade CF. NMCI is a failure. IPV6 would merely give EDS/HP another opportunity to gouge the service. They rarely miss these opportunities.
- There are several Class A block owners that look like better candidates for either conversion or elimination. None seem ready to do what the DOD would have to do, i.e. spend massive amounts of time and money to make a change for the community, without any real benefit to them.
Just some personal IPV6 observations:
I had two different Fedora distros fail for me at home because IPV6 was turned on and both my router (Linksys WRT54G stock F/W) and my ISPs (Cox and Qwest) fritzed their IPV6 implementations. No, wait, both ISPs had no working IPV6 in the Phoenix area in 2005-2008, despite claims to the opposite. The Linksys I will probably have to reload with something more useful, but it's the early one that can take a lot of new firmware.
Oh, and turning off IPV6 in each Fedora release required different and arcane methods. A hint to the Linux community - common and stable configuration methods would be a blessing. And not just a GUI. I know, security, security, security. I can assure you, my broken Fedora builds were secure, even from me. A stopped clock is right twice a day.
I think my Ubuntu distro left IPV4 on and IPV6 off, but I haven't looked. It works, and has for 3 years.
Despite the clamoring for IPV6, it just has no traction. Why bother yet? Like a lot of things, crisis will have to escalate to failure before this gets fixed.
If Jon Postel were still with us, he would have already made this happen. I miss him so. We need individuals that drive Internet management and administration, not groups. Internet by committee is failing. Can we not find anyone trustworthy to lead Internet functionality at this level?
No, Stallman is not the answer. And nobody at Sun/Oracle either.
deleting the extra space after periods so i can stay relevant, yeah.
Non-IT Companies like Ford doesn't need to be on a list like this at all. Apart from a a few WAN IPs, a webserver, and a mailserver, they could probably put their whole network behind NAT, and no one would notice.
That's funny!! LoL. This is what happens when you treat a limited resource as an unlimited resource.
www.Migrainesoft.com - Computer giving you a headache? We can fix that!
... is increased network isolation.
There are services possible with IPv6 that are not possible, or certainly more expensive to implement, with IPv4 and its partitioning and NATs and all that. Think multi-cast, for instance. Or, ubiquitous IPSEC. Or, working QOS that is what ATT, Verizon, and Google ought to be talking about instead of trying to defeat net neutrality. Those are new building blocks.
There is money to be made in new services, if we get off our butts and transition.
Well, apparently, you only have to fool the majority of people for a little while.
Good health is merely the slowest possible rate at which you can die.
A friend of mine just colocated his server. The colo he used gave him 4 or 5 IP addresses for his single computer. Even though he is running VM's, he does not need 4 IP's.
This kind of thing is happening everywhere. Cleaning up that kind of junk will give us time to convert to IPv6
My large employer has public IPs to the desktop. According to ARIN, my desktop is in a block of over 500,000 addresses owned by the company.
/24!
I'll have you know we're using *over 20* addresses on my local
What shortage?
A simple google of "ipv6 for os x" reveals countless sites discussing how to enable it and test it? So this article says that only Windows Vista and Windows 7 has it but that OS X and other OS's don't? Whats up with that? What exactly are they talking about here?
www.Migrainesoft.com - Computer giving you a headache? We can fix that!
it is gold plated, and we all know what that means: leprechauns and unicorns make your browsing sessions happier
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"Hosting report about Slahsdot.org. Slahsdot.org is currently hosted at Oversee.net visit site. The IP 208.73.210.28 links to a server in Los Angeles, United States. The company behind this all is Oversee.net."
Who is John Cabal?
Let's just assume we can put IPv4 address exhaustion off for a couple years.
What then? It's a chicken/egg scenario. Let's say I'm a good admin and I move all my outside-facing servers to IPv6.
This assumes All the software we've got (internally and externally developed stuff) is going to work with IPv6 addressing. What are the chances of that happening?
This also assumes that not only is all equipment new enough to do IPv6 properly, but the newer stuff all properly supports it. That's also not much of a concern if I can't even get IPv6 addresses from my upstream provider.
FOr the most part, I think IPv6 is a problem looking for a solution. The huge mental jump for administrators and the added burden it adds to day-to-day crap (mail admin would be so much fun with IPv6 addresses in logs, don't you think?) alone makes it something that many people want to put off. It doesn't matter if I can do the hex/arabic transition in my mind; remembering that much more between looking @ one log to the next is going to be a headache. And yeah, I really want to start typing lengthy hex strings into network configurations (whether it's BIND or a Cisco or something else).
The 'shortage' of IPv4? Somehow, it doesn't seem like the bigger shops are much concerned. Likewise, there always seems to be an abundance of allocation: if indeed it were a limited resource, someone, somewhere - aside from a regulatory board or a sensationalist author looking for his pay day - would be taking notice.
Even though these netblocks are allocated does not mean they are used. Clearly, there is surplus as of now - there is more supply than demand, because they still exist.
I'd think there'd be
Here's another idea: why didn't they just expand the address space by x256 by prefixing it another couple bits? Would that not have been enough? They could have then put their added security extensions on that "IPv6" stack as an optional extension instead of a prerequisite, and humans would still be able to read the "quads" (which would now be a quint).
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
If you can think of a way to expand the address space without expanding the number of bits in the address, I think there's a Nobel prize in it for you.
But to answer your concern, you should look into this cool new technology: http://en.wikipedia.org/wiki/Domain_Name_System
No one wants to memorize or type 128 bit addresses
How often do you actually need to do this though, DHCP works, DNS works, etc...
Personally, I think the problem is one of 'who's first?', in that it's not a straightforward process for an IPv6 address to send a packet to an IPv4 address and vice versa.
So you end up with the problem that you'd need EVERYBODY to switch at the same time, because once all your users have IPv4 addresses(possibly behind a NAT) so they can reach IPv4 servers, and all the servers have IPv4 addresses so they can communicate with clients that haven't upgraded yet, you might as well send packets via IPv4, as it's actually a little more efficient.
Sorta like how a 32bit system is a little more efficient as long as you're not busting the address limits compared to a 64bit system.
I don't read AC A human right
One point slipped my mind, and I realized right after hitting submit that I had forgotten to include it:
The reason I say it would be "better" if everyone had a public IP address is that it would make it much simpler for user-to-user direct communications (voice/video chat, remote backup to a friend or relative, games, file transfer, remote administration/tech support [e.g. I use VNC to assist my parents with computer problems, but had to setup port forwarding for that to work - but they have two computers, which complicates things since you can only port forward to one device, unless you use different port for each device], etc).
Actually you might say we've been running out of them since the moment the first one was assigned...
We are running out of IPv6 addresses.
Then screw IPv6, I'll wait for IPvINFINITY.
There are two points here that make me think that it's never going to happen.
1) Scarcity drives up value. If it starts to become hard to get IPv4 addresses, then this is just the excuse that an ISP would want to start -charging- for public addresses. Want a real IP address? Oh, that will require a business account and an extra $100 a month please.
2) It's in their interest to make your internet the least useful possible. That private IP address making it imposable to do anything other the email and web browsing? Great! Just more bandwidth they can oversell.
3) Because of 1&2 companies that have become little more then hallow husks (AIM?) or bought out by holdings firms that no longer have any use for those swaths of IPv4 addresses that they have been assigned suddenly have a new 'profit center'. Selling off chunks to other companies for a profit.
IPv6 is never going to happen.
That's the start of your problem right there. Their products are a waste of otherwise perfectly good sand.
"The bad news is, nobody will do anything about critical infrastructure protection until there's a global catastrophic failure. The good news is, there will be a global catastrophic failure." --- Mark Rasche, former head of the United States Department of Justice computer crime unit.
Didn't they only break backwards compatibility when they gave up on PowerPC and switched to Intel chips with Tiger?
Kinda-sorta.
OS X on PPC would run Classic (pre-OSX) apps, but did so by actually running OS 9. It was similar to VMWare Fusion works on Intel Macs today. OS 9 was actually running, but the desktop was hidden and OS 9 apps were each given their own window so that they seemed to play alongside OS X native apps. If you wanted to, you could display the OS 9 desktop or even reboot directly into OS 9 (if you needed to run a game or something else that couldn't tolerate the overhead of OS X).
It was pretty ugly and a lot of people swore off using it as soon as they could; having the Classic environment running soaked up a lot of resources on typical hardware at the time. It was certainly not a seamless attempt at backwards compatibility in the way that Windows has typically at least tried to maintain (at the expense of being uglier in other ways, granted).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
NAT is not problematic because 65K ports is insufficient. It's problematic because some protocols are inherently incompatible with NAT. FTP in active mode, for example, runs into problems with NAT traversal because it uses randomly selected ports, and that's when only the client is behind NAT. If both the FTP server and client are behind NAT, the protocol is broken completely and some sort of proxy or ALG will be required.
There are other examples of widely-used protocols that have trouble with NAT traversal. Anything involving randomly selected inbound ports is potentially problematic.
And yet Slashdot is STILL not routable over IPv6, but Netflix (ipv6.netflix.com)
I own blocks of IPv4 addresses, yes a query to ARIN produces my name. I own many Domain Names (my DNS bills are substantial). I also own several IPv4 blocks because I purchase a business account for my home internet connection; these ones aren't ownership, but part of product agreement from the ISP I go through. I have co-los directly connected into Yahoo's backbone in the NBC building downtown San Diego. I have considerable network resources, for personal use and as nerdy as it is... I'm proud.
The IPv6 problem largely persists because there is 0 infrastructure support. When I say infrastructure, I mean everything from the AT&T copper telecommunications level all the way to the consumer level Service Providers like Cox Cable or Road Runner services. Almost all "IPv6" solutions a consumer can find is nothing more than a IPv6 WAN configuration scheme between you and your ISPs first router and their router does IPv6 to IPv4 translation for all requests. Some companies might have their own IPv6-to-IPv4 translators on the routers facing their upstream providers... again this isn't connected to a IPv6 "internet". The IPv6 support found in software primarily seems to most revolve around one requirement "translation to IPv4".
I know this might hurt a lot of feelings. Bind Ping, a lot of FOSS software has "native" IPv6 support and I'm not debating this. What I'm pointing out is none of it is anything more than experimental code as there is no real means of testing any of it on a real life network. I have faith in it, yes but I have a hard time thinking it could have been extensively tested on a real network.
I realized all of this after trying to get my co-los on a hardcore, pure, real-life IPv6 network with network addresses and all services go. Even up to the point where IPv4 wouldn't work at all. It logically can't be done at this point in time; there are no big time upstream providers in Southern California that can provide a real IPv6 link, even to businesses such as mid-sized ISPs let alone to consumers. This is the problem, without infrastructure support... all we are doing is translation and pseudo-WANs running on top of IPv4.
All the telecommunication companies need to jump on board. All the major universities need to abandon IPv4 for communicating with each other (effectively converting the major backbone of the internet to IPv6). We need the translators to be in primarily reverse, IPv4-to-IPv6 instead of IPv6-to-IPv4. We need all the major ISPs to start offering IPv6 to the consumer. This is the easy part I think, consumer doesn't care or know the difference.
48 bits is 281 trillion. It would have been more than enough.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
DHCP does not necessarily work with IPv6. Microsoft's IPv6 (Teredo) platform doesn't support for example, at least Win2k+IPv6, XP+IPv6, Vista, and W2k3 (I don't know about Win2k8 or Win7, but they probably are using the same IPv6 stack).
That said, DHCP for IPv6 is in a sorry state for pretty much all platforms as most are ignoring it entirely. ISC DHCP Server 4.1 and later supports it; but few distros if any support it. Even Gentoo and Ubuntu only provide 3.x releases as 'stable' releases.
And for those that think DHCP is not necessary - it has many benefits. From configuring the network (yeah, yeah, Neighbor Discovery provides that) to some network security - can't operate on the network without a valid address. Personally, I don't want anyone on my network that I have not authorized to be on it, and when they do get on I want to track them accordingly. DHCP provides a great benefit in that - since I know their MAC address and their network address; and if I expect they'll be on more often, then they'll get assigned their own static and DNS as well.
Until those kinds of things can be supported IPv6 won't go much of anywhere no matter how much IPv6 acolytes want to switch the world over.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
How often do you actually need to do this though, DHCP works, DNS works, etc...
Except when it doesn't. I've typed an IP address at least 10 times in the last week.
The shorthand notation of IPv6 helps a little, but the stupid plan to hand out trillions of them with each allocation ensures that we have to remember a good number of digits for each address.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Yeah and watch the internet routing tables explode by a couple orders of magnitude.
When will the ISP have IPv6 and give out free modems for people with old ones that can't do IPV6?
comcast is still testing IPv6 full roll time line?
ATT roll out?
smaller cable co's? some are still on D2
small town DSL systems?
small town ISP's?
Officially, it's against the rules to do that, but when resources are scarce you are going to get a black market whether you like it or not.
Organizations that are sitting on piles of addresses they didn't need when they got them are going to milk their supply for all it's worth when push comes to shove, and they aren't going to give them up without a fight.
Funny thing about that theory is that nearly everyone I know who owns a Mac runs Windows on it (via Parallels or some such virtualization layer) so they can keep their backwards-compatibility.
The Web is like Usenet, but
the elephants are untrained.
***Why wouldn't they have set-aside a block of 4.2 billion addresses that mapped 1:1 with IPv4 addresses? ... Also, eliminating NAT seems short-sighted***
Both excellent observations. Possibly that's why a lot of folks aren't anxious be first in line to implement a shiny new technology designed by people who didn't address those things.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
I keep seeing people bring up this argument, but the problem is that 'lots and lots' JUST ISN'T. You might free up what, on the order-of-magnitude of 100 Million or so addresses? That still is NOT ENOUGH IP addresses to solve the problem. It might buy us a bit more time (perhaps a few years before address exhaustion really happens). We need Billions more addresses to really solve the problem, which you can't get through re-allocation of unused blocks.
As for companies selling off blocks, until the transition occurs, I'm sure you're right. Well, partly. It isn't gonna be $200/yr for a lease. Maybe $5,000 - 10,000/yr for a lease. Most likely, the price will be determined at auction, and I could see prices even going above $10,000yr per block. I fully expect the world to drag its collective feet in transitioning to IPv6, and IPv4 addresses becoming INSANELY EXPENSIVE as a result.
The silver lining here is that insanely expensive IP addresses gives a big incentive for the transition to IPv6 to begin - whereas right now (pre-exhaustion) most organizations see little benefit to an upgrade, as addresses become very expensive, there's suddenly a financial incentive to migrate.
Please God those statistics never get read in congress, else the government safety inspectors will be wanting to install a shower cam in every bathroom.
The Web is like Usenet, but
the elephants are untrained.
much easier to nat them and make them pay the cost (+ margin) for an ipv4 address if they want one
DHCP does not necessarily work with IPv6. Microsoft's IPv6 (Teredo) platform doesn't support for example, at least Win2k+IPv6, XP+IPv6, Vista, and W2k3 (I don't know about Win2k8 or Win7, but they probably are using the same IPv6 stack).
What the frack? And they expect this to roll mainstream?
I don't read AC A human right
Maybe because we'd rather not antagonize a nuclear power who can also muster a 300-400 Million man army/navy/airforce if they need to, and, oh yeah, to whom we've outsourced 90% of our manufacturing (which they could, I'm sure, quickly turn to military production, just as the U.S. who, at the time, was a rising manufacturing power, turned our then-significant manufacturing capabilities towards becoming the "Arsenal of Democracy" during WWII)?
We hide behind our nukes, which is why we are in no position to really get rid of them, despite the dreams of Obama & Co., because if China decided to gear up for war, they can out-manufacture and out-muster us on about a 6-to-1 basis (or maybe more). Nukes, however, end up being sort of the great equalizer, in a way. Just as on an individual level, guns can make big strong men and smaller weaker men more-or-less equal, so do Nuclear Weapons between countries (so long as you have enough weapons to ensure MAD). Still, even if you've got a gun, there's no reason to bait a bear over something sort-of (relatively speaking) trivial.
Comment removed based on user account deletion
Yep. But 15 years ago we were just trying to get the vast bulk of the US on the internet at all. There were other focuses.
NAT doesn't provide security it pretends to.
Also it isn't a very good protocol it breaks lots of assumptions about IP and all sorts of apps have workarounds.
Ditching NAT is not a bad thing.
They have.
The Tao of math: The numbers you can count are not the real numbers.
I don't know that this would necessarily deal with ALL transition problems, but I had an idea a couple years ago about how you might come up with a collection of transition technologies that work together to make the transition a bit easier, which I posted in my Journal:
http://slashdot.org/journal/215899/A-NAT-DHCP-amp-DNS-Based-approach-to-IPv6-transition
In a nutshell, it seems to me that since the IPv6 address space is so large, you can have many, many hosts where the last 4 bytes of the address are all the same, as long as some part of the rest of the address is different. Seems like you could exploit this fact to give the same 'public' IPv4 addresses to different hosts on different networks (every network could have it's own /16, /8 or even it's own private complete IPv4 address space, internally). Between the Internal network and the IPv6 'public' Internet, you have a gateway which transparently hides the IPv6 details from IPv4 applications/devices. Some of the 'internal' IPv4 addresses would be used for local hosts on the networks, and some of them would be used to establish mappings to the 'real' IPv6 addresses. IPv4 applications could access IPv6 hosts either by making a dns request for the host by domain name (which would trigger the gateway to automatically setup a temporary mapping as discussed above), or if the host you want to contact does not have a 'real' domain name, a special dns entry which encodes the IPv6 address in the domain name, then is parsed by the dns server, which again triggers an automatic mapping between the IPv6 address and a local IPv4 address.
For connections the other direction (e.g. from an IPv6 host to IPv4), it really ridiculously easy - since the entire IPv4 address-space can fit in a subnet of an IPv6 network address, you can just form public IPv6 addresses of the form network-prefix:IPv4address (e.g. if your network prefix is 1234::5678, the IPv6 address of a machine whose 'internal' IPv4 address is 12.34.56.78, becomes 1234::5678:0C22:384E - 0C22:3844 is the hex equivalent of 12.34.56.78 - but users will generally not need to worry about that, as they'll usually be looking up hosts through either DNS, or by making connections through a service like an instant messenger client, bittorrent tracker, game server browser/matching system, etc, where they never even see the address, like the way things usually work nowadays with IPv4).
I've not really heard anyone else describe such a system, but I don't see why it's not possible?
While obviously some address extension was inevitable I think of many things that have hampered IPV6 rollout that were at least somewhat avoidable.
1: IPV6 was designed as a replacement not an extension. What that means is that as well as having to upgrade all the equipment/software you also have to allocate every bloody device a second set of addresses and maintain two separate sets of routing tables. There were some hacks to get arround this and allow hosts on the V4 internet to talk to V6 hosts but home router vendors never seemed to adopt 6to4 and teredo is a pretty fragile design.
2: Rather than just making the address long enough to solve any shortage problems for the forseeable future they also introduced this idea of stateless autoconfiguration which while nice in theory in practice just makes addresses too long and unstructured for people to remember. With IPV4 the address is four octets and there is a good chance that at least a couple of those will be the same across much of the company. With V6 and stateless autoconfiguration there are a lot more and most of them will be different on every machine.
3: Afaict windows XP only supports the aforementioned stateless autoconfiguration or manual command line configuration not manual GUI based config and not DHCPv6. So it's rather hard for netadmins to avoid stateless autoconfig even if they think it's a bad idea.
4: Linux has outright refused to implement V6 nat on ideological grounds. While global address shortages are one reason for nat they aren't the only one (other obvious ones are hiding your network structure from outsiders or adding a private subnet that needs to connect outbound only to the internet without having to go through some hugely beuracratic process to get a subnet assigned and routed).
IMO any ISP that doesn't have plans for deploying ISP level NAT at this point is suicidal (note: it's probablly not in an ISPs interests to advertise or implement such plans until they are forced to, the rational thing for an ISP to do at the moment is to get as many V4 addresses as they can so they can be reallocated to more lucrative customers later). The better ones will offer IPV6 as well and public IPV4 for an extra charge but the ISP level NAT will be what keeps the lusers connected to facebook/youtube/email/etc.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
DNS? You can't have 128 bits worth of address space without 128 bit addresses. Either deal with 128 bit addresses or NAT everything to hell and back.
DHCP is unlikely to get much used in IPv6. It works otherwise...
As for remembering or typing them... just don't. Learn copy and paste. It's not something you should have to do often anyway, unless you are a poor network administrator.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
Paint stripes on it.
Damn, I told them we should have held out for IPv8, but nnnooobody listened to me. Now we're stuck with a half an internet of Internets when we could have had a whole internet of Internets!
Apocalypse Cancelled, Sorry, No Ticket Refunds
That ought to scare people into compliance.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
DHCP is unlikely to get much used in IPv6. It works otherwise...
Then how does the new-out of the box computer bought by my grandparents get it's IPv6 address? What about the fridge/toaster they keep proposing to network?
I'll fully admit that I haven't thouroughly studied the issue.
Learn copy and paste.
Which I tend to do now, except for the tendency to use four fields to store the address so I can't just paste it in.
I don't read AC A human right
There is an easier solution. If even one very key service provider (Google, for instance) announced that:
just watch how quickly the ISPs would implement at least some mechanism for IPv6 to work. Depending on how aggressive the provider was prepared to be (think signed plugins that verify a workable, routed IPv6 address), it could even force a proper IPv6 implementation, with the ISPs educating their users to ensure a quick, smooth transition.
* Sure, some users will just click-through if the ISP provides a filtered version with a bad certificate, but not all, and the ISP does not want to just throw away business.
No, it's only been for a few years now. Maybe a decade or so. Like the old joke: how far can you run into a forest? Halfway--after that you're running out.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Exactly. Haven't we been running out of them for at least the last 10 years?
Awesome that no-one ever cared.
I can't see why anyone would now either.
Is it all thanks to Microsoft? Other network equipment? Embedded systems?
There is no greater motivation than last minute panic.
There's no place like
What about all the email marketers? They only need one IPv4, not a /17 (Yes, they are out there).. Start reclaiming some of those..
174.123.61.34: mail.rentpink.co.cc 5
174.123.61.35: mail.vonpink.co.cc 2
174.123.61.36: mail.alneedthings.co.cc 3
174.123.61.37: mail.bineedthings.co.cc 2
174.123.61.40: mail.caneedthings.co.cc 2
174.123.61.41: mail.chneedthings.co.cc 6
174.123.61.43: mail.deneedthings.co.cc 4
174.123.61.44: mail.epneedthings.co.cc 6
174.123.61.46: mail.fineedthings.co.cc 4
2.103.90.212.in-addr.arpa domain name pointer natan.vendaagil.com.
3.103.90.212.in-addr.arpa domain name pointer felina.comprecomestilo.com.
4.103.90.212.in-addr.arpa domain name pointer dartaian.rapidasofertas.com.
5.103.90.212.in-addr.arpa domain name pointer natan1.vendaagil.com.
6.103.90.212.in-addr.arpa domain name pointer felina1.comprecomestilo.com.
7.103.90.212.in-addr.arpa domain name pointer dartaian1.rapidasofertas.com.
8.103.90.212.in-addr.arpa domain name pointer natan2.vendaagil.com.
9.103.90.212.in-addr.arpa domain name pointer felina2.comprecomestilo.com.
10.103.90.212.in-addr.arpa domain name pointer dartaian2.rapidasofertas.com.
11.103.90.212.in-addr.arpa domain name pointer natan3.vendaagil.com.
12.103.90.212.in-addr.arpa domain name pointer felina3.comprecomestilo.com.
13.103.90.212.in-addr.arpa domain name pointer dartaian3.rapidasofertas.com.
14.103.90.212.in-addr.arpa domain name pointer natan4.vendaagil.com.
15.103.90.212.in-addr.arpa domain name pointer felina4.comprecomestilo.com.
16.103.90.212.in-addr.arpa domain name pointer dartaian4.rapidasofertas.com.
17.103.90.212.in-addr.arpa domain name pointer natan5.vendaagil.com.
18.103.90.212.in-addr.arpa domain name pointer felina5.comprecomestilo.com.
19.103.90.212.in-addr.arpa domain name pointer dartaian5.rapidasofertas.com.
20.103.90.212.in-addr.arpa domain name pointer natan6.vendaagil.com.
21.103.90.212.in-addr.arpa domain name pointer felina6.comprecomestilo.com.
22.103.90.212.in-addr.arpa domain name pointer dartaian6.rapidasofertas.com.
23.103.90.212.in-addr.arpa domain name pointer natan7.vendaagil.com.
24.103.90.212.in-addr.arpa domain name pointer felina7.comprecomestilo.com.
25.103.90.212.in-addr.arpa domain name pointer dartaian7.rapidasofertas.com.
26.103.90.212.in-addr.arpa domain name pointer natan8.vendaagil.com.
27.103.90.212.in-addr.arpa domain name pointer felina8.comprecomestilo.com.
28.103.90.212.in-addr.arpa domain name pointer dartaian8.rapidasofertas.com.
29.103.90.212.in-addr.arpa domain name pointer natan9.vendaagil.com.
30.103.90.212.in-addr.arpa domain name pointer felina9.comprecomestilo.com.
Broken up into /27's but the whole /20 seems to be the same..
Block and forget?
DHCP is unlikely to get much used in IPv6. It works otherwise...
Then how does the new-out of the box computer bought by my grandparents get it's IPv6 address? What about the fridge/toaster they keep proposing to network?
I'll fully admit that I haven't thouroughly studied the issue.
I'm not *totally* straight on this either, but I have IPv6 (tunnel) set up here. It works by the router advertising over ICMP (I think it's called) what *prefix* devices on this network should use. The devices then decide on some suitable postfix (the MAC address is a popular choice; an random one is also). The device the asks something (possibly the router) if this assembled address is a-ok. If it is, this is the address it gets. So no more setting up DHCP and manually assigning IP numbers. Any experts are more than welcome to fix any glaring error; I am not an expert on this.
Learn copy and paste.
Which I tend to do now, except for the tendency to use four fields to store the address so I can't just paste it in.
Yeah, that IS fucked up, isn't it? Whoever came up with that idea should be tickled. Severely. I'm talking goose feathers here.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
NAT provides no security at all. The security you get is due to the router with just happens to also have NAT on it. The router is still there with IPv6.
They portscan anyway so will find it, plus shifting the destination port stuffs you up at the other end when the firewall won't let you out. There may be a nice little hole to let ssh out on 22, but port 2525 or whatever, nobody uses that so you'll hit the firewall rules to stop malware from spreading. The days of firewalls letting all internal traffic get out should be long gone. You can only change the port when you control both ends and can be sure that nobody in the middle is going to stop you. So that means pure point to point and you can forget about getting in via a hotel connection or somebodies WiFi.
Even if you put another server on port 8080 people may not be able to get to it. As a nasty transitional hack I had a webmail system for travelling employees that was on there, and some of them just could not get to it due to hotel networks blocking that port so I had to move them back to the old web server. While it's supposed to be a standard port not everyone who sets up firewalls cares.
Why wouldn't they have set-aside a block of 4.2 billion addresses that mapped 1:1 with IPv4 addresses?
They did exactly that. The incompatibility problems are in other areas, and many of those are relatively recent additions to IPv4. Workarounds for the limitations of IPv4. Limitations that IPv6 doesn't have.
At least, that's as far as I understand it.
Perhaps it would have been better if we'd switched to IPv6 before we got the entire world (and not just the US) on the internet. The enormous growth of the past 15 years seriously aggravates the problem.
In the '80s, they needed only a year to transition from one technology to a completely incompatible one. Switching from IPv4 to IPv6 should be easier, but the huge scale makes it a lot harder.
Maybe, maybe not. I'm not so sure it is harder now. We are just far more cowardly than we were in the mid 1990s and far less staffed up for change. Heck we got the country moved from DOS to Windows which meant replacing essentially all the hardware. We got the whole world hooked up on local lans, which involved physically touching every computer in the USA.
We scoped it, we did it.
What's changed is that:
1) People are much more dependent on the internet.
2) We've lost the manpower we used to have
I'd love to see IPV6 help fix (2).
The internet was undergoing explosive growth in 1995 people were distracted and focused on change that was happening monthly. There really is nothing complex about doing the shift to IPV6 by 1990s standards. You go in you, you tell people how to switch to the new system, you replace the old equipment with the new; configure away any bugs.
Further, the internet is big enough now that the FCC for example could just declare various days that things happen.
Feb 1, 2011 all ISP must provide IPV6 technology or lose their right to use of telecommunications / cable company interconnects for data.
April 1, 2011 All corporations operating in the United with over 50 employees must have a list of all routers and switches not IPV6 capable or lose their right to business class connectivity.
etc.... It really isn't that hard to do as a series of dictates. The US government used to lead on technology shifts. They refused to so under the GW Bush administration but that doesn't mean they couldn't go back to leading like they did under Clinton and HW Bush.
So in 1995 it would have been much easier when getting on the internet was supposed to be hard, and people expected it to be tricky and thus followed instructions. Also far fewer protocols you had to get working all at once. On the other hand you don't have a unified infrastructure. In 1994 I still would have believed that gopher was more important protocol than HTTP as far as information sharing.
Moreover I'm not even sure people would have wanted it. I would have wanted a much more hierarchical internet like we had but were losing. That sort of internet allowed for community, a low security environment. Things like spam, heck advertising didn't exist. I wouldn't have seen enabling commercial activity the way it exists today as a good thing. I probably would have been against the massive proliferation which is the whole point of IPV6. Widespread internet ubiquity destroyed accountability. We still had an open internet in 1995. If I could have looked 5 years in the future I'd see how cool the commercial internet would become and absolutely I'd say that's worth losing the open internet. But in 1995?
Remember the commercial people were online service providers that offered internet as a gimmick on top of their core offerings.
So no, I don't think its harder now. Its more work absolutely but that not the same thing.
Virtually all the growth on the Internet since has been about various companies posturing to make money at all levels. Governments, and Businesses, and Individuals have all been feeding at the Internet trough now since about 1991 when appropriate use was withdrawn. Most of the posturing is done now and the bid providers have us about where they want us. No matter what we pay, our circuits degrade as fast as the providers can oversell them Unlimited circuits aren't unlimited. The lack of Committed Rate in consumer circuits leads to wide swings in throughput for consumers. I have Comcast Business Internet, but I am on the same coax as my home service neighbors. When they all jump on (torrenting their hearts out no doubt), my business circuit goes to about 10% of what I am supposed to be getting. That is a joke, providing alleged business class services inside a consumer network.
Anyway what I was getting at is that this issue of transition to 6 is almost as old as most of the Internet users. Thirty years ago, adaptation to the IP6 stack was slow because the stack supporting it took almost 1MB of ram. That is certainly not a credible concern today where home machines have gigs of ram. I can only think that we haven't made the transition because someone has a vested interest in delaying the transition. OF course what is unfortunate about that is the the disruption to our society will be extreme if this is not dome smoothy Between the money the government has paid to the big providers, and the massive dollars collected each month from consumers, the money has to exist to make the changes we need to transition. IF not I want to know where that money went?
Okay, that sounds workable, as long as you have massive amounts of empty addresses in the subnet. Which IPv6 provides.
Still, if we go with 8 octets for prefix and 8 for suffix, we're still talking about 'So many more addresses' I don't want to think about it.
I don't read AC A human right
And for those that think DHCP is not necessary - it has many benefits. ... some network security - can't operate on the network without a valid address.
DHCP does nothing for your network security. It's a voluntary protocol. Anyone who wishes to join the network can simply choose any available address and configure their interface to use it statically. They will then be invisible to your DHCP-based "tracking" system.
It is possible to control access to a network securely (or by MAC address, if that's what you really want), but not through DHCP. One of those secure mechanisms is IPsec, which is mandated in IPv6.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
IPsec is only useful for securing communications between two specific nodes for a specific communication channel. It does nothing for securing a network. It works for VPN as VPNs around all data between the diverse networks over a single communication channel (or multiple channels bonded into a essentially single channel). That is not the security I am talking about here.
Only works for valid addresses on the network; and then you must get every little detail right for that specific network. That's WHY we have have DHCP - to assign valid addresses and inform of the network configuration. Now granted, they designed that into IPv6 as (i) the auto address assignment (MAC+LocalLink) which provides administrators no method of controlling the address ranges, and (ii) Neighorhood Discovery which tells everyone about everything automatically - again, administrators have little to no control other than to try to track down the offending user and physically remove them. On the other hand, with DHCP you can control the configuration. Granted, some may stealth their way in and figure out the configuration but the majority will not. With DHCP you can also setup methods to track the MAC and then alert for unauthorized nodes - e.g. DHCP registers a MAC+address, and separate software then monitors the network for MACs and addresses not on the official list, alerting appropriately. Take away the ability to control a network via DHCP and such tools go away. Also truly secure networks only use static addressing and monitor for any unauthorized addresses, etc. on the network. This doesn't work for IPv6 since IPv6 by default assigns an address even without a DHCP server - something that is not desirable in all situations. (Great idea, but doesn't really work for certain situations.)
They will also be denied access to the services if the network is configured correctly. Some hotels do this to force you into a registration system before you can go elsewhere on the network.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
IPsec is only useful for securing communications between two specific nodes for a specific communication channel. It does nothing for securing a network.
On the contrary, IPsec defines a protocol for securing connections between a security gateway and a host (network-to-host mode), in addition to the host-to-host and network-to-network modes. Using this protocol on a router you could securely authenticate client devices and limit routing to authenticated incoming packets.
Only works for valid addresses on the network; and then you must get every little detail right for that specific network.
Which is not any kind of realistic obstacle. Even on a switched network you have all kinds of broadcast packets being sent, any one of which will give you the address of the sender. From there it's trivial to determine enough to the other parameters to communicate with that host, clone it, or scan for others.
... separate software then monitors the network for MACs and addresses not on the official list, alerting appropriately.
Exactly—separate software, not DHCP. It's not much of a security feature if your DHCP server just accepts requests from any device which happens to ask, and if you have a way of actually authenticating clients you might as well use that by itself and skip the DHCP.
Also truly secure networks only use static addressing and monitor for any unauthorized addresses, etc. on the network. This doesn't work for IPv6 since IPv6 by default assigns an address even without a DHCP server - something that is not desirable in all situations.
IPv4 will also assign addresses without a DHCP server, in the link-local 169.254.0.0/16 block. IPv6 only assigns global addresses automatically if you enable router advertisement; they can also be assigned statically, directly on the client or with DHCPv6 (which is supported natively for Windows Vista, Windows 7, and Windows Server 2008 clients, not to mention Linux; free third-party software is also available for clients, servers, and relays).
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
But first you have to know about and be about to get a route to the router. That requires a valid IP address on the network and information about the network.
Except you can configure DHCP to only provide addresses to a known set of MAC addresses. It doesn't have to give one out to anything on the network; it could even require authentication via Radius or other mechanisms first as well.
No, that's just Microsoft. No other sane IPv4 stack that I know of (and I'm not calling Microsoft's IPv4 stack sane) assigns in that range. Also, even when Microsoft's does - you cannot go anywhere on most networks.
Unix/Linux/Mac/etc if no DHCP server is available just fail and do not enable the interface at all. No IP address is assigned.
Linux supports yes; but find a working DHCPv6 implementation please - and one that is available on most distributions.
Windows - I can believe Win7/Win2k8; but not Vista - unless they changed it in an "update". I have managed an IPv6 Windows network before; and no DHCP is not even possible. Windows does not even offer the possibility in the configuration; nor is static IPv6 assignment.
And as I said - please point out these clients/servers/relays. I have looked. DHCPv6 was shutdown because ISC's DHCP 4.1 and later has DHCP IPv6 support - but it's not available in most distributions yet; even Ubuntu and Gentoo are stuck on ISC DHCP 3.x.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
I'll tell you why we need so many IP's... Many email servers are restricted in the amount of emails per hour they allow from 1 IP. One of our customers has 300.000 subscribers (their own customers!) and about 100.000 are from hotmail. They would like to deliver their email within the hour.
Hotmail will not allow more than X connections and Y emails per session per IP to one of their Z email servers. So I have this special software from port25.com which will allow me to create A virtual mailservers. I just have to feed that software some IP's.
The maximum rate is dependant on the 'reputation' of the IP (see e.g. senderscore.org). A fresh IP is 'cold' and has to be 'warmed up' (it takes a couple of months). A warm IP is therefore an asset to our company.
nosig today