Slashdot Mirror
Cisco Linksys Routers Still Don't Support IPv6
Julie188 writes "It's 2011, IPv4 addresses are officially exhausted, and the world's largest router maker, Cisco, still doesn't support IPv6 in its best-selling line of Linksys wireless routers. This is true even for the new E4200 router released just last month (priced at $180). The company has promised to add IPv6 to the E4200 by the spring. But it has not been specific about if and how it will offer an IPv6 upgrade to the millions of other Linksys routers currently running in homes and small businesses."
Yet another reason I'm glad I've always recommended against Linksys to friends and family. Shoddy equipment in the past, and no preparation for the future now.
Ce n'est pas une signature automatique.
dd-wrt FTW
Go easy on them, Cisco is such a small company and really there was no way they could have seen this coming.
"In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Apple, Netgear, Dlink, etc are offering support for it.
This is why no one wants to switch yet. If the users can't access your sites businesses are not going to judge it very cost effective to make them available on v6.
1993 called, reminding me to remind you that you must have missed their memo about the end of 'class C' and their new, shiny CIDR-plan.
Considering most OS's out there support IPv6 (Vista, 7, Linux, Mac OS X) and most have it defaulted ON out of the box, why not add the capability?
Because it would cost Cisco money to do so, and they would get no financial benefit out of it. Those routers were never advertised with IPv6 support, so why should they be upgraded for free?
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
You will when your ISP mandates IPv6.
The ISPs have another alternative: refuse to offer connectivity except via NAT unless you're using IPv6. If you're content with being a second-class user, you can continue to use your crappy Linksys. Your call.
"Little does he know, but there is no 'I' in 'Idiot'!"
There will -- assuming the slow pace of the IPv6 deployment doesn't totally fuck it up -- probably be devices that consumers will want to use that will depend on IPv6, for things like multihoming.
If you don't have IPv6, it may become more difficult for your mobile device to roam seamlessly from the cellular WAN to the home LAN when you walk in the door, meaning that the video call or whatever it is you're doing (watching porn, more likely) will drop.
I frequently hear people basically claiming that "nobody needs IPv6" or "nobody needs end-to-end connectivity," and it has a certain "640k is good enough..." ring to it. Of course people don't need IPv6 now, because they don't have IPv6 now -- ergo they can't depend on it yet. But once we have a critical mass of users with true IPv6, so that developers can begin to take advantage of it, then we're going to start to see services that depend on it, and users will start to depend on them.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This is really irresponsible on Cisco's part. I don't care about their monetary considerations, adding IPv6 support into their Linux derived routers wouldn't have been all that hard or costly for them.
Their refusal to enable IPv6 support is having a bad effect on IPv6 adoption. I don't think most people realise how bad IPv4 exhaustion can be. IPv4 exhaustion puts a cap on internet growth, which in turn retards economic growth.
Seriously Cisco, fuck you, just fuck you.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Cheap gadgets not being future-proof I can understand, but this is a $180 gadget not being 10-years-ago-proof...
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Completely hiding the end user from IPv6 is extremely difficult for an ISP. As websites migrate to IPv6 (without an IPv4 version), what IP address should the end user be directed to?
For example:
1. SomeCorp.com sets up his website with only an IPv6 address.
2. Joe Schmoe attempts to visit the website.
3. The DNS query for SomeCorp.com returns the IPv6 address.
4. Joe Schmoe's computer cannot get to the address, because his IPv6 has been disabled by his ISP.
What this means is that the users router MUST support IPv6 unless the ISP supports tunneling. And I suspect this will be beyond most users.
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
> Okay, what am I missing here?
The fact that some of their bottom of the line consumer routers still don't support IPv6 despite the fact that their more expensive products have supported it for years.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Getting rid of NAT is the whole reason to switch to IPv6. NAT is evil and should never happen. And before you say it, there is NO security benefit over a properly configured stateful firewall.
Give me Classic Slashdot or give me death!
Tomato does not, but TomatoUSB does do IPv6.
XML is like violence. If it doesn't solve the problem, use more.
And you'll find that you are still on IPv4 and behind a two layer LSNAT system because your neighbors, ordinary consumers who could no more install DD-WRT than they could perform brain surgery on themselves, all just went out and bought brand-new IPv4-only Cisco routers.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
You mean, people paid money to Cisco for features they still haven't gotten yet? Did Cisco book that revenue yet, or did they defer booking it until the feature will actually be delivered? Inquiring accountants who remember the Enron scandal want to know!
jhw
I didn't RTFA, but I know the summary is inaccurate. I saw some other posts about others with Linksys routers with IPv6 and am here to tell you I am one too. I have a WRT610N and have been on IPv6 in the home for a couple years. Comcast turned on the IPv6 for me recently too.
-]Phreak Out[-
When did people develop this sense of entitlement that every little cheap-ass consumer product they buy ought to be future-proof?
IPv6 has been out a lot longer than my router. It's not about being future-proof. It's about being present-proof.
When our name is on the back of your car, we're behind you all the way!
I was surprised that TFA stated that the Netgear WNR1000 supported IPv6 since I keep my firmware up to date and have not noticed support. Turns out that the version with IPv6 support, 1.1.2.28, does not appear in the router firmware update page but can be found in the knowledge base at: http://kb.netgear.com/app/answers/detail/a_id/18631/kw/ipv6%20wnr1000
It is a new update as of Feb 3, 2011 and its listed as being for the WNR1000v2 - no mention of the more recent v3. IPv6 compatibility is not mentioned on the product page or the spec sheet.
This is too funny: you realize this is Cisco we're talking about here, right? The company that still requires obscene steps and wads of cash to get security updates for a paid-for product?
I don't mean to flamebait, but seriously. Cisco is one of the most frustrating (large) companies to deal with in this regard. Smaller companies try to do the same things, but ultimately those behaviors turn people off their products. Why is Cisco still bannered about as the end-all, be-all for networking equipment, given that:
* feature for feature, their switches are inferior in many ways to their competetors
* Cisco products have less fabric provisioning than, say, HP switches, which cost a fraction as much (off the top of my head, 30% less fabric at 4x the cost)
* Less usability built into the devices themselves (limited interface feature set). This applies to the 'home' routers, too: the Buffalo home routers are comparable to the Linksys (in some cases, 'identical'), cost less, and have better firmware. And lately, the radios have been better, too (for wireless).
* Getting upgrades for an old Cisco is difficult and costly. "Old" usually means "not a couple years new and doesn't have a current service contract".
I mean, seriously: it still costs how much for a Cisco PIX 50x? We're not even talking about something recent; 501s still sell, new, for over $150. It's no small wonder that small businesses buy things like Sonicwall devices given the alternative in 'name brand networking equipment'.
You can argue that it's worth the money due to comprehensive support, lifetime this or that, or what have you. For most people, upon careful examination, the truth is that Cisco isn't a good value decision.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
When did people develop this sense of entitlement that every little cheap-ass consumer product they buy ought to be future-proof?
We're not talking future-proof here. IPv6 is here, now, and yesterday.
Usually consumers have a reasonable expectation their product be present-proof. If it claims to be a router, it should meet current versions of the internet standards, in regards to node requirements for routers.
It sounds like you are relying on accepting incoming connections to a ssh (or any other) server on a home connection. Initially your ISP will probably let you keep a public v4 IP for some token extra cost (or even free on request) but over time expect that cost to gradually ratchet up as the market value of v4 IPs increases. Or your ISP may decide to be nasty and say that to get a public v4 IP you have to upgrade to a significantly more expensive "buisness" connection.
If this service is important to you then you should be making enquiries with your ISP and/or making contingency plans sooner rather than later. It's always better to have plans for dealing with a problem than to have it thrust on you with no warning.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
I don't think they care.
Sorry for quoting your posting title to start, but I'd like to add to what you've already touched on here...
Internet switches are far easier and cheaper to produce and with the advent of IPv6, it will be economically feasible for an ISP to provide multiple addresses for a single residence. In this way buying a wireless switch will be much more plausible and cheaper for the user. I.E. something like this:
Step 1: Refuse to support upcoming IPv6 standards.
Step 2: Prolong purchasing of IPv4 routers and similar devices when addresses are in short supply.
Step 3: Continued profit.
We all know that this business model will not last forever and I am certain Cisco does also - they are not a bunch of idiots. But in the same sense, with few ISP's showing an active desire to switch to IPv6 (not talking internet backbone Akamai, Level 3, etc) and a continued profit from IPv4 routers, there is really little incentive other than ethics to support the new standards. (And common sense which is a rare commodity)
It'll take years for people to start caring about this much. By that time, the current product line will be swapped out for new gear.
My thoughts exactly...plus when we finally make the switch, it will be the Cash-For-Clunker-Routers - think of all that potential profit! Shoot... they may even be able to buy futures on their resistance to a natural internet progression. (jokes)
(I really hate playing the devil's advocate, but the market and laws must create an incentive, we know how "morals" work...)
We should start a new Slashdot and return control to the geeks. It actually wouldn't be that hard to get some users to
Yes. And 40-bit SSL should be enough for anybody.
Er. Uh. I mean to say: "It's really, really obscure! So it must be safe!"
Say again? It is not obscure, it is a mathematical property from the fact that 2^40 is not a very large number but 2^64 is.
How long does it take to scan your subnet? It is easy to calculate, take an average ADSL home connection that is 10/1 Mbps. An IPv6 echo request ping packet is 118 bytes. Packets per second: 10,000,000 / 118 / 8 = 10593. Seconds to complete scan: 2^64 / 10593 = 1,741,408,861,862,508 seconds. Or 55,219,712 years.
Of course 55 million years is the time for someone to scan you. If you have the worm and is doing the scanning the upstream bandwidth would be the limiting factor. So it would take you 10 timers longer for you to scan _one_ guy (*).
Really - how effective do you think this worm would be at spreading like that?
And before you come screaming "I got 100/100 fiber to the home superconnection", ok so for you it will only take 5 million years to complete a scan of your network.
Add to that the fact that you are changing your address every hour by random, so with a very high probability it will never find your address even given million of years.
(*) assuming this guy only has a /64. Given that ISPs are supposed to give people /56 or /48, you do that math as homework.
IPv4 actually 'ran out' a while back, we passed the 5 billion devices connected to the (4 billion address) internet back in August '10. Massive NAT and restrictions on public IP address allocations means that IANA ran out quite a bit later. The restrictions are set to get even more severe but most of the NICs won't actually allow their reserves to completely run out for years. I'll just be nearly impossible to be allocated any addresses.
So Cisco are seeing that the current product line will continue to work as long as the ISP will provide any sort of super NAT'd IPv4 address. Only during the end game a few (perhaps five perhaps twenty) years from now will the end user IPv4 devices stop working and will 'mom and pop' have to do something.
Companies are different; Cisco's VPN software, used by many companies, doesn't work with multiple users behind a NAT. Any server software; including Cisco's needs a public address for the clients to connect to. IPv4 exhaustion is already hurting Cisco and their customers for the E4200 router.
PS: I personally have 14 devices with "Local Internet addresses" (talk about an oxymoron!) behind a single IP so I think that 5 billion is an underestimate. ... I think I may have miscounted; a laptop with WiFi has two IP addresses. ... except this one doesn't ... except when it runs Windows ... virtual machines too !!!!
All NAT devices have a stateful firewall; tracking state is how NAT can happen at all. If you remove NAT, you are still left with a firewall with rules to deny inbound connections unless initiated from inside.
That is, the security you're talking about is not provided by NAT, but by the firewall underneath NAT. That's not going anywhere.
4096R/EF7BAFA6 79E1 DF98 D09D 898F 9A11 F6F0 DDDC 23FA EF7B AFA6
It is obscure. You can keep saying it's not, but it nonetheless is. (You do the dictionary look-up on that word as homework.)
Ok, I assume we will be looking in a computer science dictionary, lets just take Wikipedia on the subject: http://en.wikipedia.org/wiki/Security_by_obscurity
Quote: Security through (or by) obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security.
What we are discussing here can never be obscure by definition. If it was we would not know how it worked since that would be the secret.
Combine the tenacity of something like Blaster with the fact that random generally isn't, and such software will land somewhere. Furthermore, I think you genuinely underestimate the number of folks downloading and running such niceties as "FREE Registry Cleaner 9000" and the "OMG PONIES!!!" screensaver, which allows a fair number of seed nodes out of the gate. (I made those names up. You get the point.)
Actually I do not get the point. In fact it seems you are missing it too. People that install malware are not protected by NAT are they now?
And, of course: Nevermind the fact that such a routeable address will not exactly be secret to begin with: In the absence of NAT, whatever host(s) you communicate with will know this address, and it will no longer be obscure.
The worms I commented on did in fact scan the net at random and did not limit the scan to hosts the client already had a relation to. Being such limited will delay spreading in a drastic way. Back in the day you could not install Windows on a net connected machine, it would be compromised before you had a chance to download the patches. This would not happen with IPv6 because scanning is not feasible and the machine would only make outgoing connections to Microsoft and other large sites that can be assumed not to be infested with worms.
Given enough datamining on a popular and compromised/ill-intended sites, and producing rather complete maps of an individual's home subnet should be practical.
No that would give you old useless data. Knowing what your subnet was like yesterday does not give you any ability to find machines today.
... but it will fail for someone.
So, if we're cannot rely on obscurity by itself, then we'll have to rely on firewalls.
You need to know what privacy extensions protect against. It protects against making scanning feasible and against tracking. But it is not a firewall and is not meant to be one. Just like NAT is not a firewall.
I commented only on the claim that worms could spread on IPv6 like in the old days before NAT, and I stand by that they can not. Those old worms depended on the ability to scan which is not practical with 64 bit subnets.