Slashdot Mirror

← Back to Stories (view on slashdot.org)

IETF Mulls Working Group For IPv6 Home Networking

Posted by timothy on from the router-vendors-salivate-copiously dept.

alphadogg writes "The Internet Engineering Task Force is considering establishing a working group to smooth some of the impending issues around setting up and maintaining IPv6-based Internet connections in homes. 'A collection of protocols needs to be agreed upon, so vendors of equipment used in home networks will have an interoperable suite of protocols available,' said Ralph Droms, a distinguished engineer for Cisco and among those who want to form the IETF working group. Home networking is a fairly new area for the IETF. Many of its standards were designed for large-scale organizational networks, rather than home use."

12 of 104 comments (clear)

  1. Huh? by XanC · · Score: 2

    Having read the article, I remain uninformed about exactly what it is they're talking about standardizing. Also, why does a publication called "Network World" assume that I know zero about networking?

    1. Re:Huh? by mellon · · Score: 5, Informative

      The idea is to come up with a standard for what home routers for IPv6 ought to look like. We'd like to preserve end-to-end transparency, which current home routers break, but at the same time we'd like to avoid creating serious security risks for people who are accustomed to the current home router security model. Support for things like DNSSEC and multihoming are also on the proposed charter.

      Home Networking working group description is here.

    2. Re:Huh? by GofG · · Score: 2, Funny

      Readers be aware, please, that the parent has a 4-digit UID and if Appeal to Authority were not fallacious, this user's word would be fact.

      --
      GFA/M/S d-- s: a--- C++++ UBL++$ P+ L+++ !E- W++ N+ !o K- w--- !O !M !V PS++ PE Y+ PGP+ t+++ 5- X+ R tv@ b++ DI++++ D+ G
    3. Re:Huh? by TheReaperD · · Score: 3, Informative

      Yes, all of that and one major point you are missing: Doing all of this with as little to no interaction with the user. The current standards assume a network tech to configure the router. With the home user, that is almost never going to happen. They want to create a set of "defaults" that everyone can rely upon for the auto-configuration.

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    4. Re:Huh? by Old+time+hacker · · Score: 2

      It also might mean they don't fancy going against a router model made up of bsd and linux software-based routers on appliance hardware in the home market.

      As far as I know, most of the home routers today are based on open source platforms. [Yes, I know that some models use proprietary operating systems as it allows less RAM to be provided on the box]

      I'm just about to install networked thermostats into my house. The current model is that it connects to a central server somewhere, and, in order to control my thermostat, I also have to connect to that site. This is crazy. I should be able to talk directly to my thermostat (over v6) from my smartphone (without needing to type in a v6 address!) Somehow my home firewall (without configuration) has to know that it can let my traffic in, but not other people who want to change the setting on my thermostat.

      The trick is finding a way to make this happen securely and without configuration. On the face of it, this seems like a challenging task.

      Philip

    5. Re:Huh? by petermgreen · · Score: 2

      I'm sure some form of v4 service will be maintained for a long time to come. However due to IP shortages some users will not get public v4 IPs, instead their v4 service will will go through a NAT controlled by the ISP. Since the user doesn't control this NAT they will not be able to accept incoming v4 connections. Depending on how the ISP implements that NAT they may or may not be able to use NAT traversal techniques (or they may be able to use them but not reliably). These NATS may well be overloaded in terms of either public IP space or in terms of processing hardware making v4 service in general unreliable.

      So while we don't need to immediately replace everything that doens't support ipv6 it is prudent to make sure it is supported in new kit going forwards. The problem is that most critical work as to how IPv6 is to be deployed in the home environment has yet to be done or is still in it's infancy. In theory we could deploy it in the same way we do v4 with NAT in the home router but there are many who would like to see NAT die alongside IPv4 (whether it actually will or not remains to be seen).

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    6. Re:Huh? by isj · · Score: 2

      http://tools.ietf.org/html/draft-vyncke-advanced-ipv6-security-01 has some interesting ideas. At least it is a starting point - we don't want to end up with the same situation as for IPv4 where everything has to be piggybacked on inside-initiated HTTP connections.

    7. Re:Huh? by hairyfeet · · Score: 2, Insightful

      That brings up something I've been wondering for awhile...how long should a government allow "designed for the dump" products be brought in before saying no? Because IIRC they had rules with regards to digital tuners in TVs for a decent amount of time before the switch, yet here we are officially out of IPv4 addresses and still the vast majority of routers on NewEgg have NO IPv6 and most likely never will. In fact short of the expensive Apple offerings I don't think there is a single consumer router on NewEgg that supports IPv6.

      Now since we know that when the switch does finally happen these routers are landfill fodder, shouldn't the government step in and "just say no" to bring in this crap? Because from the looks of it until the government does step in the sub $60 routers are gonna be strictly IPv4.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    8. Re:Huh? by Stupendoussteve · · Score: 2

      Get rid of NAT and the gateway has to work as a real firewall, that is all. That is not some security nightmare, unless companies do not actually put a worthwhile default firewall policy into the gateway. Things like port forwarding would not be needed, but only allowing connections on specific ports could still be controlled pretty well and locked down by default, the gateway just doesn't forward the traffic through to the internal interface. The upside is you could allow multiple devices to be accessed on the same port, rather than being forced to use different ports as it is today.

      If your gateway is working correctly as a router, it should not be broadcasting things like iTunes outside the network anyway.

      For your phone bit... a gateway can tell what interface traffic is coming from. If traffic with the correct address is coming from the correct interface, it's a good chance it is an authorized device. If not, then you've probably got bigger problems than someone outside on the internet. If you are speaking of a phone on the external network, it would have to do what any device should have to do with port forwarding today, the phone would have to authenticate to whatever machine it wanted to connect to. It's not like you're giving unfettered access to the entire network just because you remove NAT, if you wanted the phone to have that access then you should use a VPN.

  2. Not necessarily "failed". by khasim · · Score: 2, Interesting

    Whereas the addressing always implied "one ipv6 for each of your devices"(almost like rfid for bluetooth devices, on the internet, all the time), they didn't figure out the firewalling ?

    IPv6 has a section for private use.

    FD00::/8

    So the home router manufacturers could have the exact same configs as today (with IPv4) with IPv6. With all the same benefits and problems that we have today. And that people are familiar with. And familiarity is the important thing here.

    Beyond that, it's just a matter of phrasing. The techs designing the home routers/firewalls know what the technology can do. The issue is phrasing that in a way that the home user can make an informed choice on what options they want to enable for which of their machines (connecting to which machines on the Internet).

  3. Re:Nessesity of it all by WaffleMonster · · Score: 2

    Why not maintain the IPv4 for the home scale devices (5 port routers) with a IPv6 WAN side connection?

    What would the point of that be? Some of us care about using P2P services like Skype and don't particularly want random people on the Internet to be intermediaries for our traffic just because you are adverse to change. The cold hard fact there is zero security difference between SPI and NAT. If you count the crap folks are able to pull off in the state machines of 1:many ALGs SPI is MORE secure.

    It seems very overkill to push IPv6 to the home level even with "network light bulbs" how many can one house have?

    As many as we fricking want!

    Also for a tech perspective can you imagine the support calls with customers rattling of IPv6 addresses all the time?

    I can't imagine end users ever needing to. LLMNR, DNS, ND, DHCP autoconfig... I don't ever have to manually configure an IP Address to get to or do anything in the IPv4 world today. Why would that change for IPv6?

  4. Re:Or just let IPv6 die by Gerald · · Score: 2

    How old is your data? It's about 3.2% on my servers and growing. I'm going to pop open a bottle of champagne when the percentage of IPv6 users exceeds the percentage of IE6 users.