Slashdot Mirror
Most Enterprises Plan To Be On IPv6 By 2013
Julie188 writes "More than 70% of IT departments plan to upgrade their websites to support IPv6 within the next 24 months, according to a recent survey of more than 200 IT professionals conducted by Network World. Plus, 65% say they will have IPv6 running on their internal networks by then, too. One survey respondent, John Mann, a network architect at Monash University in Melbourne, Australia, said his organization has been making steady IPv6 progress since 2008. 'Mostly IPv6 has just worked,' he said. 'The biggest problem is maintaining forward progress with IPv6 while it is still possible to take the easy option and fall back to IPv4.'"
If it were up to the IT professionals, more businesses would already be on it.
They should have surveyed CFOs to see what percentage of businesses will budget anything for an IPv6 transition in the next 24 months.
I'm an IT professional, but I'm not currently authorized to work on a transition of our network because I have a long list of things that was deemed more important by management.
Who gives a shit if an IT department website runs IPV6
2013? Seriously?
Who would be going to these sites?
I'm guessing about .1% of ISP's will be able to support native V6 by then...
Or maybe when they were asked respondents thought they were answering something about a new version
of Intellectual Property.
Look at the Akamai story earlier on /. it shows only 580M ipv4 address are appearing on the interwebs so there is plenty of addresses like 2G yet to be used.
I work for a pretty good sized company and we'll be lucky to be off XP by then...
"...Plus, 65% say they will have IPv6 running on their internal networks by then, too."
OK, you almost had me at upgrading corporate web servers (comprising of usually only a handful of machines serving that purpose), but do you honestly expect me to believe that 65% of corporate IT budgets are suddenly and magically going to prioritize an IPv6 transition, as they sit comfortably behind their NAT-enabled firewalled environment, the same environment that will continue to work with zero change?
Talk about going from zero to bullshit in 4.2 seconds. If corporations haven't been listening about the impending "doom" around IPv4 for the last decade, they sure as hell aren't going to start that suddenly now.
and what does IPV6 do for inside network any way let any on the web have a open IP to any printer / pc on the network? VS some kind of NAT like setup?
Most inside networks are under some kind of port blocking / firewall system. Also what about all the old printers / hardware / apps / os's that can't do IP V6?
to become a billionaire in the next 12 months. Who gives a rats ass.
how many management tools / VPN don't do IPV6?
They have lot's networking stuff but no place to set IPV6 addresses.
if this is about external websites, then again it's a good effort, but ...
where's the upgrade plan/strategy for the people who will want to access these ipv6 websites?
my isp has no plan/strategy how to upgrade to ipv6 afaik. and I am afraid to ask.
ISPs are still wayyyyy behind. Hopefully more IPv6 enabled websites will apply pressure to them.
There are a lot of devices out there that cannot handle IPv6. Not only is it not feasible to just tell everyone "Oh go replace it," not all of them are cheap things that get replaced often. Some are things that are around many a year.
What we need is a good 4 to 6 NAT standard, and to try to get ISPs on board with that. You have the modem/bridge/router work all IPv6, but run an IPv4 DHCP server. Have it hand out addresses that aren't used, maybe in the experimental range since it won't even step on old IPv4 NAT with that, and reserve another section internally for its use. It then internally handles all the translation. An IPv4 device requests a site that request goes to the DNS server in the router, which goes out and gets the AAAA record. It then maps the IPv6 IP to one of its internal IPv4 IPs for the IPv4 devices. The IPv4 device has no idea what is going on, traffic works just as it always has.
Until we get something like that going, there is going to be a large scale adoption problem. Nobody wants to go IPv6 only because doing so cuts off IPv4 sites. Nobody with IPv4 needs to go IPV6 since everything supports v4.
A 4 to 6 NAT system would be a real boon for ISPs since it would alleviate address space concerns. Hell customers could have static IPv6 addresses no problem. Would be worth their while to do, as address space becomes more scarce, and nobody would mind because everything would just keep working.
I am a network engineer for one of the world's largest corporations (300,000) employees--this week I was just assigned to our IPv6 readiness project, and will be ordering lab equipment shortly. At this rate, we'll have basic IPv6 connectivity up and running for all external facing services by the end of 2012.
Old hardware aside, nothing is stopping you from using private IPv6 addresses inside your network as a pseudo-nat.
We're still missing two major components: Commercial IPv6 Web and Spam filters. Without that, I don't think you want to let your users lose on the IPv6 web or open up your MX to the new spammers.
Many propose doing both. If you don't obtain PI IPv6 space from your RIR, I would highly suggest this. All internal-to-internal traffic should use your private IPv6 addresses, and the public IPv6 addresses are used just for accessing outside your networks. The advantage to this is that only your public facing services and routers have to be renumbered when you change ISPs. All your internal networking stays the same.
Seriously... NO THEY DONT, most organisations are nowhere near ready for fixing old apps that are coded using 1980's best practices with hardlinks to everything inside because nothing ever changes.. epic fail on the selection criteria for this survey...Thats jsut considering badly written applications, there is also probably a lotof old hardware which won't even support IPV6 which also won't be replaced thanks to the boy who cried wolf millenium bug...
Why do you assume that you wouldn't have a firewall for your internal network, even if it's publicly-routable? People have a bad habit of conflating NAT and security...
Every host on the Internet is "supposed" to be able to directly address every other host, but for firewalls of course. A flat address space simplifies things tremendously.
Imagine if your network printer worked from Starbucks, because it was just one fixed address on the Internet. Or you could bookmark your TiVo's web interface without any port forwarding, or some nasty polling interface involved to schedule shows on their servers. IPv6, by reinstating end-to-end connectivity, will do this.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Most Enterprises Plan To Be On IPv6 By 2013
Maybe I've just been unrealistic; but I assumed most of the NCC-1701 series, at least, were already running something more advanced than that.
#DeleteChrome
The millenium bug was real and alot stuff did get fixed but this yet again seem like a other lets keep useing the old code base issues.
If you're a business, it allows you to MERGE NETWORKS or talk between two discrete LANs in a far more convenient manner. If you've ever had to support the situation where say, you want to talk between a corp network running on 10.0.0.0/8 and another corp also using 10.0.0.0/8, you'll understand the brain damage that IPV4 NAT brings to the table.
Ditto for home users trying to VPN into your network when they're using 10/8 or another one of the private networks on their LAN that you happen to have employed inside your LAN as well.
IPV4 is broken and needs to die.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
And then IPv7 would like exactly like IPv6 because it is a GOOD SYSTEM.
NATv6 exists. As does NAT-PT (which actually does translation so IPv4-only can access IPv6-only and vice-versa).
I don't see why we can't have NATv6 routers now - I like the fact that my internal network numbering doesn't change whenever my ISP decides to give me a new prefix. So I don't get end-to-end connectivity. I don't care - even if I did, I'd stick a firewall in front and it'll break end-to-end connectivity anyways.
There are appliances based on spamassassin and squid - both of which have handled ipv6 for at least a couple of years. Also a few seconds googling brings up a software solution from roaring penguin software that explicitly filters ipv6.
If you get PI space from your RIR, those are the IPs to configure as per your needs. Unlike IPv4, IPv6 allows multiple addresses per interface, so you can have both a PI and PA space - the latter being needed to connect to your ISP. So use the former to configure your network (static/dynamic and stateless/stateful) and the latter - just autoconfigure w/ random interface stateless IDs, so that you'll be live online. If the ISP changes, your PI addresses stay w/ you, just take the PA addresses that you get and again do an auto-reconfigure, and you should be done.
For within the network, link-local addresses (FE80::/10) are what are assigned, and there is site-local addresses (FC00::/7). I'd like to understand the differences b/w the 2, but from what I do know, the former is automatically assigned to a node when IPv6 is activated/configured. So if every node within a network has a different link-local address, that itself could be used. If you run ipconfig on your Windows 7 PC, you'll notice that under IPv6, it already has a link-local address.
NAT is out of the question for pure IPv6 - there is no NAT 66 the way there is NAT 44, or NAT464, or NAT646. Since there are enough addresses, for any routed communications, the address of the IPv6 node will be public, and no translation will be required. As slimjim8094, NAT and security are 2 different things, and the obscurity that one gets only delays and complicates the communications. But w/ IPv6, that internal network would need/have its own firewall, just as an IPv4 network would, except that for the latter, it happens to be shared on a NAT router. With IPv6, one would have exactly what one had in early IPv4, b4 one had CIDR and NAT.
To answer Joe the Dragon's question about fixed IPs, ISPs would normally give you a bunch of addresses, typically /48. That would allow you, or a company, to have 65536 networks, and within each network, 2^64 nodes (I happen to disagree w/ this split, but that's how it is) An ISP won't give even a single subscriber just one /128 address: at worst, they might give one a /64.
Only thing I don't understand - if one has multiple levels of nesting of networks before one gets to a node, will that be decodable by the network, or does the whole setup have to follow a hub topology?
You could have ipv6 in minutes on your OpenSuse box, with your existing network gear. You could do the quick and dirty way with merido, or spend some more time and have the full monty, with no money at all and not changing your ipv4 gear. I have at&t ipv4 only adsl to my home, yet every box in my home has full ipv6 automatic address assignment and access, and moreover my servers at home have *static* ipv6 addresses, even though my ipv4 connection is dynamic. How 'bout them apples? I happen to use SixXs free service, but there are many others. Educate yourself, quit cursing the darkness and light a candle.
Your proposed "solution" would be a routing nightmare, the routing tables would be too huge, wouldn't work. ipv6 solves that problem and keeps all routing tables small, because it was designed by very smart people who did work in the real world. ipv6 works great, works well on dual stack machine with ipv4, and can be set up by anyone anywhere even if they only have ipv4, including static address even if their connection is dynamic dhcp.
in two years.
It's been the case since 10 years ago.
that's miredo (spelling), but yeah, anyone on slashdot who doesn't have ipv6 (even if their isp is ipv4 only), is a lazy git who should turn in her or his geek card. Too easy and way too many ways to get connectivity through tunnel. Many free services out there, will give you your very own *static* /64 subnet and a tunnel, you can have a static ipv6 address for every cell in your body!
NAT only exists for v6 in the context of communicating b/w v6 and v4 networks: there is NAT64, NAT646, NAT464 but no NAT66. The biggest advantage of IPv6 - which is an offshoot of their huge #addresses - is that it eliminates the need for NAT when only v6 to v6 communications is involved.
Private addresses are just that - non-routable addresses. They're not needed for the purposes of mapping to a public address: they co-exist alongside a public IPv6 address. That's different from IPv4, where a node had no routable IPv6 address, and just depends on the NAT gateway to route things to it.
Stop saying NATv6 - you're making it look like one could insert NAT b/w IPv6 nodes if one wanted to. Currently, the standard doesn't support it - IPsec works beautifully w/ IPv6 b'cos there is no NAT trying to monkey about w/ the IPv6 header. All the NATs there are in IPv6 are only there for the purposes of translation to IPv4, and that's what NAT-PT is as well.
Your issue about network numbering is solved if you take Provider-Independent addresses from your RIR (ARIN, APNIC or whatever). As I wrote above, unlike IPv4, IPv6 allows multiple addresses per interface, so you can have both a PI and PA space - the latter being needed to connect to your ISP. So use the former to configure your network (static/dynamic and stateless/stateful) and the latter - just autoconfigure w/ random interface stateless IDs, so that you'll be live online. If the ISP changes, your PI addresses stay w/ you, just take the PA addresses that you get and again do an auto-reconfigure, and you should be done.
Sticking a firewall wouldn't break end-to-end connectivity - it would just block any traffic that you set it up to block. IPsec ensures that your end to end connectivity is secure.
Also, as smash mentioned above, If you're a business, it allows you to MERGE NETWORKS or talk between two discrete LANs in a far more convenient manner. If you've ever had to support the situation where say, you want to talk between a corp network running on 10.0.0.0/8 and another corp also using 10.0.0.0/8, you'll understand the brain damage that IPV4 NAT brings to the table. Ditto for home users trying to VPN into your network when they're using 10/8 or another one of the private networks on their LAN that you happen to have employed inside your LAN as well.
That is a major hassle right there since everyone (enterpise) uses it heavily still. I can only imagine IPv6 might break ActiveX stuff written in VB 5 or 6 as well and maybe old Java intranet sites where IPv4 conventions are hard coded in and god knows what else.
http://saveie6.com/
Since it was Network World, of the IT/Mac/PC World fame(infamy), I consider these results to be about as accurate as a 2yr old calculating the speed of light.
70% ? No way I believe that, unless they were talking to the pointy haired bosses rather than those that know what they are doing.
There are not enough ISP's offering IPv6 services and I doubt that even by 2013 that there will be significantly more than there are now, apart from the logistical nightmare of switching everything over to IPv6 and replacing all those devices that don't understand IPv6.
Not to mention having to deal with routing BOTH IPv4 and IPv6 simultaneously, two firewall configurations, two DHCP configurations, two DNS configurations, two proxy configurations, meh, it's a nightmare.
Someone was talking about this the other day "wouldn't it be cool if all the PC's and printer's had public IPv6 addresses - we could connect to them directly from anywhere" - I said "yeh I'm sure the hackers think that would be really cool too...".
I do have one question about sub-netting in IPv6, as opposed to IPv4. In IPv4, say one had a network, like 11.54.97.152/8, one could nest networks within them, like have 11.54.x.x/16, within that, have maybe another network like 11.54.97.x/24. Essentially, have one router at the front, connected to a bunch of switches (for different networks), which again in tun are connected to more. That way, have nested networks, thereby ensuring that when someone is added to one of the subnets, that change would percolate throughout the network.
Question here - does IPv6 work that way? The last 16 bits of the network ID that follows the global ID is the subnet ID. Can they be configured so that x:x:x:6000::/52 can have subnets like x:x:x:6c00::/56, which can have x:x:x:6c80::/60, which in turn can have the subnet x.x.x.6c8b::/64? Is this sort of nesting allowed in IPv6?
One thing I do think - the entire 64 bits for the interface ID, or the number of bits allowed within a network is overkill, just thinking about it logically. No single network is ever going to have too many nodes, just to avoid the excessive collisions that would result. Like if you had a carrier who was providing LTE access to a city, every one of its COs would be a separate subnet, if not more. Let's say 16 subnets per office? In which case, how many subscribers does it expect to have on each of them?
I think the IETF would have done well to have defined the entire first 64 bits as the global ID, the next 32 bits as the subnet ID, and the following 32 bits as the interface ID. That would allow every subnet to have 4.3 billion nodes, which is still too much, but it also extends one's subnet area and allows an organization to have 4.3 billion networks. So a major telecom carrier worldwide can have far more than 65536 networks (currently, if it needs more, it has to buy /44, or /40 right up to /32): with this new arrangement, it has enough networks to cover every square mile in the US. And each of these networks will have plenty of addresses for the entire population AND devices it covers - none of them will likely be 4 billion.
With such an arrangement, the IANA could have handed out one /16 address block to each of the RIRs, and out of those, the RIRs could have handed out a /32 block to each of its member countries (or group of countries - maybe all the Pacific islands, not counting big countries like Japan, Taiwan, Australia, NZ could be grouped as one), which would give each country addresses for 4 billion organizations that want them. Each organization would then have 4 billion subnets, which could be organized as allowing anything from 1-8 hierarchical levels. Each subnet could then have 4 billion nodes. Within those subnets, the owner of a subnet could configure them by assigning first statically addresses like web server addresses, then dynamic addresses, followed by stateless random interface ID addresses.
I think that that 32:32:32:32 split, instead of a 64:64 split would have been a much cleaner way to assign the addresses. Maybe they can fix it in IPv7, if IPv6 can't accommodate such a change. B'cos I can see a lot of waste in how the IANA has assigned them - too many to RIPE-NET for possibly the reason that there ain't enough networks to allow them.
Why doesn't it? Do you not use the internet at all?
If they can't issue new ipv4, then potential customers may only have ipv6 and be unable to access your website.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I don't think there will be users with only IPv6 anytime soon.
If there are, I feel really sorry for them, as they can access only a tiny fraction of the net.
The only reason you do not get fixed IPs is the lack of IP space. It is a lot simpler for the ISPs to assign fixed IPs out of a huge address space than to mess with private IP spaces as they do now.
To what extent can ISPs solve this issue by deploying dual-stack lite on their networks?
Dual stack lite ain't exactly dual stack: what it means is that the network backbone and everything in b/w will be IPv6. If 2 IPv6 nodes have to communicate, it's native - nothing special needed. If 1 or both of those are IPv4, then essentially, the IPv4 packets are tunneled within IPv6 packets and transported. The IPv6 packets would travel until the local routers, from which point the IPv6 decapsulation would happen, and then, the ISP would use large scale NAT - which uses IPv6 address to go to particular customer networks, and from that point, use their private IPv4 address to get to their destinations.
That way, whenever the IPv4 part of the segment becomes IPv6, the network is ready. It doesn't have to wait for the nodes. And organizations can freely convert to IPv6 @ their own convenience, w/o having to factor in whether their partners are IPv6 or not, and purely on internal constraints, such as budgets. No translation is required either, and organizations don't have to hemorrhage money on IPv4 routable addresses.
This should solve the problem for Windows XP computers that ain't IPv6 enabled. For Windows 7 laptops, it shouldn't be a problem, since IPv6 is natively supported, so they should be able to go live. Same for Linux and OS-X. So only issue I'd see here would be for websites that are IPv4 only, but DS-lite would seem to solve it using LSN.
You want more addresses, then mod IPV4 from a byte per address element to a word per address element and you have 65535 class A's
That can be a simple software update and it can be done incrementally without having to re-engineer the hardware.
That will give enough breathing room to build IPV7 which can be built into something that does not break the entire system.
Doing that would break just as much equipment as the IPv6 transition since you propose changing the header layout. The source IP is defined as bits 96 - 127 and the destination IP is defined as bits 128 - 159. Anything that changes those would no longer be IPv4 or even remotely compatible with IPv4.
How many enterprise networks need more than the 10/8 172/12 or 192/16 blocks? - sounds like 70% of IT departments are cowboys
Possibly, but I doubt it. Usually, you are using host names, and all the details are handled by (C or possibly Java) libraries, which means your old applications still works beautifully.
Of course, if you have intranet sites for registering your IP address or setting up a VPN or something like that, that might need an update. But the place where you write your business proposals, maintain your CRM database etc. should just work.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
Anything that involves growing/extending the IPv4 addresses would have broken compatibility w/ IPv4, since the protocol would now have to be redefined to recognize a 5th octet, as well as be trained to distinguish b/w getting 4 octets and getting 5. So in terms of expense and effort, the same amount of it would have been needed - getting all routers and equipment on the internet upgraded or updated to recognize the new protocol, getting enterprises to migrate to this, and so on. It would by no means have been trivial.
Routing in IPv6 is now a lot easier, due to the hierarchical addressing system. Could have been better, and the addresses could have been more finely assigned, but still, as a protocol, it's way better. And later, if they have problems w/ the way it's been assigned so far, they can change it when they go to, say 3000::/4.
Do you actually own it? I've seen a site that will generate an IPv6 address for you, but it's just picking one at random - there's no guarantee someone else won't decide they want it. IPv6 is supposed to solve the address exhaustion problem, but as an end user I can easily get an IPv4 address (I just pay my ISP xx/month), whereas I can find no way to get an actually-mine IPv6 address.
I am trolling
There is SNAT and at least one firewall app that lets you load balance multiple ipv6 links by keeping the lan on it's private address space and translating for outgoing traffic.
If they can't issue new ipv4, then potential customers may only have ipv6
Do you honestly belive that?
If an ISP runs out of public v4 IPs and has any sense they will do the following:
* Redeploy the v4 IPs to the most lucrative uses.
* For those customers who do not pay enough to justify a dedicated public v4 IP provide some system for them to access at least the v4 web and most likely other services on the v4 internet. Most likely either NAT444 (v4 nat both in the CPE and at the ISP) or DS-lite but NAT64 and proxies are also possibilies.
I'd be very surprised if we see any major websites on v6 only or any clients without some way to access the v4 web any time soon.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
We've got three different ISPs. None of them support IPv6 yet. So nothing really for us to do yet.
Slashdot are never going to do IPv6. Luckily we can have slashdot.org as IPv6 anyway using a public NAT64 server. I would link directly but slashcode does not have support for IPv6 literals in URLs (bug!). So here is a tinyurl to the IPv6 slashdot: http://tinyurl.com/3pwuq98
By the way that URL should work for the majority of windows users. Your computer will automatically use a Teredo IPv6 tunnel to connect to it.
The tinyurl is short for this: http ://[2001:778:0:ffff:64:0:d822:b52d]/ (but without the extra space which is there to prevent slashcode from removing all the colons).
This works because the address is from the public NAT64 available at http://ipv6.lt/nat64_en.php.
You will actually get a 400 Bad Request from the slashdot webserver, but this too is a bug in slashcode. These guys do really not grok IPv6...
If slashdot put that IPv6 address in as a AAAA for slashdot.org they would have IPv6 support just like that.
NAT-PT was officially deprecated the last I looked (see: http://www.ietf.org/rfc/rfc4966.txt ), but I would be interested in a list of products that support it as I have a few IPv4 clients that will NEVER see a native IPv6 stack written for them.
Unlike IPv4, IPv6 allows multiple addresses per interface,
True, the problem is how are clients supposed to 1: find those addresses and 2: choose which one to use.
Initially a special system of DNS records (A6) was created to try and solve this by allowing DNS servers to combine seperate prefix and suffix information but it was horriblly complex and still didn't solve the problem of how a client should figure out which address is better so it got demoted to experimental status.
ARIN at least gave up on A6 and started just allocating provider independent space to any organisation that wanted to multihome. Dunno if the other RIRs did the same.
so you can have both a PI and PA space - the latter being needed to connect to your ISP.
The whole point of getting PI addresses is so that you can advertise them on the internet. If you aren't going to advertise them on the internet you may as well just use "unique local" addresses (see below).
I'd like to understand the differences b/w the 2
There are actually 3 types of local addresses in v6
"Link local" (fe80::/10) addresses are assigned automatically and are local to the link.
"Site local" (fec0::/10) addresses were supposed to be local to a site. but they are deprecated they seemed like a good idea intitiallly but they ran into the problem that a site is a poorly defined idea and many systems have connections to multiple sites.
"Unique local" (fc00::/7) addresses are the final type. They are supposed (though this can't really be enforced) to be assigned using a large random number meaning the chance of two sites that the same computer needs to connect to or that need to be interconnected having the same addressing is minimal.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Yes, the Enterprise (NX-01) will stick with IPV4, but USS Enterprise (NCC-1701) and USS Enterprise (NCC-1701-D) will move on to IPv6.
People don't have a bad habit of conflating NAT and security. NAT provides a basic, stateful firewall, and that most certainly /is/ security, incidental or not. IPv6 likely won't bring us all back to the happy days of full end-to-end connectivity, but rather popularise the stateful firewall sans the NAT in CPEs.
v6 addresses aren't supposed to be portable between networks. The address is intended for successive delegation, to keep the routing table manageable. In short, you won't ever be able to get your own IPv6 address that you can get an ISP to route, you will have to get a subnet from your ISP, which gets it from their transit provider or RIR.
I am TheRaven on Soylent News
IPv6 has a huge potential as a technology, well intended, but currently there is no strong business case for most netizens. That's why we find technocrats have their adrenaline level go up when working with IPv6 related projects. Then what! reality hits the road. Just because I can get IPv6 address space, is no reason to change my internal network, firewall, VPN and convert NAT setup to publicly routable IPv6 address space. Such a project will incur a huge change management cost with no less additional benefits, if any. To begin with it will cause more disruption to end users because of immature products deployed with in networks, still trying to support reasonable level of IPv6 support. Networking staff need to be retrained so they can troubleshoot issues. Even with all the hassle, what is a value add for end users?
Although IPv6 is imminent,no doubt about that but the switch is not going to be overnight. IPv6 design is fundamentally not backward compatible with IPv4 and that is one of the fundamental design flaw preventing its quick adoption. Remember Itanium vs x86_64 battle, we should take a clue from history.
but as an end user I can easily get an IPv4 address (I just pay my ISP xx/month), whereas I can find no way to get an actually-mine IPv6 address.
Technically you are wrong on both points (The best kind of wrong!)
The IPv4 address you 'buy' from your ISP was allocated to them by ARIN. The same company that allocates IPv6 addresses.
In fact you can purchase large blocks of both, and pricing is even on the same web page.
https://www.arin.net/fees/fee_schedule.html
So you can get IPv6 there, which isn't the best or cheapest place to do so, but still a lot better than your solution of not being able to find them.
Also you are getting your IPv4 addresses from the same place, despite how many delegations those address blocks have made before reaching you.
"Ownership" is the same for both IPv4 and IPv6.
Our product is going to require huge amounts of code churn to get IPV6 working. That's going to be ugly work on nasty legacy code...
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
the ISP or someone above them generally "owns" even a ipv4 net block for us little guys....not sure I'd worry about it for the present. if someday sixxs pulls the rug out from under my /64 subnet, I'd just go to another provider.
(old fart story time) My employer had comcast change their static ipv4 ip out from under them, had to find out what it was. then a couple weeks later they changed it back by accident (we're talking a routed subnet for a few dozen servers here).
There is 'Node local' or 'interface local' as well, of which the loopback is an example. How is it different from link local?
I know that Site local had been deprecated and replaced by Unique local. I wonder why they even bothered trying to guarantee the uniqueness of all such addresses worldwide, since these addresseses are not supposed to be routable, and how do you do a DAD for this condition unless you determine whether a particular address exists outside the network? It seems that instead of dropping this altogether, they wrote off fc00::/ and allowed fd00::/ to be duplicated in other networks. Just wish they didn't treat all these blocks as confetti.
No, NAT does not increase security. Any time you establish a 2 way connection, the node you are connecting to can open up an attack right thru your NAT. Also, if one is using a peer-peer app like Skype, it uses a mechanism called NAT traversal, which bores a hole thru your NAT in order to work. So any application that uses NAT traversal can be used to launch an attack. Then again, there are 2 more potential attack routes - trojans smuggled into the network, and also virus contained in documents.
In short, there is no substitute for good host based firewalls coupled w/ good and actively supported anti-malware software.
The 4 billion addresses that they talk about are in fact a lot less, when one considers all the exceptions that are not available for use:
1. Theoretically, total #addresses are 4,294,967,296
2. However, this cannot include private Class A, B & C addresses - the 10.x.x.x, 172.16-32.x.x and 192.168.x.x. Once you eliminate those, you've eliminated 16,777,216 + 1,048,576 + 65,536, which means 17,891,328 off the pool
3. It cannot include any network or broadcast addresses, which means anything for which the last octet is either 0 or 255. Get rid of those, and you're down another 33,554,432 addresses.
4. It cannot include any Class D or Class E addresses - anything above 224.x.x.x, which means another 536,870,912 addresses off the pool.
So now, subtract the last 3 items from the total, and you get 3,706,650,624 addresses in total. According to all the RIRs, most of these are already used, and now, some of them are only assigning v4 addresses to those organizations that are showing a plan to move to v6. In other words, new v4 addresses are only being provided for the purposes of new v6 nodes being visible to older v4-only hosts.
It's also true that the number that's usually bandied about for IPv6 is exaggerated as well. However, even if one locks out the interface ID part of it and just looks at the addresses actually assigned to the ISPs or organizations, it would be 2^48 or 281,474,976,710,656 subnet blocks, each of which has your famous 2^64 nodal addresses. This is just within 2001::/16, and if you open up others, just multiply this above number by 8. And remind yourself that that's only the total number of subnets, but that's the only thing that would be stretched, and justify going to other numbers like 2600::
I had the same thing happen with Verizon. One day working fine, 3:00AM nothing works, nothing routes just dead.
Hey KID! Yeah you, get the fuck off my lawn!
Unlike IPv4, IPv6 allows multiple addresses per interface,
True, the problem is how are clients supposed to 1: find those addresses and 2: choose which one to use.
Initially a special system of DNS records (A6) was created to try and solve this by allowing DNS servers to combine seperate prefix and suffix information but it was horriblly complex and still didn't solve the problem of how a client should figure out which address is better so it got demoted to experimental status.
ARIN at least gave up on A6 and started just allocating provider independent space to any organisation that wanted to multihome. Dunno if the other RIRs did the same.
so you can have both a PI and PA space - the latter being needed to connect to your ISP.
The whole point of getting PI addresses is so that you can advertise them on the internet. If you aren't going to advertise them on the internet you may as well just use "unique local" addresses (see below).
I'm not getting why it's so difficult - would seem to me to read the prefix information of the router, and then see if it matches the prefix information of any of the assigned addresses. If it does, use that one.
As far as the PA addresses go, from what I understand, the only reason one would need them is to connect to the internet. But let's say, you got a /48 block of PI addresses from ARIN, and then contacted your ISP, who, for this discussion, is capable of supporting it. Do you then have the option of using your own PI addresses, instead of the ISP's? How does the ISP get to use yours (which they'd have to in order to bring their service to you)? And what happens if you change ISPs - does your ISP automatically let go of it/lose it so that you can hand it to the next ISP in order to ensure that your network is online?
In IPv4, if the last octet of an address was 0, it was understood to be a network address, and in the router, was used to id the network being communicated with. Under CIDR, there were also other network addresses, depending on the subnet mask.
How is it in IPv6? If I have an IP w/ a global ID of, say, 2001:1234:5678 followed by a subnet address of 9001, what would be the equivalent network address? Would it be 2001:1234:5678:9001::/128? Or something else?Or does one just use the Network ID to identify the network address, but nothing beyond that? And if one decides to subnet the interface ID so that 32 bits are part of the subnet, and remaining 32 bits the interface ID, can one then define the network as 2001:1234:5678:9001:abcd:ef01::/96?
No, the big reason why the transition stalled is the IPv6 proponents have failed to look beyond the opportunities IPv6 brings and see the reality. First, end-to-end connectivity is dead. Blame NAT if you want, but even with IPv6 I'm going to stick a firewall up and have it deny incoming by default, and pass through outgoing 80 and 443. Next, end-to-end connectivity isn't needed for most situations, as proven by the success of NAT. Finally, NAT gives one benefit - it isolates my network numbering from my ISPs. I don't care what IP addresses my ISP gives - my internal network numbering works independently. IPv6 tries to complicate this by allowing multiple IPs so I can have internal IPs, and external routable IPs - nice but a PITA if I'm having issues.
That and the IPv6 proponents seem to keep blocking any implementationj of NAT-PT and NATv6 - I can bet for a good number of uesrs, it's Good Enough(tm) (like NAT is right now).
You're confusing the presence of firewalls as breaking end-to-end connectivity. It is nothing of that sort. End-to-end simply means that the ultimate destination address is the same as the initial send-to address, firewall or no firewall. As I noted elsewhere in this thread, you always want a firewall @ every node to make sure that there are no attacks on that node from either within or outside the network. But if the address to which someone sends you some packets is exactly where it ends, w/o being altered en route, end to end connectivity is preserved. As it is w/ IPv6, and once upon a time was w/ IPv4, but no longer is.
As for your network mapping, you're best off getting PI addresses directly from your RIR, instead of getting it from your ISP: after setting up your LAN w/ those addresses, have your ISP use that netword address to give you online connectivity.
IPv6 does allow you to have more addresses, but on installation, assigns you your loopback address ::1 (equivalent to 127.0.0.1), the on-node & on-link All-nodes multicast address, the link-local unicast addresses, the link-local address, multicast address to all subscribed groups. Most of them one wouldn't be scoping to troubleshoot any problems - it's the main routable unicast address that would be looked at. I'd think one can always disable any addresses one wants while troubleshooting.
Once you get, even say, a /64 from your ISP (I believe that's the minimum they'll give you - they won't give you a single /128), you have some 18,446,744,073,709,551,616 addresses to choose from in getting one assigned to your printer. If it's a network printer, statically assign the address you want to it, and add it to your DHCP list, and presto, you're done!!! As for the cost, what you pay for a single IPv4 address will now cover an entire /64 block, which gives you all those addresses. If you wish, divide your cost by either the above number (making it virtually zero) or by the number of devices you know will have an IP.
Once that's up, you can print whatever you want sitting @ Starbucks. Or you are travelling and instead of using gotomypc.com, you can ask the spouse to turn on your computer and then remotely drive it from the hotel you're at (assuming that it has a decent internet access).
And in the future, your garage will have an address of its own, as will its remote located in your car. Spouse is locked out of the house, just open the garage from the other end of town, and let her in. Similarly, addresses for your car itself (maybe autoconfigured using the VIN#), home security system, lojack system and so on.
Actually, that IPv6 support does have to be added to XP - go to Control Panel, Network, select properties and select Internet Protocol - you'll only see it for v4. IPv6 support has to be added separately, unlike in the case of Windows 7.
The above is correct - ownership being the same for both v4 & v6. Yeah, it's not the cheapest, and one should definitely not do it that way if one is buying it just for home. But if it's an organization - particularly one w/ presence in multiple far flung locations, then it's the best, particularly since getting PI addresses is better than having addresses that will go the moment you replace your ISP.
Do you actually own it? I've seen a site that will generate an IPv6 address for you, but it's just picking one at random - there's no guarantee someone else won't decide they want it. IPv6 is supposed to solve the address exhaustion problem, but as an end user I can easily get an IPv4 address (I just pay my ISP xx/month), whereas I can find no way to get an actually-mine IPv6 address.
For IPv6, you have 2 parts - the Network ID (which is the global ID and subnet ID) and the interface ID. The network ID you can get from your ISP, and so when this site talks of generating an address, what they are doing is creating a 64-bit random number to be used in the interface ID part to complete the address. So yes, he actually owns not 1, but 18,446,744,073,709,551,616 addresses. He can manually assign something, use a DHCP6 server to automatically assign something or even use a randomized interface identifier in stateless auto-configuration.
All this is pretty new to network administrators, since w/ v4, one just got a single v4 address, which then got NAT'ed and then distributed.
Since he's getting the network part of it from his ISP, nobody else has another address within even that network, so he is fine. But even aside from that, IPv6 is different in one more way - after an IPv6 address is assigned, it first does a DAD (duplicate address detection) operation to check if that address is already being used. If it is, it rejects it. Since this is an integral part of IP assignment, a routable IP address cannot be assigned while the network is down.
I'm not getting why it's so difficult - would seem to me to read the prefix information of the router, and then see if it matches the prefix information of any of the assigned addresses. If it does, use that one.
Which would work fine if the internet was a tree but the internet is not a tree and never has been. A client on ISP A has no way of knowing whether ISB B or ISP C has a better path from their ISP.
Do you then have the option of using your own PI addresses, instead of the ISP's? How does the ISP get to use yours (which they'd have to in order to bring their service to you)? And what happens if you change ISPs - does your ISP automatically let go of it/lose it so that you can hand it to the next ISP in order to ensure that your network is online?
The same way as with V4, you advertise them to your ISPs who then advertise them to their ISPs and peers and so on. If you drop an ISP then you stop advertising it to them which causes them to stop advertising it on the internet.
They were trying to avoid giving anyone but ISPs provider independent space with the idea being that multihomed sites should just have multiple IPs on their end systems instead but as I said in practice that didn't really work out very well.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
I know that Site local had been deprecated and replaced by Unique local. I wonder why they even bothered trying to guarantee the uniqueness of all such addresses worldwide since these addresseses are not supposed to be routable
Site local addresses are supposed to be routable within a site. Unique local addresses are supposed to be routable within a site and between a group of cooperating sites.
The problem with site local addresses is how do you define site. If you define it as a physical site then site local addresses are of limited utility since resources and their users often move between sites. If you define it as a whole company then you avoid that problem but create a new one, namely that companies merge. Many people here talk about the pain and horrible hacks involved when two companies that have both used 10.x.x.x have to be merged and interconnections are needed between their networks.
By including a large random number in the addresses the chance that a group of sites that need to be interconnected will have conflicting addresses is reduced to negligable levels.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
At some point, there absolutely will be IPv6-only users, particularly w/ ISPs that have run out of v4 addresses but have plenty of v6 addresses to distribute. So their customers will have IPv6 connections, and their ISPs are bound to provide for them either dual-stack/tunnelling/translation mechanisms.
Since all the web sites that are adding support for IPv6 are doing so the dual stack way, such customers will have no problems accessing them - it will be a normal v6 to v6 connection, maybe on a native connection, or maybe tunneled. Same logic applies to IPv6 only websites - and you can be sure that these too will come about, if for no other reason, b'cos there are no more v4 addresses. So that leaves only IPv4-only sites, and for those, the ISPs are likely to route them through a NAT64 gateway or use other translation mechanisms, such as Teredo (the one used in Windows 7) which will enable IPv6 nodes to access these sites. The same mechanism would be used for IPv4-only nodes to access IPv6-only websites. However, one thing is true - translation is an ugly business, and so the sooner dual stack or tunneling mechanisms can be used to communicate b/w the 2, the better.
So if you got a new ISP and gave them your old prefix, they'd just set you up so that you advertize the same IPs to the internet, and you won't have to re-map your network or do anything of the sort?
How many enterprise networks need more than the 10/8 172/12 or 192/16 blocks? - sounds like 70% of IT departments are cowboys
The world doesn't need all that address space either. All we need to do is to build a giant NAT, then put everyone behind it. As a result, only one public IP address is required.
The above quote forgets that w/ that one giant NAT, all one will get will be 17,891,328 addresses - a drop in the bucket for millions of new subscribers who need internet access. Also, all these addresses are only good as long as there are still v4 addresses to go around. But once that's exhausted, you can have 10 levels of NAT44, and it won't do squat. And if you put the entire world behind one NAT, not only are you resricted to 17,891,328 users, but you're also assuming that the entire world will be on only one subnet, not more.
Nested NATs is even worse, and practically ends layer 3 communications as we know it - w/ all those lookups: even IPX/SPX @ that point would be an improvement on IPv4.
Also, the RIRs are now rationing v4 addresses to people and organizations who have a plan to move to v6. So v4 only organizations would have to buy all their public addresses like Microsoft did from Nortel.
Also, talk about retrieval of unused addresses is another worthless proposition, b'cos most of the organizations that have class A or B public addresses would have to break their network configurations in order to release unused addresses - if that's even possible. Like if HP owns 15.x.x.x, it's not trivial for them to release, say, 15.213.x.x to someone. So no point bitching about companies that have a whole bunch of unused addresses. Yeah, they were mis-allocated @ the start - and I'd say misdefined.