Slashdot Mirror
Comcast Begins Native IPv6 Deployment To End Users
First time accepted submitter Daaelarius writes "Comcast has begun deployment of Native IPv6 access to end users. The deployment is starting out small with a single market, but is expected to expand rapidly. They have provided ... more in depth technical details."
Finally; native dual-stack IPv6 for home customers. Perhaps we can avoid a post-exhaustion future of NAT-upon-NAT and use restrictions.
People underestimate the address space in IPv6 when they make remarks like this.
In principle IPv6 could hold more than 10^38 addresses. Now due to structuring and various reservations and so on there is considerably fewer. So for the sake of argument, let's say it is "only" 10^20. That's still enough that for every present IPv4 address you could add an entire internet and still have addresses left over.
What this means is that even if ISPs were incredibly wasteful and basically trashed 99.9% of the address space due to bad practices, you'd still have millions of addresses for every person in the world.
The idea is that the end user is still going to keep all his devices behind a firewall so everybody on the internet can't probe them. But since your toaster has its own actual address, it can connect directly to the Online Toasting Database server without having to kludge all that traffic through a NAT.
Ita erat quando hic adveni.
http://www6.ietf.org/rfc/rfc3315.txt
Autoconf currently doesn't assign a prefix delegation.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I've seen plenty of people plug their cable modems right into the back of their computer with no firewall of any kind. Thankfully, most operating systems ship with a software firewall - it's better than nothing. Most of these types of customers bought a nat box, not due to security concerns, but to get wireless connectivity.
IPv6 direct connectivity will be a problem ONLY if end users plug all of their devices into a switch and those devices lack a software firewall. I don't know of any "non-technical" home users that have such a switch. Everyone seems to have a "nat box" simply for wireless connectivity. I suspect people will not go buy a dumb switch and access point, simply because they do not know what they are.
I suspect most people will go buy an "IPv6 capable" firewall/switch with built in access-point. End users will have no idea that they no longer use nat - hell most probably don't even know they have it now.
-ted
No, I don't. And you probably mean PAT, not NAT.
No it does not. The same as IPv4 does not require a firewall.
But, many end-users purchase an EXTERNAL firewall in order to get the PAT functionality so that they can run multiple devices (and wireless) on the single IP address that their ISP provides them.
So, in order for them to overcome the limitations of IPv4 (fewer IP addresses) they, inadvertently, purchase a firewall that improves their security.
I have no idea what you're thinking of.
Again, because with IPv6 there is no need for the ISP to limit the end-user to a single IP address. So the end-user can purchase different devices (such as a switch with a wireless bridge) that would allow the same PERCEIVED functionality with IPv6 as they get with IPv4 and a firewall/PAT device today.
And the point being that the end-user does NOT understand that TODAY. And cannot be expected to understand it when Comcast rolls out IPv6.
Having globally routable addresses means that if the end-user's home network is mis-configured from a security stand-point, their devices could still "work" from the perspective of the end-user. They would still be able to access the Internet.
Right now, with IPv4, that is less likely for the end-user.