Slashdot Mirror
June 6 Is World IPv6 Day 2012: This Time For Keeps
An anonymous reader writes "On 8 June 2011 many companies (big and small) enabled IPv6 to their main web sites by published AAAA records; 24 hours later, almost all of them disabled it after the test was done. This year, on June 6th, many of those same companies (Google, Bing, Facebook) will be enabling IPv6 again, but this time there won't be any going back. In addition to content providers, several ISPs are also participating: Comcast, AT&T, XS4ALL, KDDI, and others. CDNs Akamai and Limelight are on board, as well as network equipment manufacturers Cisco and D-Link. Is the chicken-and-egg problem of IPv6 finally, slowly coming to an end?"
Especially at home. Who's with me?
This issue is a bit more complicated than you think.
For those of you who don't know anything about IPv6, here's the Wikipedia page for it:
http://en.wikipedia.org/wiki/IPv6/
Happy reading!
Perhaps this would be a good time for Cisco to release software with even the most rudimentary of IPv6 security features.
ISPs are going to have to pay a lot of money for new hardware, whether they switch to IPv6 or to widespread NAT. Might as well buy the IPv6 stuff once and get it over with.
"First they came for the slanderers and i said nothing."
Will be World End of IPv4 Day! All IPv4 addresses gone... forever! It might be the end of the world, so why not?
its next to your brain
But I have a few older devices that just don't play. Plus I really don't have enough to justify the bother. And my ISP hardly cares. But at least they are fiber.
I've been waiting a long time for this.
http://tech.slashdot.org/comments.pl?sid=1487194&cid=30529330
i mean sure we already know it blows but like it's the thought that counts.
Many ISPs dont provide IPv6 connectivity and IPv6 support is still nonexistant in many routers.
Have they finally worked out the bugs? If they have, perhaps this time with be "fo 'realiez yo!", instead of "jk" like the last 8 times.
Just disable javascript
As much as I hate to nit pick one specific company, but Amazon Web Services is used by a LOT of people and groups, are they going IPv6? I know their Elastic Load Balancer is, but what about everything else? Is Route 53 v6 glued? v6 accessible?
More importantly what about CloudFront? Try going v6 only now and you'll have a lot of "functional" websites which look like hell because they use Akamai or CloudFront which aren't v6 enabled (Though Akamai has commited)
snowulf.com
... that those most eager to collect personal information and track everyone's activity would be eager to get everyone to adopt IPv6, which assigns a fixed prefix to each Internet user/access contract and a unique address to each device (i.e. those currently hidden behind routers and corporate NAT gateways). IPv6 is the worst privacy breach and danger to system security we're facing right now, go Lemmings go!
"I love my job, but I hate talking to people like you" (Freddie Mercury)
That's it if D-Link is involved it is bound to be success! ;)
This isn't really a monumental step forward. In fact, its quite pathetic that it's taking so long to get to this stage of the process. The IPv6 standard uses AAAA DNS records, but does not preclude the traditional A records. A domain can use both simultaneously, allowing clients to pick the addressing method.
Unfortunately, big websites have been hesitant to add AAAA records because of bugs in some software that cause A records to be ignored if an AAAA is present--even if the client doesn't support IPv6.
Really. This problem should have been solved a long time ago.
Resistance is futile. You will be assimilated. We are the FGB (Facebook, Google, Bing). Your new shiny IPv6 ass will get tracked for ads and other screening purposes.
Or are they going to make the customer pay for the new ones?
Do I have to call them and ask for a free one?
D-link what about comeing out with the IPv6 update for the DIR-655 RevA
In protest, they made the site a horrible shade of green, and today the editors won't be editing anything.
Wait, what do you mean that's normal...
What the fuck happened to Wikipedia?
this
Righty ho. So my 5 year old Billion 7401-VGPM modem which is chugging along just fine but doesn't do IPv6 needs to die first before I get an IPv6 modem in spite of my ISP (Internode) supporting IPv6 be default. Really, *really* what's IPv6 going to do for me now or even in the next 4 years that my IPv4 and 192.168.x.x home network don't do for me?
I hope that some of the network/systems analysis companies out there are taking accurate notes about the state of what's accessible via IPv6 and IPv4. I think we'll see an interesting sort of "avalanche" graph when we reach the tipping point. Or not -- perhaps there will be enough dual-stack that we'll just have a slow deathmarch of sites available by IPv4, with a few less year after year?
But to step back and wax lyrical about the whole problem, the reason that IPv6 hasn't taken hold yet is because it just hasn't gotten enough of an IPv6-only install base clamouring for support on their popular websites.
Having major websites and hardware manufacturers on board is an important piece of the puzzle, but it's nothing compared to money. Get enough people inconvenienced that they will take their eyes and their money elsewere (directly, or through advertising revenue on sites, etc...), and every site that cares about their viewership will hop on the IPv6 train. Of course, this means that Bob's website that features his personal Banana Sticker Collection might not get IPv6 support until his ISP drags him to an IPv6 address, kicking and screaming all the way.
That whole idea a year or two ago about putting out a big zip file of porn, but only available on IPv6, was kind of a hoot. AFAIK it never came to fruition, but I liked the creative thinking there. Has anyone else had any crazy good (or just crazy) suggestions about how to spur IPv6 adoption?
coding is life
Comparing a drink made from a trade-secret formula, to all that creative commons content.
If Wikipedia goes down, your look for a mirror.
You are getting tracked now on the IPv4 stack. So what is the difference?
They already did, they've been posting stories about it for months and we protested plenty in the comments.
Now its our turn, no amount of awareness will help if nobody complains like crazy to our representatives.
Sad for the guy who lost his body but not really important for me given that I live on the other side of the world.
http://michaelsmith.id.au
Why isn't Slashdot participating? Didn't they care about an open internet at one point??
Slashdoters participate in the protest....
All post to any article today should be in protest of SOPA and PIPA.
I'm trying to create a wallpaper for the event, see here:
http://minus.com/mkqbM0Sr6#2
The XCF is in there too, but the preview is all wrong. Will post updated versions there unless someone comes along and does a better job (I'll admit it's not *that* hard).
I'm using the SVG from the site: http://www.worldipv6launch.org/downloads/ .
They put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
I see you didn't actually visite the page, because that gives a page not found error, try this one, http://en.wikipedia.org/wiki/IPv6 and I verified it actually works, (just disable javascript).
First Duke Nukem Forever in 2011, and now this in 2012? What's up for 2013, Hurd??
Try the HTTPS version instead.
I used NoScript to block the JS too, but only a few can use these workarounds. Some opt to use mirrors like thefreedictionary. For the masses though, they cannot use wikipedia for 24 hours, and they cannot work around it. It is a major disruption of operations, as far as they are concerned.
Thats the freaking point. It should show everybody that if SOPA or PIPA or other shitty things get through, it will be a major disruption of operations. But not just for 24 hours. If you are america, watched the message and you decided to try and find an alternative rather then contacting your politician of choice, then you are the problem.
Hah ahahahaahahahhaha yeah right.. Yeah Duke Nukem Forever and Cold Fusion really works too..
I just checked, and it's blacked out too.
Good, inexpensive web hosting
Did you know that for the past three year Google has actually published AAAA RRs for its online properties? However, the catch is that they won't serve you those as a response unless your /32 is on the list of vetted ISPs.
Even if you query one of their public IPv6 resolvers ( e.g. 2001:4860:4860::8888 ) you'll not see a AAAA for YouTube or Google+ unless you're on the list.
To pass the vetting an ISP has to demonstrate various technical aspects such as redundant, othogonally-routed global routes to Google's servers. For small ISPs such as mine, who have worked to implement native IPv6 connectivity, this is simply a step too far. So a proportion of the IPv6-connected world has to fall-back to v4 to talk to Google.
Read more about the frustrating policy here: Google over IPv6.
Or, just press ESC before it forwards you to the blackout page.
Blocking access to your service, in my opinion, is not the point. The point is to bring attention to SOPA/PIPA, inform them how serious this is. Not to deny service.
And I had contacted my rep months ago. And I did not have to find an alternative as I knew it has to be done using a script and used noscript to block all scripts. I was just mentioned one of the possible ways someone can use wiki if they needed it (giving people this info, does not mean they will not contact their reps, neither does, not giving this info, mean people will contact their rep. Both are independent actions).
Slightly more precise tracking, possibly - rather than just tracking households by IP address, they could track individual computers within. As they already achieve that using cookies though, really nothing at all changes privacy-wise.
NAT provides only the illusion of privacy; the problem isn't the addressing, but rather the huge centralized systems that we have come to depend upon and which are controlled by only a handful of entities.
Meaningful privacy assurances require effort, and must be addressed at the application layer. This is best served by crypto and peer-to-peer communications, and keeping third parties out of the loop. IPv6 offers the possibility of restoring the most important and fundamental property of the Internet: the end-to-end principle. (If you haven't already, please read this.) IPv6 provides the basic foundation for applications of the future, allowing one to build in as much security, privacy, and anonymity as they may want. To communicate freely and on your own terms.
The only lemmings I am worried about are the ones who needlessly cling to NAT, and would willingly cripple their own IPv6 networks with similar restrictions. The primary value of the Internet, is that it allows everyone connected to be an equal participant. Once you hoist a NAT (or overly zealous firewall) in front of your connection, you are turning yourself into a mere client, subject to the whims and abuses of some service provider.
The new DSL service they're transitioning to requires new modems. I signed up for the service and they sent me an IPv6-capable Motorla router.
From what I hear, they want to transition everyone from traditional DSL to the new service eventually. Your old modem won't work anymore, and you'll have to use their equipment, since they use a nonstandard type of DSL.
Be warned, though, that setting up a traditional Linux firewall with one of those things is like pulling teeth. There's no PPPoE or bridge mode available (authentication is handled by the router), and while the Motorola routers have a mode where they let you have the public IP address (by default, the router takes it), you still have to get your DHCP and whatnot from the 192.168.1.x network. Maybe a multiple IP or static IP setup would work better, I dunno. I finally gave up on it and went back to cable.
Those who can't do, teach. Those who can't teach either, do tech support.
I can't believe they did it that way. I use noscript too, and so I see no difference whatsoever. I can search and read as normal. It wasn't until I read you post and allowed the wikipedia and wikimedia sites to run scripts that I get the lockout.
I assume you are from UK? Which is "your" ISP? Which ISPs in UK are offering IPv6? I know AAISP does, but are there any others?
BTW, interesting info about Google- I didn't know they did that.
--Coder
I used NoScript to block the JS too, but only a few can use these workarounds. Some opt to use mirrors like thefreedictionary. For the masses though, they cannot use wikipedia for 24 hours, and they cannot work around it. It is a major disruption of operations, as far as they are concerned.
Instead of disabling Javascript, you can access the English Wikipedia via the mobile site. Head to http://en.m.wikipedia.org/wiki/IPv6 and enjoy your reading...
Try here
NOSCRIPT!
https://addons.mozilla.org/en-US/firefox/addon/noscript/
It pays to be obvious, especially if you have a reputation for being subtle.
fuck that. strike breaker.
Give up your IPv4 addresses!
And there was much rejoicing ..
add .m to the URL
en.m.wikipedia.org/wiki/whatever
The tracking would largely be worthless beyond the household level, if your household has 2^64 addresses and your ipv6 stack is configured to choose random temporary addresses you would have a hard time correlating anything...
It's actually easier to track multiple users behind nat using cookies and browser identification techniques.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Unless your computer supports Privacy extensions If it does your ipv6 address is not static but generated randomly.
The point of the protest is to raise awareness about SOPA / PIPA. You can lay pretty good odds that Slashdot readers are already aware of them...
I am TheRaven on Soylent News
http://en.wikipedia.org/wiki/Strikebreaker
To all those who say "It will never happen," I respond with an ancient Chinese proverb: "Man who say it cannot be done should not interrupt man doing it."
Recently my ISP started an 'ipv6 pre-pilot', I instantly joined. I now run dual stack ipv4/ipv6 (stateless + dhcpv6) with an opendns ipv6 dns server. After the proper firmware was pushed to my modem it took me 15 minuted to config. Surprisingly i have had no problems at all. Windows vista/7 and android devices all receive/figure out both ipv4 and ipv6 configs. ipv6 incapable devices just kept humming without even touching them. Adding ipv6 was utterly uneventfull....bummer... Things I have done: I changed my startpage to http://ipv6.google.com/ (only for myself, other's don't care) Only sometimes i see something like the images: you are using ipv6 ffff:ffff:ffff:ffff:(yes too short) Using torrent I regularly see ipv6 peers (being connectable rocks) fun fact: the facebook ipv6 address is: 2620:0:1cfe:face:b00c::3
What the fuck happened to Wikipedia?
It's all about SOPA which is explained here. Happy reading.
Don't forget about all the ads posted as "stories".
June ( 6 ), 6th ( 6 ), ipv6 ( 6 ), 2012
666 2012? anyone?
It is nice to see Cisco claiming it will be backing IPv6. Maybe someday that claim will extend to it's E-series wireless routers instead of being just more Cisco marketing fluff.
I think for a lot a deployments 6 only everywhere you can with a gateway for legacy stuff and the Ipv4 internet.
You need two things,
1. A 6to4 Nat gateway /96. It assumes the last 32 bits of any destination address are the ipv4 address, and forwards the payload via ipv4.
That way you can run one stack on most of clients. When they need to talk to an ipv4 only host, they route via the 6to4 gateway. Its the router for a
2. A slightly smart DNS, that when there is no AAA records for a given host, it returns the local network address with the 32bits from the ipv4 portion, to produce a host address. Obviously this could be an issue for DNSSec so you'd need you clients to trust an enterprise certificate or something so the server could sign the re-sign the request after validating up stream.
I think that would make migration go much faster at many sites; but there does not seem and solid packages out there to do the job.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Or your ISP is doing DHCPv6 and is assigning generated addresses to CPE devices.
Most IPv6 stacks will periodically acquire a new random address, so tracking the IP only gives you the network, just as it does with NAT. More importantly, they are required to support multiple IPv6 addresses, so you can have a static address for all incoming connections and multiple dynamic ones for outgoing connections. If Google gets two connections from different IPv6 addresses on the same subnet, they can't tell whether they're from the same computer or from two different machines (without using some other technique, like browser fingerprinting). Some stacks have a paranoid mode where each new outgoing connection gets a new IPv6 address.
I am TheRaven on Soylent News
For FTP over IPv6, read this:
http://www.filetransferconsulting.com/File_Transfer_IPv6_Readiness.pdf
(It's a report on interoperability performed for LAST year's IPv6 day.)
Append ?banner=none to the URL.
"May evil beware, and may good dress warmly and eat plenty of fresh vegetables." -The Tick
DHCP6 is a very good alternative to autoconfiguration, which, as far as ethernet cards go, leak your MAC address the way it is defined. With DHCP6, you can take your entire /64, and define policies by which addresses are assigned to every device on your network. With autoconfiguration, you are locked into just one of those, and if that gets cracked, you're SOL.
Yeah, if there ain't good DHCP6 tools out there, that's a problem, but a different one which has to be solved.
It's an ostrich problem.
It's nice that a handful of ISPs like Comcast have a clue (they even "get" open source), but 99% of others are too stupid to understand IPv4 is a sinking ship. Mine still does installations using bottom-dollar trash where the firmware's crippled by design -- it'll be in a landfill before it ever supports IPv6. They just wasted a fortune shipping those boxes out a year ago to every single one of their existing users.
The LS-NAT that you have w/ DS-lite - does it really have the same disadvantages that your normal static, dynamic or PAT have? My understanding was that it's somewhat different.
With usual NAT interfaces, you get to a point where a NAT device tries to read a public address & port, and translate it to a private address & port using its internal look-ups. This violates certain protocols like IPSEC, since the NAT device has to tamper w/ the destination address and alter it before allowing it to continue, which IPSEC rightly identifies as a violation.
But w/ DS-lite, the situation is different. You have a private IPv4 address encapsulated behind an IPv6 header and IPSEC, so that when they get to the CPE device, the payload's IPv6 is decapsulated, and IPSEC wouldn't see any violation, since the payload has arrived at its destination (the CPE point) unaltered. After the IPv6 header is removed, the payload continues to the IPv4 node using the IPv4 address provided to it by the IPv4 header that was encapsulated. In other words, no actual 'address translation' really happens here, and there is no tampering of any destination address the way there normally is w/ NAT.
In short, what happens is analogous to a post office packing a parcel w/ an extra layer of packing w/ its own instructions to do whatever, and at the final post-office, before it's delivered to the destination address, that extra layer of packing is removed. This is different from if the post office were to scratch that address and put a forwarding address on the mail.
I know it's called LS-NAT, but if my understanding is correct, what happens in DS-lite is anything but NAT. Also, behind every public IPv6 address @ the CPE, is there only one IPv4 address that's assigned to the node, or does the ISP use such a public IPv6 address and LS-NAT to provide IPv4 services to all its IPv4 customers who can't use IPv6? This point is not clear to me about DS-lite.
Mozilla Firefox and Google Chrome both support SNI on all platforms, as do Internet Explorer on Windows Vista and Windows 7 and Safari on recent iOS. Redirect users of Internet Explorer on Windows XP to the download pages for Firefox and Chrome. This leaves iOS pre-4 and Android 2.x as the only major operating systems that don't support SNI at all.
Relying on SNI means you leave out users of Android 2.x devices, and you leave out users of Windows XP who lack privileges to install anything other than Internet Explorer. But once Android 2.x devices come to be replaced with Android 4.x devices and Microsoft ends extended support for Windows XP, SNI should be safe to deploy. I'm thinking mid-2014.
There are no IPv6-ONLY services
I remember there being a porn site that could only be accessed through IPv6. Google ipv6 porn once the SOPA strike ends.
You could either get into the 21st century and enable IPv6 on your network
How should I do that without paying to replace my Netgear WGR614v6 with something else?
made up of IPv6 addresses...
So it's more like ipVIP6.
/Champagne Room Router
Because for the most part, even though I know and understand what's going on I don't care enough to upgrade my old Linksys wireless router until it dies. I sign up for cable or DSL internet service, pick up a router at Best Buy or Newegg, plug it in, and everything just works. I'm pretty sure my podunk small cable operator isn't participating in ipv6 day; the CSRs I've talked to don't even know what it means. I think we have a *long* way to go before any home user is affected.
The launch site includes a list of participating home router vendors, where Cisco and D-Link are both listed with links where they list what routers of theirs currently have IPv6 support.
The Cisco list has several Linksys E-series routers.
Not to say it isn't about bloody time. Selling non-IPv6 network equipment in this day and age is practically a scam.
that just breaks my heart. recursively. :P
This is good news.
I have been running IPv6 in my little part of the Universe for about a year (I had been meaning to do it for 10 years). I even have a subnet at home that is running 100% IPv6. Interestingly enough, while IPv6 is fine and well supported by FreeBSD, Linux, Mac OS, Windows, etc., it is not easy to run a plain PC or Mac in an IPv6 only world, as a number of things still expect IPv4 to be visible (or at least, I haven't found the ways to get around it). For instance, while Windows has had support for IPv6 for quite a while, the Windows Vista machine on that IPv6 segment cannot seem to find Windows update, and hence no patches get downloaded, which isn't nice.
Browsing the web is also frustrating, because even though Google is visible on the IPv6 internet, the search results returned don't all point to IPv6 addresses (unless I haven't found who to enable that). Yes, I could dual-stack, but the idea is to try IPv6 only in that segment.
Are many people living in IPv6-only worlds with PCs and Macs? How do you do it?
I'll switch as soon as I find a viable NAT solution for IPv6. I *like* devices in my home network to be hidden behind a single IP address for privacy and convenience. I am not willing to allow these devices to use public IP.
I looked into this last year, and Linux was not a viable solution since current iptables developers are unwilling to provide IPv6 NAT for what can only be described as "religious" reasons (they know better what I need). FreeBSD provides rudimentary IPv6 NAT, but at the time it was not in a great shape.
Ideally, I'd prefer something built into DWRT or similar firmware, but will settle for anything else that I can make into a home router.
As soon as this is available, I am on IPv6 faster than you can say "switch"
Yes, there are whole business models predicated on the existence of NAT and overly agressive firewalling. You don't need gotomypc.com if VNC 'just works', you don't need most of what gotomeeting provides anymore if PCs are all equal peers on the Internet as it was in the beforetime. VOIP becomes dead simple and no longer requires a massive central host or the antics of Skype. Just a simple presence locator/dynamic DNS type service and folks just directly connect to each other. Same for instant messaging/sms.
But I do have to side with the doubters/deniers who don't see ipv6 widely deployed anytime soon. Can't see a way our of teh chicken and egg the problem presents. There isn't a tangible benefit to the conversion for the first movers yet they will pay the early adopter high prices. So everyone will do limited tests just to be able to check the box and wait for someone else to do the first massive deployments, take the bad PR from the horrific screwups, publish articles on the pitfalls, etc. And in another decade we will still be waiting to hit critical mass and annual articles will declare THIS year the year of ipv6... and of Linux on the Desktop.
Democrat delenda est
So you're saying: the dogs give head?
Most IPv6 stacks will periodically acquire a new random address.
and yes that breaks shit too. Nothing like having a really long download session abort because Windows spontaneously canged your IPv6 local address.
They put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
Or just hit ESC before it redirects. Then again it's the clueless people that they want to make aware of these congressional bills.
After years of seeing my SB6120 cable modem (with Comcast's special sauce firmware beamed into it) display "MDD IP Mode Override (MIMO) IPv4 Only, Modem's IP Mode IPv4 Only" I'm taken aback by Comcast's statement to support IPv6 across much of their network in 5 months. Unfortunately, it also reminds me of the statements of absolute commitments they made to support full two-way CableCard solutions on their network until just enough customers/manufacturers/etc stopped believing CableCard could ever work out and the FCC officially stopped pushing for CableCard (in favor of some software-based standard that has also been stillborn).
I don't use Windows, so I didn't know about that bug. But I would say Microsoft should go and fix that bug. And if Microsoft won't fix that bug, then you should consider using a different operating system, that doesn't suffer from said bug.
The correct implementation of privacy extension would by default do the following: At system boot each interface is assigned two link local addresses as well as two IPv6 addresses per router advertised on that network segment. One of the two addresses would be based on the MAC address and hence be static, the other address would be randomly generated (according to the spec). Incoming connections can use any of the IP addresses. Outgoing connections will use the randomly generated address (unless the application explicitly overrides that choice by binding to a different address). Every 24 hours more randomly generated addresses are added, again one link local address per interface plus one per router advertised on that network segment. The new randomly generated addresses are made default. The old randomly generated addresses remain on the interface until they are no longer in use, and only then they are removed.
If Windows didn't suffer from the bug you mentioned, then it would notice that there was an open TCP connection using that old address and thus would keep it on the interface even though it wasn't the default for new outgoing connections anymore.
And when I said that the above should be the default, it should of course allow the user to configure it. For example the 24 hour interval could be configurable. In addition there is a few possible tweaks. For example you might not need privacy extension on link local addresses. It will be of limited use since for a link local connection the other endpoint can see the MAC adress anyway. In addition the 24 hour interval could be made in a way that doesn't synchronize the adding of new addresses. If you have two interfaces and receive two prefixes on each of those there is no need to update all four addresses at the same time. Doing it at the same time might reveal some information to the peers you are communicating with, and it will also reveal information about your uptime. Instead the first assigned address is given a lifetime chosen uniformly between 1s and 24h. After that it is updated every 24h.
Do you care about the security of your wireless mouse?
If it makes porn download faster then I'm cool wid dat, Yo, just sayin'.
They [wikipedia] put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
An alternative: View (Page) Source; menu or right click menu or hotkey (such as: ctrl + u). Not an easy read, especially if you're one of the rare few on /. unable to understand the purpose of the client-side source code languages--but a workable solution for myself when I unexpectantly needed to use it on that particular day.
Yesterday's Weirdness is Tomorrow's Reason Why
No, they wanted everything addressable as if it was on a public network just like on IPv4 before we had to use a hack like NAT because it was hard to get numbers. You still have routers + firewalls and you still get to decide what is public and what isn't. ... was known for getting out of firewalled networks"? Where you confused because the first tests way back when were done with firewalls off to make it a simple test?
Also, of course IPv6 firewalls are available, but who the fuck fed you the lie that " IPv6
It's just an addressing scheme and not an entirely new way to do networks. About the only major change is the hack of NAT is no longer necessary, and it is a pointless hack that not only breaks things but could always have been replaced for the same functionality so long as there are enough addresses. WTF do you think we did before NAT or in places with enough addresses that they don't need it? Well guess what, we can do that again with IPv6.
So there you go, "large security concerns" are "ignored" because they are not a fucking problem but just networking as usual. The only problem is people think losing the nasty hack of NAT will somehow make things less secure because to them it is a magical incantation that they imagine does everything when in reality it does very little.