Slashdot Mirror
June 6 Is World IPv6 Day 2012: This Time For Keeps
An anonymous reader writes "On 8 June 2011 many companies (big and small) enabled IPv6 to their main web sites by published AAAA records; 24 hours later, almost all of them disabled it after the test was done. This year, on June 6th, many of those same companies (Google, Bing, Facebook) will be enabling IPv6 again, but this time there won't be any going back. In addition to content providers, several ISPs are also participating: Comcast, AT&T, XS4ALL, KDDI, and others. CDNs Akamai and Limelight are on board, as well as network equipment manufacturers Cisco and D-Link. Is the chicken-and-egg problem of IPv6 finally, slowly coming to an end?"
For those of you who don't know anything about IPv6, here's the Wikipedia page for it:
http://en.wikipedia.org/wiki/IPv6/
Happy reading!
Perhaps this would be a good time for Cisco to release software with even the most rudimentary of IPv6 security features.
Viva la revoluzione, my friend but seriously...are you going to hold out forever?
Skot Nelson music is my saviour / i was maimed by rock and roll
ISPs are going to have to pay a lot of money for new hardware, whether they switch to IPv6 or to widespread NAT. Might as well buy the IPv6 stuff once and get it over with.
"First they came for the slanderers and i said nothing."
Especially at home. Who's with me?
Pretty much everyone.
Life is hard, and the world is cruel
I've been waiting a long time for this.
http://tech.slashdot.org/comments.pl?sid=1487194&cid=30529330
Nobody asked you to switch your home ADSL/cable to ipv6, but to have a dual stack and support both. I'd like the "IPv6 is useless" argument to simply stop. There's no reason for saying that. IPv6 is just another cyber space, there's nothing fancy, new, with it, it should be commonly accepted as something we MUST have, right now.
... (replace the dots with your favorite insult). I'd understand that you might have a very old home router at home that wouldn't support it though, but if ISPs were doing their jobs correctly, this should be the last piece of equipment that would be problematic, not your ISP's.
Frankly, in these days and ages, if you're an ISP and don't have v6 support, you're just a
Yes, my father just got FTTH on Monday. The router has an option for IPv6, it's disabled by default and marked "Not recommended". My ISP offers IPv6 from what I see on their webpage though. Personally (I use the same ISP), I've been trying to get it running, but I seem to need a fixed IPv6 block because my router is a Soekris net5501-70 running OpenBSD (4.8, you don't upgrade these things at each release). You cannot run rtsold when the machine is a router and I have the impression that the PPP user daemon doesn't support it. This means IPv4 for me... I asked for a fixed IPv6 block at my ISP (who usually are competent) and they don't do that (yet). Also, they couldn't tell me whether it would be free or come with a cost. If I want a fixed IPv4, it "only" cost 25€/month which I don't pay as DynDNS does the trick for me.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Just disable javascript
The major operating systems support IPv6 Privacy Extensions. This means they generate and use multiple temporary IPv6 addresses, making them less identifiable than most IPv4 systems.
Also, there's no requirement for IPv6 addresses to be fixed. Just as some ISPs offer dynamic IPv4 addresses now, some ISPs will offer dynamic IPv6 blocks in the future.
there is simply zero business case to be amongst the early adopters
That sentence is simply wrong. Maybe not a lot, but you can't say zero. Some customers might choose an ISP because of the v6 support, or rather, some might not use an ISP because he doesn't support v6 (and if you want it another way: IPv6 dual stack is a very valid selling point).
See companies like Hurricane Electric, a large part of their current success has been IPv6 support. That story alone shows that it really is possible to make more money because you do support v6 while others don't. Now soon, customers will soon start to run away if you don't have v6. That day might well be the next 6th of June!
Even worse, there are over 26 million pages for "tcp bugs" and yet somehow we all manage to use it without much trouble.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Me too! Instead, I did it on a random day where I was bored, about 4 years ago. Took about 2 hours and I haven't thought about it since.
Oh, did you mean "I'm not going to use IPv6"?
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
I hope that some of the network/systems analysis companies out there are taking accurate notes about the state of what's accessible via IPv6 and IPv4. I think we'll see an interesting sort of "avalanche" graph when we reach the tipping point. Or not -- perhaps there will be enough dual-stack that we'll just have a slow deathmarch of sites available by IPv4, with a few less year after year?
But to step back and wax lyrical about the whole problem, the reason that IPv6 hasn't taken hold yet is because it just hasn't gotten enough of an IPv6-only install base clamouring for support on their popular websites.
Having major websites and hardware manufacturers on board is an important piece of the puzzle, but it's nothing compared to money. Get enough people inconvenienced that they will take their eyes and their money elsewere (directly, or through advertising revenue on sites, etc...), and every site that cares about their viewership will hop on the IPv6 train. Of course, this means that Bob's website that features his personal Banana Sticker Collection might not get IPv6 support until his ISP drags him to an IPv6 address, kicking and screaming all the way.
That whole idea a year or two ago about putting out a big zip file of porn, but only available on IPv6, was kind of a hoot. AFAIK it never came to fruition, but I liked the creative thinking there. Has anyone else had any crazy good (or just crazy) suggestions about how to spur IPv6 adoption?
coding is life
There's no reason for saying that. IPv6 is just another cyber space, there's nothing fancy, new, with it, it should be commonly accepted as something we MUST have, right now.
Except that it's not. There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available. For example, the US Post Office doesn't really need it's own A block. Nor do most organizations who own them. And B blocks? Thousands are unneeded. My old university has a B block and it's ridiculous...it's all behind a firewall except for a few numbers anyway. For most orgs, it's just that the money that these big blocks could be sold for doesn't exceed the cost of renumbering to 10.x internally. It will someday soon.
We're years away from ipv4 exhaustion.
Advice: on VPS providers
Comparing a drink made from a trade-secret formula, to all that creative commons content.
If Wikipedia goes down, your look for a mirror.
It would be more constructive to use whatever energy needed to pressure legacy IPv4 holders to give-up their space to start planning a move to v6 or at least a dual-stack architecture. This is like people complaining there's still momentum left in the cassette tape when CDs have been around for years. Postponing the inevitable doesn't stop the inevitable from happening.
Fully licensed blockchain psychiatrist
Hell Yes!
If enough of us do it, those profiteering assholes at Big Internet$ will be forced to deal with us on our terms and open up all that extra space they're holding out on.
What extra space you say? Ever heard of a number greater than 255?
It's a conspiracy I tell you. They're all in it! Google, Micro$oft, IBM, The Queen, the Vatican, the Getty's, the Rothchild's and Colonel Sanders before he went tits up! They're trying to keep our eyes shut to the truth!
Wake up! We have all the IPv4 addresses we need! Why at home all my machiens in the 478.921.357.* range!
Really, *really* what's IPv6 going to do for me now or even in the next 4 years that my IPv4 and 192.168.x.x home network don't do for me?
For starters it will allow you to host a bunch of services on different machines without having to put them all on weird ass ports because you only have a single ip. Peer to peer software will work as intended without nasty hacks to poke holes through the nat.
It essentially stops the internet from becoming broken into a one-way thing, which is one of the side effects of nat.
They put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
First Duke Nukem Forever in 2011, and now this in 2012? What's up for 2013, Hurd??
I see you missed the Freemasons. Your oversight is why they will continue to screw you over.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Did you know that for the past three year Google has actually published AAAA RRs for its online properties? However, the catch is that they won't serve you those as a response unless your /32 is on the list of vetted ISPs.
Even if you query one of their public IPv6 resolvers ( e.g. 2001:4860:4860::8888 ) you'll not see a AAAA for YouTube or Google+ unless you're on the list.
To pass the vetting an ISP has to demonstrate various technical aspects such as redundant, othogonally-routed global routes to Google's servers. For small ISPs such as mine, who have worked to implement native IPv6 connectivity, this is simply a step too far. So a proportion of the IPv6-connected world has to fall-back to v4 to talk to Google.
Read more about the frustrating policy here: Google over IPv6.
Or, just press ESC before it forwards you to the blackout page.
are you going to hold out forever?
Yes, I'll be "holding out" with over 99% of users out there.
People, there will never be a IPv6 transition, period.
The crazy idea of the IPv6-designers was to expect all admins to request and configure new addresses - completely utopian.
Yes, NAT is not pretty. Yes, IPv6 would allow for a much cleaner network. But, no, that is not enough to push anybody to IPv6. There are no IPv6-ONLY services, therefore no benefit of running IPv6 on a client (regardless of dualstack). There are also no IPv6-ONLY clients, therefore no benefit of running IPv6 on a server (regardless of dualstack).
The alternative to IPv6 to work around the problem with NAT. And in fact that is the only way, because setting up IPv6 is useless because less than 1% use it while setting up a NAT-based solution, no matter how ugly, will get used and will get you some return of investment. And you know what? Because such NAT-based solutions are created everyday right now, they make IPv4 even more entrenched and any IPv6-transition even more complicated than it would have been before.
Oh, and on a private network, which is behind a NAT anyway, there is even less reason for IPv6 - Yes, I do have enough 10.0.0.0 addresses for my home network.
Sure, it *sounds* easy, but it's not.
My wireless router does not support IPV6, and it wasn't created in the stone age, a Linksys WRT54G2. (3ish years old) Sure, it was cheap, but it's also hard to justify spending more to replace reliably working equipment. A "nice" router that supports IPV6 with grace will probably cost $50 or more.
My Comcast modem is my own. I bought it for $20 because I didn't want to pay $7/month for the DOCSIS 3.0 modem. But because it's a DOCSIS 2.0 Modem, IPV6 support is limited. A DOCSIS 3.0 modem that supports IPV6 better costs around $100.
So the real cost for me of IPV6 is already floating somewhere between $150 to $200, about what I pay for 2 YEARS of Netflix. That is only for getting the ability to have an IPV6 address to my home. That's without setting up the Xbox, Wii, or PS3 with IPV6. (Can you do it?) Let alone the Mac, the several PC laptops, my Linux workstation, or the MagicJack Plus that I use for my home phone "land line".
What about our smart phones? Will Android 2.3.x use IPV6? 'what about Android 2.2 on my wife's phone, or 2.1? What about the $90 android tablet my wife bought at Rite aid? For all of these, I have no idea, which means likely not.
What about the (awesome!) SIP app I use on my smartphone to call into the corporate phone server from my home network? Will it work with low latency over IPV6 to my corporate SIP server running IPV4, with traffic shaping that works as well as it does now with my cheap IPV4 modem? Somehow, I have my doubts...
Switching to IPV6 is easy, as long as you don't actually do it for real. As soon as you start trying to live it, use it everyday, make it part of your everyday life, well, things get complicated quickly. This is going to take a while to sort out, you know?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Blocking access to your service, in my opinion, is not the point. The point is to bring attention to SOPA/PIPA, inform them how serious this is. Not to deny service.
And I had contacted my rep months ago. And I did not have to find an alternative as I knew it has to be done using a script and used noscript to block all scripts. I was just mentioned one of the possible ways someone can use wiki if they needed it (giving people this info, does not mean they will not contact their reps, neither does, not giving this info, mean people will contact their rep. Both are independent actions).
They are collecting your data as we speak. Do you really believe a NAT or a firewall is going to stop them? IPv6 isn't going to help them collect more data. They follow the moves of anyone logged in to them now. If you have no NoScript or Adblock or so you'll notice a small "t", a small "f" and a small "+" in the lower right corner of each message once you hoover over the message. Do you believe that's only a button? Do you believe that's only a way of connecting to twitter, Facebook or Google if and when you wish to do so? Each and every /. page you load is reported back to them.
What would IPv6 add? Tracability of the specific PC? They already have that, assuming you aren't actively blocking their scripts (if you are they can't trace you either, unless and only when you go to their pages. Even with IPv6.) . Each and every one of them uses cookies with unike ID's. That's how they trace you. Why would they add a higly unstable way of doing exactly the same? (The IP adress of your PC can change each hour if you wish it to. Then Google would think you are a new customer and thus a new data set.)
Now we have established it won't help them, let's talk about the need. True, there are some IPv4 adresses available. But they will be taken soon, the request for IP adresses is increasing fast. NAT is a hack solution to a problem decently solved with IPv6. Continuing to use IPv4 (and opening the available IP adresses in A blocks) would postpone the inevitable, with more costs as a result (by then there are even more users with more PC's/phone's and thus more costs). Going to IPv6 fixes the problem (there are so many IPv6 adresses even I believe we won't run out, not in a million years).
We must go to IPv6 and we can't delay for it would cost money.
Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
NAT provides only the illusion of privacy; the problem isn't the addressing, but rather the huge centralized systems that we have come to depend upon and which are controlled by only a handful of entities.
Meaningful privacy assurances require effort, and must be addressed at the application layer. This is best served by crypto and peer-to-peer communications, and keeping third parties out of the loop. IPv6 offers the possibility of restoring the most important and fundamental property of the Internet: the end-to-end principle. (If you haven't already, please read this.) IPv6 provides the basic foundation for applications of the future, allowing one to build in as much security, privacy, and anonymity as they may want. To communicate freely and on your own terms.
The only lemmings I am worried about are the ones who needlessly cling to NAT, and would willingly cripple their own IPv6 networks with similar restrictions. The primary value of the Internet, is that it allows everyone connected to be an equal participant. Once you hoist a NAT (or overly zealous firewall) in front of your connection, you are turning yourself into a mere client, subject to the whims and abuses of some service provider.
There are no IPv6-ONLY services
This is incorrect. There are a number of IPv6-only services, especially in the asian markets, where IPv6 has been available to clients for a goodly number of years.
The alternative to IPv6 to work around the problem with NAT.
This isn't an alternative. NAT expands tha number of clients that can use the internet, but is largely useless on the server side. APNIC has run out of addresses, RIPE is going to run out this summer, at some point its going to become impossible for datacentres to get new IPv4 addresses, and at that point anyone runing servers is going to start having problems. They will start by shoving services behind proxy servers, etc. to reduce the number of IPv4 addresses that need to be exposed, but this only goes so far. Some services can't be placed behind proxies, running services on non-standard ports is almost as problematic as running them on IPv6 (a large proportion of customers are behind restrictive firewalls). At some point, IPv4-only clients are going to become second class citizens - they will be able to access the internet, but some services will be unavailable to them. Yes, it will take many years, but it will slowly happen.
Oh, and on a private network, which is behind a NAT anyway, there is even less reason for IPv6 - Yes, I do have enough 10.0.0.0 addresses for my home network.
For a *home network* you're correct. For the generic case of a *private network* you're wrong. I'm informed that Virgin Media are actually very interested in rolling out IPv6 because there aren't enough RFC1918 addresses for device management. I'm sure that they *could* bodge their network to make it work with the restricted number of addresses, but its probably easier in the long run to just bite the bullet and roll out IPv6 (and on a truely private network this is easier because everything is under your control).
http://blog.nexusuk.org
There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available.
Given that 2^32=4.3 billion, you're wrong. There are a few million addresses locked up in old class A networks. If you bother to look at the consumption rate you'd realise that even if all of these addresses were returned to the pool they would buy a few weeks and then we'd be right back where we started. In short, recovering those addresses is going to be a lot of effort, will not solve the problem and will only postpone it for a very short length of time.
We're years away from ipv4 exhaustion.
IANA ran out of addresses at the start of last year. APNIC also ran out of addresses in the first half of last year. RIPE is going to run out of addresses this summer. We are *not* a significant number of years away from exhaustion. We've got maybe 3 years until there are no more IPv4 addresses left to allocate by any RIR. Reclaiming the legacy blocks to buy a few more weeks doesn't make sense.
http://blog.nexusuk.org
So the real cost for me of IPV6 is already floating somewhere between $150 to $200
But in 10 years' time, after the magic smoke has escaped from all that hardware, you'll have upgraded to kit that supports IPv6.
People saying "I'm never going to upgrade to IPv6" come across the same as people saying "I'm never going to upgrade from IE6" - in short, idiots. And in a few years time, like IE6 users now, they will probably be idiots who can't use some big services.
Let alone the Mac, the several PC laptops, my Linux workstation
IPv6 in OS X, Linux and any Windows newer than XP pretty much Just Works with no configuration needed. You'd have to go out of your way to disable it.
MagicJack Plus that I use for my home phone "land line".
There will be legacy hardware that doesn't supprt IPv6 for some time, but in this restricted case is it a problem? I presume the MagicJack is basically an FXSSIP gateway, so whether you need IPv6 here depends on whether the SIP gateway it is connecting to has a v4 address. No one is saying you need to remove IPv4 from your network entirely.
What about our smart phones? Will Android 2.3.x use IPV6? 'what about Android 2.2 on my wife's phone, or 2.1? What about the $90 android tablet my wife bought at Rite aid? For all of these, I have no idea, which means likely not.
Android has supported IPv6 since Android 2.0.
What about the (awesome!) SIP app I use on my smartphone to call into the corporate phone server from my home network? Will it work with low latency over IPV6 to my corporate SIP server running IPV4
No, an IPv6-only device isn't going to be able to talk to an IPv4-only server (unless it uses a NAT64 gateway to do so). IPv4 is not going to suddenly disappear, dual-stacked clients are the norm, and as IPv4 addresses become harder to get hold of, ISPs will use carrier grade NAT to provision IPv4 to their clients. Talking to IPv4-only servers will still happen over IPv4.
Address exhaustion is largely a problem for servers, where NAT isn't really feasible. For many years to come, clients will have (NATted) IPv4 and (unNATted) IPv6 concurrently. Which is why it makes no sense when ISPs say "we don't need IPv6 because *we* have plenty of spare IPv4 addresses" - it doesn't matter if you have a big stack of spare IPv4 addresses if the people who operate the servers that your customers connect to don't.
What *should* have happened, is the telecoms regulators should have mandated that ISPs implement IPv6 support and sell IPv6 capable routers a good number of years ago since it was clear they were going to wait until crunch-time before bothering to do so without regulatory pressure. If that had happened, most end users would already have IPv6 capable internet connections and hardware.
http://blog.nexusuk.org
Yes, I am a UKian! In addition to AAISP, Goscomb and IDNet provide native IPv6 routing and /48 blocks to customers.
Zen keep promising it with no delivery date, and Merula might be v6-capable by now.
However of these only AAISP has been "vetted" by Google; they went through the process a couple of years ago when I was still a customer and it was both eye-opening and eye-watering in terms of the hoops that Google made them jump through. It was like watching an episode of Columbo; "...just one more thing...".
I'm now with Goscomb, who haven't yet tackled the Google v6 obstacle course.
From memory early IP adopters like many Ivy League universities have a A domain. E.g MIT owns the 18.x.x.x domain. I doubt MIT requires 16 millions of IP addresses.
On the other hand, they probably would have to reengineer their network architecture if they had to free a good chunk of their 18.x subnets. Which would be cheaper? Converting to ipv6 or hang on to part of their old A domain ?
Also there is work to do in the DNS servers code so that A block can be cut up. This is not a simple as it seems.
I don't really want to get into this debate, but Virgin probably manages more devices than you give them credit for. Every single CPE has a 10.x.x.x address, as does every CMTS as well as a bunch of other stuff. 16million devices? Probably not, they only have about 4million customers, but they do manage a lot of devices.
Anyway, the reason I comment is because they are looking to roll out IPv6 by the end of the year, at least on the business side, which is where it'll matter most first.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
ISPs use 10.x addresses to manage their end user devices. Comcast has already exceeded 16 million users. They already have to kludge together a solution just to manage their devices.
Sorry, but your thinking is outdated and shows a lack of understanding of the true infrastructure of the Internet as a whole. As you have already been told, there are parts of the world today who turn on their devices and don't get a public IPv4 address. Not to mention, this entire article is about key services and websites turning on IPv6 in recognition of the future.
I'm guessing you never lived in a flat Internet. I have. This bullshit we've had to suffer with for a couple decades is actually pretty horrible. When we return to a flat internet, we will be able to video conference from one PC directly to another, anywhere in the world.
It's the future, and in a sense, returning to the past.
Dude, A-class networks are gettng swallowed up in *months*. You're proposing to bail out the Titanic with a bucket.
[FUCK BETA]
4 million customers = at least 4 million customer routers...
Plus the TV set top boxes which also have IP for on demand tv and such...
Plus their own infrastructure devices...
Plus wastage due to subnetting (network address, broadcast etc)...
Imagine trying to segment a network of that size, and then trying to keep track of what was in which segment etc... Would be quite a nightmare.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
For a *home network* you're correct. For the generic case of a *private network* you're wrong. I'm informed that Virgin Media are actually very interested in rolling out IPv6 because there aren't enough RFC1918 addresses for device management. I'm sure that they *could* bodge their network to make it work with the restricted number of addresses, but its probably easier in the long run to just bite the bullet and roll out IPv6 (and on a truely private network this is easier because everything is under your control).
I didn't know Virgin Media had that problem yet, but it is the reason Comcast are doing their transition work, despite ARIN having a lot less pressure on their address pool compared to RIPE. If Virgin are getting close to the limit of a /8 (modems+TV boxes+head end?), they have more incentives to start switching soon. I wonder if this is part of the reason for the planned speed doubling - replacing the modems for extra speed is easier to explain to the public (via DOCSIS 3, I expect), but getting IPv6 support as a nice "side-effect". Plus, as long as no one advertises it, there's less pressure if it doesn't work, too!
The point of the protest is to raise awareness about SOPA / PIPA. You can lay pretty good odds that Slashdot readers are already aware of them...
I am TheRaven on Soylent News
I'd understand that you might have a very old home router at home that wouldn't support it though,
That is blandly false. Even many brand new routers have zero IPv6 support. Lack of IPv6 support in home routers is essentially one of the biggest issue of an IPv6 transition, right next to ISPs not providing IPv6 to their customers in the first place.
Exactly. Granted, on my own internal network I might not bother with setting up IPV6, and instead do the equivalent of a NAT for my internal servers to give them an IPV4 address and only have my border router deal with IPV6. This is probably how it's going to work at first, and that's okay; it's getting the transition done, and for the most part everything is going to work that way. (Open holes in your own damned firewalls internally for redirects.) Eventually -- which probably means "the next version of Windows" given how IT seems to work these days -- IPV6 will be phased in even internally. I don't think IPV4 is totally going to go away any time soon because, at the very least, people are going to still use it for internal routing a lot because that's what they can do in their sleep or when drunk.
We have to either transition to IPV6, or come up with some protocol layer that sits on top of IPV4 to give additional addressing capability. Given the alternatives, the latter is utterly stupid.
That said, I'd recommend that when this starts to take off people invest craploads of money into Cisco (CSCO) stock. Just sayin'.
Another question is how many will realise that NAT makes it impossible for p2p file sharing users to seed, and that perhaps allowing this 'problem' to continue could be to their advantage.
NAT is also the nemesis of PC multiplayer gamers. Less so on consoles, where users aren't expected to wish to host their own private servers for friends.
Didn't you read the second half of my comment?
IPv6 addresses don't have to be static. If it happens that an ISP implements static IPv6 addresses but dynamic IPv4 addresses, that's your ISP's choice, not a problem with IPv6.
Oh, and on a private network, which is behind a NAT anyway, there is even less reason for IPv6 - Yes, I do have enough 10.0.0.0 addresses for my home network.
Yes, but what when your ISP no longer has any net-routable IPv4 address to give to your router? We're getting closer and closer to that day. On some asian mobile networks, it's already happened.
They can
a) buy new equipment to handle carrier-grade NAT, so you end up double-NAT'd on your home network. And what happens when they run out of real IPs again because they're hitting port total limits?
b) replace what remains of their infrastructure that doesn't support IPv6, and start handing out IPv6 addresses blocks to new customers, with an IPv6-4 gateway for legacy websites.
With step a, you largely break VOIP, video conferencing, IM client direct connection, xbox live, steam gaming; any kind of peer-to-peer networking. Cos since you don't control the upstream NAT, no uPnP port-opening for you. Try to have too many customers double-NAT'd behind a single routable address, and you're going to start hitting port-conflicts just for normal web-browsing.
NAT is a hack. Double (carrier grade) NAT is an even bigger hack.
Step B - handing out IPv6 addresses with a 6-4 gateway is basically inevitable at this point. It makes sense to deploy IPv6 to end-users while they still have a large enough pool of IPv4 addresses so they can dual stack. There are no more IPv4 addresses to hand out world-wide. The national registries will have handed them all out to ISPs by the end of this year. Any new ISP, or any growth after that will HAVE to be IPv6.
OK, carrier-grade NAT will buy you a bit of time for end-users, but server hosts won't be able to do that. They're going to have to start going IPv6 only as there won't be the IPv4 addresses to give them; again, this is already happening in asia. And when servers you want to visit are only IPv6, you don't want to be stuck behind a double-NAT'd network, as you won't even be able to setup your own IPv6 tunnel - they will be entirely unaccessible without some form of dual-stack proxy.
carrier grade NAT will be slow, and crippled and subject to your ISP having a decent proxy. They can't even provide decent DNS servers!
IPv6 works, it's available now. The only thing you need to do is get your ISP to use it instead of carrier grade NAT; and if they won't, switch to one that will. Or the next few years are going to see your 'net connection get progressively more and more broken.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
No, actually it's not "useless". There are a shitload of server clusters which run on a single public-facing IP address, but host many, many different sites. How do they perform this "magic"? Why, their load-balancers use this concept called "Network Address Translation" to map the internal, local IP address of each server to the same publicly routable ipv4 address.
Which is all well and good when it's one customer serving up the same site via one IP to all customers with multiple tin boxes.
Does you jack-shit good when you have TWO or more customers both wanting port 80 and 443 to go to two different server clusters serving up different domains because they're you know, entirely unrelated companies - and you don't have any more IPv4 addresses to give them.
We're not there yet, but we're getting much too close to it to be this late in IPv6 deployment.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
BUT I'm pretty sure I've been hearing that refrain for several years now.
We've been warning you for several years, because we wanted the transition to dual-stack IPv6 to happen BEFORE we ran out of IPv4 addresses. By the end of this year, all bar a tiny handful of remaining netblocks globally will be allocated to ISPs. After that, there is no more room for device/server/service growth. There will be no more addresses to hand out. It's either carrier-grade NAT for end-users and retasking their IPs for servers, or IPv6 only.
Salvaging the remaining class-A netblocks will take far longer to reclaim than they will to allocate. We're already seeing IPv6 only devices on mobile networks in asia, and carrier-grade NAT on mobile networks in europe. It won't be long now before the same has to happen to end-users on full-fat broadband connections.
IPv6 should have been deployed years ago. That we're this late in process, this close to total IPv4 exhaustion, is rediculous. What could have been a smooth transition is now going to be a massive messy expensive rush crisis of a transition because ISPs couldn't see past their next quarter profit results.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
What the fuck happened to Wikipedia?
It's all about SOPA which is explained here. Happy reading.
What were you expecting to happen? IPv6 things will give you an IPv6 address and use it, and IPv4 things are unchanged. The majority of stuff is still IPv4-only and the only "surprising" thing is that the modem had a firmware that could handle it.
The problem is not what happens when you have modern OS, good ISP, simple configs, IPv4 fallback and modems that have IPv6-firmware for them but how you get to that point.
How do you upgrade servers and machines that aren't IPv6-enabled, how do you upgrade that old boiler software or access control software or internal wireless box to support things, how do you get an IPv6 address allocated to you on a business line, how do you make your servers accessible over both, how do you afford to replace all the things that can't be upgraded (for almost zero new "features"), how do you cope once IPv4 goes away completely, etc.?
None of them are huge obstacles with proper planning, support and finance but almost nothing is a huge obstacle with proper planning, support and finance. The problem is that an awful lot of people *won't* be able to upgrade as simply as you did.
It took ten minutes to IPv6 enable all my domains and servers and pass all the tests for them. But I still haven't managed to tunnel IPv6 into OpenVPN at my hosted server and use IPv6 natively from its allocated address. And tunnelling OpenVPN TO an IPv6 endpoint address still isn't possible as far as I can tell. My home connection is still IPv6-less, all my internal hardware uses only IPv4, etc. etc. but my laptop can connect to IPv6 networks no problem at all.
This is the problem with IPv6 - there is no one magic switch to throw. *Everything* has to be inspected, evaluated, upgraded, replaced, configured, etc. in order to work. And for what benefit? At the moment none. In a few years, every ISP will just have 4to6 tunnels by default anyway to let people still on old hardware carry on without upgrades. But a single, simple IPv6 deployment means nothing. My servers are IPv6 and so is my laptop. Trouble is, finding a sod in between that cares about it (what about your 3G provider, for instance?)
If all your computers on the internal network have IPv6 capability then all you need to do is turn it on. They will automatically assign themselves a link local IPv6 address and will be able to talk to each other. After that it is simply a matter of having services that support IPv6. As for name resolution you can either use something like Bonjour (aka mDNS) or have an IPv6 capable router with DHCPv6.
I have been running IPv6 on my home network, using an Apple airport, for the past year and there is really not much setup to do. It would be nice if my ISP supported IPv6, but until then there is 6to4.
Jumpstart the tartan drive.
Exactly. Granted, on my own internal network I might not bother with setting up IPV6, and instead do the equivalent of a NAT for my internal servers to give them an IPV4 address and only have my border router deal with IPV6.
Why? One of the really big benefits of IPv6 is the lack of address translation. This means stuff like peer to peer services (e.g. VoIP) can work without having to use unreliable nat traversal technologies such as STUN (peer to peer systems have to exchange addressing information. If there is no NAT then they just look at the local machine's address. If there is NAT then they have to use various techniques to probe the NAT and then make an educated guess as to what IP address and port their traffic will be translated to). If you try to perform some non-standard NAT at the border, you're going to reintroduce a lot of problems that IPv6 was built to avoid, and you also introduce an overhead of having to manage the NAT.
Eventually -- which probably means "the next version of Windows" given how IT seems to work these days -- IPV6 will be phased in even internally.
Why wait for the next version of Windows? Windows newer than XP has supported IPv6 out of the box (XP just involves a driver install), Linux has supported v6 out of the box for over 10 years, OS X supports it out of the box, Android supports it out of the box, lots of Apple hardware Just Works with v6, etc. Just setting the router to send RAs should see most of the clients on an average network automatically start to use v6, no need to upgrade the OS or reconfigure it.
http://blog.nexusuk.org
I tend to not agree with that. I'm the boss of GPLHost, and we have 10 points of presence. We have asked absolutely all of the data centers if they had IPv6 connectivity, and could announce some /38 for us, as we have a /32 delegation from APNIC (yes, that's 4 billions x 4 billions x 4 billions IPs, and that's the smallest block you can get for IPv6 with APNIC !!!). Then guess what ? Only ONE of them provided a full dual stack support, and they are doing very funny RADVd announces (eg: not announcing a /64, which doesn't work by default on Linux). All the others, they either said just "no", or "yes, we're working on it, maybe later...". That's just lame. So of course, since we do have customers willing to use IPv6, we did it by ourselves, and we peer with HE using v6 over v4 tunnel. All this is lame lame lame.
So no, the issue isn't just home router. ISPs are globally lame. There's nothing hard in setting-up IPv6, but they just don't do it.
Oh that Colonel Sanders, with his wee beedy eyes. Making you crave his chicken fortnightly!
It doesn't need to be 18 million devices - each subnet is already dropped by two to have a gateway and broadcast address. It's also unlikely that every /24 will have all 254 remaining devices on it. At work I have a /22 and only have about 700 IP addresses assigned, but the rest are unusable to anyone outside my group.
This is one of the core problems with IPv4 (which CIDR) skirted around. IPv6 has this problem as well, but having more IP addresses available than number of atoms in the sun (or something like that) means even with a ridiculous amount of waste there's still plenty of addresses to go around. Heck, Hurricane Electric assigned me a /64 IPv6 subnet (2^64 addresses available)
You're also forgetting worldwide organizations that need to do a site-to-site VPN. Each site now needs to coordinate its internal addressing so there's no overlap. Going with IPv6 completely eliminates this need.
I have the same Linksys router. You need the DD-WRT mini (I think) image for that. DD-WRT for no apparent reason think IPv6 is unimportant and so don't include it on the mini image.
Allow me to point out a couple of IPv6's features for you:
- IPv6 is designed to be hierarchical, so knowing the location of a segment will be easier than IPv4. Each /64 is routed under a matching /48, which is under a /32, etc..
- All subnets should be /64's
- IPv6 does not use broadcast IPs. It has various multicast addresses with the prefix ff00:/8 to address the link-local domain (~=broadcast), site-local domain, etc.
- Don't think of "wastage". By design every subnet should be a /64. The host address is intended to be globally unique, so there are 2^63 available globally-unique host addresses that by design can move to another prefix and still be unique within that prefix. If you don't want to use a globally unique ID, there are also 2^63 non-globally-unique IDs, and for example prefix::1 is one of them. By your thinking the IPv6 waste is colossal, but it's not waste, it's a design feature which allows hierarchical routing and collision-free merging of subnets.
- Routers need not take up a public IPv6 address if you're that desperate for space (which you aren't, I promise). All IPv6 hosts have a link-local address (think 169.254.0.0/16, but always there), and the router can advertise a route on the link-local address
NAT itself may not do much for security, but a properly-designed NAT router does. If an external machine requests to talk to an internal machine, it's going get denied, because the router knows without a doubt that the external machine is on the external interface, and that the internal IP address is in fact internal.
When you have any number of machines behind a router, and can't guarantee that all of them have a software firewall turned on, using a NAT router to protect the network makes imminent sense. Unless I'm wrong somehow and every home network in the world is ripe for attack.
Um, even Win2k had IPv6 downloadable. WinXP just needs it turned on. Vista an 7 have it on by default and will use it for file sharing and terminal services.
Outside of ISP availability and SOHO router support, the only current stumbling blocks with IPv6 are programs that try to store IP addresses and haven't been updated to store IPv6 addresses. Programs that use or store host names and use the OS'es name resolution work fine as-is.
Having IPv6 to the router and IPv4 behind it doesn't make a lot of sense. Layer 2 and client IPv6 really isn't a problem.
But no, IPv4 isn't going away soon. Dual-stack will be a reality for at least a few years, probably 10-20.
Aside from IPv4-only servers, the biggest stumbling block to ditching IPv4 entirely (once IPv6 is ubiquitous) is that there is no PXE boot for IPv6 yet. Will somebody please develop that and start getting it into boot firmware?
The "NAT" part of that post isn't what's providing your security, the "firewall" part is.
> But in order to access IPv6 content on the internet, your local devices are going to have v6 addresses anyway ...
No they won't! That is completely incorrect. That's one of the most common misconceptions about IPv6. As I said above: it is entirely possible to have an internal network that doesn't even use TCP/IP at all. All you'd need is a *translation* mechanism at the gateway to the Internet.
Yes, and back in reality its going to be easier to simply dual-stack the network than deal with translating all the high level protocols individually at the border.
That's what many people are doing right now when you use a paid wireless data plan -- for example, I can tether my Android to my laptop. The laptop is 100% IPv4; IPv6 is *disabled.* But my wireless network is IPv6. Not a problem, my smartphone translates everything for me and I don't even have to think about it.
Your smartphone won't be translating anything. Your smartphone will be tunnelling - i.e. simply encapsulating the IPv4 packets inside an IPv6 packet which the telco will then de-encapsulate and NAT to one of their IPv4 addresses. Your laptop still won't be able to access IPv6 content unless there is a high level protocol proxy involved. If there is a proxy involved then only certain specific protocols will work - the proxy isn't going to know how to translate all protocols.
My *ISP* is still IPv4 on its local network. Their backbone from ATT is still IPv4. They're tunneling and translating everything for us.
I'm confused by what you are claiming here. You say your computer is IPv4 only and your ISP is IPv4 only. Your ISP isn't tunnelling or translating anything, you're simply not going to be able to access IPv6 services.
The flipside: people who are on an IPv6 provider will be given a dynamic IPv6 address by their ISP. But the translation is done at the Internet gateway. The people inside that building don't know and don't care. They enter "google.com" in their Web browser and they get a search page.
First of all, most people who are on an ISP that provides IPv6 connectivity will be getting a dual stacked connection - they will have IPv4 as well (possibly CGNATted). If their PC only does IPv4 then they will be unable to access IPv6 content.
If the ISP only offers the customer a single-stack IPv6 connection and the customer's PC doesn't support IPv6, it simply won't work at all.
If the ISP offers the customer a single-stack IPv6 connection, and the customer's PC supports IPv6, the ISP can also run NAT64 and DNS64 servers which would allow their customer to access IPv4 services. The whole IPv4 address space can fit in a tiny corner of the IPv6 address space, so each IPv4 addresses is mapped to a unique IPv6 address. This means that, as far as the IPv6 client is concerned, the IPv4 server has a unique IPv6 address. The client connects to that unique IPv6 address and the NAT64 server intercepts the traffic, extracts the IPv4 address that is encoded within the destination IPv6 address and forwards it on over the IPv4 network. This is easy, but also not what you are proposing.
Your proposal was that the client network remain IPv4-only but would be able to connect to IPv6 servers. The problem with this is that an IPv6 address can't be encoded within an IPv4 address, so a border gateway won't be able to figure out what IPv6 address to send the packet to. The only way you can do this is to have a border gateway that understands higher level protocols. For example, for HTTP the gateway can look at the host name the client is trying to connect to, and do its own DNS lookups to convert that into an IPv6 address. However, you would have to provide a gateway that understands every high level protocol you're using, and for some protocols it simply isn't possible because they don't encode the required information.
http://blog.nexusuk.org
dhcp6 is evil. just enable route advertisements, the way it's meant to be.
http://www.litech.org/radvd/
dhcp6 is evil. just enable route advertisements
How would a DNS server's IPv6 address be advertised in such a manner? I can't look it up myself due to the SOPA strike.
There is an RFC for that. I can't recall which one, but you can tell radvd(8) to hand out DNS addresses.
no NAT isn't a feature, its a fucking bug.
I don't want my ISP seeing every fucking machine behind my router/firewall because its none of their fucking business.
My guess is comcast & co really want this because they want to try and bill customers based on number of machines.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.