Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Under Fire For Backing Off IPv6 Support

Posted by samzenpus on from the no-ipv6-for-you dept.

alphadogg writes "Apple Computer came under fire for back-pedaling on its support for IPv6, the next-generation Internet Protocol, at a gathering of experts held in Denver this week. Presenters at the North American IPv6 Summit expressed annoyance that the latest version of Apple's AirPort Utility, Version 6.0, is no longer compatible with IPv6. The previous Version, 5.6, offered IPv6 service by default. While home networking vendors like Cisco and D-Link are adding IPv6 across their product lines, Apple appears to be the only vendor that is removing this feature."

8 of 460 comments (clear)

  1. This is non-sense by Anonymous Coward · · Score: 5, Informative

    They did not remove IPV6 at all. They new confit utility (v.6) doesn't let you configure it, but they say so right in the docs that it is one of th feature the new version does not yet support. They also give you a download link the previous 5.6 version if you want to configure those rarely used features. IPV6 is even enabled by default.

  2. Re:ipv4 is dead, long live ipv4! by jroysdon · · Score: 5, Informative

    IPv6 is actually very easy to remember when done right. Further, we have DNS for address resolution - how many of the websites you visited today do you know the IPv4 address for?

    For an enterprise, once they get their allocation, it's really not that bad. I will make up an allocation as an example:

    2600:123:b000::/48

    With 5 more octets left (octets isn't the right term, but divisions seperated by colons), you can do a large amount of intelligent numbering, and even just reuse all of your VLAN and IPv4 numbering right inside your IPv6 addressing.

    For instance, if you have a server network at 172.16.2.0/24 and it is vlan 203, you can assign 2600:123:b000:203::/64 (with the nodes getting ::172:16:2:yyy), so a given server node with 172.16.2.105 would be 2600:123:b000:203:172:16:2:105 . It's wasteful, but with IPv6, who cares?

    If you have more than one site, then each site should get you your own /48. When applying for addreses, you should do so for all sites at once. We have a /44 (x:x:b000 - x:x:b00f) as we have 9 sites. We can then assign each site based on their site numbers (2600:123:b001 - 2600:123:b009). We use 2600:123:b000 for infrastructure, and still have 2600:123:b00a - 2600:123:b00f left over.

    So, site 3, vlan 405, network 172.24.5.0/24 would be assigned 2600:123:b003:405::/64 with nodes having 2600:123:b003:405:172:24:5:yyy. For workstations that use SLAAC and/or DHCPv6, you don't care about the last 64 bits and you rely on DNS. But you still know the site and VLAN if you use the same numbering. 2600:123:b002:464::/64, which is site 2, vlan 464.

    All the IT staff has to do is learn that 2600:123:b000 - b00f is our assignment and explain the rest of our addressing plan. It's actually rather natural to do it this way and makes a ton of sense.

    Oh, and personally I would skip doing any decimal to hex conversion where it can be avoided. For instance, I would not make vlan 165 be A5 (the hex value), but rather just 165. This does mean you'll "waste" something like 37.5% of your address space - but again, who cares? I'll take readability over maximum use any day.

  3. Re:Because 32bits of addressing... by rogueippacket · · Score: 5, Informative
    I already spent a few mod points on this article, but I simply have to address your post. It quite clearly demonstrates the lack of awareness surrounding IPv6 today.

    I don't believe, for a second, that all addresses in companies or homes need to be public addresses!

    Not every IPv6 address is a "public" address - private addresses can be assigned to a local subnet, very much like RFC1918 addresses, except now called Unique Local Addresses.

    and, of course, there is some security to NOT being directly touchable on the net.

    I don't WANT my address to be easily and directly reachable

    Second of all, I can only assume by "directly reachable" you remain the loss of NAT/PAT. Again, Unique Local Addresses invalidate your statement. Furthermore, NAT/PAT can still be implemented. Not that it gives you any security whatsoever today.

    running ipv6 is about as useful, to home users, as running BGP.

    You do know that BGP is a routing protocol and IPv6 is a routed protocol, right? Please take a moment and read through the Wikipedia page on IPv6. Maybe even try running it for a week or two in a virtual environment?

  4. Re:Because 32bits of addressing... by evanbd · · Score: 5, Informative

    That's what firewalls are for. The fact that NAT and firewall often go together in IPv4 does not mean it has to be that way. Just set your IPv6 firewall to deny by default, and you'll have the same security setup you usually get with NAT+firewall on IPv4, but with more flexibility.

  5. You'd think IPV6 people would be smarter... by Alrescha · · Score: 5, Informative

    Apple didn't back off on anything. The version of Airport Utility discussed is the pretty, dumbed-down version of the application intended for folks who just barely understand what a router is about. It matches the similar version deployed on iOS.

    The "previous version" isn't. The feature-complete 5.6 was released at the same time as the simple version, and has the same support for IPv6 as it ever did.

    A.

    --
    ...bringing you cynical quips since 1998
  6. Re:Because 32bits of addressing... by Anonymous Coward · · Score: 5, Informative

    "can be smaller", but won't.

    IPv4 header: "Variable length of 20-60 bytes, depending on IP options present." (if you don't use any options, 20 bytes).

    IPv6 header: "Fixed length of 40 bytes. There are no IP header options." (if you don't use any options either, 40 bytes)

    IPv6 is terrible if those "20 bytes more" are relevant for your application.

    Src: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Frzai2%2Frzai2compipv4ipv6.htm

  7. Re:Because 32bits of addressing... by slimjim8094 · · Score: 5, Informative

    You're breaking the internet because you don't understand it. There's not really a nicer way to say it. Every host is *SUPPOSED* to be addressable. It's called the end-to-end principle. The fact that NAT prevented unsolicited connections was a consequence of its design, not a feature. Firewalls do it better, and with more control. They even do it by default! The reason the iptables authors are religiously opposed to it is because the internet isn't meant to be like that, and there are perfectly good solutions (in iptables!) to do what you want without a broken end-to-end principle.

    For what it's worth, I've been running IPv6 at home for a few years without the slightest trouble. My clients get NATted IPv4 addresses, and a public IPv6 address. They have the same security, since the firewall prevents unsolicited connections. But since it's a firewall and not shitty NAT, I have three SSH servers on port 22 and two webservers on port 80 that are publicly routable. Try doing that with NAT

    --
    I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  8. Re:Because 32bits of addressing... by Lord_Jeremy · · Score: 5, Informative

    The Airport Utility 6.0 actually has a whole lot less administration features than the 5.6 utility. In fact Apple has a download on their site for 5.6 if you want to use some of those features that are missing. As far as I can tell 6.0 is pretty much a Beta version. It's got an entirely different interface philosophy than 5.6 and most other router administration panels. I suspect that a lot of the missing functionality will be added soon, including ipv6.