US IPv6 Usage Grows To 3 Million Users

darthcamaro writes "There is a myth that IPv6 is only for those in Asia, but that's not true. According to new data discussed this week at an IETF conference, there are more IPv6 users in the U.S. than anywhere else in the world — coming in at 3 million. From the article: 'George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) has a reasonable idea of what the current levels are globally for IPv6 adoption, thanks to some statistical research he has been doing. In his view, IPv6 is now a reality in terms of adoption. "I think you're used to us standing up and saying 'woe is me, woe is me, v6 isn't happening,'" George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) said. "But it is actually happening, these are not trivial numbers of people that are now using IPv6 on a routine basis."'"

IPV6 on AT&T Residential DSL

[arnoldo.j.nunez]

As of June 2012, I noticed I had an IPV6 IP address. The MAC address of my wireless card was used in the actual IPV6 address itself. However, I am not sure what I can really do with this. The IPV6 address is more cumbersome to remember. Can I reasonably expect any tangible benefits as a guy who doesn't really do much IT related activities (i.e. web surfing, email, etc.)?

Re:IPV6 on AT&T Residential DSL

[Severus+Snape]

I would just be lucky you have an IPV6 address, very surprised AT&T are that far forward in giving ordinary users one. Kudos to them I guess.

Re:IPV6 on AT&T Residential DSL

[fm6]

Why do you need to remember it at all? I certainly don't have any of my IP addresses memorized. When I need it, I usually end up cutting and pasting.

The whole point of this DNS thing is that you're not supposed to need to IP address day-to-day. Anything else is sloppy administration.

Re:IPV6 on AT&T Residential DSL

[Antique+Geekmeister]

Probably not, for you. For companies that host complex websites, and that go through complex load balancing and proxy setups, it's invaluable for assigning SSL keys to particular IP addresses and using IP based virtual hosting instead. This solves an enormous number of complex and subtle configuration conflicts with web servers and load balancers.

Re:IPV6 on AT&T Residential DSL

[DarwinSurvivor]

Is it only your router that has an IPv6 address (acting as an IPv4-IPv6 bridge), or is it actually giving all the internal devices public IPv6 addresses?

Re:IPV6 on AT&T Residential DSL

I suspect you're just seeing a link local address, like fe80::f6ce:46ff:fe30:12c5. This isn't routable. It's much like a 169.254.x.x link local address. You can talk to other nodes on your wireless, but nothing beyond a router.

Most likely you will have to replace your CPE device(s). Your DSL modem and/or your router (if they're two different devices) will have to be replaced as the manufacturer doesn't support it anymore and won't release an update to add IPv6 support.

This is the case for Comcast - you have to replace your cablemodem. If you have a router (and you should), you'll most likely have to replace it as well.

Hardware vendors should be massively promoting IPv6 as it means more sales.

Re:IPV6 on AT&T Residential DSL

[SammyIAm]

Actually, I can confirm that at least with AT&T's U-Verse service that I've had a routable IPv6 address since probably February or March. They'e been rather quiet about the roll-out (I found out through some forums), but it seems to be legitimate.

Re:IPV6 on AT&T Residential DSL

[Malf.me]

Back in April of 2012 I similarly randomly discovered I had IPv6 support. For me it was via RCN. Thanks to a friend's SSH server with a misconfigured fail2ban install and several failed login attempts over IPv4 I found myself connected over IPv6.

To answer your question I have yet to find a truly practical benefit. At the moment you can view a few IPv6-only test sites but that's about it for normal users.

Re:IPV6 on AT&T Residential DSL

[Kergan]

You're obviously not managing a network...

Re:IPV6 on AT&T Residential DSL

[fm6]

Slashdot needs a "sniping": downmod for people who write a nasty rebuttal without bothering to explain why they disagree. In this case, you might consider sharing why it's so difficult to manage a network so that nobody needs to know IP addresses.

Re:IPV6 on AT&T Residential DSL

Wow, I don't think I've ever seen such a total non-answer get modded so highly. What is so informative about "whole point of this DNS thing is that you're not supposed to need to IP address day-to-day."?? That is so not the question the OP asked.

Re:IPV6 on AT&T Residential DSL

[desertfool]

Amen. I know IP addresses of many things across my network. Not going to happen when we go to v6.

Re:IPV6 on AT&T Residential DSL

[desertfool]

I still can't get a v6 address capable circuit for my testlab at work from at&t, without buying their 'managed service' along with it.

I'd rather spoon out my own guts that let at&t manage any part of my network. So not happening yet.

Re:IPV6 on AT&T Residential DSL

[neonmonk]

I concur.

However, I don't think IPv4 is going anywhere for internal network management. I see no reason for internal servers to be using IPv6.

Re:IPV6 on AT&T Residential DSL

[jbolden]

If you mac address was being used, then likely you are auto-configuring and you have a whole /64. What you can do with it is start having functioning end to end services between the various internet enabled devices in your house and the outside world.

Re:IPV6 on AT&T Residential DSL

[fm6]

Explain to me why you need to know all those IP addresses. Is there a good reason these nodes don't have names?

The fact that IPv6 addresses aren't suitable for casual use would seem to be a good thing, in your case, since your IT people will be forced to take the time to assign names to everything — which they should do anyway.

Re:IPV6 on AT&T Residential DSL

You're kidding, right?

Your post: "Anything else is sloppy administration."

That's a blanket condemnation of anyone who does things differently than you without explaining why you disagree with the OP!

GP's post: "You're obviously not managing a network..."

I'm not seeing the nastiness you're seeing in the GP. I'm just seeing a whole lot of hurt feelings from the one speaking hurtfully.

Re:IPV6 on AT&T Residential DSL

[Zuriel]

Oh, the DNS server isn't working properly? I'll just SSH in and fix it. By connecting to it over the network. Using DNS.

Relying on DNS works fine... until it stops working fine, due to software bugs or hardware failure or whatever. Being able to remember the IP address of your gateway, DNS server, web server, etc off the top of your head doesn't sound very useful, but network admins don't need to be told that they'll miss it.

Re:IPV6 on AT&T Residential DSL

I concur.

However, I don't think IPv4 is going anywhere for internal network management. I see no reason for internal servers to be using IPv6.

That's my approach. Actually, when we (ever) get to the point that everybody uses IPv6 and we don't even get an IPv4 assignment from the ISP, this makes for a handy firewall rule: IPv6 traffic may traverse the gateway, but IPv4 traffic stays local.

We're a long way off, but I'm enjoying my bit of IPv6--even if it is not native from my ISP.

Re:IPV6 on AT&T Residential DSL

beware -- ipv6 should come to fail2ban very soon -- you better fix your friend's configuration ;-)

Re:IPV6 on AT&T Residential DSL

[fm6]

Fine, in emergencies the IP address is something you need to know. But recall that I said "day to day use". We're talking about admins that just use IP addresses for everything because it's too much trouble to assign names.

I'd actually argue that the admin shouldn't be memorizing this stuff, even with IPv4. If it's only recorded in somebody's head, information has a way of not being available when people need it.

Re:IPV6 on AT&T Residential DSL

[bbn]

The IP address of your gateway is always fe80::%eth0. Like this:

~$ ping6 -c1 fe80::%eth0
PING fe80::%eth0(fe80::) 56 data bytes
64 bytes from fe80::216:3eff:fe36:5f25: icmp_seq=1 ttl=64 time=0.798 ms

--- fe80::%eth0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.798/0.798/0.798/0.000 ms

(slightly different syntax on windows)

Not that hard eh?

And nothing stops you from assigning easy to remember addresses to your stuff. In fact since you have little to no constraints, you can make up schemes to your liking. Your webserver could be 2001:db8:531::1. Your decide the ::1 part. You quickly learn that first three parts as it never changes it is "you". The prefix is also usually not any longer than a IPv4 address.

Re:IPV6 on AT&T Residential DSL

[bbn]

You just need to configure your network with DHCPv6 instead of autoconf. Or use static configuration. Then you are free to name your stuff prefix::1, ::2, ::3 and so on. Or any other scheme.

Re:IPV6 on AT&T Residential DSL

[pspahn]

Congrats on your most recent +5 comment.

I don't deal with IP6 yet, but I do know that the day is coming.... likely to be determined by the powers at Century Link. I will never remember the specifics of your post, but I will remember that there are "localhost" type defaults and my Google search time will be reduced from 10 minutes to 1 minute.

Time is money and money is beer... so I guess I owe you a cold one. Swing by Denver (GABF is coming in October) to collect.

Re:IPV6 on AT&T Residential DSL

[Jeremi]

I see no reason for internal servers to be using IPv6.

You're probably right, but I have to say that fe80::foo link-local addresses are really handy for auto-configuring devices on a LAN, since they are guaranteed unique and also guaranteed never to change. The IPv4 equivalent (169.254.*.* self-assigned addresses) is a can of worms by comparison.

Re:IPV6 on AT&T Residential DSL

You no longer need to share an addresses between computers.

Not sharing IP addresses make things like VOIP, video calls, google video chat, or any other kind of peer to peer activity much more likely to work.

The longer we stay on IPv4 the sharing of IPv4 addresses is likely to get more intense with more layers of sharing. Those extra layers of sharing
are likely to slow down your web surfing, and email traffic.

Re:IPV6 on AT&T Residential DSL

[dissy]

Why don't you have the IP entered in your connection bookmark? Both puTTY and SecurCRT store connection profiles, where you can put the IP instead of hostname for critical servers.

Bash has aliases and shell scripts to call ssh. Even windows CLI has batch scripts.
If "ssh ns1" doesn't resolve, I can run "~/.ssh/ns1.sh" easily enough, which contains the "ssh <ip>" command.

Also if your DNS regularly goes down, I'd guess remembering addresses is the least of your network troubles.

You can already use the alias fe80::%eth0 for your gateway. Best part is you only need to remember that single address, unlike IPv4 which requires me remembering many different "x.x.x.1" addresses used as the gateways right now.

You can even organize it identically to your IPv4 layout. You still only need to really remember 1-2 numbers that will change depending if you use a /24 or /16, and a single prefix that never changes.
Anyone managing larger than a /16 is already going to have the entire thing documented in a management system or at worse a wiki. Excel will not cut it at that size.
Basically put, if you have an IPv4 /12 or larger network, you already have software that manages the addresses for you. Nothing will change there with IPv6.

At home I have a /24. That means 3 octets are assigned and fixed already. Gives 253 usable addresses. Most of your IPv6 address will also be assigned.
Instead of x.x.x.1 you have yyyy::1
Instead of x.x.x.10 you have yyyy::10
Instead of x.x.x.100 you have yyyy::100
See the pattern here?

You can even avoid using the hex digits A-F and stick to 0-9 only.
Sure, per "group" you only get 9999 IPs instead of 65534 IPs, but either is better than 253 or less.

At work I manage a /16. That means 2 octets are fixed. I grouped that into 255 blocks of roughly 253 addresses each. Each block is a logical division.
x.x.0.y is routers/switches. x.x.1.y is servers. x.x.4.y are static IPs, and x.x.5.y are dynamic ones.
Instead, you can use yyyy::1:z and yyyy::2:z and so on. .

The best part, my IPv4 and IPv6 suffixes pretty much match for my "dot zero" infrastructure and "dot one" servers blocks. Learning the IPv6 prefix took no longer than remembering a brand new /28 allocated from an ISP.

Your fixed prefix will likely be 8 hex characters. Even a chimp can memorize 8 hex numbers they work with every day :P

The absolute worst situation is going to be having a post-it note in your wallet/purse with the prefixes on it... Pretty much what most of us network admins do anyway for any IPs assigned by upstream providers or other 3rd parties.

I have my entire internal /16 memorized fully. It's the 10ish tiny /29 and smaller blocks from my 4 ISPs that are the bitch to remember! Growing my internal IP blocks with IPv6 took literally less than one full day to memorize the prefix. Just because I waste most of my /64 allocation by padding it with zeros on the left doesn't matter now.
Once I get more than 20k network devices, they will be added slowly over time just like right now. You only have to learn new subnets individually as you add them in at the time they are created, and IPv6 will not change that.

Re:IPV6 on AT&T Residential DSL

You have something wrong going on or have "unique", or wrong, equipment (this does not, and should not, work on linux, windows 7, OSX, or cisco). The link-local address is FE80::interfaceId where interfaceId is non-zero. You can figure out which of the routers on your network are advertising themselves as the default gateway (yes you can have more than one) by sniffing or just simply looking at the route table.

I personally like IPv6 addresses because you can give them personality like 2001:db8::c0de:babe and 2001:db8::dead:beef or if you are in your own test network 1::1 and 1::2 they are certainly quicker to type than any IPv4 address.

Re:IPV6 on AT&T Residential DSL

If you mac address was being used, then likely you are auto-configuring and you have a whole /64. What you can do with it is start having functioning end to end services between the various internet enabled devices in your house and the outside world.

Not so simple. It sounds like a lame bridged IPv6 address like the ones my ISP is offering. That means your house can have up to 2**64 internet-enabled devices as long as they are on the same LAN. If you happen to have a home router, in all likelihood, the devices behind it can't reach the IPv6 network. No wonder they're not advertising it.

What a true IPv6 ISP should be providing is two IPv6 prefixes: a /48 (or /56) for your home plus another one (/64 or even /120) for the point-to-point link between your home and the ISP. The ISP should then route your /48 over the p2p link. Then, you could really connect your home to the IPv6 network and segment it to your heart's content.

Re:IPV6 on AT&T Residential DSL

[kiddygrinder]

i have this high tech piece of software on my pc called notepad...

Re:IPV6 on AT&T Residential DSL

[jbolden]

I'm not following you. Your home LAN (assuming it can handle v6) gets the /64. Devices auto-assign by Mac address to all have unique v6 addresses. Why wouldn't the devices behind the home router be able to see the v6 space?

As for providing more than a /64 for home, I'm not sure why. And why would you not use your universal link for P2P?

Re:IPV6 on AT&T Residential DSL

[kiddygrinder]

heh, if you're that worried about it just nat your network

Re:IPV6 on AT&T Residential DSL

Which is why my DNS servers and critical infrastructure have fixed v6 addresses that are easy to remember and have *less* digits than their v4 counter parts.

Re:IPV6 on AT&T Residential DSL

I'm not following you. Your home LAN (assuming it can handle v6) gets the /64. Devices auto-assign by Mac address to all have unique v6 addresses. Why wouldn't the devices behind the home router be able to see the v6 space?

That's because of neighbor discovery (the IPv6 equivalent of ARP). In the bridged /64 arrangement the ISP keeps one of those addresses and assumes every device in your home is on the same LAN segment. If you have a router in between, neighbor discovery will fail and the ISP won't be able to relay the packets between the devices and the network.

You will need the ISP to give you a routable prefix with a well-defined gateway address (typically, with a different prefix). Then, the ISP knows to route all packets through that gateway, and you can administer your IPv6 prefix any way you want.

As for providing more than a /64 for home, I'm not sure why. And why would you not use your universal link for P2P?

The original IPv6 standard granted a /48 to every subscriber (home) giving the subscriber 2**16 /64 subnetworks. I've heard the more recent idea is to grant a /56 to every home (256 subnetworks). The network prefix is fixed at /64 and the lower 64 bits of the address are meant to be reserved for autoconfiguration.

Many homes have multiple routers. Each router is a gateway between two networks. In IPv6 each router is a gateway between two /64 networks. So if your home has two routers, you will need three /64 networks: ISProuter1, router1router2, router2edge.

The prefix lengths are not a key here. If you configure your networks manually, you could survive with a /120 just fine and segment that in your home. But the ISP must have an entry in their routing tables pointing to your home gateway or you will have a crippled IPv6 experience.

Re:IPV6 on AT&T Residential DSL

[Dagger2]

He's talking about a transfer net. The home LAN doesn't get the /64 because the /64 is on the transfer net between the router and the ISP, and it can't magically go through the router to the LAN. You need a separate /64 (or larger) for the LAN side.

In order to use the addresses on the transfer network, you'd have to connect all of your devices up to your modem using a switch. But that's incompatible with v4, because your ISP will only give you one v4 address, so all of those extra devices would be v6-only.

The caveat is that a transfer net is only necessary if your upstream isn't marked NOARP (i.e. if it's Ethernet), which is typical of cable ISPs. If your upstream is a true point-to-point link, such as a PPP tunnel, then you don't need the transfer net at all. There are only two nodes on a PtP link, so there's no need to use IPs to identify which node you want to send traffic to: you just shove it down the link and it shows up at the other end. Most DSL ISPs can thus get away without using a transfer net.

And yes, there are uses for more than one /64 on a home LAN. Segregated wired/wireless is a common one, particularly with guest wifi networks (which typically use a separate subnet). Another is any situation where people cascade routers and end up with double NAT at the moment -- in v6 land, you handle that with DHCPv6-PD, which allows the second router to request a routed subnet from the first.

Re:IPV6 on AT&T Residential DSL

Explain to me why you need to know all those IP addresses. Is there a good reason these nodes don't have names?

The fact that IPv6 addresses aren't suitable for casual use would seem to be a good thing, in your case, since your IT people will be forced to take the time to assign names to everything — which they should do anyway.

Because the internet does NOT operate via domain names. It's entirely run "by the numbers". All hardware - switches, routers, firewalls, ethernet cards - operates on ip addresses. The DNS is nothing but an indexing overlay, pretty much like the phone book is an overlay for the telephone numbering system. It's absolutely useless for machines. DNS resolution is a pointless, time-wasting extra step for hardware. IT people need to speak and understand the language of the hardware they manage.

Re:IPV6 on AT&T Residential DSL

[GPLHost-Thomas]

{vi,emacs} /etc/hosts
Problem solved, no need to remember.

Re:IPV6 on AT&T Residential DSL

[Dagger2]

The unique part about his equipment is that it's actually working like it's supposed to. The all-zeros address is the subnet-router anycast address, and if you attempt to talk to it, you should receive a reply from one of the routers on the subnet.

Linux implements this. If forwarding is enabled for an interface, then it will respond to traffic to the all-zeros address on any subnets on that interface.

(I'm not quite sure what happens for internal traffic if you have multiple routers on a single subnet. Maybe you'll end up sending packets to whichever one responds to NDP first? It's not an issue for traffic from outside the subnet, since that will just naturally hit one of the routers, which will handle the response.)

Re:IPV6 on AT&T Residential DSL

[Alioth]

Why not? Your prefix won't be something that changes, it'll be the same across the network - easy to remember. I can remember our prefix.

For things that don't use stateless autoconfiguration (i.e. the stuff you need to know the IP address of on your network, just in case you're having DNS problems), you can give it a memorable address. The last bit of the IPv6 address being "::dead:beef" or "::baad:f00d" or "::b00b:l355" or even just "::2" is no harder to remember than the last octet of an IPv4 address.

Re:IPV6 on AT&T Residential DSL

[rb12345]

Wouldn't link-local addresses be used for the transfer network?

Re:IPV6 on AT&T Residential DSL

They very well could be. The problem is you couldn't "talk" to them from remote nodes. So no pinging to test them.

Why not dedicate a /64 to it? There's plenty to go.

Re:IPV6 on AT&T Residential DSL

[jbolden]

Thanks for the answer.

In order to use the addresses on the transfer network, you'd have to connect all of your devices up to your modem using a switch. But that's incompatible with v4, because your ISP will only give you one v4 address, so all of those extra devices would be v6-only.

I'm not following. OK I have a ISP whose given me a /64 and one v4 address. The edge router gets the v4 and passes it through (either virtually or physically) to the firewall which is performing NAT essentially converting to my internal v6 network. From here it gets passed to my home switch which can easily handle all my devices. If I want another subnet I just stack, because the master switch can know everything in the home.

I agree that isn't routable if I want to use autoconfiguration. But if I don't I don't see the problem the routers can be configured manually for any size subnet.

Re:IPV6 on AT&T Residential DSL

[jbolden]

That makes sense in terms of auto configuration and all subnets being /64. Thanks for the answer. I asked some follow ups here: http://slashdot.org/comments.pl?sid=3022763&cid=40865661

Re:IPV6 on AT&T Residential DSL

The whole point of IPv6 is so your gadgets are accessible from the Internet. Say you want to get a SIP phone call from another SIP phone without an intermediary server. NAT would prevent that application.

Or say your three kids wanted to have their respective XBox live accounts set up on their respective consoles. Port forwarding would only do it for one console. With routable IPv6 that's seamless.

Re:IPV6 on AT&T Residential DSL

[jbolden]

No I get that. The NAT (in the answer above) exists for the v4 network not the v6 network. There shouldn't be any NAT for the v6. What I'm not seeing is why a /64 doesn't work for anything at home except multiple routers + autoconfiguration.

Re:IPV6 on AT&T Residential DSL

[bbn]

I'm not quite sure what happens for internal traffic if you have multiple routers on a single subnet. Maybe you'll end up sending packets to whichever one responds to NDP first?

No this is well defined. Your computer will record all the NDP replies and put them in a list. It will then pick the first one in the list and stay with that one until it fails. If it fails it will move to the next entry in the list.

IPv6 has active monitoring of peers. If 30 seconds passes without any inbound traffic from the selected peer it will send three probes. If the probes goes unanswered the peer has failed and your computer goes to the next entry in the list.

This means having multiple routers "just works". With IPv4 having more than one router requires advanced setup of the routers and basic home routers simply can't do it. With IPv6 you just connect multiple routers and its done. Your computer will select one of them. If your current selected router fails, your computer will move on to the other within approximately 30 seconds. It even works if the two routers are from different ISPs.

Re:IPV6 on AT&T Residential DSL

[jbolden]

I'm still not following the neighbor discovery issue. Can you send me a link or something. I get what neighbor discovery does but I'm not seeing the problem. I'm missing something in your argument.

Re:IPV6 on AT&T Residential DSL

What I'm not seeing is why a /64 doesn't work for anything at home [...]

The setup in question is:

ISP---modem---home router---devices

where said /64 network is between the ISP and the home router ("transfer network" above).

The ISP doesn't know how to route IPv6 packets to the devices behind the home router without a separate routing rule because the devices need to be on a separate /64 network. If the ISP did things right, they would give the subscriber

1. a single WAN IP address on the transfer network for the WAN interface of the home router
2. a /48 prefix routed via the WAN IP address for the home LAN needs

Re:IPV6 on AT&T Residential DSL

I'm still not following the neighbor discovery issue. Can you send me a link or something. I get what neighbor discovery does but I'm not seeing the problem. I'm missing something in your argument.

The ISP neighbor discovery can't see devices behind a home router. The ISP must configure their routing rules separately to route all packets destined to the devices through the router's WAN address.

Re:IPV6 on AT&T Residential DSL

[desertfool]

I would love to configure a DNS server on my router by hostname. Is there a way to do that?

Re:IPV6 on AT&T Residential DSL

[jbolden]

I agree with the setup. I'm still not seeing where this doesn't work.

Scenario A, home gets a /64 Lets assume I get 1122:3344:5566:7788::
So now traffic comes in for any home device like 1122:3344:5566:7788::ABCD:EF01:2222:5678
the ISP obviously knows where to route because of the first 64 bits. They don't have to route beyond that because the home router takes care of the devices.

Scenario B I want subnets

Then either
ISP --> modem --> edge switch --> switch A, switch B
switch A -> device A1, device A2
switch B -> device B1, device B2

all 4 devices and all switches register with one another just like normal stackable routers. The switches can also handle light home routing. Why would the ISP need to know anything? And of course I can have all sorts of restrictions on address spaces and VLANs just like I do today.

I do see your point about the /56 or /48 making it possible for auto-configuration and routing but I don't see why this sort of setup isn't still fine.

Re:IPV6 on AT&T Residential DSL

Lets assume I get 1122:3344:5566:7788::
So now traffic comes in for any home device like 1122:3344:5566:7788::ABCD:EF01:2222:5678
the ISP obviously knows where to route because of the first 64 bits.

No, it doesn't obviously know it. It needs to look it up in the routing table, and somebody needs to configure the routing table, and you need to configure the router to match the routing table.

Scenario B I want subnets

Then either
ISP --> modem --> edge switch --> switch A, switch B
switch A -> device A1, device A2
switch B -> device B1, device B2

all 4 devices and all switches register with one another just like normal stackable routers. The switches can also handle light home routing. Why would the ISP need to know anything? And of course I can have all sorts of restrictions on address spaces and VLANs just like I do today.

I do see your point about the /56 or /48 making it possible for auto-configuration and routing but I don't see why this sort of setup isn't still fine.

Don't confuse switches (which are Ethernet devices) and routers (which are IPv6 devices). You could set up switches like that, and then you'd have one big, happy LAN segment. However, you wouldn't be able give those devices IPv4 addresses because your TOS usually allows only one IPv4 address.

Switches don't route or "register;" they only repeat more-or-less blindly.

If, on the other hand, those switches are really routers, then we again have Scenario A again.

Re:IPV6 on AT&T Residential DSL

[jbolden]

sorry I know I'm being dense here

No, it doesn't obviously know it. It needs to look it up in the routing table, and somebody needs to configure the routing table, and you need to configure the router to match the routing table.

But the next downstream router from the ISP is the edge device say 1122:3344:5566:7788:0000:0000:0000:0001 and they would certainly know about that address they assigned it to the home user.

However, you wouldn't be able give those devices IPv4 addresses because your TOS usually allows only one IPv4 address.

  With only one IPv4 address I'm going to have to use NAT for IPv4 traffic, that's a given. I'm trying to figure out what goes wrong for v6.

Re:IPV6 on AT&T Residential DSL

No, it doesn't obviously know it. It needs to look it up in the routing table, and somebody needs to configure the routing table, and you need to configure the router to match the routing table.

But the next downstream router from the ISP is the edge device say 1122:3344:5566:7788:0000:0000:0000:0001 and they would certainly know about that address they assigned it to the home user.

A router has two IP addresses. Which address is that one? The one on the WAN side or the one on the LAN side?

• WAN side. Then you will need a separate /48 (or /56 or /64) for the LAN side, say, 1122:3344:5567::/48. Moreover, the ISP needs to have configured the routing rule: "1122:3344:5567::/48 via 1122:3344:5566:7788::1".
• LAN side. Then you will need a WAN-side address from the ISP, say, 1122:3344:5566:7799::1. The ISP needs to have configured the routing rule: "1122:3344:5566:7788::/64 via 1122:3344:5566:7799::1".

However, you wouldn't be able give those devices IPv4 addresses because your TOS usually allows only one IPv4 address.

  With only one IPv4 address I'm going to have to use NAT for IPv4 traffic, that's a given. I'm trying to figure out what goes wrong for v6.

The ISP in question probably gave a WAN-side address and configured no routing rule. That means you can attach IPv6 devices directly to the modem or using a switch, but you can't put a router in between.

If there's no router between the modem and the devices, there can also be no NAT, because switches don't do NAT, only routers do.

Re:IPV6 on AT&T Residential DSL

[jbolden]

For home users there are devices which are modem, switches, routers, firewalls all combined. And its firewalls that do NAT for v4. And most switches can be a slow firewall, which is fine for some house with 15 devices.

"1122:3344:5567::/48 via 1122:3344:5566:7788::1".

I'm assuming the 64 so the rule would be
1122:3344:5566:7788::/64 via 1122:3344:5566:7788::1
1122:3344:5566:7789::/64 via. 1122:3344:5566:7789::1
1122:3344:5566:778A::/64 via. 1122:3344:5566:778A::1

etc... for every house.

If they attach directly to the model then they are ::1.

As for LAN side and WAN side that's more of a v4 concept I thought. We no longer have any distinction between internal and external IP for v6?

Re:IPV6 on AT&T Residential DSL

[obscuro]

Yes, when you connect to other IPV6 enabled parties you're session is more secure and robust.

Re:IPV6 on AT&T Residential DSL

For home users there are devices which are modem, switches, routers, firewalls all combined. And its firewalls that do NAT for v4. And most switches can be a slow firewall, which is fine for some house with 15 devices.

Yes, you could have a combo modem/router, but that doesn't really change the situation. You'd be forced to plug all devices to that combo gadget and wouldn't be able to implement your favorite home network topology with additional IPv6 routers.

"1122:3344:5567::/48 via 1122:3344:5566:7788::1".

I'm assuming the 64 so the rule would be
1122:3344:5566:7788::/64 via 1122:3344:5566:7788::1 [...]

If they attach directly to the model then they are ::1.

As for LAN side and WAN side that's more of a v4 concept I thought. We no longer have any distinction between internal and external IP for v6?

Routing rules don't work that way (circularly).

The WAN/LAN distinction doesn't change with IPv6. What changes is that the LAN-side addresses are (after a 15-year hiatus) again globally routable.

Re:IPV6 on AT&T Residential DSL

[Dagger2]

I'll describe the v4 scenario first, and then map it into v6. I'll use a typical cable ISP setup as the example.

When you plug your router into the modem and do DHCP, you'll get an IP on its upstream port, let's say 44.230.129.42/22. This means you have a single IP (44.230.127.42) taken out of the transfer net (44.230.128.0/22 -- i.e. 44.230.128.0 to 44.230.131.255). You share this transfer net with about a thousand other customers of the ISP. Your ISP only lets you use one IP from this range, because it doesn't have enough to let you use more.

On your router's LAN-facing interface, you then assign 192.168.1.1/24 -- i.e. it uses the IP 192.168.1.1, and the subnet for your LAN is 192.168.1.0/24 (= 192.168.1.0 to 192.168.1.255). Your router routes between these two subnets. (Because 192.168.x.x is a private range, you have to do NAT to hide it from your ISP, or your return packets will never make it back to you.)

The key point here is that there are (and must be) two separate network ranges involved -- 44.230.128.0/22 and 192.168.1.0/24. There has to be two separate network ranges because there's two separate networks involved. (It has nothing to do with the fact that the ISP will only let you use one IP from 44.230.128.0/22.)

Now, moving into v6. v6 needs the same setup: one subnet between your ISP and your router, and one subnet for your local LAN. However, because there's no NAT, the subnet has to come from your ISP.

So, for instance, the ISP might use 2001:558:db8:128::/64 for the transfer net, and give you 2601:b:42:0::/64 for your LAN. When you connect your router to your modem, the router would get an IP like 2001:558:db8:128::42 on the transfer net's /64. The local range, 2601:b:42:0::/64, would then be routed to 2001:558:db8:128::42 (i.e. the ISP router would be configured to say "Any packets destined to an IP in 2601:b:42:0::/64? Send them over to 2001:558:db8:128::42. He'll know what to do with them.") You'll put 2601:b:42:0::1/64 on the LAN-facing interface of your router, and there you go: we've replicated the v4 situation in v6, but now with no NAT.

Now, you'll note that 2001:558:db8:128::/64 is really big, and it has enough IPs to number all of your devices. Heck, it has enough IPs to number every device on the internet. But it's in the wrong place for devices on your home network -- it's on the network between your router and your ISP. The devices on your home network can't use IPs from the transfer network, because they're not on the transfer network.

The great-grandparent post was complaining that he didn't have the second subnet, the one from 2601:b::. His router had an IP on the transfer net, sure, and he might even be allowed to use lots of IPs from the transfer net... but all of those IPs were for use on the transfer net itself, not behind his router on his home LAN.

OK I have a ISP whose given me a /64 and one v4 address

When you say "given me a /64" here, you're thinking of the second subnet, the one from 2601:b::. You can put that on your LAN just fine, but the packets for that that subnet need to be transported to your router somehow, and that's done over the transfer net. (The caveat, which I mentioned in my last post, is that this only applies to uplink networks that are Ethernet-like. If your uplink is an actual PtP link, like the PPP which DSL usually uses, then a transfer net isn't necessary.)

(This post duplicates much of the explanation from the sibling thread -- sorry about that, but I couldn't bear to throw it away after writing all this ;) )

Re:IPV6 on AT&T Residential DSL

Not for the link local address. No equipment vendor except for linux http://lists.openwall.net/netdev/2011/11/02/120 implements this.

Also only if you configure the prefix as an anycast address will routers like cisco actually use the anycast address (in fact you can not actually configure the FE80:: anycast address on a cisco). So basically saying "The IP address of your gateway is always fe80::%eth0" is only true if your default gateway is a linux router which more than likely it is not.

and to answer the multiple default gateway note: you SHOULD (in RFC language) round-robin the destinations... but again with cisco and other vendors this only works if you enable loadsharing, otherwise you will just pick the first non-INCOMPLETE default gateway.

Re:IPV6 on AT&T Residential DSL

The only thing to add is that it would be a bit stingy to grant the subscriber only a /64 for a subnet because that would make it slightly more awkward to add more routers to your home network. The thing to do would be to sacrifice the automatic address assignment and configure all devices manually, but the ISP is supposed to do the right thing and give the home user a proper /48.

And the press should do the right thing and stop talking about 2**128 addresses and atoms in the known universe. There are fewer than 2**48 subscriber prefixes, most containing a handful of autoconfigured devices.

Re:IPV6 on AT&T Residential DSL

[fm6]

I didn't say you never need IP addresses. I said that day-to-day users shouldn't need them. If you need to enter an IP address every time you access a node, the node doesn't have a DNS name. Why not?

Re:IPV6 on AT&T Residential DSL

IT people need to speak and understand the language of the hardware they manage.

In the same way server admins should be writing everything in ASM. Name resolution works 99% of the time and the other 1% is because the switch is broken

Re:IPV6 on AT&T Residential DSL

You only need to know one IP address, that of the core router. From there, you can do anything you need to do or find out anything you need to find to get DNS working again.

Re:IPV6 on AT&T Residential DSL

Yes, when you connect to other IPV6 enabled parties you're session is more secure and robust.

How?

Re:IPV6 on AT&T Residential DSL

[GoRK]

AT&T is not issuing you an IPv6 on your residential DSL. I know this because they don't do it. Your computer is generating an IPv6 link local address. Depending on your router and a couple of other factors, you may (probably can) access IPv6 sites using a public 6to4 gateway.

The only advantage to you is that you at least have the ability to access Internet resources that are only available via ipv6, but currently I would imagine that there are probably not any that are particularly relevant to you.

Yet Slashdot remains IPv6 Free

Slashdot has no IPv6. Boo, hiss. Some nerd website you are.

host www.slashdot.org
www.slashdot.org has address 216.34.181.48

Re:Yet Slashdot remains IPv6 Free

[Omnifarious]

I agree. I've been disappointed in Slashdot over this for years. I've had a publicly routable IPv6 address since 2002 or so. :-)

Re:Yet Slashdot remains IPv6 Free

[artor3]

You mean to tell me that an almost-entirely text site with no unicode support is slow to adopt new standards?!

Re:Yet Slashdot remains IPv6 Free

[Teresita]

When my Win98SE doesn't surf anymore because it can't handle the extra two bytes, maybe I'll care.

Re:Yet Slashdot remains IPv6 Free

[Desler]

And no Unicode support either.

Re:Yet Slashdot remains IPv6 Free

[bertok]

They're in good company, like: www.nortel.com, www.juniper.com, www.alcatel-lucent.com

If some of the world's biggest network equipment manufacturers don't have IPv6 enabled, why would you expect a mere "news" site to be any better?

Re:Yet Slashdot remains IPv6 Free

Nortel is bankrupt, Juniper is juniper.net (with IPv6 support), and ipv6.alcatel-lucent.com works, although not ipv6 for www.alcatel-lucent.com

Re:Yet Slashdot remains IPv6 Free

All the big tech sites have akamaiedge.net IPv4 addresses. Well, not HP or IBM.

Re:Yet Slashdot remains IPv6 Free

[bbn]

You just need to enter this into your /etc/hosts file:

2001:778:0:ffff:64::216.34.181.48 slashdot.org

Then slashdot.org is IPv6 enabled:

baldur@neaira:~$ curl -v -s http://slashdot.org/ | head
* About to connect() to slashdot.org port 80 (#0)
* Trying 2001:778:0:ffff:64:0:d822:b530... connected
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: slashdot.org
> Accept: */*
>
http://slashdot.org/slashdot.xrds
  Content-Type: text/html; charset=utf-8
  Content-Length: 100410
  Date: Fri, 03 Aug 2012 02:52:51 GMT
  X-Varnish: 830176495 830176249
  Age: 15
  Connection: keep-alive ...

Re:Yet Slashdot remains IPv6 Free

I agree. I've been disappointed in Slashdot over this for years. I've had a publicly routable IPv6 address since 2002 or so. :-)

Lots of us have had IPv6 addresses since 2002::/16 :-)

Re:Yet Slashdot remains IPv6 Free

[jones_supa]

And no HTTPS support.

Re:Yet Slashdot remains IPv6 Free

Yeah, some of us are stuck with legacy software. Even with XP, some things don't work. I think it was back around June 6th or so, Google stopped working, then I found out I had IPv6 somewhat enabled from a decade ago.

IPv4 is 256^4, which was nice and easy to remember. IPv6 is what, 65536^8? I know what they say, but it seems like overkill to me. You can't easily remember your IP address.

Re:Yet Slashdot remains IPv6 Free

[allo]

yeah, because you can only display the umlauts of one language.

Re:Yet Slashdot remains IPv6 Free

[Omnifarious]

I didn't know something like that existed. According to 'whois', it's NAT64 related (which I also didn't know existed), but I can't find any documentation for the 2001:778::/24 prefix with Google.

Re:Yet Slashdot remains IPv6 Free

[bbn]

You will find it here: http://ipv6.lt/nat64_en.php

It is not some official prefix. Anyone can run a NAT64 server. In this case it is some university in Lithuania that has a public accessible NAT64 server with the prefix 2001:778:0:ffff:64::/96.

Using a public NAT64 is fine for testing but you should not use it for your production setup. However setting up your own is trivial.

If the slashdot team thinks it is too hard or too much work or their hosting provider does not support IPv6, they could install NAT64 on a server somewhere and put the NAT64 address as a AAAA on slashdot.org. For now one server would definitely be adequate for the expected IPv6 traffic.

Re:Yet Slashdot remains IPv6 Free

[tepples]

Slashdot has HTTPS support for subscribers.

Re:Yet Slashdot remains IPv6 Free

[Omnifarious]

Yeah. :-) Those are easy to get. When I lived in MN I had a very forward thinking ISP and had an IPv6 address from the experimental (I think 3ffe::/16) range that was tunneled to a server they ran.

Verizon 4G

A large portion of the 3 million are probably Verizon 4G devices.

We had to upgrade one of the software packages we use solely because it logs IP addresses of web site visitors and it was crashing every time someone visited from a Verizon 4G smartphone.

Re:Verizon 4G

AT&T U-verse and Comcast are the biggest IPv6 providers in the US.

Re:Verizon 4G

We had to upgrade one of the software packages we use solely because it logs IP addresses of web site visitors and it was crashing every time someone visited from a Verizon 4G smartphone.

Wow, way to verify your inputs make sense before parsing, seriously, how hard is it to verify (0-9){3}/.(0-9){3}/.(0-9){3}/.(0-9){3} (yes I know this would verify IP addresses that are, in fact, invalid, but it would likely only pass IP addresses that the parser wouldn't choke on.

my virgin mobile phone has a v6 address

[schwit1]

Virgin mobile is sprint. if phones are getting them then 3M would seem very low.

While only ~1% of top websites are IPv6 capable

[hackertarget]

I did this analysis of the Alexa Top 1 million before World IPv6 day.
* 1.1% of sites in the top 1 million had AAAA records
* Only 4 of the top 50 tech companies websites were IPv6 capable

http://hackertarget.com/ipv6-in-top-sites-infographic/

Post World IPv6 day version to be released soon.

Re:While only ~1% of top websites are IPv6 capable

Please let me know when 10% of websites support IPv6. Until then I do not care at all. :-D
Then let me know when it hits 20%. I might start pricing out IPv6.
Then let me know when it hits 50%. At that point I'll probably switch over.

Re:While only ~1% of top websites are IPv6 capable

[ledow]

Yep. And this Slashdot and a host of other "for the geeks" websites don't support it or publish AAAA records on their main domains AT ALL.

It doesn't take that long. My servers are all serving IPv6 content. I don't see anyone, not because nobody support IPv6, but because nobody is talking it, because no websites offer service over it. Hell, even Google play games with IPv6 where you have to be one of their "favoured" ISP's that has been certified as working properly.

When even 10% of websites publish working AAAA records, then we can have some kind of switchover. Until then, my phone supports it, my laptop supports it (and that's running XP!), my devices support it, my networks support it, and even my own servers support it. But why use it if IPv4 still works absolutely fine and is much easier to find support for?

Really?

[Cute+and+Cuddly]

In a planet with over seven billion people, that is not even 0.01%

Asia?

[fm6]

I've never heard this "Asia myth" and I find it hard to understand why anybody thinks IPv6 is not for the Gweilo. Because lots of Asians are signing on and all the big address blocks are taken? First off, IP address depletion is a problem everywhere and it doesn't make sense for Western ISPs to wait until the last minute to switch over. Though I guess many Asian ISP startups have decided it makes sense to leapfrog over IPv4.

The second point is that IPv6 isn't just about a bigger address space. That's certainly the most urgent, but IPv6 has many other features we need: better security, more efficient routing, more efficient use of mobile networks, etc.

Re:Asia?

[Mashiki]

I think asia myth is a bit of a misnomer. Rather, it's had faster and a larger adoption because in some places the infrastructure was less mature, using either more current, or only a previous generation which could either be upgraded, or shuffled around reducing overhead costs. Compared to here, which has a lot of overhead costs for some ISP's, meaning some are all bent out of shape waiting, and waiting some more to do the upgrades. Heck my ISP(Teksavvy) has IPv6 for DSL, but not for cable, because the carrier they lease their headend connections from(Rogers) is still lagging way behind on deployment.

Re:Asia?

[Kergan]

Simple... Half of the available IPv4 blocks are reserved for the US, over half of the world's population is in Asia, they're adopting cell phones at a rate of a new AT&T-sized carrier each year (chew on that...), and many of them are getting a smartphone as their first personal Internet device. Not to mention countries like Korea where everyone and his dog enjoys super fast broadband.

Re:Asia?

[desertfool]

I am holding off putting v6 in the network I manage because there is a severe lack of feature parity with v4. Sure, some of the stuff runs in software, but until the routers and switches actually start running the stuff in hardware and have all the features that are available with v4, then maybe we'll put it in.

Yes, we are putting in some workarounds to allow v6 only clients to get to our external resources. But even then, their ISP's are doing some 6to4 NAT to allow their customers to get to things like, I don't know, Slashdot.

Re:Asia?

[fm6]

Now, that brings back painful memories. I used to work at Sun, and I kept suggesting that the IPMI servers that were embedded in all our servers support IPv6. "No, not until our customers start asking for it." And of course the customers aren't asking for it because it's not widely supported. A vicious cycle.

Re:Asia?

The second point is that IPv6 isn't just about a bigger address space. That's certainly the most urgent, but IPv6 has many other features we need: better security, more efficient routing, more efficient use of mobile networks, etc.

Please lets have an honest discussion about IPv6.

The ONLY benefit that matters is a larger address space.

IPv6 is not more secure.

Routing is no more efficient...the hierarchy thing with larger allocations will help but only slightly. The real problem is proliferation of joe schmoe multi-homed sites announcing their pidly routes.

Any higherarchical improvement will be more than erased by extra bits of TCAM needed per route to address larger prefixes.

Laugh laugh laugh

[Kergan]

3 million IPv6 switchers (0.1% of the 4 billion+ available IPv4 addresses) is a meaningful number? Please wake me up when it's a few dozen millions.

On a side hote, does anyone know how many IP addresses major US IT firms and carriers manage combined? Isn't that more than 3 million IP addresses between them?

Not that good

Three million people in the USA on IPv6 doesn't sounds like a reason to celebration. With a total population of over 300 million that means less than 1% has moved over to IPv6.

Re:Not that good

[narcc]

While the population is over 300 million, not all of those people own computers. In fact, a good number of the more recent additions mostly just droll on the keyboard. :)

Re:Not that good

[wisty]

> a good number of the more recent additions mostly just droll on the keyboard

How very drool!

Re:Not that good

True, but it's probably better to think of it in terms of however million internet connected devices. Which is a bit harder to gauge in some way as many are hidden behind routers and modems that don't support IPv6

Re:IPv6 router at Fry's

The goggles, they don't work

Interesting timing.

[Tubal-Cain]

Well that was interesting. I loaded this page and started reading. As I mused about how I probably can't get IPv6 with my AT&T DSL (modem doesn't seem to support it), the the doorbell rang. It was an AT&T rep pushing their fiber-optic package.

Apparently I can't get Internet-only fiber service; I'd need to pay for phone or TV as well. :-(

Re:Interesting timing.

I have internet-only fiber service, but the provider (Fairpoint) is restricted by local politics from providing TV on it. No IPv6 routing yet, maybe 2013.

So far early adopters

So far IPv6 is just for early adopters and those who can't get an IPv4 address. Read my message: "In less than 1 year, people will be talking about IPv6 and 'to boldly go where millions of others have gone before'".

FIOS gossip

[jbolden]

Well as long as we are doing an IPv6 story. Anyone have any good gossip and / or confirmed information about when Verizon is moving Fios or any plans or...?

86% of IPv4 addresses are not used

Dont confuse allocation with utilization. They may have almost allocated the entire address space, but almost all of it stands unused. Most ISPs have better than a 5:1 ratio of free ip's. There are universities who have millions of ip's allocated and use literally a handful on the actual Internet.

As ips actually become rare, they will cost more and people will make the change on an economic basis, just as they do for any scarce resource. We are decades away from the majority of the Internet being ipv6. Most adoptions currently are for ideological reasons.

Re:86% of IPv4 addresses are not used

Very not true. See here: At the time of writing, 153.38 /8s of 220.67 total are advertised (not necessarily in use, but there is a route). The total isn't 256 /8s due to reserved address space that isn't available for global unicast allocation. Most of the unadvertised but allocated space is in legacy allocations. The few companies and universities which have millions of addresses for relatively small networks got their addresses back then. Non-legacy addresses are mostly advertised and in use, as that has been a requirement for getting new address space for a long time.

There are no addresses left to be assigned to the RIRs. APNIC has "run out", meaning it's down to the address space that it reserved for IPv6 transition measures. RIPE is going to run out before the end of the year, with ARIN following not much later. ISPs are already using NAT for big chunks of their user base (mostly the mobile networks). An increasing number of internet users can only choose between no public IP address (and NAT) or an IPv6 address.

Re:86% of IPv4 addresses are not used

It's going to be a problem eventually, but, 15 years ago most in the developed world didn't have an internet connection, now most do and not just in the developed world, it's catching on in the developing world as well. It's hard to say how the adoption curve will be in the future, but since IPv4 has fewer than 1 IP per person currently alive and that's if you assign out every address, even the private ones, we will run out completely before too long. The only reason it hasn't already happen is NAT.

This is one of those things where you could throw a cludge in that would redistribute smaller blocks of IP, but what do you do about the massive disruption? For better or for worse people who have had IPs allocated have counted on having them until they agree to give them up. Splitting blocks is a real headache.

Plus, how do you suggest we account for all the tiny blocks of IPs that this would take?

Re:IPv6 router at Fry's

The goggles, they do nothing. Damn troll.

The real power of IPv6

[WML+MUNSON]

The real power of IPv6 is that it allows us to eliminate NAT. Because of the size of the IPv6 address pool, every mobile device can have a publicly routable address and thus function as a server.

Facebook was originally developed and hosted in a college dorm room. With IPv6, the next "big thing" could be developed and hosted in someone's pocket.

Re:The real power of IPv6

I don't know for a fact, but I'm willing to bet that computer in the college dorm room used NAT. And that brings me back to the question so many have asked:

Why get rid of NAT? Isn't IPv6 just a solution in search of a problem?

I use NAT for my home intranet. It's easy - two lines in my iptables config file. And everything works fine. Usually when you have an unnecessary solution like this, someone is making a lot of money off it, but I don't really see that here. I just don't get it.

Re:The real power of IPv6

[silas_moeckel]

Na all those home connections will still be blocking ports and disallowing server via TOS.

Re:The real power of IPv6

[Dan541]

The real power of IPv6 is that it allows us to eliminate NAT.

Which is a bad idea for home users.

Re:The real power of IPv6

Not really. What is a bad idea is relying on NAT's breaking of the internet as a crappy firewall.

Re:The real power of IPv6

The next big thing is in my pocket

Re:The real power of IPv6

Because when you don't have an N:N mapping of addresses a lot of the older protocols break and newer services have to have kludges to handle the fact that sending a message back to the same IP may or may not get through to the original machine without a lot of workarounds.

NAT itself isn't the problem, it's the M:N mapping and the multiple levels which cause issues.

Re:The real power of IPv6

[kiddygrinder]

just wait till you get double natted and see how you feel

Re:The real power of IPv6

[FireFury03]

I don't know for a fact, but I'm willing to bet that computer in the college dorm room used NAT.

I'm willing to bet it didn't. Certainly when I was at university, everything had an unfirewalled global scope IP (this was not that long ago, but still before the days of evil on the internet that required everyone to have a firewall).

Why get rid of NAT?

Because its an almighty pain in the arse. It breaks all sorts of things, and if you haven't discovered that yet, you presumably have never managed a moderately complex network or done anything other than plain old web browsing.

I use NAT for my home intranet. It's easy - two lines in my iptables config file. And everything works fine.

No it doesn't - the things you use it for presumably work fine, but there's all sorts of technologies that really struggle to work through NAT (and for good reason, not just because of a flawed protocol design). Throwing NAT out is a good thing - it makes networks less complex and more reliable.

Re:The real power of IPv6

Home users will still have firewalls, only this time they will be real rather than imaginary and only requiring a UDP tunnel to bypass. Things like Skype create vast paths in a NAT based network that go back to various machines. NAT creates a perception of protection without any reality.

Re:The real power of IPv6

[FireFury03]

The real power of IPv6 is that it allows us to eliminate NAT.

Which is a bad idea for home users.

Umm, why?

Re:The real power of IPv6

Because NAT is a fairly good firewall

Re:The real power of IPv6

[Dan541]

Home users will still have firewalls,.

Home users don't have firewalls now, we can't assume that's going to change with IPv6.

Worst offenders for disabling firewalls seem to be gamers. Then there people still running XP without any service packs, the Outlook Express types who know nothing but manage to just get by.

Re:The real power of IPv6

NAT is a fantastic firewall. As an added bonus being on a separate device means it's not easy for malware to disable.

Re:The real power of IPv6

[Alioth]

If they are running XP without service packs, that's OK - they won't have IPv6 anyway.

Re:The real power of IPv6

And don't forget the joys of application protocols hiding layer3/4 information in layer7....

Always plays nicely with address translation...

Re:The real power of IPv6

Mostly because NAT is an evil cludge to get around the problem of a lack of IPv4 addresses.

And NAT has also caused further cludges to be spawned to compensate for its drawbacks, e.g. STUN/ICE etc. ALGs for VoIP services etc... (Ever tried to run encrypted voip or ftp services through a firewall or other device that's doing address translation?)

Also, people have grown to like the separation between internal and external networks that NAT makes very clear.

Not to say there aren't some good sides to NAT - it's very useful for cheap multi-homing networks for redundancy/resiliency/etc (in situations where proper BGP-based solutions are just not econimically viable), and people like the ability to easily avoid renumbering internal networks when migrating between connectivity providers. (I think the most favoured current proposal for dealing with this in IPv6 is IPv6 NPT (RFC6296 - http://tools.ietf.org/html/rfc6296), which is also a 1:1 IPv6:IPv6 translation mechanism, so should hopefully avoid the issues with 1:many NAT).

Re:The real power of IPv6

[Rising+Ape]

As an added bonus being on a separate device means it's not easy for malware to disable.

UPnP means that it is. And without UPnP plenty of legitimate applications won't work without lots of manual configuring which your average person won't know how to do. Besides, if you've got malware then you're already stuffed, firewall or not.

Re:The real power of IPv6

If your NAT supports uPNP to punch holes for you, it probably is a stateful firewall.

I am surprised by the amount of IPv6 traffic we se

[dskoll]

We (http://www.roaringpenguin.com/) turned on IPv6 for World IPv6 Day and I'm quite surprised by how much IPv6 traffic we see:

awk '{print $1}' access-2012-08-01 | grep -c ':'
1298

awk '{print $1}' access-2012-08-01 | grep -v -c ':'
16192

That's about 8% of the hits on our site, which is about eight times what I expected.

Re:I am surprised by the amount of IPv6 traffic

[dskoll]

Ah, it's not all roses. A lot of the IPv6 hits are things like this:

2403:1400:1:2:8185:895b:7f27:4318 - - [01/Aug/2012:14:00:30 -0400] "GET / HTTP/1.1" 200 9763 "-" "OpenNMS PageSequenceMonitor (Service name: HTTP-v6)"

2001:8a0:2106:ff:213:13:29:205 - - [31/Jul/2012:15:20:37 -0400] "HEAD / HTTP/1.1" 200 - "-" "curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8 libssh2/0.18"

The number of "real" IPv6 hits seems depressingly low.

Nearly every phone

[phantomfive]

Nearly every phone is running IPv6 already. Do an 'adb shell ifconfig' or 'adb shell netstat' on an android phone and you'll see some IPv6 addresses pop up. (Actually I'm not sure about iPhone, I'll check it tomorrow when I get to work).

Re:Nearly every phone

iOS does IPv6 just fine at an OS level but the user interface for it is almost completely missing.

Re:Nearly every phone

[swillden]

What's the first piece of the address? Every IPv6-capable TCP stack has a link-local fe80 address, but that doesn't mean you can use it for anything. What's more interesting is if they have an address in a usable region of the IPv6 address space.

Hmm, I just checked on my Galaxy Nexus (on Verizon -- 3G at the moment) and it has an address beginning with 2600:100e, which is in an assigned, globally-routable unicast address space. Cool! I notice that I can't ping it, though. Of course it's probably firewalled by default. nmap indicates no listening ports, but again that's probably because of a firewall.

Re:Nearly every phone

[phantomfive]

I'm not sure what it's used for, I first noticed it using 'netstat,' which will let you know if it is currently being used for something.

Blacklisted IPv4 addresses

[sandytaru]

We recently had to move a client over to IPv6 faster than intended because we couldn't get a block of clean IPv4 static addresses from the ISP. That problem is only going to get worse over time.

Re:Blacklisted IPv4 addresses

[FireFury03]

We recently had to move a client over to IPv6 faster than intended because we couldn't get a block of clean IPv4 static addresses from the ISP. That problem is only going to get worse over time.

Meanwhile, I have the opposite problem with Eclipse internet. One of my customers needed a new internet connection (we're talking 100Mbps leased line, not a poxy ADSL), so we recommended they check the prospective ISPs supported IPv6. "Yes, we support it " says Eclipse, so they went with them. When it actually got installed, Eclipse sent through the IPv4 details, so I replied asking for the IPv6 details too... they replied saying they didn't offer IPv6 to customers yet. When pressed further, they said "Our network fully supports IPv6, but we don't offer the service to our customers" - what a complete waste of time. (Of course, the customer doesn't see it as important enough to make a big fuss about, but if it were me I would be fuming about having been missold a reasonably expensive connection).

NAT is evil

[hokeyru]

Widespread acceptance of NAT subverts the egalitarian premise of the internet, that all nodes are created equal, and promotes a two-tier system: providers and consumers.

Re:NAT is evil

[WML+MUNSON]

Widespread acceptance of NAT subverts the egalitarian premise of the internet, that all nodes are created equal, and promotes a two-tier system: providers and consumers.

Yes, exactly!

Re:NAT is evil

And also, NAT make surveillance a BITCH!

Re:NAT is evil

[OneAhead]

That and NAT violates the very foundations of the IP protocol: one device, one IP address. By doing so, it breaks stuff, most notable preventing technically simple low-latency internet telephony and videoconferencing. We've had a short preview of that in some early instant-messaging clients before NAT came in and ruined everything. Without NAT, low-latency internet telephony and videoconferencing will once more become a trivial-to-implement commodity. Skype and the likes will have to diversify into other business or slowly wither and die. Maybe we'll even finally see the end of traditional wired telephony.

There is a myth that IPv6...

"There is a myth that IPv6 is only for those in Asia" I have NEVER heard of such a myth. The myth that I have heard of is "IPv6 is only for those who wants to with certainty point out that a specific package came from your toaster"... Wait! that is not a myth. That is IPv6 main reason for existence (now that we have NAT)

The power of meaningless statistics

[wonkey_monkey]

According to new data discussed this week at an IETF conference, there are more IPv6 users in the U.S than anywhere else in the world

Ooh, aah. What does that mean, then? In case anyone hadn't noticed, the U.S. is pretty big among countries. From the more useful article:

PNIC's global survey as of August 1st has IPv6 penetration in the U.S at 1.35 percent.

Romania currently tops the APNIC list at 8.73 percent

So yeah, go America. You're only doing 6.5x worse than Romania on this one.

Re:I am surprised by the amount of IPv6 traffic

Hmmm, and you don't get those on IPv4 too? I'd be surprised if you didn't. Just because you don't find value in those hits does not mean that those are not "real" too.

This can't be true

[Yvanhoe]

One of the biggest French DSL provider, Free Telecom, has IPv6 by default and there are more than 5 millions users here. I don't see how the article's premise could be true.

Re:This can't be true

People plug their routers into wireless routers. Many of those have 0 ipv6 support.

Some companies went as far as to have it in their firmware. Then took it out. Most annoying. One major one went as far as to hide the controls for it.

Re:This can't be true

[Yvanhoe]

The company I am talking about provides its own modem that is actually an ethernet and wifi router. I think that 90+% of their clients don't add another router to it.

Multicast DNS

[tepples]

I thought that was something that multicast DNS with DNS-based service discovery was supposed to solve.

Hurricane Electric tunnel

I've been running IPv6 using a Hurricane Electric tunnel (and OpenWRT on my router).

As a Network Engineer

The PITA for IPv6 is it makes it cumbersome to troubleshoot routing issues. Since IPv4 only gives one address to an interface and they are short numbers, it's rather easy to insure that you are routing correctly after a week or two in an environment. Since this hasn't been brought up, I'm going to assume noone commenting thus far has had to troubleshoot network path issues. You don't give names to router interfaces, uplink ports, ect.

So, when I route through multiple networks in different IP networks, IPv6 is going to take a climb up a learning curve that most network geeks are not exactly looking forward to. I'll manage, as I know the benefits. Just like the old Windows guys are probably not looking forward to the more PowerShell centric management that they are moving to. But god help me if I don't run for the calculator and spreadsheet everytime I need to try to break off a subnet in v6.

Re:As a Network Engineer

[spauldo]

You don't give names to router interfaces, uplink ports, ect.

Just curious, but why not? If you've got your own DNS system, it shouldn't be difficult to do. Adding router3-ring.example.com and router3-lan.example.com would make it easier to parse tcpdump output (or whatever you use) and would probably only take a couple hours for a medium-sized installation.