Slashdot Mirror
IPv6 Must Be Enabled On All US Government Sites By Sunday
darthcamaro writes "Agencies of the U.S. Federal Government are racing to comply with a September 30th deadline to offer web, email and DNS for all public facing websites over IPv6. While not all government websites will hit the deadline, according to Akamai at least 2,000 of them will. According to at least one expert, the IPv6 mandate is proof that top-down cheerleading for tech innovation works. 'The 2012 IPv6 mandate is not the first (or the last) IPv6 transition mandate from the U.S. government. Four years ago, in 2008, the U.S. government also had an IPv6 mandate in place. That particular mandate, required U.S. Government agencies to have IPv6-ready equipment enabled in their infrastructure.'"
If Romney gets elected, he'll just repeal it back to IPv4
obvious redundancy is obvious
A lot of the government offices will face challenges with IPv6 connectivity to the internet because a very large number of US ISPs are not IPv6 ready. Especially up here in midwest, you mention "are you IPv6 ready?" and your ISP sales rep gives you a blank look and asks what you're talking about. Maybe if the governments push for this at the ISP level we might see it filter down.
I've been following the federal government on this. It is wonderful to see the government taking the lead and helping to drive a technology. We often talk about complaints with government but they deserve kudos for doing some hard and doing it right.
This makes the US government a technology leader, at least in one respect. Try to go v6 only some time, and watch all the "Cannot connect to server" messages.. Only big ones like Google and Facebook seem to be available on IPv6 (it certainly cuts down on distractions to remove the IPv4 default route, but I can't even get to my email)
Why would a publicly-facing web server be behind NAT? That doesn't make any sense. NAT offers no security benefits.
Please note that "NAT" != "stateful firewall", though the two functions are often combined in a single piece of hardware.
My home network has been dual-stack for years (with NATed IPv4 and IPv6). All the systems on the network are behind a stateful firewall and even though my internal devices have globally-unique IPv6 addresses none of them are accessible from the outside world.
Recently worked in a govt facility on a project, they are just as far as most everyone else from being ipv6 ready internally, perhaps a lot farther away than many. Additionally, as you might expect, no one is budgeting for the replacement of infrastructure (like 20 year old printers for instance) that need to go to make it happen. Even though they have a mandate to be ready internally in two years. That mandate ain't gonna fly.
IPv6 is simpler than IPv4.
That's just a lame excuse. There are some new features, but those are mainly important to the endpoints. For routers in between, the job they need to do became simpler. And it is the network, which has been lacking, not the endpoints. The excuse that it is too complicated has mainly been used by those who didn't need to deal with the complexity.
Name one change that affected a network provider, who just has to move packets between two endpoints.
No. There were only two approaches that could have speeded it up. Top down regulation or customer demand. But both of those were in the hands of people who won't understand the problem until they can no longer get online. Actually, there is one other thing that could have speeded it up. If we had never gotten any sort of NAT for IPv4 in the first place, then the transition would have gone faster.
Do you care about the security of your wireless mouse?
I can't tell if you're a troll or just spouting off about things you don't understand in the least, but...
It's a hell of a lot easier to find a vulnerable machine behind NAT than it is to find one across a search space 40 bits wide (which is wider than the entire IPv4 search space, and less than a cube root of the search space of IPv6 as a protocol).
NAT is not a security measure. You can (and should) still have a firewall with IPv6; your firewall box just won't also have to perform NAT. That's fine, though; a NAT has a maximum search space of 24 bits (10.0.0.0/8) while IPv6 has enough addresses to assign one to every atom in the solar system, and no, that's no an exaggeration, guess, or line of BS.
There's no place I could be, since I've found Serenity...
That joke was funny April 1st of last year. http://packetlife.net/blog/2011/apr/1/alternative-ipv6-works/
Do you care about the security of your wireless mouse?
NAT is not a firewall. And anyone deploying IPv6 should be doing so on a machine modern enough to have a strong, centrally administered, software firewall.
You are not alone. This is not normal. None of this is normal.
I work for the NSP for a large number of government research facilities. Our network has had full IPv6 support for several years, but no IPv6 customers (other than ourselves). The prior IPv6 mandate was primarily satisfied by bring up an IPv6 connection with the customer and their pinging our router, then deconfiguring the IPv6. That was really all the mandate required.
This time we are bringing up full IPv6 connectivity with them. It really is happening this time and it mostly seems to be working.
The mandate is also pressing other providers to get IPv6 up and running. Under the mandate, if you have a provider that can't support IPv6 on Oct. 1, you need to change providers. In simple terms, the general public must be able to access your web services and all publicly linked pages as well as DNS via IPv6 if they have IPv6 connectivity to the Internet. (Admittedly, this is a fairly small subset of Internet users.) The federal governments is a rather large customer of several major providers, so this has probably been the biggest cause of several of them getting IPv6 running, though some still don't offer IPv6 to non-governmental customers.
Between the U.S. Government and Comcast, IPv6 seems to really be happening. Traffic is clearly increasing rapidly, though still very tiny compared to IPv4.
Kevin Oberman, Network Engineer, Retired
That's the question which a lot of overworked federal agency heads might be asking.
I.e., "What's in it for me?"
And, "If we miss the deadline, what will happen." It would be nice if every federal agency just did whatever they were told to do, as if they were merely the organs of one single body. But actually, they are multiple bodies. And if the answer to the question is "nothing", then some wily agency heads will choose to simply ignore the directive.
I'm not a lawyer, but I play one on the Internet. Blog
Romney or IPv4?
Some people are saying, "Yeah, providers will give you IPv6 addresses for your DIA circuits. I don't see an issue." But they aren't fully aware of other mandates that influence civilian agencies' abilities to meet the IPv6 mandate. Namely, this one: http://www.dhs.gov/trusted-internet-connections-tic. None of the TIC provider's are offering IPv6 connectivity that I'm aware of, but they are all in various stages of getting there. The agencies that are ready most likely host their own MTIPS offering or (more likely) using hosting companies to get there.
Yes it is. Because inverse NAT requires you to specify where to send the traffic *to*. I'm a great proponent of IPv6 myself, but this argument of the IETF is bogus. Besides, 'centrally administered firewall' on each machine ? I think I see a flaw in your method.
Religion is what happens when nature strikes and groupthink goes wrong.
All they had to do was make Internet addresses twice as long 0.0.0.0.0.0.0.0 to 255.255.255.255.255.255.255.255 and it would have fixed the problem
Yes it would but IPv6 addresses are more fun and easier to remember. You get to use hex sp33k and the zero compression schemes get rid of unecessary zeros. My public 16-octet IPv6 address is much smaller and easier to remember than your 8 octet solution.
Device makers could easily update the logic to do that in future products as well.
It does not matter if it is a single extra bit or 96 extra bits the cost and global effort is the same.
Plus, you can use IP4 addresses at the same time by making software see them as 192.168.0.1.0.0.0.0
::192.168.0.1 is valid IPv6 and looks less complex than your 8-octet version. Just because you can do something does not mean there is a valid reason to do it. There is no benefit to playing this subset superset game. This is an operational nonstarter.
Your argument is all about the lack of bits in an IPv4 address, not about NAT per se.
Religion is what happens when nature strikes and groupthink goes wrong.
I don't know if id call forced deadlines as 'cheerleading'.
---- Booth was a patriot ----
Besides that, NAT *is* effectively a security measure - it masks your source address. It's like half-tunnel mode.
Religion is what happens when nature strikes and groupthink goes wrong.
Since all IPv4 addresses have a unique IPv6 representation, an IPv6-only subscriber using a device with a hybrid dual-stack can access an IPv4 address by specifying the applicable IPv6 address. See rfc3493, "Compatibility with IPv4 Nodes".
The one you quote is deprecated.
but you can also just implement the firewall without NAT and get the same level of security.
IPv6 is simpler than IPv4.
True, but dual stack is more complex than either.
I don't see flipping a switch and transitioning from IPv4 to IPv6. Instead, I see living with a dual-stack environment for a while. It will not be pretty.
Why would a publicly-facing web server be behind NAT? That doesn't make any sense.
When you have more services than public IP's. I have 5 IP's at the office, and run over a dozen services from them. These days, you spin up a VM for each service, for isolation, and NAT the ports where they need to go.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
you could use link local and site local IPv6 address to help with this.. or better yet setup your router, switch (if managed), and/or firewall to do this for you.
has IPv6 enabled, and things are working fine there. The exception are some of the branch campuses that have older switches and such where turning on IPv6 in Windows 7 seems to really slow the whole network at these locations down.
NIST statistics show that over half the agencies have made "no progress" in their IPv6 deployment. It is good that the government is doing this, but too many agencies are asleep at the wheel. It does no good when the agencies will not do what they are required to do.
Yes, America! Send a message to Washington and the big parties. Don't vote for either Obama or Romney. Vote for Virgil.
When our name is on the back of your car, we're behind you all the way!
When I was oper on OpenProjects.net now freenode I campaigned for IPV12 or 16 pushing forward the argument that IPV6 was rather short sightedness and that was 10 years ago. Some people did not like my ideas and I was booted as my ideas were too "Outlandish".
It appears that anything descent gets "scotched" http://www.thefreedictionary.com/Scotching (please refer to definition Scotch1) "1. To put an abrupt end to: The prime minister scotched the rumors of her illness with a public appearance".
Nonetheless, this issue raises its ugly head once again.
All cows eat grass!
Flamebait indeed! This initiative started long before Obama, during the Bush administration. Not to mention that neither Clinton, Bush, Obama nor Romney have the slightest idea what IPv4 is. And speaking of the GOP, if they knew that IPv6 has 3.4028236692093846346337460743177x10^38 addresses, as opposed to a mere 4,294,967,296 addresses, they'd all be champions of IPv6.
I agree. It's funny, I didn't have any real issue with McCain (although his idea to shut the government down was a bit out there), and I don't have much problem with Romney based on his time in Massachusetts, but I didn't support either of them primarily because I want a Democrat with the veto stamp. (That, and the Republicans need to be punished for Bush. WMDs my ass.)
I never really cared that much for Obama - I wanted Clinton.
Not that it matters. I'm in Oklahoma, where a non-Republican vote doesn't count.
Those who can't do, teach. Those who can't teach either, do tech support.
If Romney gets elected, he'll just repeal it back to IPv4
More likely, he'll switch the internet over to lantastic.
From what I understand, let's look @ the OSs that natively include IPv6 support, as opposed to those who don't:
So all new devices that come out w/ an OS already have iPv6 support. Older devices already have all the IPv4 addresses they need, and more likely than not, they are behind NAT and can just keep issueing local IPv4 addresses. So the analogy w/ analog to digital TV fails somewhat as far as domestic customers go - here, it's the consumers who are ready, and the ISPs who need to make the switch. And a lot of the delay is due to the fact that there still doesn't seem to be IPv6 specific routers, switches and other networking equipment that is layer 3 aware. ISPs who are IPv6 ready ought to dual stack their customers who are not still on XP as a default, and over time, just quietly remove IPv4, or start charging a premium if that is needed.
With businesses, it's more complicated, since they have in-house applications that are IPv4, and so for them, migration would be a PITA. When they switch to Server 2008/2012, that's probably the right time to go from IPv4 to IPv6 as well, although I can see why IT departments would be reluctatnt to make 2 jumps in 1 transition. But fact remains that Server 2008 and Windows 7 have IPv6 as their native layer 3 support, as opposed to XP or Server 2003. So this transition is just the right place to go from IPv4 to IPv6.
Also, web hosting services switching to IPv6 would help a great deal as well. The bulk of websites hosted on these would go dual stack ASAP.
The other thing ISPs can do is go dual-stack lite, where they set up everything in IPv6, and only provide local IPv4 behind IPv6 addresses to those who simply have to have IPv4 to communicate w/ other IPv4 nodes in the internet. After all, complete dual stack is not a solution if they are running out of IPv4 addresses.
Also, businesses and even consumers who consume a high quantity of IP addresses - which in case of IPv4 may be as low as above 16 - ought to implement IPv6 for such applications. That would include things like websites, ftp sites, messaging servers & so on. Essentially, once the high demand items go IPv6, pressure on IPv4 is that much lower, and even facilitates dual stack.
Where exactly do these extra addresses come from? The reason it's becoming critical now is that even w/ NAT, they're running out. And once one introduces 2 or more levels of NAT, a major overhaul would be required of NATing software, since your mapping - currently based on mapping a single layer 3 address to a layer 2 address - will have changed, since one would now have to map a combination of a layer 3 routable address and a layer 3 non-routable address to a layer 2 address. Once that level of work will be needed, one might as well go for IPv6 anyway.
The software firewalls - the ones based on BSD and Linux - things like PF and IP Tables - already support it. I think Norton is still behind the curve, and dunno about McAfee, Kaspersky, ESET or others. But at a router point, if they put in something like PF or IP Tables, they are providing a good level of security already, since they can block an entire /64 link. Beyond that, enable Antivirus and other malware, and don't bother about firewalls, until your security software supports IPv6. B'cos if you don't have an IPv4 address, there is no way any malware delivered via IPv4 can reach you anyway.
Is Comcast still handing out single /128s to each customer? Or are they now at least giving out links of /64?
Also, anyone knows whether Comcast does full dual stack, or did they go w/ dual stack lite instead? The former wouldn't solve the issue they had w/ an IPv4 address shortage, but the latter would.
You got it the other way around. Make it painful for people to haev IPv4 sites, and easy for them to have IPv6. You always tax something that you want to discourage - in this case, IPv4, and incentivize something you want to encourage - IPv6.
Most of the home routers can take a firmware update - the ones that can't are probably already behind NAT. As for mobile devices, the more recent ones all support IPv6 - it's the older ones that don't. But given how often people upgrade their phones, chances are likely that they'll have one that supports IPv6. In fact, mobile IPv6 being adapted is likely to sink a huge portion of the demand on IPv4.
Problem was that even if they had increased the address to 33 bits, it would still have expanded the address space to 8 billion, would not have gotten rid of NAT, and therefore, would not have solved the problem that the internet was having. Also, the amount of effort needed would have still been the same - all routers & gateways in the world would have had to support it, all applications using layer 3 APIs would have needed to get upgraded, and so on. Which is why expanding it all the way to 128 bits gave them room to play w/, as well as lend it more structure and make a whole shitload of IPv4 problems go away. Not just NAT - simplified routing tables, multiple multicast modes of operation, link-local and unique-local addresses, and so on.
The notational issue - only thing I think is that they should have retained the period instead of replacing it w/ the colon. But other than that, had they done what you suggested, they'd have had something like 255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.255. No difference from a technology POV, but pretty ugly to read. Or they could have done something like 65535.65535.65535.65535.65535.65535.65535.65535. Using hexadecimal lent some structure to it in terms of readability, but there is no reason the 65535 wouldn't have worked just as well.
Dual stack will only be around as long as IPv4 is. Once IPv4 runs out of addresses, the need for dual stack will be gone.
If you need the services to run on routable IPs, you have the routable addresses. If you need them to run on non routable IPs, you can use either the link-local or the unique local addresses. Either way, you won't be short.
Masking the source address is less of a solution than blocking an entire link from the attacker's nodes.
I'm as much a fan of IPv6 as the next guy (and disagree with the guy saying just keep on IPv4 forever).
But I hate the IPv6 fundamentalists who won't allow any deviation from the IPv6 dogma.
Come on, just let people have their NATs, why don't you?
I'm not a lawyer, but I play one on the Internet. Blog
IPv6 isn't too complex, it's just different from IPv4 and that is what you are used to.
New things are always on the horizon
These are websites, you don't use NAT for websites.
The websites are port 80 (http) or port 443 (https). If you have 5 public IP-addresses, then you have 5 ports 80.
What you can do use a HTTP/1.1 virtual hosts or a reverse proxy/loadbalancer so you can choose to redirect requests based on URL or domainname.
To bad some older systems don't support the same for HTTPS (called SNI) so you can have is 5 websites with HTTPS.
New things are always on the horizon
It isn't that people don't want others to run their networks as they see fit.
The argument you hear a lot is: NAT is more secure then just a firewall.
Which is something a lot of people disagree with, it only adds some obfuscation.
And obfuscation does not make it more secure.
New things are always on the horizon
You are kidding right ? They are just dropping ping-requests.
It would be incredibly stupid if they added the AAAA-record and you couldn't connect to it. Older browsers would need to wait half a minute to try the address from the A-record.
It really does work:
$ telnet whitehouse.gov http
Trying 2001:218:2007:2:8800::fc4...
Connected to whitehouse.gov.
Escape character is '^]'.
New things are always on the horizon
True. But dual stack would have been the simplest way to transition from IPv4 to IPv6, as long as it was done before IPv4 addresses ran out, and all sorts of workarounds got in the way. The fact that dual stack is more complicated than running just one protocol by itself is of course a contributing factor to people hesitating with deploying IPv6. But you cannot blame that on the design of the IPv6 protocol. Nobody have provided a serious suggestion for a better design.
We could have had dual stack for a while and then dropped IPv4 support before the IPv4 addresses ran out. That would not have been as ugly, as what we can expect to see now. There is one good thing to say about dual stack though. If you mess up while changing network configuration remotely, you have a fallback, since misconfigured IPv4 can be fixed by logging in over IPv6 and vice versa.
Do you care about the security of your wireless mouse?
In the ideal world, that would be true. In the real world, IPv4 addresses have run out in some parts of the world already. And yet more than 95% of the Internet is still IPv4 only.
Do you care about the security of your wireless mouse?
The headline should be "there's well over 2,000 Federal government agencies and we can't find any worth closing".
Both.
Do you care about the security of your wireless mouse?
NAT wasn't part of the IPv4 standard. It got implemented anyway. Some standards got written at some point. But vendors can still produce IPv4 NAT solutions however they please and ignore the standards. Nothing stops vendors from producing IPv6 NAT solutions. There aren't any written standards. But in reality IPv6 is better suited for NAT solutions than IPv4 was.
When an IPv6 NAT can be so much better why aren't they widely used? My guess is nobody wants them. I think the people who ask for NAT with IPv6 just wants an excuse to not have to work on upgrading their network. If NAT was available for IPv6, they'd have found another excuse. Those who really do want IPv6 and will take the effort to upgrade will want to avoid the additional complexity of NAT. And nobody really have a usecase where NAT between IPv6 and IPv6 is making anything easier.
NAT where you have IPv4 on one side and IPv6 on the other side can make sense in some scenarios. If your LAN is IPv6 only and you want to communicate with servers on an IPv4 backbone, you can use DNS64+NAT64. If your LAN is IPv4 only and you want to communicate with an IPv6 backbone, there are fewer options. (I decided to actually go and implement one.)
Do you care about the security of your wireless mouse?
> I think the people who ask for NAT with IPv6 just wants an excuse to not have to work on upgrading their network.
I'm not one of them. And I wasn't saying that I wouldn't want IPv6 without NAT, just that the IPv6 fundamentalists won't allow people to say that NAT has been useful in some circumstances.
I.e., I just want people to advocate for IPv6 without feeling that they have to defend the anti-NAT ideology 100%.
I think I'm in the vast middle of Slashdotters who really want to move to this cool new thing except that: 1) ISPs don't support it, 2) cheap router manufacturers don't support it AFAIK, and 3) tools are sort of lacking.
E.g., why do you have to do ping6? Why not just have ping check the format of the passed argument and call classic ping or ping6 appropriately? Why force a human to do what a computer can?
I'm not a lawyer, but I play one on the Internet. Blog
Which will make the server inaccessible to anybody using Teredo. And that is not the only system doing something like that. I have a system which will ping the site through two different tunnels to use the most reliable path to the server.
I know of an ISP who did that for their homepage. When I questioned them about it, they said it was a deliberate choice.
But in this case of whitehouse.gov I do get responses for both ICMP echo requests and HTTP requests to the IPv6 addresses in their AAAA records. So either the GP is mistaken, or they changed the configuration on the server.
Do you care about the security of your wireless mouse?
Also, I think your's is a pretty moderate response: that you can have NAT on IPv6, but the vendors haven't supported it yet.
By contrast, on /. IPv6'ers usually take the line of "Don't do NAT." That would be like Windows users saying, "How can you do X on Linux", and the response being "Don't do X."
Also, doing SSH to IPv6 hosts named in /etc/hosts has been problematic for me to the extent that I've just forgone my initial attempts at local IPv6. scp even works differently than ssh in this regard. In one or the other of the two, you can't do luser@[IPv6], although luser@1.2.3.4 works just fine.
I'm not a lawyer, but I play one on the Internet. Blog
nope.
The address-space expansion is the only problematic part. if you want to support more addressspace, you need to go incompatible.
the other stuff would not break compatibility, and was added, so there is more reason to migrate than just "we need more addresses", because with only "we need more addresses", you cannot motivate the people who still have enough addresses to migrate as well.
It has been useful. But I think with IPv6 I think there are better solutions in every situation, where you would use NAT66. If a customer came to me asking for NAT66, I would try to reason with them. I don't want customers to deploy an inferior solution due to being uninformed. But if a customer who understands what the options are still want NAT66, I'd be happy to implement it, if they would pay.
When I go to an internet provider, I would like them to treat me the same way. And that means I don't want them to tell me I don't need IPv6. They can tell me they don't think it is ready, and why, but if I with all the information at hand still want it, it's not their job to tell me out of it. I also don't like how some internet providers think they should take extra high payments from those customers, who are willing to be guinea pigs.
As for the rest of the internet, who I do not have any customer relationship with, I don't care how they handle their own LAN and the connectivity between their LAN and the backbone. But I do care about the protocol being used on the backbone, because those only doing IPv4 there are holding back the development of the internet for the rest of us. For all of those people I'd rather see them use NAT66 than NAT44.
There is nothing in the IPv6 protocol preventing NAT66, there are less obstacles in the protocol than with IPv4. And you are free to use it, if you want to. But you will have a hard time convincing me that you know what you are doing, if you decide to deploy NAT66. But then again, the majority of companies on the internet will have a hard time convincing me that they know what they are doing anyway.
That does not have anything to do with the IPv6 protocol. That is entirely an implementation question, and I believe some systems have a ping command, which does IPv4 and IPv6. I don't think the minor differences in command lines between different operating systems have any influence on the speed at which IPv6 is being deployed.
It works the other way too. Back when I was in a job, where I was forced to use Windows, I would often ask questions about, how do I do X in Windows. I wasn't told don't do X, I was just told, you cannot do X in Windows.
I haven't actually tried that. Rather I went the way of putting my hosts in DNS. In those cases where I need to access a host, which I did not put in DNS yet, I have a zone, which automatically generates AAAA records. That way I can do such stuff as 2a00-1450-400f-800--100e.aaaa.kasperd.net, and it works.
Yeah, that is a bit annoying. But most of the time i do ssh to hostnames anyway. I rarely do ssh to an IP address.
Do you care about the security of your wireless mouse?
> I don't think the minor differences in command lines between different operating systems have any influence on the speed at which IPv6 is being deployed.
The clumsiness of IPv6 tools (ping, ssh, scp, and others) and basically the whole ecosystem working together acts as a stumbling block to those admins (and even devs and power users) who just want to get their feet wet. When they get their hands burned (ok, mixed metaphor), they back off because they perceive that you have to become an IPv6 guru (like you) in order to merely connect two hosts.
For you, a DNS server is nothing. You've probably got 20 of them running in your labs. The 21st is no big thing. For small networks, config for the 1st one is.
None of this is we shouldn't move to IPv6, merely that obstacles in the way are part of what are delaying it.
I'm not a lawyer, but I play one on the Internet. Blog
A routing issue is a possibility. But I am connecting from Europe as well, and it works for me.
Through HE tunnel server in Frankfurt:
When I tried again with a hostname, my tunnelling software had found a shorter route:
Through HE tunnel server in Stockholm
Notice that the less than 40ms I got on one of the IPs is too low for a trip across the Atlantic, so it must be hosted in Europe or nearby. A whois on the IP addresses reveals that this is Akamai. Knowing which provider you are using and seeing a traceroute from your network may help identify where the problem is. But it sounds like it is somewhere between your provider and Akamai.
Do you care about the security of your wireless mouse?
Only 19. But then again, this is a one man company, and I don't have a big lab. What I really like about working with IPv6 is that whenever I need to add a component to my system, I just assign another IPv6 address to it without even having to think twice, because I know there will be enough IPv6 addresses. 11 of the DNS servers I have running at this time are authoritative DNS servers, which I actually run IPv6 only. On each domain I host on those, I have some special feature I need on that domain. I don't need to worry about interaction between those features, because I run each server as a separate process. That is something I couldn't have done, if I had been using IPv4, because there are just not enough addresses.
Do you care about the security of your wireless mouse?
Ah, the joys of democracy. 50%+1 wins and the 50%-1 can go to the salt mines.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
IPv6 is simpler than IPv4.
It's simpler in a more complex way. "You no longer have to worry about unicast, multicast, and broadcast, it's now just unicast and multicast." Simpler, one less thing. Other than all-points multicast is the exact same thing in a different manner. So they "simplified" it by changing it to so the same thing in new and different ways. Sounds like change for change's sake to call "broadcast" "all-points multicast" when they are functionally identical.
Or am I just not getting it?
Learn to love Alaska
If you are a system administrator, just pretend it's the same thing. It will probably be several years before you need to know the differences. If you are actually implementing code to handle IPv6 packets on Ethernet, then you need to lookup the details now.
They are functionally identical if you are running it on switches that don't know the difference. In 20 years when you have gotten rid of all the broadcast traffic caused by IPv4 and your switches know to only send multicast packets to nodes that need them, then you can grow the network segments to a much larger number of nodes.
This is one of those changes, which may help us at some point in the future. For now you can ignore it as it introduces no operational difference compared to what you have been used to.
I can think of one place where there has been a naming change, but where IPv4 and IPv6 are actually identical. It is the TTL field from IPv4, which is called hop limit in IPv6. The point is that the TTL field as it was originally specified was basically impossible to implement. Thus actual IPv4 implementations deviated a little bit from the spec. With IPv6 the spec was changed to match what everybody have been doing, and the field was renamed accordingly.
Do you care about the security of your wireless mouse?
If Romney gets elected, he'll just repeal it back to IPv4
More likely, he'll switch the internet over to lantastic.
That is a buried Mormon comment if I ever saw one.
Lantastic->NetWare->Novell->Provo, UT
Jesus was all right but his disciples were thick and ordinary. -John Lennon
I was trying to do something with the Flow Label in IPv6, and I found that no two makers of equipment implement it in the same way, and generally do so in a manner that makes it useless to use to differentiate flows. As implemented, it's essentially a sequence number, in a massively over-sized field. I wanted to use it for ToS (which also mostly doesn't exist anymore, as people have gotten used to not identifying the service, as that has always been a fail in IPv4, but instead identify QoS class only, and use ToS as a QoS feature). At no point was I going to perform QoS on the Flow Label, I just wanted to be able to so something fancy, like convert the DSCP markings used in IPv4 to differentiate services (most specifically, voice > video > other, with 2 or 3 queues depending on the intermediate systems). But I couldn't set the Flow Label at all in any end device (I presume it is being set, but in an automatic way with no adjustability. I can set DSCP arbitrarily on just about anything these days, but nothing would do the same with flow labels).
Despite its age, it's still immature.
Learn to love Alaska
In my neck of the woods the CMT and FOX News cable networks are on adjacent channels. So when I noticed that Roseanne Barr and Mike Huckabee had shows on at the same time, I set up my picture-in-picture and switched between them.
Roseanne's show was meant to be funny, and though much of the humor was dated, it succeeded. Huckabee's show was, well you, a typical Huckabee show.
I finally know whom to vote for.