Slashdot Mirror
Some Telcos and ISPs are Frustrating IPv6 Adoption (guardian.ng)
An anonymous reader writes:
"There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications operators and internet service providers in the country have not adopted IPv6 which raises the issue of compatibility with other networks."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.
How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.
How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."
Doesn't IPv6 hide the anonymization about which device beyond the firewall is using a service. Do I really want people outside my home to know how many devices I have, or which is viewing what?
Your ad here. Ask me how!
Not every level 1 helpdesk jockey in India making $5/hr can do IPv6 subnetting in their heads to fix connectivity problems
http://saveie6.com/
Nobody can remember all those hex digits.
Because with it enabled it slows down or breaks connectivity.
I typically refrain from calling out the staff supporting /., but is it really too much to postfix the submission title with "in Nigeria"? Or is that somehow at cross-purposes with what you all are trying to achieve on this site?
I know it is cool here to hate on Comcast but my cable modem service supports it so easily now that I don't see any barrier's to adoption.
I used to use one of my Apple Time Capsules (so shoot me) for my router but when I needed better VPN service I got a $35 Mikrotik and made that the gateway router and the Time Capsules are now bridge-mode Wifi access points behind that.
Fast forward a couple of years and I hear about Comcast has IPv6. I found out that my Mikrotik needed an upgrade for IPv6 support but that was surprisingly painless. Once you have that and turn it on the router gets your IPv6 address assignment from the upstream DHCPv6 server Comcast runs. That gives you a 64-bit "address pool" (which is what Mikrotik calls it) and without doing anything else all your household devices get an IPv6 address according their own capabilities.
Comcast did it right, but you still need the right router software on your end. The Time Capsules didn't cut it but the Mikrotik router did. I can't speak for other products because the router worked and there was no need to try anything else.
Windows no problem. MacOS no problem. Smart phones, TV, cams and all the other junk no problem.
The only reason you need IPv4 at all is because there are still a LOT of servers and services out there that can't be reached by IPv6. But I have had no issue with Safari, Chrome, or Firefox or any other networking application.
The payoff for me is that I run a fair number of VMs out in the cloud. My co-location host is reasonably OK with giving me IPv4 addresses when I need them but now I don't even bother assigning an IPv4 address to a system unless it is for public access. IPv6 straight from my system at home to the VM out there.
Fringe benefit: The public IPv6 addresses, at least those that don't have well-known AAAA DNS records, don't get constantly assailed by bots with dictionary attacks.
Gripe: XenCenter doesn't support IPv6 for management. And it is a mess to try and install a mitigating tool like fail2ban in the XenServer hypervisor. What a pain.
That's my take anyway.
Itâ(TM)s a problem everywhere.
Based on Googleâ(TM)s stats, less than a quarter of google users are IPv6.
https://www.google.com/intl/en/ipv6/statistics.html
has applications beyond elementary school math.
Next story.
Stateful Firewalls Provide Security (Not NAT)
NAT does not provide any real network security, it actually prevents many security measures.
Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password.
By your argument -- you would be even happier if your ISP shares your IP address across many households (double NAT'd) -- which mine does.
Maybe its you IPv6.
Why? The problem is not in America but in Nigeria. America is the #2 country in IPv6 adoption, just behind Belgium, so we're not exactly lagging behind the world. Or, are you suggesting that Americans need to pay more to help out Nigerian 419 scammer princes?
> anonymization about which device beyond the firewall is using a service.
You're not really hiding anything. Between user agent strings, cookies, etc., the trackers know one device from another. In fact since most web access is from mobile devices these days, and mobiles get new IPs all the time, IPs aren't used much for tracking anymore anyway.
Because IPv4 lacks enough addresses, you're pretty much forced to use only one IP for all of your devices. That's a hack and while it works well enough most of the time, for most people, it does have some problems.
You *can* still do that with IPv6; you aren't forced to. As mentioned above, it doesn't do you much good anyway. You can also have your devices randomly switch between millions of IPs. That's as effective as IPv4 NAT. Of course neither do anything when there are cookies involved and sch.
I can get IPv6 on my phone (EE network) but my main ISP Virgin media still gives me IPv4. Having IPv4 in almost 2018 is like being forced to use Internet Explorer 6.
> Your ISP probably assigned a /64 to your home - so you can always keep rotating
> IPv6 addresses on your computer(s) if you feel the need to confuse your enemies.
That does *NOT* necessarily help anonymization. A static /64 (or /56) is still a CIDR. You can dick around with the MAC ID ("privacy extensions") and jump around in your CIDR all you want. But once someone identifies a static /64 or /56 with you, you're marked permanently. The big privacy battle with IPV6 will be for dynamic /64 or /56 allocation versus static allocation.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Government is way overkill for this.
Want to improve AAAA adoption? Easy. Google gives you a ~5% PageRank boost for working dual-stack on your server. Like they already do for SSL, ARIA accessibility, and mobile-friendliness.
Nothing would move the IPv6 needle faster.
You struggle to get ipv6. All the big providers do it - with caveats. A couple of smaller players do - with caveats.
I recently declined a service from an isp when they didnâ(TM)t provide ipv6. I asked when, their response was never. Seriously.
Most AU isp staff are fucking retarded as fuck, and donâ(TM)t think ipv6 isnâ(TM)t a thing.
This. Exactly.
Also, with IPv6's extension header system, you can theoretically even route right through a NAT, completely neutralizing its most significant disadvantage, as long as the NAT in the middle recognizes and handles the extension, and the session layer on the remote machine that may need to be able to route a raw IP packet to an otherwise undetectable IP address knows to add the extension to the appropriate outgoing packets.
File under 'M' for 'Manic ranting'
how to make a terrrorist time bomb
Stay with IPv4 and don't upgrade the world's networks to IPv6.
-=This sig has nothing to do with my comment. Move along now=-
just need a truck and tools to be an 1099'er for comcast in the past they did even do background or DMV checks.
Were there actual technical limitations to enabling a larger address space or was it just a lack of foresight?
I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
It's been years since I've worked on IPv6, I was one of the small team who wrote the IPv6 stack for Cisco's high end routers.
So I know the protocol - sort of. It was still in flux back then (15 years ago) with the IETF.
Can someone bring me up to date? As a website master, why do I need it?
Add Verizon to the list of Nigerian ISPs. Well, not their mobile division, because actually they do offer IPv6 on cellphones. The âoefixed lineâ business, aka FiOS, on the other hand, is absolutely clueless Verizon even has a page, dated from 2010, stating they are going to deploy dual stack âoein the near futureâ. Seems they are still stuck in 2010...
In the meantime, Iâ(TM)m running over Hurricane Electricâ(TM)s awesome (and free) IPv6 tunnel service, and disabling v6 for the we-built-our-Trump-wall Netflix like companies that treat HE as a public proxy âoewith the sole purpose of bypassing their stupid geolocation blocksâ.
Seriously, at this time, it would be better if apps would prefer IPv6 and start running massive traffic through it.
If IPv6 is not available, so be it. BUT, by moving Chrome, Firefox, etc to 6, it will only hasten the move.
I prefer the "u" in honour as it seems to be missing these days.
How will the Nigerian economy keep up with the western world without a timely shift to IPv6! /sarcasm
Seriously, it's Nigeria...
Ken
The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space. This required stupidity like having applications which want to support IPv4 and IPv6 open two different ports for incoming connections. Dumb. Dumb. Dumb.
You would think the people behind standards like this are brains trust IQ 200. In truth they are often arrogant and short sighted and refuse to accept criticism. If they had got their act together on this early IPv6 would have been embraced long ago.
Please take a moment and disable smart punctuation - http://lmgtfy.com/?q=disable+s...
Ken
except when i asked him, he knew more about ipv6 than camels, humping, terrorists, and time bombs. which means he knows more than you. ironic.
The US government should facilitate the move from IPv4 to IPv6 by starting to tax or apply a fee for each IPv4 (with no IPv6 address) address in usage -- and increase that fee each year until it encourages the movement off of IPv4.
That is among the dumber things I've read today, but granted I haven't spent that much time on-line today.
The tax code shouldn't be used as a cudgel to control behavior, it is a tool designed to fund the operation of the [Federal|State|Local] government. To what purpose would the proceeds of this tax be applied? Buying IPv6-complaint routers for public K-12 schools? Subsidize Internet connections for low-income/inner-city residents? What?
Ken
NIGERIA, not America, but hey, cool you were able to work Trump AND Linux into your contribution, we all got just a little bit dumber after reading your comment.
Ken
"There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications
Ken
Watch how fast they come
Here in the U.S., New England region with Cox and Verizon. I know Cox offers IPv6 and my router can handle it. But I've been loathe to do so as the 255^3 addresses using only three octets that I have available are plenty. And the NAT works perfectly.
That may work on the server side of things, but most end users don't have ipv6 connectivity...
What's needed is for the likes of google and facebook etc to start offering desirable features to ipv6 users first, perhaps as a form of beta... If hundreds of customers start calling isps demanding ipv6, or switching to other providers that already offer it then adoption will increase pretty quickly.
For now it's only a few of us asking for ipv6, so we get ignored by the major isps.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
IPv6 seems dedicated to preventing me from hiding. Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
Your ad here. Ask me how!
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
They probably think you don't know how to handle those because ipv6 is just as easy to handle the ip address obfuscation, and in fact is obfuscated by default in most modern operating systems out today. You're worried about an issue that doesn't exist because you lack understanding. It's extremely likely you have no clue how to properly handle browser fingerprinting either.
> Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
Yes they will be chosen from a range of 9,007,199,254,740,991 addresses or so. Some ISPs will assign you 32 times that many addresses, some a bit fewer, but roughly 9 quadrillion addresses. Compared to your ONE IPv4 address. As someone who has developed security systems which use IP addresses as one indicator of whether it's the same person, I'll tell you it's much easier to track your single IPv4 address than to figure out which 9, or 288 quadrillion, or 18 quadrillion, or whatever might be assigned to the same customer.
> you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
To be 100% completely honest with you, based on your posts I'd guess you're the type of person who thinks they kinda get it, so they make some attempts to hide stuff, and therefore stick out like a sore thumb in the sea of people who present standard, default profiles. When you're the guy who mucks with his iPad's user agent, but of course it still shows iPad resolution, you're the only hot on the whole site reporting 2048Ã--1536 on "Windows" and it makes you very easy to spot.
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
Just like when you were on IPv4, all your devices were behind one IPv4 address, providing precisely the same facility.
IPv6 seems dedicated to preventing me from hiding.
You've yet to provide a single example supporting this contention.
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
And TLS session caching, DNS fingerprinting and port range mapping (CGN).
IPv6 seems dedicated to preventing me from hiding.
IPv6 really does make it easier to track individual systems on a network of more than one user. Even with privacy addresses short term correlation is probably still useful.
Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
IPv6 customers are generally assigned subnets rather than single IP addresses. Whether you get a single IPv4 address or a single IPv6 prefix your "network" can just as easily be tracked in either case.
Options here are same for both IPv4/IPv6 use a VPN/tunnel/proxy/Tor-like overlay or regularly convince your ISP to grant you a new address (dump lease / change MAC / reconnect) unless of course they are in cahoots with trackers.
Just add another byte (5-byte IP address) and we're okay for another 20 to 50 years with a trillion addresses.
But cookies would have to use something like your MAC addresses, or some other physical (read layer 2) info in order to have a count of your devices. In layer 3 - the IP layer - IPv4 can be used to track how many devices you are using, but IPv6 can't, due to the security extensions. So IPv4 vs IPv6 is no longer an argument if a foreign host, like Facebook or Twitter, is using something outside layer 3 to track everything about you
If I'm the kind of person who is worried about the lack of NAS leading to people tracking me more effectively, why don't you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?
IPv6 seems dedicated to preventing me from hiding. Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.
If somebody outside knows your /64 and they run a website, they can use their knowledge of your /64 to block you from getting into their site. But if they want to attack any of your devices, they need to know your entire /128 address, not just your subnet address, and that's where your device hopping b/w the addresses in your range helps.
How does one get Verizon/MCI to update?
Mac addresses aren't needed, a random number does just fine. The whole idea of cookies, the definition of a cookie, is that the device returns back the same value that was previously set. So the server sets a cookie called device=7573+4758585 and next time the browser sends back that number.
Obviously the cookie is only one of many parameters used. Cookies might be "blocked" (which often just means they are cleared when you shut down your browser, session cookies typically aren't blocked). To "track" a user, to recognize the same user when they come back, you look at maybe eight or ten different parameters. Any three of the eight are sufficient.
I tried the test at http://test-ipv6.com/ cited in the article. It said "Connections to IPv6-only sites are timing out. Any web site that is IPv6 only, will appear to be down to you."
According to the test site Down For Everyone Or Just Me at http://downforeveryoneorjustme..., the IPv6 test URI http://ipv6.vm1.test-ipv6.com/... -- timed out for me -- is down for everyone. The IPv6 test URI http://2001470118119/ip/?callb... gives the result "Huh? [2001:470:1:18::119] doesn't look like a site on the interwho." (While the IPv6 address in that URI copied and pasted correctly in http://downforeveryoneorjustme..., Slashdot's editor for this comment deleted the colons in the preview.)
I have a browser extension that displays the IP address of whatever Web page I am viewing. I often see IPv6 addresses in that display. While some IPv6 addresses might not be available to me, that could be a case of a server down or the address defunct. In any case, Web sites with IPv6 addresses do not appear down for me.
While my browser does indeed render IPv6 Web pages okay, I have disabled IPv6 for my newsgroup (NNTP) reader. One NNTP server to which I subscribe too often times out unless I disable IPv6. I do not know if that is a problem with the server or with my NNTP reader application. I really do not care.
It takes twice as much work to configure IPv6 (assuming you need to keep supporting IPv4). It's no big deal if you are just configuring a few switches, but if you talk about the number of routers a large ISP has, it becomes a lot of work. So, until they get close to running out of IPv4 addresses to assign to customers, don't hold your breath.
An engineer who ran for Congress. http://herbrobinson.us
Are there any other subnet sizes in VLAN that are used? Incidentally, /96 makes more sense than /64, and had that been the rule, having automatic routing embedded in the global prefix would have been more achievable