Mapping the Spectral Landscape of IPv6 Networks

Trailrunner7 writes: Like real estate, we're not making any more IPv4 addresses. But instead of trying to colonize Mars or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses. IPv6 has an address space of 2^128, compared to IPv4's 2^32, and as the exhaustion of the IPv4 address space began to approach, registries started allocating IPv6 addresses and there now are billions of those addresses active at any given time. But no one really knows how many or where they are or what's behind them or how they're organized.

A pair of researchers decided to tackle the problem and developed a suite of tools that can find active IPv6 addresses both in the global address space and in smaller, targeted networks. Known as ipv666, the open source tool set can scan for live IPv6 hosts using a statistical model that the researchers built. The researchers, Chris Grayson and Marc Newlin, faced a number of challenges as they went about developing the ipv666 tools, including getting a large IPv6 address list, which they accumulated from several publicly available data sets. They then began the painful process of building the statistical model to predict other IPv6 addresses based on their existing list.

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction. Grayson and Newlin wanted to find as many live addresses as possible and ultimately try to figure out what the security differences are between devices on IPv4 and those on IPv6.

2^128 != Infinitely large

Remember when /. used to be a tech site that knew "large, but finite" wasn't the same as "infinite"?
Pepperidge Farm remembers.

Natalie Portman would be ashamed of being referenced by a site like this!

Re:2^128 != Infinitely large

[CaptainDork]

Remember when /. was a content aggregator, providing news for nerds, stuff that matters and not the goddam author of the fucking articles?

Re:2^128 != Infinitely large

[jellomizer]

I could say I remembered a time when Slashdot didn't get fixed into details of semantics. However that was never the case.
2^128 would be enough for every atom on earth to get an address. So in essence it is more then we could ever conceive of using. In terms of practicality the supply of address is so high, we can treat it like infinity

Re:2^128 != Infinitely large

[Athanasius]

But then you have to take into account that any IPv6 endpoint is meant to have a whole /64 to itself to allow for the automatic host part of an address based on MAC address, or the privacy addresses, or .... And then any ISP is meant to be giving /56 (or even more) to each customer, so as to allow them to do some subnetting themselves without abusing the /64 (like I do).

So, we're mostly left with something like 2^56 effective IPv6 addresses, 2^64 if you squint. It's still a huge number, but not anything like as large as the full 2^128.

Re:2^128 != Infinitely large

[Calydor]

For the purpose of determining active addresses, though, it's still 2^128. Just because every customer is given a /56 doesn't mean that every single one of those addresses is useful and active.

Re:2^128 != Infinitely large

[morethanapapercert]

I do remember when /. was a content aggregator. At the time, people complained that the posted articles were things they had already seen elsewhere. (quite often weeks before) There have been a few times in /. history where the staff flat out asked the users for suggestions on improving the site. One perennial suggestion was to provide meaningful, original content. This article is clearly geek worthy, whether it matters is subject to individual taste, so they are fulfilling their mission statement.

Re:2^128 != Infinitely large

[CaptainDork]

Anyway, submit your original content.

Re:2^128 != Infinitely large

[thogard]

People are scanning IPv6 the same way they used to brute force SNMP MIBs.

There are two different issues. First is finding networks and the second is finding hosts on a network.

You start by mapping the routable /32. You can take short cuts if you have access to a global routing table. That drops the number of networks from about 4 billion to less than 2,000 with no scanning at all. Inside each /32 is a /48 to /56. Once again a global routing table will reduce the search space. The right kind of ping can tell you if a major ISP is doing anything with each /56 for a probe. Repeat for each active /56 to find out active /64. Now you have a mostly complete list of active and correctly functional IPv6 networks in the world.

Finding machines on the network is the hard part because they should be hiding behind a 2^64 random number. If they are servers they might have a vanity number like ...::dead:beef or more likely ...::1. Sysadmins will tend to give useful number to external hosts or even workstations. Assuming ..:site:floor:cube will find hosts in large companies. They might use a MAC based address which reduces the search space to known workstation vendors. If someone hits my website with a Dell MAC based IPv6 address, I can assume they have other Dells of about the same age on their network so nearby MAC address might hit a host.

People say IPv6 doesn't do NAT. If you use random /64 addresses, that isn't any different than using random port numbers to hide the way NAT does. The only major difference is if a session has already been established but most cheap NAT routers don't care. If your NAT router can be reset without ending long running sessions (like ssh without keepalives on), your current NAT setup is less secure than using fast rotating IPv6 addresses. There is more entropy in a random 64 bit IPv6 than 16 port NAT source port+sequence number and most only use the source port.

golang?

[QuietLagoon]

I've been seeing some golang spider probing my websites in an odd way, so now it is blocked.

Re:golang?

[CaptainDork]

That was invented by Evonne Goolagong and, sure, her racket had a kind of "web," (sorta), but it's not blocked.

Sadly, she died.

natz r sikyoor

i'm safe because i'm behind a nat.

Re:natz r sikyoor

One of the major benefits to IPv6 is the elimination of NATs. NAT is simply an useful work around to handle the limited IPv4 address space. Once IPv6 is universally implemented, NATs will be simply an obsolete technology.

Re: natz r sikyoor

[Midnight+Thunder]

There are bound to be some people to find a way to implement a NAT, for whatever reason.

One thing I am curious about is how mobile hotspots will work? From what I understand you phone is creating a NATed subnet, using the single IP address assigned to you, but how will that work in the IPv6 world without NAT?

Re: natz r sikyoor

[Midnight+Thunder]

Turns out there is this for mobile hotspots: https://lkhill.com/ipv6-based-...

Re: natz r sikyoor

[jd]

With IPv6, your computer generates a universally unique ID that allows connections to be sent to your current hotspot.

Radvd allows the prefix to be attacged to your computer's suffix to make a unique IP address.

Dynamic DNS ensures that if your computer is named, the name is usable for your current hotspot endpoint.

MTU discovery ensures that there is zero fragmentation, so no problems with stateless firewalls.

Re:Infinity is larger than that

It also says "bizarre format that doesn't lend itself to simple analysis or prediction". Come on, it's just a hex number, how much simpler could it be?

Nothing Bizare about IPv6

[rahvin112]

The Post author is completely wrong when he says that IPv6 is in some bizarre format. IPv6 is exactly the same as IPv4, it's block of numbers. The primary difference is that IPv4 was arranged in a set of 4 blocks of 255 bit numbers. This was workable with a 32 bit address. Ipv6 on the other hand has 128 bits.

To handle a 128 bit address with the same 255 block format of ipv4 you'd need 16 blocks rather than 4. To make this easier and narrow it down to just 8 blocks of 4 digits they decided using HEX would be easier. The addressing scheme was also designed to solve many of the problems Ipv4 had, including automatic creation of a private locally addressable-only address space (the link local).

They also added an address assignment scheme that didn't required DHCP to find an assign an IPv6 address. This is called SLACC and in theory makes it trivial to setup an IPv6 network of devices without needing to build a huge DHCP server (for example in a factory where machinery needs IP addresses but have very primitive computing resources). They also designed the network so that it wouldn't be fragmented requiring huge BGP tables. Every Ipv6 network address is supposed to come with 64 bits of addresses for the user (providing the ISP complies with the RFC and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

There was a lot of though that went into IPv6 into solving a lot of the problems of IPv4. It does take a little getting used to because the numbers are so much bigger and it uses HEX by default to narrow down the number of digits. But other than the spin up of learning about all the new features of IPv6 and getting used to using HEX addressing it's quite a bit nicer to use IMO.

Re:Nothing Bizare about IPv6

[110010001000]

They probably just discovered nmap and now are "security researchers".

Re:Nothing Bizare about IPv6

[sosume]

Maybe it's not bizarre for someone with years of background, but to regular users, the address format is the biggest hurdle to adoption. I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex. Whoever designed that should be put against the wall retroactively.
My IP is ::::ff::00 -- say what? My gateway address is ::::323::f0::c7, so my local address is ::::00::e1::27??

I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address. The IPv6 scheme is crap and will NEVER be embraced by users.

Re:Nothing Bizare about IPv6

[stooo]

>> but to regular users, the address format is the biggest hurdle to adoption.
That's OK.
Regular users don't need to do anything with an IP address.

Re:Nothing Bizare about IPv6

every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network

Actually you have as many internets worth of IPv4 addresses as there are IPv4 addresses on the internet: 2^32 times 2^32. Don't you think that some of the iimplications of the IPv6 addressing scheme could be considered bizarre? Or how there is no ARP, and every interface has multiple IPv6 addresses, and there are things like "valid" prefixes and "preferred" prefixes and associated addresses and lifetimes? IPv6 is almost nothing like IPv4, except that it uses a number of bits as addresses.

Re: Nothing Bizare about IPv6

[jd]

Easy.

The top two bytes identify packet type.

The next two bytes are the ID of a router.

The next two bytes are the ID of a router on a given connection.

And so on, until you reach 48 bits that identify the computer on a router.

From any given point, you care about the two bytes above and either the two bytes below or the 6 bytes below if they're the last 6.

It's the equivalent of being given directions. Take a left at the third roundabout, then take a right at the second traffic light.

There's no nine year old outside of vegetative state that can't understand that. V4 is far more complex.

Re:Nothing Bizare about IPv6

It is not that hard to get up to speed with IPv6.

IPv6 Primers:
Quick 6 minute video on IPv6 addressing and subneting: https://youtu.be/dUmhZOnz_qc
Tech Quickie: https://youtu.be/aor29pGhlFE

Microsoft has a really in depth guide to many aspects of IPv6. It is a really long read, but worth it to get in depth knowledge on the subject.
https://docs.microsoft.com/en-...

Re:Nothing Bizare about IPv6

[rl117]

The scheme is simple and takes just a few minutes to familiarise yourself with. That's all it is, familiarity. By the way, you only need two colons "::", which means "pad blocks with zeros". The rest are redundant. For example my link-local address is currently fe80::e2d5:5eff:fea8:50c9; my global address is something like 2001:8b0:860:ccbe:243b:81de:43b2:fb37. So it's 8 blocks of 4 hex digits, separated by colons, with optional eliding of ":0000:" with "::". That's it. Your nine year old should be able to understand it just as well as IPv4. He won't even need to learn about all the different IPv4 network classes.

Re:Nothing Bizare about IPv6

I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address. The IPv6 scheme is crap and will NEVER be embraced by users.

The 4 in IPv4 isn't the number of bytes. That's a coincidence. Your suggestion would result in IP address like 10.1.192.168.1.7.182.232.193.125.27.0.125.92.23.55. *Now* do you see why they had to come up with a scheme?

Re:Nothing Bizare about IPv6

The problem with /64 being the smallest subnet possible translates to the actual usable number of IP adresses in IPv6 not being 2^128 but more in the range of 2^72 (assuming 256 devices per /64) since too many device in the same subnet cause problems as well.

Combined with other wasteful decisions (organisations getting /32 subnets, some even wanting /16!), the question how long IPv6 will last us is already on the table.

Then there are privacy implications since the MAC address of the interface becomes part of the IP. Yes, privacy extensions help, but why not think about this from the beginning?

Re:Nothing Bizare about IPv6

Ha,ha, ha, ha,... Pull the other one.
I can't even begin to describe the number of times a connectivity problem went from "no clue why" to resolved simply by knowing the IP address of the target.

Yes, I'll be able to use tools locally to trace and map. What about remote locations without any actual IT or technical experience whose systems are not under my control and the only access I have is talking to a "extent of technical understanding is there is a power button"?

Re:Nothing Bizare about IPv6

[UnknownSoldier]

> I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

A phone number uses dashes as separators and is in base 10; IPV6 uses colons and is in base 16. Is it really THAT hard to understand??? (Also you don't write leading zeroes which is true in any base.)

e.g.
* 555-1234
* ::55:12:34

> adding two octals to the current IPv4 scheme.

Because if you are going to require a completely new incompatible scheme it is better to plan for the future and make sure you never run out of adddresses then to band-aid a half-baked kludge that will be obsolete sooner rather then later.

Re: Nothing Bizare about IPv6

Parent mentioned *Regular* user though.

Re:Nothing Bizare about IPv6

My Children as young as 8 know what an IP is and use them to set up their Minecraft servers and connect with each other to play. Any kid trying to host a teamspeak or Minecraft server knows what NAT is.

There's lots of reasons users want to know their IP address.

Re:Nothing Bizare about IPv6

Clean routing necessitates lots of wasted IPs. Defragging IP addresses is not feasible. You need to assume that each block may have a ton of devices. In order to have a low risk of running out of IPs in order to maintain a contiguous block, you give out huge blocks to everyone. As a result, the IPv6 route table will be a small fraction the size of the IPv4 route table. The IPv4 route table is growing exponentially as new routes are created and existing blocks have to be fragmented.

Re:Nothing Bizare about IPv6

[CaptainDork]

Yeah, I used Excel to generate a whole list of IPv4 and port combinations to scan and record open ports. Then I'd reduce the population to that useful subset and continue refining until I could get positive hits on common ports like FTP, RDP, Telnet, SMTP and all that simple stuff and entertain myself for hours.

IPv6 was too hard for automation so I stick with IPv4.

All you bastards or bitches, as may apply are welcome and stuff.

Re:Nothing Bizare about IPv6

[Monster_user]

The lack of an ARP table is because it is redundant in IPv6. The IPv6 is supposed to be the MAC address.

Otherwise, I wouldn't consider it bizarre, but flexible. Older networking schemes were designed for limited devices with limited performance capabilities. IPv6 is designed for a future of nearly unlimited devices, and a wide variety of capabilities.

It is quite possible that either the guys deciding on IPv6 couldn't decide on its implementation, and so built flexibility to allow it to be implemented naturally and see which method wins out. Or they perhaps saw the IPv4 scheme running out of addresses and took that as a lesson learned and designed the scheme they wanted, but designed into a way to extend its lifespan when the ideal usage was no longer feasible.

Re: Nothing Bizare about IPv6

well you better hurry up and get used to it, because mobile carriers are already starting to take away your precious IPv4 entirely and force you to use IPv6 only, and implementing IPv4 as a service.

Re:Nothing Bizare about IPv6

IPv6: Hello class, the first artist we will study is Pablo Diego José Francisco de Paula Juan Nepomuceno María de los Remedios Cipriano de la Santísima Trinidad Ruiz y Picasso.
IPv4: Hello class, the first artist we will study is Pablo Picasso.

The former makes perfect sense if you understand the schema, the latter is simply easier to work with.

Re:Nothing Bizare about IPv6

First off, if you're going to complain about something, you really ought to know what you're complaining about. The various addresses you mention are quite frankly. WRONG and INCORRECTLY formatted. An IPv6 address is simply 8 groups of 4 hexadecimal numbers. Then to reduce the length of the notation, you first remove any leading zeros. And finally, you can eliminate the largest string of zeros with "::". A properly formatted IPv6 address will have at most ONE pair of colons with nothing between them.

So let's take an example IPv6 address of 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Now let's get rid of unneeded leading zeros. 2001:db8:85a3:0:0:8a2e:370:7334
And finally, get rid of the longest string of zero groups. 2001:db8:85a3::8a2e:370:7334

Now contrast that to the BS examples you gave of ::::ff::00, ::::323::f0::c7, and ::::00::e1::27
The first value you gave had 6 colons, which is possible if you've eliminated two groups of zero. But you have the sequence "::::" which is quite illegal, you'll never see more than 2 colons in a row. And if you do see two colons in a row, you'll only see that sequence ONCE. Then your next 2 examples have 8 colons each. WHAT? That would imply 9 groups of 4 hex digits or a length of 144 bits, not the 128 bits of IPv6.

Re:Nothing Bizare about IPv6

[Midnight+Thunder]

If done right most users should never need to see an IPv6 address. Actually they shouldn’t need to see an IPv4 address. This is much the same as most developers don’t need to worry about MAC addresses. When there is a need then they’ll put up with it for as long as it is useful.

The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros. Also, base 16 provides for shorter display representations that using base 10 would have and avoids getting confused for IPv4.

Just curious what you would have suggested in its place, with example?

Re:Nothing Bizare about IPv6

See, you don't understand IPv6, but you want to tell others that it is not bizarre. The MAC address scheme you're talking about (EUI-64 interface identifiers, an expansion of the 48 bit MAC address to 64 bits) is not why ARP isn't used with IPv6. The IPv6 equivalent to ARP is neighbor discovery (ND). Lots of things about IPv6 feel like the result of design-by-committee, because they are, and some of it is the worst kind: academic design-by-committee. It's a text book example for second-system syndrome.

Re:Nothing Bizare about IPv6

[cascadingstylesheet]

>> but to regular users, the address format is the biggest hurdle to adoption. That's OK. Regular users don't need to do anything with an IP address.

Except tell them to websites and services that have inadvertently blocked them.

And sometimes, if they are super helpful, provide them to developers who are troubleshooting issues ...

Re:Nothing Bizare about IPv6

Actually, phone numbers are also in base16 - though the end user has no way of dialing {a..f}. It's mainly a curiosity, but they're used internally for diagnostics and range remapping...

Re:Nothing Bizare about IPv6

If IPv6 were going to happen it would have happened long ago.

The biggest problem nowadays is not exhaustion of IPV4 address - we have learned to live with NAT - but the ability to persist a connection when my device moves from one hotspot to another or from one cell tower to another. IPv6 does not solve this problem.

Re:Nothing Bizare about IPv6

[Monster_user]

It was a brainfart, what I got wrong was IPv4's ARP.

That description sounds a little like RIP, etc., being merged with ARP in a single purpose entity. Thus arp isn't a simple cache table of local addresses, but also a routing table.

Re:Nothing Bizare about IPv6

You're making it worse.

Re:Nothing Bizare about IPv6

[JesseMcDonald]

The IPv6 is supposed to be the MAC address.

No part of the IPv6 requires the MAC address to be part of, or even related to, the IPv6 address. It has always been possible to assign arbitrary addresses manually using any suffix you prefer. It is true that many implementations use EUI64 for auto-generated addresses by default, which embeds the MAC address in the IPv6 address suffix as an easy way to make it both stable and unique. However, if you want to avoid sharing your MAC address you can turn on privacy extensions—the relevant RFC dates back to 2007, and is widely implemented—or else enable RFC7217-style stable-but-opaque address assignment based on a GUID and the subnet prefix. In the former case the address suffixes will be random and ephemeral, and will be rotated periodically to thwart tracking. RFC7217 address suffixes by contrast are based on a hash of an arbitrary 128-bit persistent GUID and the network prefix, so they don't change so long as the network remains the same, but if you connect to a different network you'll get a different suffix.

Re:Nothing Bizare about IPv6

255 bit numbers!!! Fuck me! - are you trying to map every atom in the universe?

Re: Nothing Bizare about IPv6

[jd]

The original design stated that the design of the IP addresses was guaranteed heirarchical (so machines only ever looked at a 16-bit value at a time, so using less time and less hardware) and that DDNS made this largely irrelevant except to engineers.

Who would naturally prefer a telescopic address where they need only look at 16 bits.

Everyone else should exclusively use names.

Re:Nothing Bizare about IPv6

[arth1]

The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros.

IPv4 also has that.
127.0.0.1 can also be written 127.1
192.168.0.1 can also be written 192.168.1

Re:Nothing Bizare about IPv6

The unwashed masses can read a number between 0-256, they can't read hex. The engineers behind IPv6 failed the KISS principle. Look through any IPv6 forum and you will find the most common question that repeatedly gets asked is how to read an IPv6 address. The 2nd most common is what a private range of addresses is for someone wanting to manually configure addresses on their home network. IPv6 is a flaming s*#$-pile of failure.

Re: Nothing Bizare about IPv6

[jd]

Those addresses aren't possible, so irrelevant.

The format is: (type):(network prefix):(computer suffix)

How, exactly, is that hard?

There are dead people who can understand that.

As noted by others, you can never have ::::

Since the prefix describes a path, it will typically have no long sequences of zeroes. You get those between the prefix and suffix.

So it's more likely you'll get: (type):(prefix)::(suffix)

What if you want to use your IPv4 address as your suffix? That's fine. ::(ipv4) is a perfectly valid suffix.

5f0b:1700:c047:1400::800:200d:1cfe

Would refer to the test network (5f0b), with a network address of 1700:c047:1400 and a computer address of 800:200d:1cfe

This is not rocket science.

With DDNS servers, you can have the name be assigned an IP address by construction at time of connection. Everyone else will.

As a result, your computer will be fed live DDNS updates as the Internet changes, for computers you care about and no others.

When querying the nameserver heirarchy for an address, you get the current address. That information will be guaranteed fresh because state information for MobileIP traverses the Internet. It has to. And it contains the instruction that whatever went to one prefix now goes to another. Your DDNS will adjust accordingly.

A five year old can master the idea that if you've gone for a walk, a different road will lead to the same endpoint (the car).

I have no sympathy for those who lack the navigational skills of a five year old.

Re: Nothing Bizare about IPv6

What? You are an idiot if you believe this.

Re: Nothing Bizare about IPv6

That's it, only 8 blocks of 4 hex.

Meanwhile IP is 4 blocks of 1-3 digits.

Re:Nothing Bizare about IPv6

[rl117]

It's happening. Look at this graph. Growth was exponential from 2010 to 2017, taking it from 0.1% to 16%. The last two years have been mostly linear, from 16% to 26% (~5%/year). The last 8 weeks alone have seen a 1.5% increase; that's equivalent to all the growth from 2010 to July 2013! 3.5 years compared to 8 weeks for the same improvement. We're well into the implementation phase now, with over 1 in 4 users using Google services over IPv6; the actual number is even higher, because Google underestimates it by requiring IPv6 to be explicitly whitelisted by them. It is taking time, no doubt about that, but it is happening at a decent clip now, and the pressure to provide it will increase. Already most of my internet traffic is over v6, and it's also more reliable. We're not far off the tipping point where it will start to be required.

Re:Nothing Bizare about IPv6

[mea2214]

Just fired up a Comcast Business circuit. While getting my network working for IPv4 I pinged 8.8.8.8. I had things misconfigured for IPv4 but the IPv6 pings were working. That was truly bizarre.

Re: Nothing Bizare about IPv6

[jd]

Easy, with IPv6.

By knowing the IP address of the problem, you know the precise location of the problem from a network point of view.

With IPv4, you don't. It's classless with arbitrary subnetting.

With IPv6, the 16 bits before identify the precise location on the network of the feed going in. No hunting up GeoIP maps. Don't need em.

The 16 bits that change at the break, and ONLY 16 bits will have changed at a time, that is guaranteed, you know the precise location on the network of the specific fault. Remember, an interface has an address, not a machine, and addresses are based on upstream prefixes.

The prefix always comes from upstream.

And that means you know the direction of the link, where each side is located, even what manufacture each router is if the MAC is physical not altered or logical.

What else do you know? IPv6 is self-healing. It'll fix breaks if it can, without losing any connections and with renumbering the doenstream network if necessary.

So if there's a problem, you can afford to be more aggressive. It won't hurt, unlike IPv4 which can't cope.

Re:Nothing Bizare about IPv6

[rahvin112]

IPv6 was designed to make asking for an IP address obsolete in that it could configure itself automatically with self-discovery.

People are so used to IPv4 they forget how difficult it was to learn when they first started. One of the IPv6 design goals was to get rid of the whole what is my IP and where do it type it in phase of network setup. You don't need to know your IP, or your netmask or gateway, IPv6 can self discover all of that in addition to being able to self identify local network segments and route traffic accordingly to those adjacent clients without the need for a router.

Re: Nothing Bizare about IPv6

[jd]

With IPv6, there's no such thing as "your" IP address. You own a suffix. In fact, you own one suffix for every network adapter, physical or virtual. The prefix is added by the network.

This gives you freedom of movement. Your suffix is as valid in Canada as it is in the Canary Islands or down Canary Wharf. As long as you have an account with the ISP, you can connect anywhere.

But because the suffix alone identifies you, you can travel to all these places and not drop a connection. It moves with you, because it's only directed to the suffix. The prefix is just the directions to get there and those can change at any time.

Your router has an address, too, but it also has a 16 bit number. It gets a prefix from whomever it connects to, it puts that 16 bit string on the and, and that's the prefix your computer is given.

Imagine a children's game, where a parcel is wrapped up. On the paper is an instruction to hand the parcel to the fourth child down. They unwrap one layer and get an instruction to take the parcel six children up. Pass the parcel with an addressing mode.

That's how IPv6 addresses work, except when corrupted by IPv4 complexities. But that's a problem of the complexities, not IPv6. Can't blame 6 for holdovers.

Re:Nothing Bizare about IPv6

[bugs2squash]

That's the tip of the iceberg though. There's link local addressing, how subnetting is handled etc. and that's even without going into the other aspects of the protocol like extension headers and replacement of ARP, tunneling IPv6 over IPv4 and vice versa etc. It's a lot to take in.

Re: Nothing Bizare about IPv6

[jd]

How is it hard?

Remember, (type):(prefix):(suffix)

Where everything in the prefix is either a 16 bit identifier for a router at a particular level or a zero - and 16 bits of zeroes are only possible if what is left is the suffix.

So, you have a 16 bit pointer into a 16 bit pointer into a 16 bit pointer and so on until you reach the 48 bit suffix.

Tables that point into tables. And you found you couldn't manage this in automation.

Pardon my whilst I spill tea laughing helplessly.

This is not only the simplest possible addressing scheme, other than TUBA, but it's designed specifically for automation and, more importantlt, to be both quick and easy to implement and quick and easy for the machine to process.

And you can't manage it.

Ok, to be fair, you're using Excel. Visicalc might have been better. Anything that supports table linking four deep. You might want to consider a spreadsheet linked into a database, have the database do the relationships since you're not feeling up to it.

Re: Nothing Bizare about IPv6

[jd]

You can't have smaller subnets and guarantee unconditionally that people can move around the network from router to router, ISP to ISP, without losing connection.

The /64 is the real address, the prefix is the address of the address. Indirection.

When you move between networks, your prefix changes. That information propagates over the Internet, so that all packets heading to your former network location get redirected.

People ask about NAT and IPv6. This is it. This is NAT that is restricted to the prefix alone. Packets from your old address are SNATed, packets to your old address are DNATed. Although it would be bizarre for your relocation packets to reach and pass data packets you'd sent out earlier.

Re: Nothing Bizare about IPv6

[jd]

How?

With IPv4, I have to worry about whethet I need to use RARP, BOOTP or DHCP, whether the subnetting will clash with naive defaults in software, whether I need to traverse passive firewalls, what sort of service discovery protocols are supported and for what, whether there's security on the network or if I must bring my own, whether any software routers might interfere with the network.

That's complicated.

With IPv6... Autoconfigure replaces all of the bootstrap systems. Anycasting is the preferred service discovery. There's no arbitrary subnetting, per se, it's a fixed topology. MTU autodiscovery means passive firewalls aren't an issue. IPSec is the norm. Because addressing is heirarchical, it doesn't matter what you connect to your computer, it's considered a subnet by the fact that there's something betwern A and C.

So all that sweating with IPv4 and none of it applies to IPv6.

That's less work.

Re: Nothing Bizare about IPv6

[jd]

On the contrary, persistance is precisely what IPv6 solves. That's why the prefix is a network address and the suffix a computer address.

This is explained in the RFCs but I'll go over it here.

If you move from one hotspot to another, your old address becomes transient. The Internet routers get an instruction, over a fixed TTL, to DNAT anything currently going to the transient address so that it now goes to the new address.

You do not lose the connection.

From the RFC:

The Mobile IPv6 protocol is just as suitable for mobility across homogeneous media as for mobility across heterogeneous media. For example, Mobile IPv6 facilitates node movement from one Ethernet segment to another as well as it facilitates node movement from an Ethernet segment to a wireless LAN cell, with the mobile node's IP address remaining unchanged in spite of such movement.

From the RFC:

There is no need to deploy special routers as "foreign agents", as in Mobile IPv4. Mobile IPv6 operates in any location without any special support required from the local router.

Re:Nothing Bizare about IPv6

[rahvin112]

Using that same page if you look at US adoption it's actually 35%, once it gets past 50% it'll likely go exponential again until it wipes out IPv4 because there will be groups that start dropping IPv4 due to the adoption rate.

You'll already find most cellular connections are Ipv6 only.

Re: Nothing Bizare about IPv6

[jd]

It's the spec. I guess only idiots read those, in your world.

Re:Nothing Bizare about IPv6

[rl117]

Most of that can be ignored though. Tunelling is dead; ignore it. It's 0.00% for the last couple of years, 0.01 or less for the last 6 years. 26% native today. So not important to learn-just go native. Link-local can be ignored for the most part; avahi/zeroconf and the like make it transparent. Subnets are also ignorable since it's part of the first 64 bits after the routing prefix; there is nothing to configure. For regular setup and use, all of this should be transparent and ignorable for the common case scenarios. On my network, it's all automatic with SLAAC, connect and it works.

Re:Nothing Bizare about IPv6

[rl117]

A few times recently I've had the IPv4 networking randomly break, but all the IPv6 services and websites worked without interruption. The autoconfiguration is worth something. Better than NetworkMangler which is the cause of the IPv4 outages, no doubt.

Re:Nothing Bizare about IPv6

The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros.

IPv4 also has that.
127.0.0.1 can also be written 127.1
192.168.0.1 can also be written 192.168.1

Oh?
If I see 127.1, there are lots of ways of expanding it. Let's see now.
0.0.127.1, 0.127.0.1, 0.127.1.0, 127.0.0.1, 127.0.1.0, or 127.1.0.0
And 192.168.1 gives me
0.192.168.1, 192.0.168.1, 192.168.0.1, or 192.168.1.0

So which is the correct way to add those missing zeros? And what's your justification?

Re:Nothing Bizare about IPv6

[Hadlock]

Ideally everyone is using DNS or some variant. The only time you should be at the IP level is for debugging.

Re:Nothing Bizare about IPv6

[WaffleMonster]

I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

I don't understand IPv4 either. It's so damn hard. At least if I want to go to sprints website via IPv6 I can browse to 2600::

Via IPv4 it's this jumbled mass of meaningless seemingly random numbers with all of these dots all over the place. 65.173.211.241 ? ? ?? ?

::::ff::00 ::::323::f0::c7 ::::00::e1::27

These are invalid. Zero compression can only be used once.

I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address.

Most people have control over at the very least last 64-bits of their address. My public IPv6 address has only 5 sets of numbers in it and is actually easier to remember than your example.

The IPv6 scheme is crap and will NEVER be embraced by users.

IPv6 addresses don't have to be much harder than IPv4 to handle manually. You control at least the last 64 bits...leverage that... don't let SLAAC's auto assigned gibberish make you an IPv6 hater.

Re:Nothing Bizare about IPv6

[Ross+Finlayson]

...and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

Actually, 64 bits gives you 2^32 (i.e., about 4 billion) "IPv4 networks worth of addresses to use on your own network". Behold the power of exponentiation!

Re:Nothing Bizare about IPv6

[Darinbob]

If you're a regular user then even IPv4 can be complicated... I think you mean as a regular sysadmin, or regular network support guy.

IPv6 is in hex because in the dotted style of IPv4 you'd have 16 numbers. Not just 2 extra octets. So your address might be 1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16. Do you really need to know all those numbers? A colon is the same as a dot, so that's easy. Hex is easy for anyone who knows about IPv4 anyway, so no worries there. The only snag is the double colon '::', which is pretty easy to learn, and you can suppress leading zeros in groups (ie, :;1 is your localhost loopback, same as 127.0.0.1). The only hard part is that there are more numbers.

The only slight advantage you get with IPv4 is that *some* people can readily recognize prefixes for their local subnets and such. Sure, in your building that you are an IT goon for you can recognize addresses by visual inspection, but if you have 20 million nodes you have to deal with then you need a different way of working.

A lot of things don't change too much - you will probably have only a handful of 64 bit prefixes that you ever need to worry about in practice and you learn to recognize them. FE80:: is the link-local prefix, which is often used in the same context that you will see ipv4 private addresses (192.168.0.0/16, etc).

So as a company you can get a unique 48 bits for network address, you have 16 bits to do whatever you want with subnetting, and combine with the 64 bits of the interface address of the device. There's a huge amount of stuff you can do with that that you could never do with IPv4.

Re: Nothing Bizare about IPv6

[Darinbob]

Remember too, IPv4 was designed when the internet only had thousands of nodes and was meant to support millions of nodes. Today we need support for billions of nodes or more. The IPv4 style just won't cut it. You can't just add a couple more bytes and think that the problem is solved.

Seeing someone object about going from IPv4 to IPv6 is like freeing someone from a cage who then complains that standing up straight is unnatural.

Re:Nothing Bizare about IPv6

uhh, I have never heard of that and for your 2nd example "192.168.0.1 can also be written 192.168.1"

How do you distinguish between 192.0.168.1 and 192.168.0.1?

Re:Nothing Bizare about IPv6

[Darinbob]

Great, then they'll know how to cut and past an IPv6 address into their Minecraft settings.

Re:Nothing Bizare about IPv6

[arth1]

uhh, I have never heard of that

I take it you're not a sysadmin, then :p
Especially 0 for 0.0.0.0 and 127.1 for 127.0.0.1 are common.

and for your 2nd example "192.168.0.1 can also be written 192.168.1"

How do you distinguish between 192.0.168.1 and 192.168.0.1?

Because the zero shortening is just a side effect of the actual rules:
An IP address with four elements is treated as four 8 bit values
An IP address with three elements is treated as two 8 bit values followed by a 16-bit value.
An IP address with two elements is treated as an 8 bit value followed by a 24-bit value.
An IP address with one element is treated as a 32-bit value.

From this follows that when used to just drop zeroes, it will drop zeroes either for the two middle elements or only the third element.

The most famous of Google's DNS servers can thus be referenced as:
8.8.8.8
8.8.2056
8.526344
134744072

Re:Nothing Bizare about IPv6

[arth1]

The zero shortening is a side effect of IP addresses not necessarily being dotted quads, but can also be triplets, doubles or single numbers, in which case the last number is 16, 24 or 32 bits.
That means that 127.1 always is identical to 127.0.0.1 and 192.168.1 is always identical to 192.168.0.1
See my other post for more details.

Re:Nothing Bizare about IPv6

[marka63]

You read them by saying each value and using the word colon. fd93:7065:ab8e:: is eff dee nine three colon seven zero six five colon ...

FD00::/8 is the equivalent of RFC 1918. You pick 40 random bits (toss a coin 40 times, tails=0, heads=1) and append them to FD to give you a /48 prefix which is your site prefix. (e.g fd93:7065:ab8e::/48). You then have ~65000 /64 subnets to use.

That said your ISP will delegate you a prefix using prefix delegation. Typically it will be a /56 which will give you 256 /64 sized subnets which your routers will automatically assign to links as needed. The ISP is allocated IPv6 address space from the RIRs with the assumption that they will hand out /48's to customers. If the /56 is too small complain to your ISP as they have more space to give you. If your ISP only gives you a /64 find another ISP as they are not doing the correct thing.

Re:Nothing Bizare about IPv6

Regular users don't need to do anything with an IP address.

Which is why I asked "Why not just replace IPv4 with DNS? We need it for TLS anyway, and by everyone having a static DNS address assigned to them, it would be easy to verify. Even with CNAMEs for 'publicly known' locations, it's still ridiculously easy to check for. Hell you don't even need personal info being handed out. Just give each router / host a human recognizable name (word) and the chain of static sub-domains becomes a mnemonic."

But no that was too easy. They needed a ridiculously long hex stream that no-one would understand and even the hardcore geeks wouldn't notice the typo after the latest hour's worth of troubleshooting. They absolutely had to have a system that would not solve the original problem of running out of address space due to a fixed address length. They couldn't bear the thought of not having a system that would have all kinds of "shortcuts" that would make debugging harder to do by omitting parts of the addresses. And of course the coup de grâce: They demanded from the heavens that everyone would need to replace their existing network stack so they could make the problems worse not better. *facepalm* And they want to know why adoption is so slow.....

Re: Nothing Bizare about IPv6

Comments like that are why many think that the IPv6 people are all on drugs. That is so very clearly not how any of it works that I have to question your reason for posting so many comments with this bullshit.

Re: Nothing Bizare about IPv6

No. Step away from the keyboard and lay off the drugs.

Re: Nothing Bizare about IPv6

The Internet routers get an instruction, over a fixed TTL, to DNAT anything currently going to the transient address so that it now goes to the new address.

Yeah, except none of the fucking routers do that, because that would be an order of magnitude crazier than the IPv4 routing table size madness. All these high flying dreams that (unsurprisingly) turn out not to work in actual deployments are the reason why people are justifiably skeptical about IPv6. Second system syndrome out the wazoo.

Re:Nothing Bizare about IPv6

[thegarbz]

the address format is the biggest hurdle to adoption.

What is this IP address you speak of? A user doesn't care anymore. Plug two windows computers in a network they just work by name. Plug them into a modem they talk to the internet. Even that super complicated networky thing of setting up a router has been reduced to plug it in, turn it on and type http://tplinkwifi.net/ (or whatever address your router hijacks) and it magically works.

Basically these days the need for ipaddress is obsolete for users for any reason other than diagnosing why their network doesn't work, and when they do that they often follow a guide (or a script from some flunky on a phone) without ever understanding any of the terms.

If the user sees an IP address at any point, something is broken.

Re:Nothing Bizare about IPv6

[Midnight+Thunder]

I was not aware of that and this does not seem to be common knowledge. Add to that I have never seen an input field allow for that, in the case of IPv4

Re:Nothing Bizare about IPv6

[arth1]

Add to that I have never seen an input field allow for that, in the case of IPv4

People who design input fields are often idiots.
Most email address fields, for example, will reject many legal and working e-mail addresses, because the designers never consulted the actual RFCs.
To say nothing about names and addresses. (My "last name" is two words, no hyphen. And I used to live at an address that had no street.)

But using x, x.y and x.y.z forms for IP addresses really works. Try it in a web browser - if you have a local web server, http://127.1/ will work, as it should, and so will http://0/

Re: Nothing Bizare about IPv6

[SignOfZeta]

But because the suffix alone identifies you, you can travel to all these places and not drop a connection. It moves with you, because it's only directed to the suffix. The prefix is just the directions to get there and those can change at any time.

Well, you're right in how SLAAC assigns addresses, in that a node has the same suffix no matter where it goes. But traffic doesn't get automatically forwarded as you roam between IPv6 networks. (That requires another standard, Mobile IP or Mobile IPv6, to make that happen.)

Re:Nothing Bizare about IPv6

[SignOfZeta]

When Comcast Business first started handing out IPv6, I noticed that IPv4 pings were noticeably slower than IPv4 things. I had heard somewhere that Comcast had switched their entire network over to IPv6-native with IPv4 running through an automatic 4in6 tunnel, "IPv4-as-a-service." They've fixed the IPv4 slowdowns since then, so now both are nearly equal.

Balderdash.

[Nutria]

Like real estate, we're not making any more IPv4 addresses.

New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

Re:Balderdash.

Reality - we're not giving away FREE ipv4 addresses any more.

AWS just got 3.0.0.0/8 - I thought we'd run out? Oh wait, lots of big allocations still sitting basically unused all over the place.

Charge even $1/year and watch how much ipv4 address space frees up.

Re:Balderdash.

[ShanghaiBill]

Like real estate, we're not making any more IPv4 addresses.

New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

... and new real estate is made every time Kilauea's lava reaches the sea.
 

Re: Balderdash.

They aren't making any new IPv6 addresses either. Just like IPv4, they existed at the definition of the standard.

Re: Balderdash.

[jd]

Those are not new addresses, they're cohabited old addresses. Same way a block of flats is one building, not a hundred.

Re:Balderdash.

[fbobraga]

good catch

Re:Balderdash.

[fisted]

a VLAN in the 10/8 range

You, Sir, seem to have an excellent understanding of networking. Hats off to you.

</sarc>

Re: Balderdash.

Ah, that is were our addresses went. Last year all our networks got changed from 3.0.0.0 to 10.0.0.0 . I wonder how much Amazon paid to General Electric for this block.

Re:Balderdash.

[CaptainDork]

Mobil Oil has a class C that they are not even using. They got bought out by Exxon and those goofballs don't know about it.

Re:Balderdash.

[CaptainDork]

Balderdash comes to us from the Greeks (ca. Wally of Dilbert) in the form of the concatenated, corrupted words for "more bald," and "haberdashery."

It applies to old geeks who think "cool," is wearing their ties as a sweat band.

Re:Balderdash.

[Monster_user]

That seems to be how some ISPs are solving the problem of providing client modems with IPv4 addresses. PAT is an extension of IPv4 to provide pseudo IPs for those machines on the VLAN with a 10/8.

So an IPv4 isn't just 255.255.255.255, but it is 255.255.255.255:65536.

In the context of the summary, it would seem a valid claim, despite the debatable aspect of "creating" vs "allocating/re-allocating".

Re:Balderdash.

[squiggleslash]

IP addresses are intended to be routable. And that's the problem, those who claim we're not running out of IP addresses forget that, in practice, we haven't had enough IP addresses since the mid 1990s. Almost all devices end up having to use virtual IP addresses like those in the 10.x and 192.168.x ranges.

Ya, we know - thanks.

[fahrbot-bot]

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction.

Just wait until IPv8 comes out.

Re: Ya, we know - thanks.

[jd]

Already defined.

Re: Ya, we know - thanks.

Where is the spec? These mini updates look like Greek

Re: Ya, we know - thanks.

[jd]

https://tools.ietf.org/html/rf...
https://tools.ietf.org/html/rf...

This protocol was assigned v8 by the IANA.

Re:Ya, we know - thanks.

I'm waiting for my IPs to go up to 11.
I worry I may not live to see such a day.
Lost to eternal testing.

Re: Ya, we know - thanks.

During 1992 and 1993, the Pip internet protocol, developed at
      Bellcore, was one of the candidate replacments for IP. In mid 1993,
      Pip was merged with another candidate, the Simple Internet Protocol
      (SIP), creating SIPP (SIP Plus). While the major aspects of Pip--
      particularly its distinction of identifier from address, and its use
      of the source route mechanism to achieve rich routing capabilities--
      were preserved, many of the ideas in Pip were not. The purpose of
      this RFC and the companion RFC "Pip Near-term Architecture" are to
      record the ideas (good and bad) of Pip.

      The remainder of this document is taken verbatem from the Pip draft
      memo of the same title that existed when the Pip project ended. As
      such, any text that indicates that Pip is an intended replacement for
      IP should be ignored.

Re: Ya, we know - thanks.

Hierarchical adresses are obviously the way to go. Sort of like NAT, but less of a kludge. It's depressing to learn that it was on the table so long ago, but now we are still moving towards IPv6 - preserving the long-irrelevant idea of a 'flat' internet where every host is interconnected and a flat, global adress in a fixed format is needed.

Re: Ya, we know - thanks.

End to end principle, dumbass. Everything can talk to everything else.

Hierarchical routing leads to islands and isolation... An internet of Great Firewalls.

Re: Ya, we know - thanks.

I didn't go through all the specs for PIP, but there is no reason a hierarchical adressing scheme in general would prevent everything to talk to everything. An adress would be something like (ISP adress/subscriber adress/equipment adress) e g. Compare to physical mailing adresses; country/city/zip/street/number (or ...number/street). And where there's more than one apartment to a street number, you just tack on apartment number at the end. What is lost is just the idea that some of the packets sent from my PC could be routed over my printer instead of my router - all part of a homogenous network of equally interconnected hosts, that each could pass along packets towards its intented receiver.

When I say NAT is a kludge, I mean that the idea of repurposing the notion of ports as host-identifier should not be kept. Just the overall concept of nesting an adress within another.

Plenty Bizarre about IPv6

There is this odd blindness by ipv6 proponents about just how annoying and overly complicated they literally made everything, while also blocking normal approaches.

ipv4 addressing was in practice either static or dhcp. Simple to understand. And in a business, this works, DHCP hands out all sorts of information to the device, the IP address, if its a phone where it should register, DNS servers etc.

ipv6 we get the following:

static addressing with absolutely huge address space
static addressing done using DHCP - a weird stateless dhcp
thankfully now they have dynamic addressing via DHCP
SLAAC
and SLAAC with DHCP.

Why so many choices? Because it turns out SLAAC is not that useful because you need DHCP in most cases to get all the other information anyways.

The whole dynamic DNS integration story similarly messy.

The ICMP story - now ICMP can mess with your network, so you need to filter it. BUT filtering too much breaks ipv6.

Re: Plenty Bizarre about IPv6

[jd]

Most of that was to placate the unwashed hordes.

Real IPv6, the original specification, had one mode, autoconfigure. No DHCP, no static, just autoconfigure. There was no need for anything else.

(By the eay, IPv4 has RARP, BOOTP as well as static and DHCP, where DHCP may be static or dynamic. And unlike IPv6, you can't mix.)

It's the barbarians who refused the elegant simplicity and demanded to bring over IPv4 detrius that ruined that simplicity.

Real IPv6, original specification, had no fragmentation, no NAT, no forwarding boxes for mobility. Multihoming was one address on one virtual interface.

How much simpler can you get??!

Re: Plenty Bizarre about IPv6

[Darinbob]

Yup, IPv6 is straight forward. However you can't bring over your IPv4 toolbox unchanged. Having NAT with IPv6 is just meaningless and trying to shoehorn it is implies someone either doesn't understand networking or is just trying to retain the old way of doing things.

The biggest hurdle are all the consumer computers and networking equipment that don't use IPv6 by default. So an ISP can't just decide to turn on IPv6 and have it work w/o problems. So you need some translation from an IPv4 NAT to an IPv6 space because the customer boxes will be using IPv4 with NAT. But all of that should be treated as a *transition* phase needed to work in a dual-address world, it should not be treated as the end game.

Filler story?

[fractional_other]

Ipv6 is this brand new and complex tech nobody has heard of before.

Re: Filler story?

[jd]

It's old, antiquated technology the libertarians and conservatives killed in the 90s.

Re:Infinity is larger than that

[hummassa]

Everything is just a number. A Matroska movie is just a big number. But parts of the IPv6 address have meanings, some of them complex, albiet not really "inscrutable". :-)

Building Up

This is essentially the same as building up. Need more real estate? Build up. Instead of a single level home, you build a high rise and you've increased your real estate 30 fold.

Re: don't use ipv6

[jd]

Uh, no it wasn't. Indeed, IPv6 was intended to prevent any monitoring at all.

Re:Infinity is larger than that

I think the author of the article is having trouble with the concept of "sparsely populated" and therefore calling it "bizarre".

With IPv4, someone can easily scan all 2^32 possible addresses in a reasonable amount of time (actually fewer than 2^32 given the various "non routable" reserved addresses. But for IPv6, they really can't perform an exhaustive scan of all possible 2^128 possible addresses. In fact, to do a reasonable scan, they have to determine all the ISPs out there which are given /29 through /32 addresses ranges to manage. And then the ISPs with their own addresses ranges then have free reign as to how they then manage the remaining 96 to 99 bits of addressing.

So yes, doing an exhaustive scan of world wide allocated IPv6 addresses is definitely not a trivial problem.

Re:don't use ipv6

[fbobraga]

OMFG man! What a nonsense conspiracy theory!

* feeding the trolls since *put a very early internet year here*

Seems like FUD

[argStyopa]

Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

Re:Seems like FUD

That's not FUD, that actually happened.

Many ISPs, I think particularly mobile, China, and other Asian ones, use CGNAT.

This breaks the end-to-end principle of the Internet and makes decentralized services impossible, since you cannot receive unsolicited incoming connections without the assistance of a device that, for CGNAT, is owned by your ISP and not you.

Re:Seems like FUD

I've been hearing it for at least 2½ decades now.

Re:Seems like FUD

I can't make any connections without the assistance of a device that is owned by my ISP and not me.

Re:Seems like FUD

3 Feb. 2011: ICANN allocates the final /8 IPv4 blocks to the RIRs.

The RIRs in turn are running out too (ARIN is the RIR for North America.)

New ISPs are simply out of luck. They can try to buy IPv4 addresses from someone else or they have to do without (they can still get a very small allocation from the RIR, as address space is sometimes returned to the RIR and the remaining scraps are reserved for IPv6 transition mechanisms, but this does not cover general IPv4 use).

Re:Seems like FUD

Rose colored glasses are great. You seem to have missed those few world-wide internet outages that lasted a good portion of a week when core routing tables hit a tipping point because of IPv4 fragmentation. Non-fragmented IPv6 also allows for fewer hops. On average, an IPv6 route has about 30% fewer hops and about 10% less latency than its sibling IPv4 route.

Re:Seems like FUD

[argStyopa]

Please let me know when any "world wide internet outage" occurred (and lasted a good portion of a week!) I do believe I entirely missed them.

Re:Seems like FUD

[Darinbob]

But we have essentially exhausted all IP addresses already. We got around it with a hack called NAT. There are some unassigned addresses still but you can't assign them out to just anyone because they belong to particular companies (Ie, IBM).

Re:Seems like FUD

[squiggleslash]

What's your computer's IP address?

No, not that, that's not a real IP address, I'm talking about its real, routable IP address?

It doesn't have one does it? Your router has one, but your computer is 10.x.x.x or 192.168.x.x, right? And those are NOT routable IP addresses. Every time you make a connection to a computer that isn't on your Ethernet network, you're having to use multiple proxies, and you've (together with everyone else) given up completely on nearly all protocols that require incoming connections, with most requiring hacks and/or proxies to work.

Your computer doesn't have an IP address because there aren't enough IP addresses and haven't been since the mid-1990s. So what you're saying is "impending" actually happened a long time ago.

It's not FUD, and it is holding the Internet back.

Re:Seems like FUD

[thegarbz]

Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

We have, and we've run out. Completely. No new address spaces are being issued. All gone. All allocations are in private hands, and so we have been dicing and splicing and NATing, and then NATing the already NATed just to keep the internet functional. However even that is breaking if you look at BGP table growth: https://bgp.potaroo.net/

By the way there's a magic number in there that when the BGP table hits will obsolete some older and very VERY expensive gear that is keeping the internet running.

Re:Seems like FUD

You did miss it. No point in wasting too much time discussing historical tech trivia with someone who obviously doesn't care about tech to have missed such a major event. Nearly every major backbone was having issues. Level 3, AT&T, Verizon, etc. Affected mostly transit traffic. Seeing that 99% of traffic is not transit with the advent of CDNs, you were probably playing Farmville.

There was a flurry of news about core routers crapping out, route flapping, fail-over from ASIC to CPU. It was quite spectacular. Many older models of core routers have a max TCAM entry that finally got pushed over its limit from IPv4 fragmentation. Luckily the devices were configured out of the box to have a 50/50 split of IPv4/IPv6 TCAM entries. IPv6 has very few entries right now, so they recommended changing from 50/50 to at 75/25. Newer core routers support much larger tables.

Some routers failed over from ASIC to CPU, but some just kept rebuilding the route tables, over and over since the tables couldn't fit all of the routes. This was causing the constant rotation of some routes getting added and some routes getting removed. Depending on how the router was designed, it may have just caused entire routes to drop off the internet over that path until the next table rebuild. And the host CPUs were pegged rebuilding the tables, making them even more difficult to remotely configure. This is partially why it took so long to fix the internet.

jokers

may it be jokers like this who create problems in the ipv6 networking because of their scanning shit.

anyway, screw ipv6, it's not secure at all and is a very large attack vector for all the nasties out there.

Re:jokers

[CaptainDork]

Of course, IPv4 is slicker'n deer guts on a doorknob in this respect.

Re: jokers

the protocol used to transport packets is not responsible for your application decoding and processing them and allowing some nefarious activity to take place. secure your shit with a firewall etc.

Re:jokers

At least the limitation of IPv4 addresses requires pretty much every home user to sit behind a NAT router. While not perfect from a security perspective it at least keeps the nasties out on the internet from being able to knock on every single port of every single device within your home lan looking for remote exploits. I suspect the script kiddies will be having a field day with exploitable IoT devices with fully publicly routable internet addresses in the IPv6 future.

That doesn't make it FUD

While IPv6 is a technological failure -- came way too early, full of design problems, partially already obsolete before good and well deployed -- the IPv4 address space exhaustion is real. You don't hear that much about it yet since the anglophone space still has lots of grandfathered unused space that can be squeezed a bit in a pinch. But CGNAT is the scaled-up version of the idiot and fairly desperate NAT thing, and it shows up in ever more places. Again, often in places that don't necessarily speak English so you don't hear about it that often. But it's happening.

Re:don't use ipv6

[CaptainDork]

IPv6 was implemented because we were running out of IPv4.

That's conservation, not conservatism.

Re:don't use ipv6

[jellomizer]

Wait a minute. I though the NSA and CIA were run by the Conservative agenda, to block free speech of left of center ideas, making sure the people who are in power keep it there without disruptive influences from these "Others"

"build cities under the sea"

[shreyasonline]

we already have "build cities under the sea" using NAT!

I suspect it'll be gamers who push us to IPv6

[Solandri]

I'm seeing more and more help requests from gamers who aren't able to play a networked game because they sit behind a NATed IPv4 firewall they don't control, which blocks the ports their game needs and doesn't have UPnP enabled (for automatic port forwarding). Usually they're apartment dwellers, but a small number of them are people whose ISPs are putting them behind a NAT (i.e. the ISP has more customers than IPv4 addresses).

Re:I suspect it'll be gamers who push us to IPv6

[sims+2]

I kind of doubt it as the majority of games seem to be using servers now that can act as a go between to establish NAT to NAT connections.

The cell carriers have short changed their customers with IPv6.

With IPv4 on cellular you got a public IPv4 address that you could host a webcam or whatever you wanted and access it remotely with just the IP and port number.

With IPv6 on cellular they give you a IPv6 address that blocks all incoming connections so even if you know the IP address and port you still can't make the connection.

You still have to have a go between server to start the connection, just like you would if you were still using NAT'd IPv4.

I wonder how many of the wireline ISPs have done the same to their customers?

Re:I suspect it'll be gamers who push us to IPv6

As an example to the OP's point: the DSL modems provided by AT&T do not support UPnP. The modem manufacturer considers it a network risk. LOL! What makes it worse is that AT&T does not allow 3rd party modems to be used.

Re:I suspect it'll be gamers who push us to IPv6

Gamers can work around IPv4 with hacks like setting up servers online at static addresses or opening well-known ports.

If we really want to make the world switch to IPv6 quickly, have PornHub rate-limit connections from IPv4 address sources for a few hours ("If you don't like being rate-limited, learn how to connect using IPv6").

Re:I suspect it'll be gamers who push us to IPv6

[SignOfZeta]

Someone tried something like that very early on. They set up an IPv6-only web server and asked for free porn to distribute. Not only was there a lack of porn submissions, but adoption was poor due to IPv6 being scarce back then (2008?) and the experiment eventually failed.

Re:Infinity is larger than that

The fact that the mac address is part of the number adds some unpredictability if there are a lot of different devices on the network. If it's a monoculture of devices it improves predictability.

Re: don't use ipv6

That is why the mac address is part of the number? How does this prevent monitoring? I don't believe its a partisan conspiracy, but it could serve an authoritarian purpose.

Headline Revised [Re:Infinity is larger than that]

[XXongo]

I see that /. revised the headline: when I posted that comment, the headline was "Mapping the Infinitely Large Address Space of IPv6 Networks". Now it's been revised to remove the "infinitely large" phrase: "Mapping the Spectral Landscape of IPv6 Networks." So, if it seems like the comment doesn't make sense-- that's why.

Re: don't use ipv6

[jd]

It's why the original specification mandated encryption. Not at endpoints, but at tunnels. So neither your MAC address nor your data was ever visible.

Since you could set your MAC address, it wouldn't have mattered much anyway. You didn't own an IP address, you owned access to a router, or as many routers as you liked. Your IP was generated from the path and what you advertised.

Total anonymity and total privacy.

Re: don't use ipv6

[jd]

The only history that matters is IPng and IPv6 draft, prior to RFC status and then when IPSec is ratified.

But, then, you don't want history. You much prefer your pram.

Isp controlling your local address range is bad

[Joe_Dragon]

Isp controlling your local address range is bad for corp networking.

The only protocol

[jd]

That could claim infinite end points is TUBA, one of the other IPng contenders.

Re:don't use ipv6

Stop listening to lamestreme media. Only people with agenda are liberals who want to impose there insane ideas on free Americans.

Re:Infinity is larger than that

[arth1]

The fact that the mac address is part of the number

That's not a given. It may or may not be. For many auto-assigned IPv6 schemes, it is, but that's not the only way IPv6 addresses are assigned.

IPv4 is the bizarre one, not IPv6

IPv4 is optimized for low bandwidth. IPv6 is optimized for high bandwidth. That is the biggest difference apart from the memory address space.

IPv4 came out of a world of dialup. Data arrived slowly and the receiver could easily read byte by byte. This means optimization aims at minimizing the number of bytes in the header and this is done by adding conditional bytes. If a certain variable isn't needed for the header in question, don't add it.

IPv6 is optimized for a world with optic fiber. The header file now includes all data and unused variables are included with default values. While this wastes some bytes in each header, it makes it faster to decode a header, particularly if you just need a certain variable. This is ideal for high throughput routers, particularly in the internet backbone. It can read just the variables it needs to determine the routing for the package. In fact if you want, you can make custom hardware, which can read all the variables at the same time because it can be hardwired to assume the variables at certain bytes in the header buffer. This allows processing more headers each second, which in turn allows more packages, hence more data throughput. The content of the packages aren't processed other than counting as it matches the length variable from the header.

The difference between IPv4 and IPv6 essentially comes down to this and the extra address space. There are some other details that differs, but it's just that: details. IPv6 is not bizarre. If anything, IPv4 is the bizarre one with all the conditional lengths/offsets in the header layout.

To put it into programming perspective, IPv6 is a class with well defined get functions. IPv4 is a class with a bunch of get functions called getA, getB, getC etc and you end up with if getA() > 8, then a = getC() else a = getB(). Sure you can argue that you can use abstraction and make easy to use get functions, which does more than just reading an offset, but that's precisely the point. IPv6 reads one variable and returns it, IPv4 reads multiple variables and does some calculations to figure out which one to return.

But instead of trying to colonize Mars...

"...or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses."

And then ARPA started handing out IPv6 space like candy. We would still have plenty of IPv4 space today if ARPA hadn't handed out IP space so liberally in the beginning of IPv4. "Oh, you want a Class A? Here you go, have fun." There's a ton of unused IPv4 out there but it's assigned to a bunch of people and organizations that are just sitting on it not wanting to give it up. The lesson was clearly not learned the first time around and so the whole process is repeating itself with IPv6. Someone needs to smack some sense into the folks at ARPA before they really screw up the Internet worse than it is. Also, NAT'ing IPv6 is not really possible whereas it works well enough for IPv4 (hey, it's not without its issues but it works).

What should have happened is leave IPv4 alone and instead make a "minor" adjustment to TCP/IP to use 3 bytes for a port number instead of 2 bytes. 16 million port numbers per host is hopefully enough for everyone but the largest organizations without requiring massive hardware lookup tables (whereas 4 bytes would be too many ports). 2 byte ports is really restrictive and makes routing harder.

Re:But instead of trying to colonize Mars...

[Dagger2]

No, we wouldn't have plenty of space. A v4 /8 is only 16 million addresses, and before RIR runout back in 2011 we were going through those /8s in less than a month each. Demand has only gone up since then, and it's reasonable to believe that a v4 /8 would be something around a two-week supply of IPs at today's usage rates. There are only maybe 20 or so /8s held by companies, so that would be less than a year worth of addresses. The v4 space is simply too small, no matter how you slice and dice it.

And don't worry; we did learn our lessons. You don't see anybody giving out /8s in v6, do you? Nobody is getting that large a fraction of the v6 space.

(Expanding TCP wouldn't be any help either. Our problem isn't TCP port numbers, which we have more than enough of; it's IP addresses.)

Re: don't use ipv6

Typical libtard always resorts to insults when there actual argument fails.

Gross Incompetence

These "researchers" are completely clueless as to the state of IPv6. The worked and worked and found 86,000 IPv6 addresses? There are plenty of references out there that could have clued them in as to just how sad their "research" results are. https://www.google.com/intl/en/ipv6/statistics.html https://activednsproject.org/statistics.html and that last dataset is freely available to researchers. All they had to do was download this dataset and count for themselves the millions of distinct IPs in this dataset.

I wouldn't be buying anything from Duo with tripe like this on their website

Re:don't use ipv6

ipv6 was invented by the NSA and CIA to implement deep state paket inspection of conservative websites in order to infiltrate them and undermine the movment. If you use ipv6, even if not on purpose, you are enabling liberalism and all its evils. that means things like abortion, the climate change hoax, Trump-hate, etc.

The thing I don't understand is why patriots don't pick up their guns and do something about this. Screw the optics Slasdotters, just go in!

Re:don't use ipv6

[jellomizer]

I was told to stop listening to the Rightwing media, Only people with agenda are conservatives who want to impose their ancient ideas on free Americans who want to grow.