Mapping the Spectral Landscape of IPv6 Networks

Trailrunner7 writes: Like real estate, we're not making any more IPv4 addresses. But instead of trying to colonize Mars or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses. IPv6 has an address space of 2^128, compared to IPv4's 2^32, and as the exhaustion of the IPv4 address space began to approach, registries started allocating IPv6 addresses and there now are billions of those addresses active at any given time. But no one really knows how many or where they are or what's behind them or how they're organized.

A pair of researchers decided to tackle the problem and developed a suite of tools that can find active IPv6 addresses both in the global address space and in smaller, targeted networks. Known as ipv666, the open source tool set can scan for live IPv6 hosts using a statistical model that the researchers built. The researchers, Chris Grayson and Marc Newlin, faced a number of challenges as they went about developing the ipv666 tools, including getting a large IPv6 address list, which they accumulated from several publicly available data sets. They then began the painful process of building the statistical model to predict other IPv6 addresses based on their existing list.

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction. Grayson and Newlin wanted to find as many live addresses as possible and ultimately try to figure out what the security differences are between devices on IPv4 and those on IPv6.

2^128 != Infinitely large

Remember when /. used to be a tech site that knew "large, but finite" wasn't the same as "infinite"?
Pepperidge Farm remembers.

Natalie Portman would be ashamed of being referenced by a site like this!

Re:2^128 != Infinitely large

[CaptainDork]

Remember when /. was a content aggregator, providing news for nerds, stuff that matters and not the goddam author of the fucking articles?

Re:2^128 != Infinitely large

[jellomizer]

I could say I remembered a time when Slashdot didn't get fixed into details of semantics. However that was never the case.
2^128 would be enough for every atom on earth to get an address. So in essence it is more then we could ever conceive of using. In terms of practicality the supply of address is so high, we can treat it like infinity

Re:2^128 != Infinitely large

[Athanasius]

But then you have to take into account that any IPv6 endpoint is meant to have a whole /64 to itself to allow for the automatic host part of an address based on MAC address, or the privacy addresses, or .... And then any ISP is meant to be giving /56 (or even more) to each customer, so as to allow them to do some subnetting themselves without abusing the /64 (like I do).

So, we're mostly left with something like 2^56 effective IPv6 addresses, 2^64 if you squint. It's still a huge number, but not anything like as large as the full 2^128.

Re:2^128 != Infinitely large

[Calydor]

For the purpose of determining active addresses, though, it's still 2^128. Just because every customer is given a /56 doesn't mean that every single one of those addresses is useful and active.

Re:2^128 != Infinitely large

[morethanapapercert]

I do remember when /. was a content aggregator. At the time, people complained that the posted articles were things they had already seen elsewhere. (quite often weeks before) There have been a few times in /. history where the staff flat out asked the users for suggestions on improving the site. One perennial suggestion was to provide meaningful, original content. This article is clearly geek worthy, whether it matters is subject to individual taste, so they are fulfilling their mission statement.

Re:2^128 != Infinitely large

[CaptainDork]

Anyway, submit your original content.

Re:2^128 != Infinitely large

[thogard]

People are scanning IPv6 the same way they used to brute force SNMP MIBs.

There are two different issues. First is finding networks and the second is finding hosts on a network.

You start by mapping the routable /32. You can take short cuts if you have access to a global routing table. That drops the number of networks from about 4 billion to less than 2,000 with no scanning at all. Inside each /32 is a /48 to /56. Once again a global routing table will reduce the search space. The right kind of ping can tell you if a major ISP is doing anything with each /56 for a probe. Repeat for each active /56 to find out active /64. Now you have a mostly complete list of active and correctly functional IPv6 networks in the world.

Finding machines on the network is the hard part because they should be hiding behind a 2^64 random number. If they are servers they might have a vanity number like ...::dead:beef or more likely ...::1. Sysadmins will tend to give useful number to external hosts or even workstations. Assuming ..:site:floor:cube will find hosts in large companies. They might use a MAC based address which reduces the search space to known workstation vendors. If someone hits my website with a Dell MAC based IPv6 address, I can assume they have other Dells of about the same age on their network so nearby MAC address might hit a host.

People say IPv6 doesn't do NAT. If you use random /64 addresses, that isn't any different than using random port numbers to hide the way NAT does. The only major difference is if a session has already been established but most cheap NAT routers don't care. If your NAT router can be reset without ending long running sessions (like ssh without keepalives on), your current NAT setup is less secure than using fast rotating IPv6 addresses. There is more entropy in a random 64 bit IPv6 than 16 port NAT source port+sequence number and most only use the source port.

golang?

[QuietLagoon]

I've been seeing some golang spider probing my websites in an odd way, so now it is blocked.

Re:golang?

[CaptainDork]

That was invented by Evonne Goolagong and, sure, her racket had a kind of "web," (sorta), but it's not blocked.

Sadly, she died.

Nothing Bizare about IPv6

[rahvin112]

The Post author is completely wrong when he says that IPv6 is in some bizarre format. IPv6 is exactly the same as IPv4, it's block of numbers. The primary difference is that IPv4 was arranged in a set of 4 blocks of 255 bit numbers. This was workable with a 32 bit address. Ipv6 on the other hand has 128 bits.

To handle a 128 bit address with the same 255 block format of ipv4 you'd need 16 blocks rather than 4. To make this easier and narrow it down to just 8 blocks of 4 digits they decided using HEX would be easier. The addressing scheme was also designed to solve many of the problems Ipv4 had, including automatic creation of a private locally addressable-only address space (the link local).

They also added an address assignment scheme that didn't required DHCP to find an assign an IPv6 address. This is called SLACC and in theory makes it trivial to setup an IPv6 network of devices without needing to build a huge DHCP server (for example in a factory where machinery needs IP addresses but have very primitive computing resources). They also designed the network so that it wouldn't be fragmented requiring huge BGP tables. Every Ipv6 network address is supposed to come with 64 bits of addresses for the user (providing the ISP complies with the RFC and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

There was a lot of though that went into IPv6 into solving a lot of the problems of IPv4. It does take a little getting used to because the numbers are so much bigger and it uses HEX by default to narrow down the number of digits. But other than the spin up of learning about all the new features of IPv6 and getting used to using HEX addressing it's quite a bit nicer to use IMO.

Re:Nothing Bizare about IPv6

[110010001000]

They probably just discovered nmap and now are "security researchers".

Re:Nothing Bizare about IPv6

[sosume]

Maybe it's not bizarre for someone with years of background, but to regular users, the address format is the biggest hurdle to adoption. I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex. Whoever designed that should be put against the wall retroactively.
My IP is ::::ff::00 -- say what? My gateway address is ::::323::f0::c7, so my local address is ::::00::e1::27??

I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address. The IPv6 scheme is crap and will NEVER be embraced by users.

Re:Nothing Bizare about IPv6

[stooo]

>> but to regular users, the address format is the biggest hurdle to adoption.
That's OK.
Regular users don't need to do anything with an IP address.

Re:Nothing Bizare about IPv6

every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network

Actually you have as many internets worth of IPv4 addresses as there are IPv4 addresses on the internet: 2^32 times 2^32. Don't you think that some of the iimplications of the IPv6 addressing scheme could be considered bizarre? Or how there is no ARP, and every interface has multiple IPv6 addresses, and there are things like "valid" prefixes and "preferred" prefixes and associated addresses and lifetimes? IPv6 is almost nothing like IPv4, except that it uses a number of bits as addresses.

Re: Nothing Bizare about IPv6

[jd]

Easy.

The top two bytes identify packet type.

The next two bytes are the ID of a router.

The next two bytes are the ID of a router on a given connection.

And so on, until you reach 48 bits that identify the computer on a router.

From any given point, you care about the two bytes above and either the two bytes below or the 6 bytes below if they're the last 6.

It's the equivalent of being given directions. Take a left at the third roundabout, then take a right at the second traffic light.

There's no nine year old outside of vegetative state that can't understand that. V4 is far more complex.

Re:Nothing Bizare about IPv6

[rl117]

The scheme is simple and takes just a few minutes to familiarise yourself with. That's all it is, familiarity. By the way, you only need two colons "::", which means "pad blocks with zeros". The rest are redundant. For example my link-local address is currently fe80::e2d5:5eff:fea8:50c9; my global address is something like 2001:8b0:860:ccbe:243b:81de:43b2:fb37. So it's 8 blocks of 4 hex digits, separated by colons, with optional eliding of ":0000:" with "::". That's it. Your nine year old should be able to understand it just as well as IPv4. He won't even need to learn about all the different IPv4 network classes.

Re:Nothing Bizare about IPv6

The problem with /64 being the smallest subnet possible translates to the actual usable number of IP adresses in IPv6 not being 2^128 but more in the range of 2^72 (assuming 256 devices per /64) since too many device in the same subnet cause problems as well.

Combined with other wasteful decisions (organisations getting /32 subnets, some even wanting /16!), the question how long IPv6 will last us is already on the table.

Then there are privacy implications since the MAC address of the interface becomes part of the IP. Yes, privacy extensions help, but why not think about this from the beginning?

Re:Nothing Bizare about IPv6

[UnknownSoldier]

> I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

A phone number uses dashes as separators and is in base 10; IPV6 uses colons and is in base 16. Is it really THAT hard to understand??? (Also you don't write leading zeroes which is true in any base.)

e.g.
* 555-1234
* ::55:12:34

> adding two octals to the current IPv4 scheme.

Because if you are going to require a completely new incompatible scheme it is better to plan for the future and make sure you never run out of adddresses then to band-aid a half-baked kludge that will be obsolete sooner rather then later.

Re:Nothing Bizare about IPv6

[CaptainDork]

Yeah, I used Excel to generate a whole list of IPv4 and port combinations to scan and record open ports. Then I'd reduce the population to that useful subset and continue refining until I could get positive hits on common ports like FTP, RDP, Telnet, SMTP and all that simple stuff and entertain myself for hours.

IPv6 was too hard for automation so I stick with IPv4.

All you bastards or bitches, as may apply are welcome and stuff.

Re:Nothing Bizare about IPv6

[Monster_user]

The lack of an ARP table is because it is redundant in IPv6. The IPv6 is supposed to be the MAC address.

Otherwise, I wouldn't consider it bizarre, but flexible. Older networking schemes were designed for limited devices with limited performance capabilities. IPv6 is designed for a future of nearly unlimited devices, and a wide variety of capabilities.

It is quite possible that either the guys deciding on IPv6 couldn't decide on its implementation, and so built flexibility to allow it to be implemented naturally and see which method wins out. Or they perhaps saw the IPv4 scheme running out of addresses and took that as a lesson learned and designed the scheme they wanted, but designed into a way to extend its lifespan when the ideal usage was no longer feasible.

Re:Nothing Bizare about IPv6

IPv6: Hello class, the first artist we will study is Pablo Diego José Francisco de Paula Juan Nepomuceno María de los Remedios Cipriano de la Santísima Trinidad Ruiz y Picasso.
IPv4: Hello class, the first artist we will study is Pablo Picasso.

The former makes perfect sense if you understand the schema, the latter is simply easier to work with.

Re:Nothing Bizare about IPv6

First off, if you're going to complain about something, you really ought to know what you're complaining about. The various addresses you mention are quite frankly. WRONG and INCORRECTLY formatted. An IPv6 address is simply 8 groups of 4 hexadecimal numbers. Then to reduce the length of the notation, you first remove any leading zeros. And finally, you can eliminate the largest string of zeros with "::". A properly formatted IPv6 address will have at most ONE pair of colons with nothing between them.

So let's take an example IPv6 address of 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Now let's get rid of unneeded leading zeros. 2001:db8:85a3:0:0:8a2e:370:7334
And finally, get rid of the longest string of zero groups. 2001:db8:85a3::8a2e:370:7334

Now contrast that to the BS examples you gave of ::::ff::00, ::::323::f0::c7, and ::::00::e1::27
The first value you gave had 6 colons, which is possible if you've eliminated two groups of zero. But you have the sequence "::::" which is quite illegal, you'll never see more than 2 colons in a row. And if you do see two colons in a row, you'll only see that sequence ONCE. Then your next 2 examples have 8 colons each. WHAT? That would imply 9 groups of 4 hex digits or a length of 144 bits, not the 128 bits of IPv6.

Re:Nothing Bizare about IPv6

[Midnight+Thunder]

If done right most users should never need to see an IPv6 address. Actually they shouldn’t need to see an IPv4 address. This is much the same as most developers don’t need to worry about MAC addresses. When there is a need then they’ll put up with it for as long as it is useful.

The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros. Also, base 16 provides for shorter display representations that using base 10 would have and avoids getting confused for IPv4.

Just curious what you would have suggested in its place, with example?

Re:Nothing Bizare about IPv6

[cascadingstylesheet]

>> but to regular users, the address format is the biggest hurdle to adoption. That's OK. Regular users don't need to do anything with an IP address.

Except tell them to websites and services that have inadvertently blocked them.

And sometimes, if they are super helpful, provide them to developers who are troubleshooting issues ...

Re:Nothing Bizare about IPv6

Actually, phone numbers are also in base16 - though the end user has no way of dialing {a..f}. It's mainly a curiosity, but they're used internally for diagnostics and range remapping...

Re:Nothing Bizare about IPv6

[Monster_user]

It was a brainfart, what I got wrong was IPv4's ARP.

That description sounds a little like RIP, etc., being merged with ARP in a single purpose entity. Thus arp isn't a simple cache table of local addresses, but also a routing table.

Re:Nothing Bizare about IPv6

[JesseMcDonald]

The IPv6 is supposed to be the MAC address.

No part of the IPv6 requires the MAC address to be part of, or even related to, the IPv6 address. It has always been possible to assign arbitrary addresses manually using any suffix you prefer. It is true that many implementations use EUI64 for auto-generated addresses by default, which embeds the MAC address in the IPv6 address suffix as an easy way to make it both stable and unique. However, if you want to avoid sharing your MAC address you can turn on privacy extensions—the relevant RFC dates back to 2007, and is widely implemented—or else enable RFC7217-style stable-but-opaque address assignment based on a GUID and the subnet prefix. In the former case the address suffixes will be random and ephemeral, and will be rotated periodically to thwart tracking. RFC7217 address suffixes by contrast are based on a hash of an arbitrary 128-bit persistent GUID and the network prefix, so they don't change so long as the network remains the same, but if you connect to a different network you'll get a different suffix.

Re: Nothing Bizare about IPv6

[jd]

The original design stated that the design of the IP addresses was guaranteed heirarchical (so machines only ever looked at a 16-bit value at a time, so using less time and less hardware) and that DDNS made this largely irrelevant except to engineers.

Who would naturally prefer a telescopic address where they need only look at 16 bits.

Everyone else should exclusively use names.

Re:Nothing Bizare about IPv6

[arth1]

The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros.

IPv4 also has that.
127.0.0.1 can also be written 127.1
192.168.0.1 can also be written 192.168.1

Re: Nothing Bizare about IPv6

[jd]

Those addresses aren't possible, so irrelevant.

The format is: (type):(network prefix):(computer suffix)

How, exactly, is that hard?

There are dead people who can understand that.

As noted by others, you can never have ::::

Since the prefix describes a path, it will typically have no long sequences of zeroes. You get those between the prefix and suffix.

So it's more likely you'll get: (type):(prefix)::(suffix)

What if you want to use your IPv4 address as your suffix? That's fine. ::(ipv4) is a perfectly valid suffix.

5f0b:1700:c047:1400::800:200d:1cfe

Would refer to the test network (5f0b), with a network address of 1700:c047:1400 and a computer address of 800:200d:1cfe

This is not rocket science.

With DDNS servers, you can have the name be assigned an IP address by construction at time of connection. Everyone else will.

As a result, your computer will be fed live DDNS updates as the Internet changes, for computers you care about and no others.

When querying the nameserver heirarchy for an address, you get the current address. That information will be guaranteed fresh because state information for MobileIP traverses the Internet. It has to. And it contains the instruction that whatever went to one prefix now goes to another. Your DDNS will adjust accordingly.

A five year old can master the idea that if you've gone for a walk, a different road will lead to the same endpoint (the car).

I have no sympathy for those who lack the navigational skills of a five year old.

Re:Nothing Bizare about IPv6

[rl117]

It's happening. Look at this graph. Growth was exponential from 2010 to 2017, taking it from 0.1% to 16%. The last two years have been mostly linear, from 16% to 26% (~5%/year). The last 8 weeks alone have seen a 1.5% increase; that's equivalent to all the growth from 2010 to July 2013! 3.5 years compared to 8 weeks for the same improvement. We're well into the implementation phase now, with over 1 in 4 users using Google services over IPv6; the actual number is even higher, because Google underestimates it by requiring IPv6 to be explicitly whitelisted by them. It is taking time, no doubt about that, but it is happening at a decent clip now, and the pressure to provide it will increase. Already most of my internet traffic is over v6, and it's also more reliable. We're not far off the tipping point where it will start to be required.

Re:Nothing Bizare about IPv6

[mea2214]

Just fired up a Comcast Business circuit. While getting my network working for IPv4 I pinged 8.8.8.8. I had things misconfigured for IPv4 but the IPv6 pings were working. That was truly bizarre.

Re: Nothing Bizare about IPv6

[jd]

Easy, with IPv6.

By knowing the IP address of the problem, you know the precise location of the problem from a network point of view.

With IPv4, you don't. It's classless with arbitrary subnetting.

With IPv6, the 16 bits before identify the precise location on the network of the feed going in. No hunting up GeoIP maps. Don't need em.

The 16 bits that change at the break, and ONLY 16 bits will have changed at a time, that is guaranteed, you know the precise location on the network of the specific fault. Remember, an interface has an address, not a machine, and addresses are based on upstream prefixes.

The prefix always comes from upstream.

And that means you know the direction of the link, where each side is located, even what manufacture each router is if the MAC is physical not altered or logical.

What else do you know? IPv6 is self-healing. It'll fix breaks if it can, without losing any connections and with renumbering the doenstream network if necessary.

So if there's a problem, you can afford to be more aggressive. It won't hurt, unlike IPv4 which can't cope.

Re:Nothing Bizare about IPv6

[rahvin112]

IPv6 was designed to make asking for an IP address obsolete in that it could configure itself automatically with self-discovery.

People are so used to IPv4 they forget how difficult it was to learn when they first started. One of the IPv6 design goals was to get rid of the whole what is my IP and where do it type it in phase of network setup. You don't need to know your IP, or your netmask or gateway, IPv6 can self discover all of that in addition to being able to self identify local network segments and route traffic accordingly to those adjacent clients without the need for a router.

Re: Nothing Bizare about IPv6

[jd]

With IPv6, there's no such thing as "your" IP address. You own a suffix. In fact, you own one suffix for every network adapter, physical or virtual. The prefix is added by the network.

This gives you freedom of movement. Your suffix is as valid in Canada as it is in the Canary Islands or down Canary Wharf. As long as you have an account with the ISP, you can connect anywhere.

But because the suffix alone identifies you, you can travel to all these places and not drop a connection. It moves with you, because it's only directed to the suffix. The prefix is just the directions to get there and those can change at any time.

Your router has an address, too, but it also has a 16 bit number. It gets a prefix from whomever it connects to, it puts that 16 bit string on the and, and that's the prefix your computer is given.

Imagine a children's game, where a parcel is wrapped up. On the paper is an instruction to hand the parcel to the fourth child down. They unwrap one layer and get an instruction to take the parcel six children up. Pass the parcel with an addressing mode.

That's how IPv6 addresses work, except when corrupted by IPv4 complexities. But that's a problem of the complexities, not IPv6. Can't blame 6 for holdovers.

Re:Nothing Bizare about IPv6

[bugs2squash]

That's the tip of the iceberg though. There's link local addressing, how subnetting is handled etc. and that's even without going into the other aspects of the protocol like extension headers and replacement of ARP, tunneling IPv6 over IPv4 and vice versa etc. It's a lot to take in.

Re: Nothing Bizare about IPv6

[jd]

How is it hard?

Remember, (type):(prefix):(suffix)

Where everything in the prefix is either a 16 bit identifier for a router at a particular level or a zero - and 16 bits of zeroes are only possible if what is left is the suffix.

So, you have a 16 bit pointer into a 16 bit pointer into a 16 bit pointer and so on until you reach the 48 bit suffix.

Tables that point into tables. And you found you couldn't manage this in automation.

Pardon my whilst I spill tea laughing helplessly.

This is not only the simplest possible addressing scheme, other than TUBA, but it's designed specifically for automation and, more importantlt, to be both quick and easy to implement and quick and easy for the machine to process.

And you can't manage it.

Ok, to be fair, you're using Excel. Visicalc might have been better. Anything that supports table linking four deep. You might want to consider a spreadsheet linked into a database, have the database do the relationships since you're not feeling up to it.

Re: Nothing Bizare about IPv6

[jd]

You can't have smaller subnets and guarantee unconditionally that people can move around the network from router to router, ISP to ISP, without losing connection.

The /64 is the real address, the prefix is the address of the address. Indirection.

When you move between networks, your prefix changes. That information propagates over the Internet, so that all packets heading to your former network location get redirected.

People ask about NAT and IPv6. This is it. This is NAT that is restricted to the prefix alone. Packets from your old address are SNATed, packets to your old address are DNATed. Although it would be bizarre for your relocation packets to reach and pass data packets you'd sent out earlier.

Re: Nothing Bizare about IPv6

[jd]

How?

With IPv4, I have to worry about whethet I need to use RARP, BOOTP or DHCP, whether the subnetting will clash with naive defaults in software, whether I need to traverse passive firewalls, what sort of service discovery protocols are supported and for what, whether there's security on the network or if I must bring my own, whether any software routers might interfere with the network.

That's complicated.

With IPv6... Autoconfigure replaces all of the bootstrap systems. Anycasting is the preferred service discovery. There's no arbitrary subnetting, per se, it's a fixed topology. MTU autodiscovery means passive firewalls aren't an issue. IPSec is the norm. Because addressing is heirarchical, it doesn't matter what you connect to your computer, it's considered a subnet by the fact that there's something betwern A and C.

So all that sweating with IPv4 and none of it applies to IPv6.

That's less work.

Re: Nothing Bizare about IPv6

[jd]

On the contrary, persistance is precisely what IPv6 solves. That's why the prefix is a network address and the suffix a computer address.

This is explained in the RFCs but I'll go over it here.

If you move from one hotspot to another, your old address becomes transient. The Internet routers get an instruction, over a fixed TTL, to DNAT anything currently going to the transient address so that it now goes to the new address.

You do not lose the connection.

From the RFC:

The Mobile IPv6 protocol is just as suitable for mobility across homogeneous media as for mobility across heterogeneous media. For example, Mobile IPv6 facilitates node movement from one Ethernet segment to another as well as it facilitates node movement from an Ethernet segment to a wireless LAN cell, with the mobile node's IP address remaining unchanged in spite of such movement.

From the RFC:

There is no need to deploy special routers as "foreign agents", as in Mobile IPv4. Mobile IPv6 operates in any location without any special support required from the local router.

Re:Nothing Bizare about IPv6

[rahvin112]

Using that same page if you look at US adoption it's actually 35%, once it gets past 50% it'll likely go exponential again until it wipes out IPv4 because there will be groups that start dropping IPv4 due to the adoption rate.

You'll already find most cellular connections are Ipv6 only.

Re: Nothing Bizare about IPv6

[jd]

It's the spec. I guess only idiots read those, in your world.

Re:Nothing Bizare about IPv6

[rl117]

Most of that can be ignored though. Tunelling is dead; ignore it. It's 0.00% for the last couple of years, 0.01 or less for the last 6 years. 26% native today. So not important to learn-just go native. Link-local can be ignored for the most part; avahi/zeroconf and the like make it transparent. Subnets are also ignorable since it's part of the first 64 bits after the routing prefix; there is nothing to configure. For regular setup and use, all of this should be transparent and ignorable for the common case scenarios. On my network, it's all automatic with SLAAC, connect and it works.

Re:Nothing Bizare about IPv6

[rl117]

A few times recently I've had the IPv4 networking randomly break, but all the IPv6 services and websites worked without interruption. The autoconfiguration is worth something. Better than NetworkMangler which is the cause of the IPv4 outages, no doubt.

Re:Nothing Bizare about IPv6

[Hadlock]

Ideally everyone is using DNS or some variant. The only time you should be at the IP level is for debugging.

Re:Nothing Bizare about IPv6

[WaffleMonster]

I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

I don't understand IPv4 either. It's so damn hard. At least if I want to go to sprints website via IPv6 I can browse to 2600::

Via IPv4 it's this jumbled mass of meaningless seemingly random numbers with all of these dots all over the place. 65.173.211.241 ? ? ?? ?

::::ff::00 ::::323::f0::c7 ::::00::e1::27

These are invalid. Zero compression can only be used once.

I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address.

Most people have control over at the very least last 64-bits of their address. My public IPv6 address has only 5 sets of numbers in it and is actually easier to remember than your example.

The IPv6 scheme is crap and will NEVER be embraced by users.

IPv6 addresses don't have to be much harder than IPv4 to handle manually. You control at least the last 64 bits...leverage that... don't let SLAAC's auto assigned gibberish make you an IPv6 hater.

Re:Nothing Bizare about IPv6

[Ross+Finlayson]

...and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

Actually, 64 bits gives you 2^32 (i.e., about 4 billion) "IPv4 networks worth of addresses to use on your own network". Behold the power of exponentiation!

Re:Nothing Bizare about IPv6

[Darinbob]

If you're a regular user then even IPv4 can be complicated... I think you mean as a regular sysadmin, or regular network support guy.

IPv6 is in hex because in the dotted style of IPv4 you'd have 16 numbers. Not just 2 extra octets. So your address might be 1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16. Do you really need to know all those numbers? A colon is the same as a dot, so that's easy. Hex is easy for anyone who knows about IPv4 anyway, so no worries there. The only snag is the double colon '::', which is pretty easy to learn, and you can suppress leading zeros in groups (ie, :;1 is your localhost loopback, same as 127.0.0.1). The only hard part is that there are more numbers.

The only slight advantage you get with IPv4 is that *some* people can readily recognize prefixes for their local subnets and such. Sure, in your building that you are an IT goon for you can recognize addresses by visual inspection, but if you have 20 million nodes you have to deal with then you need a different way of working.

A lot of things don't change too much - you will probably have only a handful of 64 bit prefixes that you ever need to worry about in practice and you learn to recognize them. FE80:: is the link-local prefix, which is often used in the same context that you will see ipv4 private addresses (192.168.0.0/16, etc).

So as a company you can get a unique 48 bits for network address, you have 16 bits to do whatever you want with subnetting, and combine with the 64 bits of the interface address of the device. There's a huge amount of stuff you can do with that that you could never do with IPv4.

Re: Nothing Bizare about IPv6

[Darinbob]

Remember too, IPv4 was designed when the internet only had thousands of nodes and was meant to support millions of nodes. Today we need support for billions of nodes or more. The IPv4 style just won't cut it. You can't just add a couple more bytes and think that the problem is solved.

Seeing someone object about going from IPv4 to IPv6 is like freeing someone from a cage who then complains that standing up straight is unnatural.

Re:Nothing Bizare about IPv6

[Darinbob]

Great, then they'll know how to cut and past an IPv6 address into their Minecraft settings.

Re:Nothing Bizare about IPv6

[arth1]

uhh, I have never heard of that

I take it you're not a sysadmin, then :p
Especially 0 for 0.0.0.0 and 127.1 for 127.0.0.1 are common.

and for your 2nd example "192.168.0.1 can also be written 192.168.1"

How do you distinguish between 192.0.168.1 and 192.168.0.1?

Because the zero shortening is just a side effect of the actual rules:
An IP address with four elements is treated as four 8 bit values
An IP address with three elements is treated as two 8 bit values followed by a 16-bit value.
An IP address with two elements is treated as an 8 bit value followed by a 24-bit value.
An IP address with one element is treated as a 32-bit value.

From this follows that when used to just drop zeroes, it will drop zeroes either for the two middle elements or only the third element.

The most famous of Google's DNS servers can thus be referenced as:
8.8.8.8
8.8.2056
8.526344
134744072

Re:Nothing Bizare about IPv6

[arth1]

The zero shortening is a side effect of IP addresses not necessarily being dotted quads, but can also be triplets, doubles or single numbers, in which case the last number is 16, 24 or 32 bits.
That means that 127.1 always is identical to 127.0.0.1 and 192.168.1 is always identical to 192.168.0.1
See my other post for more details.

Re:Nothing Bizare about IPv6

[marka63]

You read them by saying each value and using the word colon. fd93:7065:ab8e:: is eff dee nine three colon seven zero six five colon ...

FD00::/8 is the equivalent of RFC 1918. You pick 40 random bits (toss a coin 40 times, tails=0, heads=1) and append them to FD to give you a /48 prefix which is your site prefix. (e.g fd93:7065:ab8e::/48). You then have ~65000 /64 subnets to use.

That said your ISP will delegate you a prefix using prefix delegation. Typically it will be a /56 which will give you 256 /64 sized subnets which your routers will automatically assign to links as needed. The ISP is allocated IPv6 address space from the RIRs with the assumption that they will hand out /48's to customers. If the /56 is too small complain to your ISP as they have more space to give you. If your ISP only gives you a /64 find another ISP as they are not doing the correct thing.

Re:Nothing Bizare about IPv6

[thegarbz]

the address format is the biggest hurdle to adoption.

What is this IP address you speak of? A user doesn't care anymore. Plug two windows computers in a network they just work by name. Plug them into a modem they talk to the internet. Even that super complicated networky thing of setting up a router has been reduced to plug it in, turn it on and type http://tplinkwifi.net/ (or whatever address your router hijacks) and it magically works.

Basically these days the need for ipaddress is obsolete for users for any reason other than diagnosing why their network doesn't work, and when they do that they often follow a guide (or a script from some flunky on a phone) without ever understanding any of the terms.

If the user sees an IP address at any point, something is broken.

Re:Nothing Bizare about IPv6

[Midnight+Thunder]

I was not aware of that and this does not seem to be common knowledge. Add to that I have never seen an input field allow for that, in the case of IPv4

Re:Nothing Bizare about IPv6

[arth1]

Add to that I have never seen an input field allow for that, in the case of IPv4

People who design input fields are often idiots.
Most email address fields, for example, will reject many legal and working e-mail addresses, because the designers never consulted the actual RFCs.
To say nothing about names and addresses. (My "last name" is two words, no hyphen. And I used to live at an address that had no street.)

But using x, x.y and x.y.z forms for IP addresses really works. Try it in a web browser - if you have a local web server, http://127.1/ will work, as it should, and so will http://0/

Re: Nothing Bizare about IPv6

[SignOfZeta]

But because the suffix alone identifies you, you can travel to all these places and not drop a connection. It moves with you, because it's only directed to the suffix. The prefix is just the directions to get there and those can change at any time.

Well, you're right in how SLAAC assigns addresses, in that a node has the same suffix no matter where it goes. But traffic doesn't get automatically forwarded as you roam between IPv6 networks. (That requires another standard, Mobile IP or Mobile IPv6, to make that happen.)

Re:Nothing Bizare about IPv6

[SignOfZeta]

When Comcast Business first started handing out IPv6, I noticed that IPv4 pings were noticeably slower than IPv4 things. I had heard somewhere that Comcast had switched their entire network over to IPv6-native with IPv4 running through an automatic 4in6 tunnel, "IPv4-as-a-service." They've fixed the IPv4 slowdowns since then, so now both are nearly equal.

Balderdash.

[Nutria]

Like real estate, we're not making any more IPv4 addresses.

New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

Re:Balderdash.

Reality - we're not giving away FREE ipv4 addresses any more.

AWS just got 3.0.0.0/8 - I thought we'd run out? Oh wait, lots of big allocations still sitting basically unused all over the place.

Charge even $1/year and watch how much ipv4 address space frees up.

Re:Balderdash.

[ShanghaiBill]

Like real estate, we're not making any more IPv4 addresses.

New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

... and new real estate is made every time Kilauea's lava reaches the sea.
 

Re: Balderdash.

[jd]

Those are not new addresses, they're cohabited old addresses. Same way a block of flats is one building, not a hundred.

Re:Balderdash.

[fbobraga]

good catch

Re:Balderdash.

[fisted]

a VLAN in the 10/8 range

You, Sir, seem to have an excellent understanding of networking. Hats off to you.

</sarc>

Re: Balderdash.

Ah, that is were our addresses went. Last year all our networks got changed from 3.0.0.0 to 10.0.0.0 . I wonder how much Amazon paid to General Electric for this block.

Re:Balderdash.

[CaptainDork]

Mobil Oil has a class C that they are not even using. They got bought out by Exxon and those goofballs don't know about it.

Re:Balderdash.

[CaptainDork]

Balderdash comes to us from the Greeks (ca. Wally of Dilbert) in the form of the concatenated, corrupted words for "more bald," and "haberdashery."

It applies to old geeks who think "cool," is wearing their ties as a sweat band.

Re:Balderdash.

[Monster_user]

That seems to be how some ISPs are solving the problem of providing client modems with IPv4 addresses. PAT is an extension of IPv4 to provide pseudo IPs for those machines on the VLAN with a 10/8.

So an IPv4 isn't just 255.255.255.255, but it is 255.255.255.255:65536.

In the context of the summary, it would seem a valid claim, despite the debatable aspect of "creating" vs "allocating/re-allocating".

Re:Balderdash.

[squiggleslash]

IP addresses are intended to be routable. And that's the problem, those who claim we're not running out of IP addresses forget that, in practice, we haven't had enough IP addresses since the mid 1990s. Almost all devices end up having to use virtual IP addresses like those in the 10.x and 192.168.x ranges.

Ya, we know - thanks.

[fahrbot-bot]

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction.

Just wait until IPv8 comes out.

Re: Ya, we know - thanks.

[jd]

Already defined.

Re: Ya, we know - thanks.

[jd]

https://tools.ietf.org/html/rf...
https://tools.ietf.org/html/rf...

This protocol was assigned v8 by the IANA.

Re:Infinity is larger than that

[hummassa]

Everything is just a number. A Matroska movie is just a big number. But parts of the IPv6 address have meanings, some of them complex, albiet not really "inscrutable". :-)

Re: don't use ipv6

[jd]

Uh, no it wasn't. Indeed, IPv6 was intended to prevent any monitoring at all.

Re:Infinity is larger than that

I think the author of the article is having trouble with the concept of "sparsely populated" and therefore calling it "bizarre".

With IPv4, someone can easily scan all 2^32 possible addresses in a reasonable amount of time (actually fewer than 2^32 given the various "non routable" reserved addresses. But for IPv6, they really can't perform an exhaustive scan of all possible 2^128 possible addresses. In fact, to do a reasonable scan, they have to determine all the ISPs out there which are given /29 through /32 addresses ranges to manage. And then the ISPs with their own addresses ranges then have free reign as to how they then manage the remaining 96 to 99 bits of addressing.

So yes, doing an exhaustive scan of world wide allocated IPv6 addresses is definitely not a trivial problem.

Re: Filler story?

[jd]

It's old, antiquated technology the libertarians and conservatives killed in the 90s.

Re:don't use ipv6

[fbobraga]

OMFG man! What a nonsense conspiracy theory!

* feeding the trolls since *put a very early internet year here*

Seems like FUD

[argStyopa]

Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

Re:Seems like FUD

[argStyopa]

Please let me know when any "world wide internet outage" occurred (and lasted a good portion of a week!) I do believe I entirely missed them.

Re:Seems like FUD

[Darinbob]

But we have essentially exhausted all IP addresses already. We got around it with a hack called NAT. There are some unassigned addresses still but you can't assign them out to just anyone because they belong to particular companies (Ie, IBM).

Re:Seems like FUD

[squiggleslash]

What's your computer's IP address?

No, not that, that's not a real IP address, I'm talking about its real, routable IP address?

It doesn't have one does it? Your router has one, but your computer is 10.x.x.x or 192.168.x.x, right? And those are NOT routable IP addresses. Every time you make a connection to a computer that isn't on your Ethernet network, you're having to use multiple proxies, and you've (together with everyone else) given up completely on nearly all protocols that require incoming connections, with most requiring hacks and/or proxies to work.

Your computer doesn't have an IP address because there aren't enough IP addresses and haven't been since the mid-1990s. So what you're saying is "impending" actually happened a long time ago.

It's not FUD, and it is holding the Internet back.

Re:Seems like FUD

[thegarbz]

Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

We have, and we've run out. Completely. No new address spaces are being issued. All gone. All allocations are in private hands, and so we have been dicing and splicing and NATing, and then NATing the already NATed just to keep the internet functional. However even that is breaking if you look at BGP table growth: https://bgp.potaroo.net/

By the way there's a magic number in there that when the BGP table hits will obsolete some older and very VERY expensive gear that is keeping the internet running.

Re: natz r sikyoor

[Midnight+Thunder]

There are bound to be some people to find a way to implement a NAT, for whatever reason.

One thing I am curious about is how mobile hotspots will work? From what I understand you phone is creating a NATed subnet, using the single IP address assigned to you, but how will that work in the IPv6 world without NAT?

That doesn't make it FUD

While IPv6 is a technological failure -- came way too early, full of design problems, partially already obsolete before good and well deployed -- the IPv4 address space exhaustion is real. You don't hear that much about it yet since the anglophone space still has lots of grandfathered unused space that can be squeezed a bit in a pinch. But CGNAT is the scaled-up version of the idiot and fairly desperate NAT thing, and it shows up in ever more places. Again, often in places that don't necessarily speak English so you don't hear about it that often. But it's happening.

Re:don't use ipv6

[CaptainDork]

IPv6 was implemented because we were running out of IPv4.

That's conservation, not conservatism.

"build cities under the sea"

[shreyasonline]

we already have "build cities under the sea" using NAT!

I suspect it'll be gamers who push us to IPv6

[Solandri]

I'm seeing more and more help requests from gamers who aren't able to play a networked game because they sit behind a NATed IPv4 firewall they don't control, which blocks the ports their game needs and doesn't have UPnP enabled (for automatic port forwarding). Usually they're apartment dwellers, but a small number of them are people whose ISPs are putting them behind a NAT (i.e. the ISP has more customers than IPv4 addresses).

Re:I suspect it'll be gamers who push us to IPv6

[sims+2]

I kind of doubt it as the majority of games seem to be using servers now that can act as a go between to establish NAT to NAT connections.

The cell carriers have short changed their customers with IPv6.

With IPv4 on cellular you got a public IPv4 address that you could host a webcam or whatever you wanted and access it remotely with just the IP and port number.

With IPv6 on cellular they give you a IPv6 address that blocks all incoming connections so even if you know the IP address and port you still can't make the connection.

You still have to have a go between server to start the connection, just like you would if you were still using NAT'd IPv4.

I wonder how many of the wireline ISPs have done the same to their customers?

Re:I suspect it'll be gamers who push us to IPv6

[SignOfZeta]

Someone tried something like that very early on. They set up an IPv6-only web server and asked for free porn to distribute. Not only was there a lack of porn submissions, but adoption was poor due to IPv6 being scarce back then (2008?) and the experiment eventually failed.

Re: natz r sikyoor

[Midnight+Thunder]

Turns out there is this for mobile hotspots: https://lkhill.com/ipv6-based-...

Re:jokers

[CaptainDork]

Of course, IPv4 is slicker'n deer guts on a doorknob in this respect.

Headline Revised [Re:Infinity is larger than that]

[XXongo]

I see that /. revised the headline: when I posted that comment, the headline was "Mapping the Infinitely Large Address Space of IPv6 Networks". Now it's been revised to remove the "infinitely large" phrase: "Mapping the Spectral Landscape of IPv6 Networks." So, if it seems like the comment doesn't make sense-- that's why.

Re: don't use ipv6

[jd]

It's why the original specification mandated encryption. Not at endpoints, but at tunnels. So neither your MAC address nor your data was ever visible.

Since you could set your MAC address, it wouldn't have mattered much anyway. You didn't own an IP address, you owned access to a router, or as many routers as you liked. Your IP was generated from the path and what you advertised.

Total anonymity and total privacy.

Re: don't use ipv6

[jd]

The only history that matters is IPng and IPv6 draft, prior to RFC status and then when IPSec is ratified.

But, then, you don't want history. You much prefer your pram.

Isp controlling your local address range is bad

[Joe_Dragon]

Isp controlling your local address range is bad for corp networking.

The only protocol

[jd]

That could claim infinite end points is TUBA, one of the other IPng contenders.

Re: natz r sikyoor

[jd]

With IPv6, your computer generates a universally unique ID that allows connections to be sent to your current hotspot.

Radvd allows the prefix to be attacged to your computer's suffix to make a unique IP address.

Dynamic DNS ensures that if your computer is named, the name is usable for your current hotspot endpoint.

MTU discovery ensures that there is zero fragmentation, so no problems with stateless firewalls.

Re:Infinity is larger than that

[arth1]

The fact that the mac address is part of the number

That's not a given. It may or may not be. For many auto-assigned IPv6 schemes, it is, but that's not the only way IPv6 addresses are assigned.

IPv4 is the bizarre one, not IPv6

IPv4 is optimized for low bandwidth. IPv6 is optimized for high bandwidth. That is the biggest difference apart from the memory address space.

IPv4 came out of a world of dialup. Data arrived slowly and the receiver could easily read byte by byte. This means optimization aims at minimizing the number of bytes in the header and this is done by adding conditional bytes. If a certain variable isn't needed for the header in question, don't add it.

IPv6 is optimized for a world with optic fiber. The header file now includes all data and unused variables are included with default values. While this wastes some bytes in each header, it makes it faster to decode a header, particularly if you just need a certain variable. This is ideal for high throughput routers, particularly in the internet backbone. It can read just the variables it needs to determine the routing for the package. In fact if you want, you can make custom hardware, which can read all the variables at the same time because it can be hardwired to assume the variables at certain bytes in the header buffer. This allows processing more headers each second, which in turn allows more packages, hence more data throughput. The content of the packages aren't processed other than counting as it matches the length variable from the header.

The difference between IPv4 and IPv6 essentially comes down to this and the extra address space. There are some other details that differs, but it's just that: details. IPv6 is not bizarre. If anything, IPv4 is the bizarre one with all the conditional lengths/offsets in the header layout.

To put it into programming perspective, IPv6 is a class with well defined get functions. IPv4 is a class with a bunch of get functions called getA, getB, getC etc and you end up with if getA() > 8, then a = getC() else a = getB(). Sure you can argue that you can use abstraction and make easy to use get functions, which does more than just reading an offset, but that's precisely the point. IPv6 reads one variable and returns it, IPv4 reads multiple variables and does some calculations to figure out which one to return.

Re: Plenty Bizarre about IPv6

[jd]

Most of that was to placate the unwashed hordes.

Real IPv6, the original specification, had one mode, autoconfigure. No DHCP, no static, just autoconfigure. There was no need for anything else.

(By the eay, IPv4 has RARP, BOOTP as well as static and DHCP, where DHCP may be static or dynamic. And unlike IPv6, you can't mix.)

It's the barbarians who refused the elegant simplicity and demanded to bring over IPv4 detrius that ruined that simplicity.

Real IPv6, original specification, had no fragmentation, no NAT, no forwarding boxes for mobility. Multihoming was one address on one virtual interface.

How much simpler can you get??!

Re: Plenty Bizarre about IPv6

[Darinbob]

Yup, IPv6 is straight forward. However you can't bring over your IPv4 toolbox unchanged. Having NAT with IPv6 is just meaningless and trying to shoehorn it is implies someone either doesn't understand networking or is just trying to retain the old way of doing things.

The biggest hurdle are all the consumer computers and networking equipment that don't use IPv6 by default. So an ISP can't just decide to turn on IPv6 and have it work w/o problems. So you need some translation from an IPv4 NAT to an IPv6 space because the customer boxes will be using IPv4 with NAT. But all of that should be treated as a *transition* phase needed to work in a dual-address world, it should not be treated as the end game.

Re:don't use ipv6

[jellomizer]

I was told to stop listening to the Rightwing media, Only people with agenda are conservatives who want to impose their ancient ideas on free Americans who want to grow.

Re:But instead of trying to colonize Mars...

[Dagger2]

No, we wouldn't have plenty of space. A v4 /8 is only 16 million addresses, and before RIR runout back in 2011 we were going through those /8s in less than a month each. Demand has only gone up since then, and it's reasonable to believe that a v4 /8 would be something around a two-week supply of IPs at today's usage rates. There are only maybe 20 or so /8s held by companies, so that would be less than a year worth of addresses. The v4 space is simply too small, no matter how you slice and dice it.

And don't worry; we did learn our lessons. You don't see anybody giving out /8s in v6, do you? Nobody is getting that large a fraction of the v6 space.

(Expanding TCP wouldn't be any help either. Our problem isn't TCP port numbers, which we have more than enough of; it's IP addresses.)