Transparent IPv6 with Linux?

David A. Madore asks: "Every once in a while, I decide to try out IPv6 (on my local PC network that isn't connected to the Internet). And every time I'm disappointed. Now that the kernel supports it, and libc (glibc 2.2.1) supports it, and that I've recompiled the net-tools with inet6 support (why doesn't RedHat do that by default, I'd like to know), I would expect to be able to type 'telnet ::1' and get a connection to localhost, prompto! Instead, I get '::1: Unknown host.' Isn't the whole point of' IPv6 support of the libc to make program support completely transparent? And isn't the whole point of dynamically linked libraries so that we get it without even having to recompile anything? Or am I being incomparably naïve here? Will we have to rewrite and recompile any network-aware program so as to get IPv6 support? By the way: How will X11 DISPLAY strings work with IPv6 ':0' is kindda confusing in relation with IPv6 addresses)? Can anyone clarify the matter?"

IPv6-awareness

[jd]

Sadly, yes, every network-aware application will need to have IPv6 support programmed into it, either directly (ugh!!) or via the extensions that are in the NRL library.

There -is- a way to get round that - an IPv4/IPv6 gateway - but that adds a lot of overhead and is not the way to fix broken apps.

There has been a LOT of discussion on URLs and X DISPLAY strings, as they would allow multiple interpretations of the IPv6 address. One possibility is to require fully-expanded addresses in those instances, another is to bracket the address somehow, so that it can be seperated. AFAIK, there's no real, universal consensus on this, at least not the last time I looked. There may be more of one, by now.

For Telnet, FTP, etc, go to ftp.inner.net and download the ported utils they have. I admit, the porting isn't the best code I've seen, but it does work, and'll give you a feel for what could be done.

If you want to try IPv6 properly, though, join the 6Bone and test your machine to the limits.

Re:IPv6-awareness

[jd]

Possibility A: They wanted something different, so that they could clearly identify backwards-compatiable addresses, such as ::127.0.0.1.

Possibility B: The IETF team -meant- ., but their secretary's finger slipped on the keyboard, and nobody had the heart to correct them.

Possibility C: It's a secret conspiracy by the IETF to promote their new online hypertext system, VVV, and their new GUI system, Y.

Possibility D: They forgot that other people were already using the symbol, and by the time they noticed, were too drunk/lazy/proud (delete as applicable) to correct it.

Re:Is IPv6 already done?

[jd]

DNS is done. Patches existed for BIND 4, and BIND 8 had support from the word go. It's messy, and reverse lookups are a horrible kludge, but it's there.

IPSEC is fairly well defined, and from the looks of it, Freeswan will be there soon. NRL has been there for a while, for BSD systems, I believe.

Routers are done - mrt is very usable, Bay has (or had, b4 they were taken over) an IPv6 router, as did Telebit. GateD is going slowly, but that's their fault for being obstinate and not opening the source. Cisco is getting there, and has been one of the cornerstones of the 6bone since it's inception. 3Com are working on it, but they are irrelevent anyway. Just ask any Borg.

About all that -really- needs to be done with IPv6 is for the masses to rise up and throw gummy fish at the backbone admins until they install it.

Re:Confusion

[devphil]

The latest (2nd) edition of _Unix Network Programming_ discusses IPv6. It's a really good introduction for somebody (like me) who knew jack-all about it to start with.

It's just technical enough that I can follow discussions about IPv6 implementation and management, but doesn't get into the really nasty details -- there are supposed to be other books for that, and _UNP_ has other topics to get to.

For the uninitiated, _Unix Network Programming, 2nd Edition_ is two or three volumes, all worth it, and written by the late W. Richard Stevens, Network God. RIP.

Re:IPv6-awareness- Where can I find info on 6bone?

[jd]

There's information on joining the 6Bone at:

• www.6bone.net
• www.ipv6.org

Your ISP can be running a cooked hamburger, as far as you're concerned. :) So long as you've an internet connection, the only requirement is that you set up a tunnel, connecting to some existing node on the 6bone. It's as easy as that. :)

Just e-mail the maintainer of the node, get the IPv4 address for their end-point, let them know the address for your end-point, configure SIT0 accordingly, and you're sorted.

(If you get a dynamic IP address, from your ISP, it's slightly more complex. The maintainer'll need to have some kind of script running, to automatically adjust the tunnel, according to what your new IP address is.)

Some notes on IPv6.

[Daneel]

There are a few things to be said about IPv6. The main thing is that IPv6 is still Beta. That means that it is being implemented and tested along the way. Everyone on the 6bone and alike knows this. Everyone getting an IPv6 number is told that they have to hand id back sometime, because the hand-out schemes are also being tested. And yes, they have already changed those hand-out schemes and addresses at least once.

Software vendors and network hardware vendors do not fully support it -- some will give software to you as an addon. But they do not support it. If you learn from it, great, but if it breaks, oh well, it isn't yet meant for production purposes anyway.

I think one of the main reasons RedHat doesn't ship with IPv6 enabled is that it is not yet supported everywhere. For example if you use things like sockaddr_in in your programs, you're hosed because it is IPv4 specific. And there are a lot programs that are IPv4 specific (not to mention 4-byte-copies to duplicate addresses). And checking all networking programs takes a lot of time. Not to mention fixing them and getting maintainers to support IPv6.

So this summs up to three important points:
1) IPv6 is development stuff and quite uncommon. So don't expect your average program to work.
2) It can be used very well to learn things on IPv6 and networking in general. That's also why 6bone started.
3) Because IPv6 is still beta and things, it isn't yet in very-easy to use packages with your favourite OS flavour. Also don't expect ISPs to support it. The larger ISPs are on the 6bone and might offer you a tunnel endpoint, but it's experimental for them too. So they probably don't want to invest too much time in it.

Oh, and for the people who still want to try IPv6, there is a good HOWTO on setting up IPv6 for Linux. If it's to technical, you don't want to try it on any operating system. If it's peanuts, you should help test IPv6 and help porting more applications :-)

That's all for now, Erik.

Apps

Your favorite applications almost definitely do not support IPv6.

The big lesson that the world should be learning from IPv6 (but isn't) is that most existing network applications are hopelessly dependent on the protocol they were written for. So, for example, the standard 'telnet' program you get in your favorite Linux distribution supports IPv4 *only*. It *will not* work with IPv6. If you feed it IPv6 addresses, it's not going to somehow magically work. The telnet program just does not know anything about IPv6, and nothing short of installing a new version of telnet or using elaborate and dangerous kluges is going to change that.

There are ways to build applications that can support -- within some reasonable constraints -- any protocol you throw at them. A lot of this centers around using protocol-independent APIs such as getaddrinfo() and being careful about how you code things. It's also possible to take most existing apps and retrofit this flexibility into them, though some apps are really poorly written and those are really hard to fix. Applications written that way will transparently just deal with IPv4, IPv6, or whatever else you feel like using.

However, a lot of the IPv6 implementors are just making applications support IPv4 OR IPv6 rather than making them support anything. This just means that if IPv6 doesn't happen (which is definitely possible) or if we all decide later to move to IPv7, we're going to have the same problems all over again.

Now, there are tricks such as proxies and NATs that can be used to allow an IPv4-only app to talk using IPv4 to some intermediate point that then relays the data over IPv6 to some far end. This works, sometimes, but it's exactly the kind of kluge that IPv6 exists to try to avoid.

Re:Important Things to do with IPV6

[mcc]

blah

yes, so your IPv6 adress WILL be static, possibly even on a dailup. This means that it may be easier for websites to track you without the use of cookies. It means if you get glined from an irc network you can't just logoff and log back on.

But it also means that you can host a web/ftp/etc server and have it be in the same location all the time; it also means you can buy a .com or .net or whatever domain name. Basically it means everything that having a static IPv4 adress meant.

This is not something that the IPv6 protocol makers should be worrying about. After all, if you'll remember, the entire point of the IPv6 standard is to create a system whereby everyone gets their own static IP. The privacy concerns are something that your ISP should be handling. Talk to them. And the ISP can handle this probably by setting up a system whereby you change your IP occationally if you want to; this is how some *dsl and cable providers handle the exact same privacy problems (since *dsl and cable also have static IPs).

But the fact is that a lot of people-- me, for instance-- would _want_ a static IP. And there's no real way that the people writing the IPv6 protocol _can_ do anything about privacy concerns arising from static IPs, since there's no system i can think of where you can't be tracked but can have a DNS name.. The ISP should be the one you should be complaining to.

Textual representation of IPv6 addresses

[XNormal]

There has been some concern over the use of thw ':' character in the text representation of IPv6 addresses - this could break some programs parsing addresses or especially URLs.

There is an internet draft which proposes the following native format:

instead of "ABCD:EF01::2345:10.9.8.7" use "ABCD-EF01--2345-10.9.8.7.ipv6" which contains only characters valid on a domain name and marks the with a pseudo-TLD of ".ipv6"


----

Not Linux's fault. Few apps coded with IPv6 compat

[Paradox]

The Linux Kernel actually supports IPv6 pretty well, from what I can see. What you're forgetting
is sysutils and the like DON'T always know about
IPv6 yet. For instance, I don't think telnet is protocol independant. So you really can't blame it.

Besides, an addr of ::1 probably isn't a good idea anyways, you're really asking for it. You should use IPv4 mapped IPv6 addresses like ::127.0.0.1 and the like.

For you coders out there, STOP using the old methods, inet_ntoa and inet_aton. These DON'T work! You need to use inet_pton (which are defined in to handle IPv6 properly, if at all. Read the prototype if you haven't already.)

It's a wise idea these days to develop network applications that are protocol independant. I see stuff that isn't coming out of freshmeat.net all the time.

It's usually a simple chore to patch source to be protocol independant, you just whip around a few different calls. Developers should take heed!
- Paradox
Man of the C!!!
perl -e "print join q( ), split(q.z. ,reverse qq;):zrekcahzlrepzrehtonaztey; );"