Nearly all new hardware supports IPv6. DOCSIS, fiber, etc... If your connection supports more than 40Mb/s, it's more that likely IPv6 capable. The entire USA back-bone has been IPv6 capable since 2005 and one of the major back-bone providers were IPv6 back in 2002.
The only thing left is for ISPs to activate and end-user routers/network to be upgraded. Most new computer hardware in the last 5 years supports IPv6, so it's just a matter of the NAT/routers. Most residential NATs that support more than 40Mb/s are IPv6. As people want to upgrade their routers to actually make use of their new 100/200/300Mb internet connections, they will naturally gain IPv6 full capabilities.
It's not all gloom and doom like you're putting on.
The biggest issue, like other have pointed out, is Layer3 switches that don't support IPv6 asic hardware. This kind of stuff will slow down small/medium businesses.
Almost as much work as IPv6. You would still have to change out ALL of the hardware in the world and still have to update ALL of the software. If it's going to be the same amount of large scale work, just do it correctly the first time.
Since blocks are hierarchical and sequential, it should be quite easy to block countries almost entirely. Don't like Russia/China connecting to you? Get their ranges.
He never mentioned anything about privacy, only about the 1 IP address comment. Tracking Ip address doesn't matter much anyway, except for geolocation. One's browser fingerprint is unique enough to track.
1 bil 64byte packets per second is almost 500Gbit/s, and that doesn't include the HTTP payload or the hand-shakes. You won't really need to worry about your IP addresses getting scanned until the average person has a 1Tb/s internet connection, even then you're talking about 500+years.
To make an effective scan of the first half of a/64, one would need ~54.5Pb/s of dedicated bandwidth between the two networks.
Boil it and kill lots of the nutrients?! Nah, just wash it off and nom nom nom. The fiber-ish stalks are surprisingly filling. I used to hate broccoli even a few years back, now I love it.
Quantum physics makes 100% never a reality for anything. The point is that given enough brain power, one could prove something is secure. Whether or not it's a good idea to assume something is 100% secure is a whole other issue.
It would be cheaper to purchase an advanced Layer3 1Gb/10Gb switch than to make a computer into a switch, not to mention better performance under load. Many L3 switches can do IPv4/6-routing + vLAN + ACL at full media speed on all ports at the same time
Where a computer competes for price and performance is an edge router, assuming only some 10Gb links. I don't think a computer could keep up with those high end 100Gb+ links when they're using custom hardware.
Hierarchical routing: 1234:: all go to the same route
IPv4 routing: 123.456.789.0 has a different route than 123.X.Y
Arin
> > "route table fragmented and inflated by IPv4"??? Let see:
> > IPv4 has 32 bits, IPv6 has 128bits. Which is going to inflate
> > the route table most? Each route is 4 times larger, and we
> > expect more IPv6 routes.
>
> We do? We've been consciously designing allocation policies so that the
> number of IPv6 routes per AS will be significantly lower than with IPv4.
> > I think it won't be long until IPv4 takes up a small fraction of
> > router memory: 200,000 IPv6 routes take up more memory than 200,000
> > IPv4 routes.
>
> Of course. However, if we have 200k IPv6 routes, one would expect 2M+
> IPv4 routes, and IPv4 will still end up taking more memory.
Many of the early adopter ISPs have been giving out/64s by default,/56s on request, and/48s if you can show need. The IPv6 recommendations are/56 by default.
He's saying that companies will just track the first 64bits. Privacy extensions and autoconfig only change the last 64bits. Since the destination network doesn't change, one can safely assume it's the same end-user. No different than tracking an IPv4 address with a NAT. You may not know which exact computer/person, but you can tell it's the same network.
All of my Datacenter admin friends told me how wonderful IPv6 is to setup and manage. They told me that they wish IPv4 would just die already. Large network admins love IPv6, other than the learning curve and setup, because routing is clean again.
Pseudo-code:
PasswordHash = SHA512(MergeArray(txtPassword.GetBytes(),Salt[]))
Where Salt[] is a Cryptographic.RNG.GetBytes(32), which is stored in the DB and generated new every time the password is set.
Nearly all new hardware supports IPv6. DOCSIS, fiber, etc... If your connection supports more than 40Mb/s, it's more that likely IPv6 capable. The entire USA back-bone has been IPv6 capable since 2005 and one of the major back-bone providers were IPv6 back in 2002.
The only thing left is for ISPs to activate and end-user routers/network to be upgraded. Most new computer hardware in the last 5 years supports IPv6, so it's just a matter of the NAT/routers. Most residential NATs that support more than 40Mb/s are IPv6. As people want to upgrade their routers to actually make use of their new 100/200/300Mb internet connections, they will naturally gain IPv6 full capabilities.
It's not all gloom and doom like you're putting on.
The biggest issue, like other have pointed out, is Layer3 switches that don't support IPv6 asic hardware. This kind of stuff will slow down small/medium businesses.
Extending an IPv4 stack to use 64 bit addressing
Almost as much work as IPv6. You would still have to change out ALL of the hardware in the world and still have to update ALL of the software. If it's going to be the same amount of large scale work, just do it correctly the first time.
Since blocks are hierarchical and sequential, it should be quite easy to block countries almost entirely. Don't like Russia/China connecting to you? Get their ranges.
He never mentioned anything about privacy, only about the 1 IP address comment. Tracking Ip address doesn't matter much anyway, except for geolocation. One's browser fingerprint is unique enough to track.
To me, the word "cloud" describes a type of service, but most marketing uses it to describe anything that involves the network.
1 bil 64byte packets per second is almost 500Gbit/s, and that doesn't include the HTTP payload or the hand-shakes. You won't really need to worry about your IP addresses getting scanned until the average person has a 1Tb/s internet connection, even then you're talking about 500+years.
/64, one would need ~54.5Pb/s of dedicated bandwidth between the two networks.
To make an effective scan of the first half of a
Boil it and kill lots of the nutrients?! Nah, just wash it off and nom nom nom. The fiber-ish stalks are surprisingly filling. I used to hate broccoli even a few years back, now I love it.
DEP and ASLR are like an ogre, I mean onion... uhggg... They add to security for a cheap price.
Quantum physics makes 100% never a reality for anything. The point is that given enough brain power, one could prove something is secure. Whether or not it's a good idea to assume something is 100% secure is a whole other issue.
More stable than water anyway.
Warmer climates seem to have more lazy people. If it gets cold and you don't have a home, you're not going to hand around. /s
DRM is logically insecure. Still waiting for you to disprove him.
We don't care about brute force, only rainbow tables. If your password is bruteforceable, that's your fault.
Thanks for the info. Never heard of them, but nice to know.
It would be cheaper to purchase an advanced Layer3 1Gb/10Gb switch than to make a computer into a switch, not to mention better performance under load. Many L3 switches can do IPv4/6-routing + vLAN + ACL at full media speed on all ports at the same time
Where a computer competes for price and performance is an edge router, assuming only some 10Gb links. I don't think a computer could keep up with those high end 100Gb+ links when they're using custom hardware.
Easy to claim it was a temporary address that you have no idea which machine/person used.
By default all your internal addresses will be blocked by the firewall on your router, so you will still have to enable them manually
UPNP. Same thing that opens ports on a NAT.
Last time my dept ask IT for some more ports, they gave us a 96port 1Gb chassis with a teamed 1Gb fiber uplink. Time for a new IT dept.
Hierarchical routing: 1234:: all go to the same route
IPv4 routing: 123.456.789.0 has a different route than 123.X.Y
Arin
> > "route table fragmented and inflated by IPv4"??? Let see:
> > IPv4 has 32 bits, IPv6 has 128bits. Which is going to inflate
> > the route table most? Each route is 4 times larger, and we
> > expect more IPv6 routes.
>
> We do? We've been consciously designing allocation policies so that the
> number of IPv6 routes per AS will be significantly lower than with IPv4.
> > I think it won't be long until IPv4 takes up a small fraction of
> > router memory: 200,000 IPv6 routes take up more memory than 200,000
> > IPv4 routes.
>
> Of course. However, if we have 200k IPv6 routes, one would expect 2M+
> IPv4 routes, and IPv4 will still end up taking more memory.
Many of the early adopter ISPs have been giving out /64s by default, /56s on request, and /48s if you can show need. The IPv6 recommendations are /56 by default.
He's saying that companies will just track the first 64bits. Privacy extensions and autoconfig only change the last 64bits. Since the destination network doesn't change, one can safely assume it's the same end-user. No different than tracking an IPv4 address with a NAT. You may not know which exact computer/person, but you can tell it's the same network.
Once your local network is compromised, it all goes to hell in a hurry.
Everything you point out as "bad" about IPv6 is the same or worse for NAT.
All of my Datacenter admin friends told me how wonderful IPv6 is to setup and manage. They told me that they wish IPv4 would just die already. Large network admins love IPv6, other than the learning curve and setup, because routing is clean again.
I don't use SHA1
Pseudo-code:
PasswordHash = SHA512(MergeArray(txtPassword.GetBytes(),Salt[]))
Where Salt[] is a Cryptographic.RNG.GetBytes(32), which is stored in the DB and generated new every time the password is set.
Using the software isn't the issue, it's changing the software.