As I said, it's highly unlikely that the router will NAT between IPv6 and IPv4 since no one can agree one a good way to do it. I'm certainly not aware of any routers that support it out-of-the-box.
They aren't selling because the current RIR policies prohibit them from doing so. ARIN, APNIC and RIPE NCC are actively developing policies to allow address markets to form. There was an excellent video on this at the last APNIC meeting: http://www.apnic.net/meetings/26/program/ipv4/
IPv6 provides 79 trillion billion times more space and IPv4. Is that enough for you?
Most of the guidelines on IPv6 programming focus on using IP-version-agnostic interfaces, rather than writing IPv6-specific code. Take a look at getaddrinfo() and getnameinfo().
But, extending IP is non-trivial. You need to define a way to propogate the routes, to represent the addresses in DNS, and how to bind it to a variety of layer 2 protocols.
You must also ensure that all of the devices attached to the router support IPv6. And that all of the software on those devices support IPv6. That's far longer than a weekend task.
Btw, NATing between IPv4 and IPv6 is non-trivial. The IETF has been working on it for years, and hasn't come up with a good solution yet.
The policies for address markets are being developed by the RIRs. That will let the legacy class A holders sell off their unused addresses. The RIRS are also changing their IPv6 allocation policies to make it easier to obtain space. As for the Class E's, there have been a few proposals in the IETF to reclassify it for some sort of use. They probably won't be marked for public use, since so many devices are hard-coded not to allow them. But there is discussion about using them for large private networks.
There are many, many attacks which work despite NAT. And in some cases an attacker can still connect to NATted machine. NAT is not a security technology. This is not dogma. This is just reality.
There is no legal mechanism by which you can force the legacy class A holders to relinquish their space. The best you can do is to establish a trading mrket and hope they sell them. Likewise, there i no magic quick fix to use the class E space.
I don't think the v4 exhaustion date is going to be pushed back. If anything it's crept closer. We used to think wed be find until 2030. Now the estimates are 2012.
Repeat it until it sinks in. In some cases it is possible to tunnel through NAT routers. And there are several attacks that do not depend on the victim having a public IP address. If you want security, use a firewall, anti-virus and anti-spyware technology.
NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.
What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?
What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?
At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."
Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.
While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.
There's no business case if you don't care about growing your network. If you do, you need to care about IPv6, becuase in a few years, it's going to become increasingly difficult to get new public IPv4 addresses.
Actually, Microsoft supports IPv6 in several of its core products. IE, Outlook 2007, Windows Mail/Live Mail and Exchange 2007 support IPv6, as do many of the services in Windows 2008 (IIS, DHCPv6, DNS, POP, CIFS, LDAP, Kerberos, Remote Desktop). Some of these also have IPv6 support on Windows XP (IE, IIS, Remote Desktop, CIFS).
So you can query the root and.com DNS servers using IPv6. If you want Google to be reachable over IPv6, go talk to Google. Everything higher in the tree is IPv6-enabled now. And Google has an IPv6 allocation from ARIN - they got a/32 2005 - http://ws.arin.net/whois/?queryinput=!%20NET6-2001-4860-1
I agree that there isn't much content on the IPv6 internet now. So if you want it, yell at the content providers.
PostgreSQL has closed the speed gap that MySQL had over it years ago. And it's not just a matter of "fancy features" -- MySQL doesn't properly support the features that it does have. Any database that silently truncates data and silently corrupts table schemas is no database I want to use.
Actually, you probably wouldn't assign them static IPv6 addresses. It's much more likely that they would use IPv6 stateless address autoconfiguration (btw, www.ietf.org is an Ipv6-accessible site), to obtain an address automatically.
I've largely given up on Linux for precisely this reason. Barely anything is documented (are there man pages for anything in/proc or/sys ?). Coming from a BSD and Solaris background, I find this appalling on Linux.
Slashdot Mirror
And so which standard is it that allows you to translate between IPv6 and IPv4? You keep saying that it exists, but you've never pointed to an RFC.
I'm not confusing NAT and PAT. There was a nice writeup at ars technica recently about the IETF's efforts to define a v6/v4 NAT - http://arstechnica.com/news.ars/post/20081006-ietf-working-on-making-ipv6-and-ipv4-talk-to-each-other.html
As I said, it's highly unlikely that the router will NAT between IPv6 and IPv4 since no one can agree one a good way to do it. I'm certainly not aware of any routers that support it out-of-the-box.
Under current RIR policy, you do not own IP addresses. You simply lease the right to use them.
Under the current proposals, each customer will get at least one /64. Is 4 billion billion IPv6 addresses enough for you?
They aren't selling because the current RIR policies prohibit them from doing so. ARIN, APNIC and RIPE NCC are actively developing policies to allow address markets to form. There was an excellent video on this at the last APNIC meeting: http://www.apnic.net/meetings/26/program/ipv4/
IPv6 provides 79 trillion billion times more space and IPv4. Is that enough for you?
Most of the guidelines on IPv6 programming focus on using IP-version-agnostic interfaces, rather than writing IPv6-specific code. Take a look at getaddrinfo() and getnameinfo().
But, extending IP is non-trivial. You need to define a way to propogate the routes, to represent the addresses in DNS, and how to bind it to a variety of layer 2 protocols.
No. Upgrading the router is only the first step.
You must also ensure that all of the devices attached to the router support IPv6. And that all of the software on those devices support IPv6. That's far longer than a weekend task.
Btw, NATing between IPv4 and IPv6 is non-trivial. The IETF has been working on it for years, and hasn't come up with a good solution yet.
The FCC has no authority to dictate IPv6 usage in the US.
The policies for address markets are being developed by the RIRs. That will let the legacy class A holders sell off their unused addresses. The RIRS are also changing their IPv6 allocation policies to make it easier to obtain space. As for the Class E's, there have been a few proposals in the IETF to reclassify it for some sort of use. They probably won't be marked for public use, since so many devices are hard-coded not to allow them. But there is discussion about using them for large private networks.
My point, for the last time, is that none of the perceived security benefits of NAT actually exist.
This was true for early IPv6 routers, but most routers built in the past few years have IPv6 in hardware.
There are many, many attacks which work despite NAT. And in some cases an attacker can still connect to NATted machine. NAT is not a security technology. This is not dogma. This is just reality.
You cannot simply impose charges on allocations which have already been made. These sort of "simplistic" solutions are just non-sense.
There is no legal mechanism by which you can force the legacy class A holders to relinquish their space. The best you can do is to establish a trading mrket and hope they sell them. Likewise, there i no magic quick fix to use the class E space.
I don't think the v4 exhaustion date is going to be pushed back. If anything it's crept closer. We used to think wed be find until 2030. Now the estimates are 2012.
Repeat it until it sinks in. In some cases it is possible to tunnel through NAT routers. And there are several attacks that do not depend on the victim having a public IP address. If you want security, use a firewall, anti-virus and anti-spyware technology.
Not to mention fragmentation processing by routers.
NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.
What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?
What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?
At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."
Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.
While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.
China has already demanded it. China's new national network, CERNET2, runs IPv6 - http://www.chinadaily.com.cn/english/doc/2004-12/27/content_403512.htm.
There's no business case if you don't care about growing your network. If you do, you need to care about IPv6, becuase in a few years, it's going to become increasingly difficult to get new public IPv4 addresses.
Actually, Microsoft supports IPv6 in several of its core products. IE, Outlook 2007, Windows Mail/Live Mail and Exchange 2007 support IPv6, as do many of the services in Windows 2008 (IIS, DHCPv6, DNS, POP, CIFS, LDAP, Kerberos, Remote Desktop). Some of these also have IPv6 support on Windows XP (IE, IIS, Remote Desktop, CIFS).
The Airport Extreme only supports 6to4 tunneling. It doesn't handle IPv6 prefix delegation, and its IPv6 firewall is buggy from personal experience.
This is actually a very important step towards what you want. About two-thirds of the TLDs have authoritative servers which are reachable over IPv6. There's a complete list at my blog - http://www.personal.psu.edu/dvm105/blogs/ipv6/2008/01/ipv6-dns.html
.com DNS servers using IPv6. If you want Google to be reachable over IPv6, go talk to Google. Everything higher in the tree is IPv6-enabled now. And Google has an IPv6 allocation from ARIN - they got a /32 2005 - http://ws.arin.net/whois/?queryinput=!%20NET6-2001-4860-1
So you can query the root and
I agree that there isn't much content on the IPv6 internet now. So if you want it, yell at the content providers.
PostgreSQL has closed the speed gap that MySQL had over it years ago. And it's not just a matter of "fancy features" -- MySQL doesn't properly support the features that it does have. Any database that silently truncates data and silently corrupts table schemas is no database I want to use.
Actually, you probably wouldn't assign them static IPv6 addresses. It's much more likely that they would use IPv6 stateless address autoconfiguration (btw, www.ietf.org is an Ipv6-accessible site), to obtain an address automatically.
Agreed.
/proc or /sys ?). Coming from a BSD and Solaris background, I find this appalling on Linux.
I've largely given up on Linux for precisely this reason. Barely anything is documented (are there man pages for anything in