HTTP only supports one active stream over TCP or SSL/TLS, SPDY is a proposal to allow HTTP over TCP or SSL/TLS to support multiple streams: http://www.chromium.org/spdy/spdy-whitepaper
I'm guessing only multiple HTTP streams over SSL/TLS will be very backward compatibility with the existing internet.
Thus soon, https (thus SSL/TLS) with the SPDY extension may even be faster to load your webpage than normal HTTP.
Congestion, route changes, blackholes, etc. also makes for unreliable networks. I don't think we want to change it. This is just a discussion about making slow start start with a larger window.
Well, not really. They created a draft RFC which says, we can all do this. Because Google has a lot of visitors on their sites and they tested, monitored and analyzed this and wrote a paper about it.
It being, that current connections have enough bandwidth to justify making an other change to the standard. Instead of the old initial window of 3 or 4 (which has been raised before from 1 or 2) they propose to make it 9 or 10.
One of the reasons they say is, because current browsers (read: that is not IE6 or IE7) already open 6 connections per domain when downloading parts of a webpage. Which is more then the number of packets involved with a higher initial window of 10.
Their currently is one IPv6-DNS-blocklist, they use something like: 5 bad IP's in one/64, block the whole/64, 5 bad/64 block the whole/48. Or some system like that.
The idea was that if regions had their own range you could just agregate everything in that region (use 1 large IP-block to represent many smaller ones). For example an other continent.
This would safe memory and CPU-time on routers.
It was a nice idea, but it doesn't work in real life. In real life large networks span the globe and similair problems.
Actually it does support TLS, it just doesn't support SNI. Or actually IE and Safari only, because they use the windows library. Firefox and Chrome use the library first developed at Netscape and Opera uses OpenSSL.
But as SNI is the part that adds 'Namebased virtual hosts' to TLS, the result is the same as you mentioned. Everything that wants to use a certificate still needs it's own IPv4-address (and/or IPv6 address) for now.
IPv4 will last us about one and half year. IPv4 will run out next year, the regional registries (RIR's) will run out a number of months later and if you are lucky your provider still has some new IPv4 addresses left for his new customers.
Then your provider can only get new addresses for money from other providers/organisations which want to sell them for money.
The following will happen, first for new customers and eventually for all existing customers.
When we get to a point where your access-provider does not have enough IPv4-addresses you will just get a private IPv4-address through DHCP instead of your public IPv4-address. Probably in the 10.0.0.0/8 range.
You will be stuck behind an IPv4 NAT which sits in the provider network, not at your home. That NAT will be congested, it will be slow.
This means probably no online games and no P2P on IPv4 for you (and other things will break too).
You will however get a complimentary IPv6-block of a size which is atleast a/64, which is has more addresses then the whole IPv4-range.
At the time when this happends, your OS will have IPv6-support and IPv6 will probably be enabled on most of the websites, mailservers and what not. You might need to replace your modem or router though. Maybe you will get a new one from your provider, maybe not, depends on your arraignment.
(kind of useful version of IPv6 in Windows since XP, useful in Windows Vista/7, Mac OS X had the last update recently to fix the last issue, Linux has no problems, even things like Network Manager supports it)
A real IPv4-address will be a privilege (read: you pay extra).
Or when you do what to play games, you might need to get a VPN to somewhere else and pay extra for that service/IP-address.
So when you are stuck behind a IPv4 NAT, websites which don't add IPv6 will also be slow.
When we really run out, I think you all just want to use IPv6 like it was intended.
Slashdot Mirror
HTTP only supports one active stream over TCP or SSL/TLS, SPDY is a proposal to allow HTTP over TCP or SSL/TLS to support multiple streams:
http://www.chromium.org/spdy/spdy-whitepaper
I'm guessing only multiple HTTP streams over SSL/TLS will be very backward compatibility with the existing internet.
Thus soon, https (thus SSL/TLS) with the SPDY extension may even be faster to load your webpage than normal HTTP.
I think you meant:
ip route change default via $GW dev eth0 initcwnd 10
Where $GW is your default gateway.
Yes, 10 has been recommend as the new initial window:
http://tools.ietf.org/html/draft-hkchu-tcpm-initcwnd-01
Their is also a draft here:
http://tools.ietf.org/html/draft-ietf-tcpm-initcwnd-00
The testing and analyzing is here:
http://code.google.com/speed/articles/tcp_initcwnd_paper.pdf
Congestion, route changes, blackholes, etc. also makes for unreliable networks. I don't think we want to change it. This is just a discussion about making slow start start with a larger window.
Well, not really. They created a draft RFC which says, we can all do this. Because Google has a lot of visitors on their sites and they tested, monitored and analyzed this and wrote a paper about it.
It being, that current connections have enough bandwidth to justify making an other change to the standard. Instead of the old initial window of 3 or 4 (which has been raised before from 1 or 2) they propose to make it 9 or 10.
One of the reasons they say is, because current browsers (read: that is not IE6 or IE7) already open 6 connections per domain when downloading parts of a webpage. Which is more then the number of packets involved with a higher initial window of 10.
http://code.google.com/speed/articles/tcp_initcwnd_paper.pdf
http://tools.ietf.org/html/draft-ietf-tcpm-initcwnd-00
It actually is already a step further then that, they have a draft RFC:
http://tools.ietf.org/html/draft-ietf-tcpm-initcwnd-00
That is a special range, I don't think their will be a similair policy set up for all the IPv4 internet.
I've seen a similair proposal from RIPE for the last /8. I don't think it got excepted.
Yes, that is the workaround, but it really is a workaround. It takes a lot of coordination with the CA.
What is the difference for IPv6 ?
Their currently is one IPv6-DNS-blocklist, they use something like: 5 bad IP's in one /64, block the whole /64, 5 bad /64 block the whole /48. Or some system like that.
Or do you mean their isn't enough tooling yet ?
Who cares if people use more addresses ? We are going to run out of IPv4 anyway and it will happen 'fast' or faster.
The idea was that if regions had their own range you could just agregate everything in that region (use 1 large IP-block to represent many smaller ones). For example an other continent.
This would safe memory and CPU-time on routers.
It was a nice idea, but it doesn't work in real life. In real life large networks span the globe and similair problems.
You use IPv6 (only the VPN-concentrators/boxes and your router need to support it).
IPv6 is what you get together with your private IPv4-address (or you pay extra for a 'real' IPv4 address).
I know and I don't see it changing anytime soon.
Actually it does support TLS, it just doesn't support SNI. Or actually IE and Safari only, because they use the windows library. Firefox and Chrome use the library first developed at Netscape and Opera uses OpenSSL.
But as SNI is the part that adds 'Namebased virtual hosts' to TLS, the result is the same as you mentioned. Everything that wants to use a certificate still needs it's own IPv4-address (and/or IPv6 address) for now.
Sure I have, /22, /23 are used all over the place.
But I doubt anyone would except your announcement if it was a /25.
This is what I said mentioned below: http://tech.slashdot.org/comments.pl?sid=1890282&cid=34398628
It's called dual stack, you have both IPv4 and IPv6. You have more internet then people which only have IPv4. :-)
IPv4 will last us about one and half year. IPv4 will run out next year, the regional registries (RIR's) will run out a number of months later and if you are lucky your provider still has some new IPv4 addresses left for his new customers.
Then your provider can only get new addresses for money from other providers/organisations which want to sell them for money.
The following will happen, first for new customers and eventually for all existing customers.
When we get to a point where your access-provider does not have enough IPv4-addresses you will just get a private IPv4-address through DHCP instead of your public IPv4-address. Probably in the 10.0.0.0/8 range.
You will be stuck behind an IPv4 NAT which sits in the provider network, not at your home. That NAT will be congested, it will be slow.
This means probably no online games and no P2P on IPv4 for you (and other things will break too).
You will however get a complimentary IPv6-block of a size which is atleast a /64, which is has more addresses then the whole IPv4-range.
At the time when this happends, your OS will have IPv6-support and IPv6 will probably be enabled on most of the websites, mailservers and what not. You might need to replace your modem or router though. Maybe you will get a new one from your provider, maybe not, depends on your arraignment.
(kind of useful version of IPv6 in Windows since XP, useful in Windows Vista/7, Mac OS X had the last update recently to fix the last issue, Linux has no problems, even things like Network Manager supports it)
A real IPv4-address will be a privilege (read: you pay extra).
Or when you do what to play games, you might need to get a VPN to somewhere else and pay extra for that service/IP-address.
So when you are stuck behind a IPv4 NAT, websites which don't add IPv6 will also be slow.
When we really run out, I think you all just want to use IPv6 like it was intended.
No that did not happen.
Their is no IPv6-regions you speak of, this was an idea which was never implemented.
I think it is 10% of the provider networks, but it's higher when you are talking about transit providers (what some people call Tier 1 or Tier 2).
Why in the end we will have to move to IPv6 ? Why not now ?
Sorry, but I think providers will only interrested in blocks of 256 (/24), they are the the smallest blocks that are routable.
Does she do IPv6 too ? ;-)
Thanks for letting me know