Actually, I can think of a lot of fun stuff that I can do with subnets and NAT, but a lot of public IPs would not be as useful.
Why not write about them here so we might debate useful approaches?
Why would someone design it so that/64 is the smallest supported subnet?
You can make smaller subnets, but you can not take advantage of the features that assume the client can autogenerate 64 bits of address from the MAC address. So you lose autoconf and privacy extensions. But you could use DHCPv6 instead of autoconf and maybe privacy extensions is not high on your priorities.
The reason they made the 64 bit subnet requirement originally was so you could use a 64 bit word to make routing decisions. I bet it is an artifact of design by committee. Somebody wanted 128 bit address others thought it was too much, they compromised on using only the first half for routing. But that is only a guess. As I said I do not know of any software or equipment that actually enforces this restriction.
Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
Not for me.
That is possible, but for most people many unique public addresses wins. I believe very few are using subnets. Some are using layered NATs but mostly because that is the default on many wireless routers and not because they made a decision about it.
I would think it likely that you too do not really need subnetting but of course there are cases were routing is preferable over switching. Which is why everyone is supposed to get a/48 or at least a/56.
IPv6 replaces broadcasts with multicast and implements multicast on an ethernet level so a proper network does not propagate multicast packets to ports with no subscribers to that multicast group. This means you might not see more traffic on a switched network versus a routed network.
There is nothing in the design of IPv6 that says "No transparent proxies, no subnets, no normal port forwarding". Anything that can be done with IPv4 can of course also work with IPv6. There are just nobody that have implemented NAT for IPv6 yet. Probably because nobody thinks it is needed enough that they want to spend time implement such a thing.
Will every ISP give their customers a/56? Of course not, there are always some asshats out there. But most will probably do that, since that is how it is supposed to be according to the standard. Without extra pay yes.
In the end, if you happen to be on a ISP that only gives one/64 to you, you still won out. One IP with NAT and ability to subnet your internal network versus 2^64 IPs without NAT and subnets, the later wins. Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
I work in a small office. You know what the reply I get when I ask for someone's IP address sounds like? "16"
You still get that. Your IP will be something like 2001:db8:12:34::16. The part before:: is the same for everyone on your network so no need to repeat that. Also autoconf might create unwieldy ugly addresses, but you can use DHCPv6 instead and have nice easy addresses like "16" if that is what you want.
If we change offices, only one place needs to know the new IP, and nothing else needs to change:
You also get that. You change the prefix on your router and all machines follows automatically. Easy renumbering was a design requirement for IPv6.
Wait, so you cannot do subnets like in IPv4? You actually have to use the whole huge address space for a single subnet and if you want another one, beg the ISP to give it to you?
Yes and no. Each network should be/64 and in fact equipment is not required to be able to route smaller subnets. But most equipment and operatingsystems do in fact allow you to make smaller subnets anyway. If you do, there are some stuff that will no longer work, such as autoconfig.
To stay sane you should keep to/64 networks. If you have a good ISP they will give you multiple/64 networks in the form of a/56 or even/48 prefix. If you have a not so good ISP your best cause of action is to forget about subnetting and just run a fully switched network. IPv6 has mechanisms that limits broadcasts so that is not so bad.
How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?
Ok, not a word about NAT.
Think about it.
I am thinking.
Let's say I set up my company with link local addresses.
You will not. Link local address is something every IPv6 interface has. You can use to communicate with other hosts on the same ethernet segment. You can not use it for communicating with the internet at large.
IPv6 forbids NAT on routers and firewalls.
It does no such thing. However nobody has bothered implementing NAT (sorry I said the word) on IPv6. I am sure someday somebody will but few will use it.
So how are my hosts going to talk to the Internet?
The minimum subnet size an ISP can assign to a customer is a/64 giving you 2^64 unique IP addresses you can distribute among your computers. In fact, your computers will pick up the prefix (the first 64 bit) from the router and then select the last 64 bit automatically. You will not have to do anything, it will just work.
Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?
I assume you are asking how it is accomplished _without_ NAT. You are confused about link local addresses. Those are not generally something you will be using. Your computers will get the first half of the IP address from the router and it will make up the last half by using your MAC or by random. All your computers will have unique public IP addresses. Since your computer already has a public IP address there is no need to translate it to something different by NAT.
NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.
You are assuming you only have one address. In fact you will have a minimum of 2^64 addresses. The ISP only needs the first 64 bit of the address to route it back to you. The last 64 bit is handled internally on your network. If you insist, you could say the first 64 bit is your "summarized address".
I do not know why you need a private subnet. Just use the link local address that you just bitched about if you want an address that does not change.
But if you do want a private subnet, please take a clue and stay away from using fc00::/64. That is wrong. You need to pick up a random subnet in the range. Here is a tool that will do it for you: http://bitace.com/ipv6calc/
Please clarify what you mean by forever. The IPv4 to IPv6 mapping is forever. Nobody is going to come and steal away that little 32 bit slice of the v6 address space.
Incidentally a v6 address is four 32 bit values (=128 bit).
You can reach any v4 host from v6 using this mapping using NAT64. And you will be able to do that as for as long anyone cares to keep the v4 net alive together with a NAT64 gateway.
Choosing stack? You go with the v4 stack if you want to talk to a v4 address. And the v6 stack if your peer has a v6 address. Doh. There is no choice here. If you have a single stack v6 system, the NAT64 will have translated all v4 address to v6 address for you, so you only know about v6 addresses and again no choice.
No, there is not actually any way v6 could have been constructed in a different way that would have made the ISPs of the world adopt it sooner. They will adopt when forced to, no sooner, no matter how it works.
There is no problem of v6 accessing the v4 network. Only the problem of non-upgraded stack accessing the new network. Your way has exactly the same problem. Old machines do not understand addresses outside the original 32 bit range and can not access them. In fact, your way is worse since it prevents any communication between old and new, which is a common error for people trying to propose their own v6 protocol.
I have never tried it, but I have a feeling you will get a lot of complications if you were to disable the IPv4 stack on your computer or router. Application support for IPv6 is far from complete.
NAT64 has to do some evil things that *I* would mind. I don't want anyone to mess with my DNS lookups. I want to be able to accept inbound connections. And probably more stuff that I don't know about as I never had the ill fortune to deal with NAT64:).
For this and other reasons, I believe dual stack is the solution and that it is not actually a big bother for the ISP nor the customer.
How is hardware based routing related to the original claim, which was that 32-bit CPUs take longer to route IPv6 than IPv4 packets because 128 bit address will not fit into a register while a 32 bit address will?
Nothing can help if your Cisco Catalyst 4006 has IPv4 encoded into silicon, but it will be easier to create its successor. They simplified a lot of stuff in IPv6, including removing CRC and requirement for a router to handle fragmentation.
There is very little excuse for Cisco to have delivered a high end switch without a fully optimized IPv6 stack this close to the end of IPv4.
As for the end user equipment, these do not have hardware assisted routing. They are just a cheap CPU that has to handle everything from routing to NAT lookups. This CPU will have a lot less work to do in a IPv6 setup.
You can't just make sure it has IPv6 support "built in" (what is this, a house?) because many devices sold as being IPv6 ready take multiples as long to route a packet, not least because they have 32-bit processors and they cannot accomodate a calculation on an IPv6 address in a single cycle. You have to actually be sure the hardware can handle your IPv4 traffic if you converted it to IPv6.
This is false. It takes much less CPU to route IPv6 because they removed CRC checking from the header, so your router does neither need to verify a CRC or recalculate it. It also does not need to perform NAT duties.
People could have been doing that but they didn't. So here we are.
Problem was it greated more work without benefit. You had to do IPv4 *and* v6. NAT64 changes that. Now I wouldn't mind my ISP taking away my IPv4 and giving me an IPv6 subnet instead, so long as they provide a decent, nearby NAT64 gateway.
Of course you would mind. You very likely have a router that is not IPv6 ready, so this would be cutting you off the net until you buy a new one. The only fair way for your ISP would be to provide you with both old and new for a period, which means that they would have to do both IPv4 and IPv6 no matter how you turn it.
Dual stack is actually not a very large hassle. A lot of people have it without knowing it. Wikimedia has a stat that shows about 34% of Windows 7 users visiting the english wikipedia site have a working dualstack IPv6 connection (using tunneling, not native IPv6). How many do you think even realize they already have IPv6? I bet a large number of people taking part in this debate got it without knowing it.
The new IPv6 world could see the old IPv4 world. That sounds rather like backward compatibility to me, indeed, the very definition of.
Ok. But they can through a mechanism known as NAT64 which basically is exactly what you propose. But I predict dual stack will be more popular. In any event, this is not what has been holding IPv6 back.
It is actually mapped to both::/96 and::ffff:0/96 with the first option being depricated now, se historical notes on the ipv6 address page on wikipedia.
In practice neither is very useful except in a program that wants to use one data structure to store both v4 and v6 addresses.
IPv6 is great, but they could have solved the problem far more elegantly 10 years ago.
Add two octets to the front of v4. Solved after a firmware flash. Any existing IP becomes 1.0.x.x.x.x If a router encounters a x.x.x.x address, it just appends 1.0 to the front. The old internet and the new internet would have run side by side - for the most part working fine until everyone had updated their firmware.
Sure, it's not the engineering solution v6 is, but it would have been in use long ago.
They did this. Except they added 12 octets in front of v4 and mapped existing v4 addresses to 0.0.0.0.0.0.0.0.0.0.0.0.x.x.x.x.
And the old and new internet runs side by side currently and we are just waiting for everyone to update their firmware.
What I don't get is why the people who came up with IPv6 didn't make the upgrade path easier? Obviously I'm missing something, but what if (for the sake of argument) they had decided that the first 'n' IPv6 addresses would correspond to the complete set of IPv4 addresses, and all IPv6 routers, etc, would understand that one of the first IPv6 addresses meant 'route the traffic to the corresponding IPv4 address'. Could that have been done?
This is the way it is. The first 4 billion IPv6 addresses maps to the entire IPv4 address space.
If so, then people could have been upgrading to IPv6 over the last 10 years as opportunities arose (ie as old equipment needed replacing they'd have replaced with the IPv6 option) and still have been able to see the IPv4 world. As more w/s moved to IPv6 only there would be a compelling reason for more people to follow suit...
People could have been doing that but they didn't. So here we are.
Or am I completely missing something that would have made this impossible?
Yes, just mapping between IPv4 and IPv6 using this mechanism does not make it possible for your old IPv4 host to communicate with a IPv6 host using an address outside the 4 billion address space supported by IPv4. So what you describe is not actually backwards compability.
The real compability is called "dual stack" meaning all IPv6 hosts also have IPv4. As we are running out of IPv4 this might be using NAT to conserve addresses. People have been doing dual stack for a decade now, but just not enough. It is said about 0.5% of the traffic is on IPv6.
Your ISP was supposed to give you an IPv6 address along with your IPv4 address 10 years ago. But they didn't.
Your OS provider was supposed to make your OS support dual stack 10 years ago. They actually did.
Your router provider was supposed to make your router dual stack capable 10 years ago. They didn't.
Your software provider was supposed to implement dual stack support 10 years ago. To a large extend they did, but some programs are still lacking here.
Of course, if they for business reasons want to restrict you to just one host there are ways to do that. But it probably wont be by restricting subnet size. More likely they will still give you the/64 subnet but put up a firewall rule that only allows traffic to one of your gazillion addresses.
And...if they did this, the functional difference between that and what I described is?
There are also ways to detect NAT and bill you extra for breaking the terms and conditions you agreed to.
But then, in this country I don't know of one single ISP that is limiting you to one computer. It is probably a practice that does not survive in a competive market.
This is bullshit. Every single ISP I know that offers IPv6 service today delegates a prefix. All the ones I know that are preparing commercial IPv6 services will be delegating prefixes.
I see. And are those the majority of carriers, or just the early adopters? And, assuming the latter, is it at all possible that the prefixes are there to incentivize you to make the switch (and thereby help them test it)?
A lot of stuff does not work correctly if you do not get at least a/64 subnet assigned. A IPv6 host is actually not required to be able to function on a subnet smaller than this. For this reason every ISP on the planet will assign you at least a subnet with 2 lifted to the power of 64 addresses. More than you can ever dream of.
Of course, if they for business reasons want to restrict you to just one host there are ways to do that. But it probably wont be by restricting subnet size. More likely they will still give you the/64 subnet but put up a firewall rule that only allows traffic to one of your gazillion addresses.
But for the time dual stack is a more likely deployment option. If you are doing dual stack you are probably using plain old DHCP to assign IPv4 including DNS information.
Linux will happily pick up the IPv4+DNS from DHCP and the IPv6 address from stateless autoconfig.
Do you really need DNS to thousands of hosts? A normal PC on your corporal network should just get an IP using autoconf or DHCP exactly like it has always been done. Renumbering is just updating the DHCP server.
Servers yes, they need renumbering. But it is an easy task since you only need to change the prefix part of the address. If you use DHCP to assign addresses to your servers, this will also be a simple one line change to your DHCP server. Otherwise you could probably script the change.
There is also the option of using site local addresses if you really need to. This will allow you to assign addresses that will never change for internal use, and then in additional also assign DHCP/autoconf addresses for communicating with the rest of the internet.
And just to pre-empt anyone who argues it is too difficult for a non-geek to flash DDWRT onto a home router, remember that all Buffalo routers come with DDWRT as the factory default firmware, so actually you don't have to flash anything to get a home router with DDWRT and IPv6.
Only thing is that IPv6 support in DD-WRT sucks. I know, I am using it.
On my office network I got a tunnel til HE. The tunnel setup works, but the RADVD config is broken, so I had to do it manually. It is not something the average John Doe would have accomplished.
On my home network the ISP actually provides me with native IPv6. There is ZERO support for that in DD-WRT. Nothing. Zip. I made it work by using custom commands in the startup scripts and cheating a lot (how do you make a DHCP6-PD prefix request with no dhcp6 client?).
Slashdot Mirror
Actually, I can think of a lot of fun stuff that I can do with subnets and NAT, but a lot of public IPs would not be as useful.
Why not write about them here so we might debate useful approaches?
Why would someone design it so that /64 is the smallest supported subnet?
You can make smaller subnets, but you can not take advantage of the features that assume the client can autogenerate 64 bits of address from the MAC address. So you lose autoconf and privacy extensions. But you could use DHCPv6 instead of autoconf and maybe privacy extensions is not high on your priorities.
The reason they made the 64 bit subnet requirement originally was so you could use a 64 bit word to make routing decisions. I bet it is an artifact of design by committee. Somebody wanted 128 bit address others thought it was too much, they compromised on using only the first half for routing. But that is only a guess. As I said I do not know of any software or equipment that actually enforces this restriction.
Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
Not for me.
That is possible, but for most people many unique public addresses wins. I believe very few are using subnets. Some are using layered NATs but mostly because that is the default on many wireless routers and not because they made a decision about it.
I would think it likely that you too do not really need subnetting but of course there are cases were routing is preferable over switching. Which is why everyone is supposed to get a /48 or at least a /56.
IPv6 replaces broadcasts with multicast and implements multicast on an ethernet level so a proper network does not propagate multicast packets to ports with no subscribers to that multicast group. This means you might not see more traffic on a switched network versus a routed network.
There is nothing in the design of IPv6 that says "No transparent proxies, no subnets, no normal port forwarding". Anything that can be done with IPv4 can of course also work with IPv6. There are just nobody that have implemented NAT for IPv6 yet. Probably because nobody thinks it is needed enough that they want to spend time implement such a thing.
Will every ISP give their customers a /56? Of course not, there are always some asshats out there. But most will probably do that, since that is how it is supposed to be according to the standard. Without extra pay yes.
In the end, if you happen to be on a ISP that only gives one /64 to you, you still won out. One IP with NAT and ability to subnet your internal network versus 2^64 IPs without NAT and subnets, the later wins. Subnetting a residential connection has limited utility but unique public addresses for every computer and device is tremendious useful.
I work in a small office. You know what the reply I get when I ask for someone's IP address sounds like?
"16"
You still get that. Your IP will be something like 2001:db8:12:34::16. The part before :: is the same for everyone on your network so no need to repeat that. Also autoconf might create unwieldy ugly addresses, but you can use DHCPv6 instead and have nice easy addresses like "16" if that is what you want.
If we change offices, only one place needs to know the new IP, and nothing else needs to change:
You also get that. You change the prefix on your router and all machines follows automatically. Easy renumbering was a design requirement for IPv6.
Wait, so you cannot do subnets like in IPv4? You actually have to use the whole huge address space for a single subnet and if you want another one, beg the ISP to give it to you?
Yes and no. Each network should be /64 and in fact equipment is not required to be able to route smaller subnets. But most equipment and operatingsystems do in fact allow you to make smaller subnets anyway. If you do, there are some stuff that will no longer work, such as autoconfig.
To stay sane you should keep to /64 networks. If you have a good ISP they will give you multiple /64 networks in the form of a /56 or even /48 prefix. If you have a not so good ISP your best cause of action is to forget about subnetting and just run a fully switched network. IPv6 has mechanisms that limits broadcasts so that is not so bad.
I can't remember fe80::7c7e:2fb8:12e6:63a%10 - and it's nauseating to look at.
That is a link local address and useless. Your real address is going to look like 2001:db8:34::2. Not so bad.
How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?
Ok, not a word about NAT.
Think about it.
I am thinking.
Let's say I set up my company with link local addresses.
You will not. Link local address is something every IPv6 interface has. You can use to communicate with other hosts on the same ethernet segment. You can not use it for communicating with the internet at large.
IPv6 forbids NAT on routers and firewalls.
It does no such thing. However nobody has bothered implementing NAT (sorry I said the word) on IPv6. I am sure someday somebody will but few will use it.
So how are my hosts going to talk to the Internet?
The minimum subnet size an ISP can assign to a customer is a /64 giving you 2^64 unique IP addresses you can distribute among your computers. In fact, your computers will pick up the prefix (the first 64 bit) from the router and then select the last 64 bit automatically. You will not have to do anything, it will just work.
Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?
I assume you are asking how it is accomplished _without_ NAT. You are confused about link local addresses. Those are not generally something you will be using. Your computers will get the first half of the IP address from the router and it will make up the last half by using your MAC or by random. All your computers will have unique public IP addresses. Since your computer already has a public IP address there is no need to translate it to something different by NAT.
NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.
You are assuming you only have one address. In fact you will have a minimum of 2^64 addresses. The ISP only needs the first 64 bit of the address to route it back to you. The last 64 bit is handled internally on your network. If you insist, you could say the first 64 bit is your "summarized address".
I do not know why you need a private subnet. Just use the link local address that you just bitched about if you want an address that does not change.
But if you do want a private subnet, please take a clue and stay away from using fc00::/64. That is wrong. You need to pick up a random subnet in the range. Here is a tool that will do it for you: http://bitace.com/ipv6calc/
They don't really have a choice. It is a requirement in the protocol that they assign you at least a /64 subnet.
The time of selling extra IPs are gone with IPv6.
Please clarify what you mean by forever. The IPv4 to IPv6 mapping is forever. Nobody is going to come and steal away that little 32 bit slice of the v6 address space.
Incidentally a v6 address is four 32 bit values (=128 bit).
You can reach any v4 host from v6 using this mapping using NAT64. And you will be able to do that as for as long anyone cares to keep the v4 net alive together with a NAT64 gateway.
Choosing stack? You go with the v4 stack if you want to talk to a v4 address. And the v6 stack if your peer has a v6 address. Doh. There is no choice here. If you have a single stack v6 system, the NAT64 will have translated all v4 address to v6 address for you, so you only know about v6 addresses and again no choice.
No, there is not actually any way v6 could have been constructed in a different way that would have made the ISPs of the world adopt it sooner. They will adopt when forced to, no sooner, no matter how it works.
There is no problem of v6 accessing the v4 network. Only the problem of non-upgraded stack accessing the new network. Your way has exactly the same problem. Old machines do not understand addresses outside the original 32 bit range and can not access them. In fact, your way is worse since it prevents any communication between old and new, which is a common error for people trying to propose their own v6 protocol.
I have never tried it, but I have a feeling you will get a lot of complications if you were to disable the IPv4 stack on your computer or router. Application support for IPv6 is far from complete.
NAT64 has to do some evil things that *I* would mind. I don't want anyone to mess with my DNS lookups. I want to be able to accept inbound connections. And probably more stuff that I don't know about as I never had the ill fortune to deal with NAT64 :).
For this and other reasons, I believe dual stack is the solution and that it is not actually a big bother for the ISP nor the customer.
Linksys WRT600 and E3000 have IPv6. It seems manufacturers are starting to implement it.
How is hardware based routing related to the original claim, which was that 32-bit CPUs take longer to route IPv6 than IPv4 packets because 128 bit address will not fit into a register while a 32 bit address will?
Nothing can help if your Cisco Catalyst 4006 has IPv4 encoded into silicon, but it will be easier to create its successor. They simplified a lot of stuff in IPv6, including removing CRC and requirement for a router to handle fragmentation.
There is very little excuse for Cisco to have delivered a high end switch without a fully optimized IPv6 stack this close to the end of IPv4.
As for the end user equipment, these do not have hardware assisted routing. They are just a cheap CPU that has to handle everything from routing to NAT lookups. This CPU will have a lot less work to do in a IPv6 setup.
You can't just make sure it has IPv6 support "built in" (what is this, a house?) because many devices sold as being IPv6 ready take multiples as long to route a packet, not least because they have 32-bit processors and they cannot accomodate a calculation on an IPv6 address in a single cycle. You have to actually be sure the hardware can handle your IPv4 traffic if you converted it to IPv6.
This is false. It takes much less CPU to route IPv6 because they removed CRC checking from the header, so your router does neither need to verify a CRC or recalculate it. It also does not need to perform NAT duties.
People could have been doing that but they didn't. So here we are.
Problem was it greated more work without benefit. You had to do IPv4 *and* v6. NAT64 changes that. Now I wouldn't mind my ISP taking away my IPv4 and giving me an IPv6 subnet instead, so long as they provide a decent, nearby NAT64 gateway.
Of course you would mind. You very likely have a router that is not IPv6 ready, so this would be cutting you off the net until you buy a new one. The only fair way for your ISP would be to provide you with both old and new for a period, which means that they would have to do both IPv4 and IPv6 no matter how you turn it.
Dual stack is actually not a very large hassle. A lot of people have it without knowing it. Wikimedia has a stat that shows about 34% of Windows 7 users visiting the english wikipedia site have a working dualstack IPv6 connection (using tunneling, not native IPv6). How many do you think even realize they already have IPv6? I bet a large number of people taking part in this debate got it without knowing it.
The new IPv6 world could see the old IPv4 world. That sounds rather like backward compatibility to me, indeed, the very definition of.
Ok. But they can through a mechanism known as NAT64 which basically is exactly what you propose. But I predict dual stack will be more popular. In any event, this is not what has been holding IPv6 back.
It is actually mapped to both ::/96 and ::ffff:0/96 with the first option being depricated now, se historical notes on the ipv6 address page on wikipedia.
In practice neither is very useful except in a program that wants to use one data structure to store both v4 and v6 addresses.
.. that didn't planned ipv6 to be backward compatible?
The one that did not think of making v4 extensible to make that a possibility.
IPv6 is great, but they could have solved the problem far more elegantly 10 years ago.
Add two octets to the front of v4. Solved after a firmware flash.
Any existing IP becomes 1.0.x.x.x.x
If a router encounters a x.x.x.x address, it just appends 1.0 to the front.
The old internet and the new internet would have run side by side - for the most part working fine until everyone had updated their firmware.
Sure, it's not the engineering solution v6 is, but it would have been in use long ago.
They did this. Except they added 12 octets in front of v4 and mapped existing v4 addresses to 0.0.0.0.0.0.0.0.0.0.0.0.x.x.x.x.
And the old and new internet runs side by side currently and we are just waiting for everyone to update their firmware.
What I don't get is why the people who came up with IPv6 didn't make the upgrade path easier? Obviously I'm missing something, but what if (for the sake of argument) they had decided that the first 'n' IPv6 addresses would correspond to the complete set of IPv4 addresses, and all IPv6 routers, etc, would understand that one of the first IPv6 addresses meant 'route the traffic to the corresponding IPv4 address'. Could that have been done?
This is the way it is. The first 4 billion IPv6 addresses maps to the entire IPv4 address space.
If so, then people could have been upgrading to IPv6 over the last 10 years as opportunities arose (ie as old equipment needed replacing they'd have replaced with the IPv6 option) and still have been able to see the IPv4 world. As more w/s moved to IPv6 only there would be a compelling reason for more people to follow suit ...
People could have been doing that but they didn't. So here we are.
Or am I completely missing something that would have made this impossible?
Yes, just mapping between IPv4 and IPv6 using this mechanism does not make it possible for your old IPv4 host to communicate with a IPv6 host using an address outside the 4 billion address space supported by IPv4. So what you describe is not actually backwards compability.
The real compability is called "dual stack" meaning all IPv6 hosts also have IPv4. As we are running out of IPv4 this might be using NAT to conserve addresses. People have been doing dual stack for a decade now, but just not enough. It is said about 0.5% of the traffic is on IPv6.
Your ISP was supposed to give you an IPv6 address along with your IPv4 address 10 years ago. But they didn't.
Your OS provider was supposed to make your OS support dual stack 10 years ago. They actually did.
Your router provider was supposed to make your router dual stack capable 10 years ago. They didn't.
Your software provider was supposed to implement dual stack support 10 years ago. To a large extend they did, but some programs are still lacking here.
Of course, if they for business reasons want to restrict you to just one host there are ways to do that. But it probably wont be by restricting subnet size. More likely they will still give you the /64 subnet but put up a firewall rule that only allows traffic to one of your gazillion addresses.
And...if they did this, the functional difference between that and what I described is?
There are also ways to detect NAT and bill you extra for breaking the terms and conditions you agreed to.
But then, in this country I don't know of one single ISP that is limiting you to one computer. It is probably a practice that does not survive in a competive market.
This is bullshit. Every single ISP I know that offers IPv6 service today delegates a prefix. All the ones I know that are preparing commercial IPv6 services will be delegating prefixes.
I see. And are those the majority of carriers, or just the early adopters? And, assuming the latter, is it at all possible that the prefixes are there to incentivize you to make the switch (and thereby help them test it)?
A lot of stuff does not work correctly if you do not get at least a /64 subnet assigned. A IPv6 host is actually not required to be able to function on a subnet smaller than this. For this reason every ISP on the planet will assign you at least a subnet with 2 lifted to the power of 64 addresses. More than you can ever dream of.
Of course, if they for business reasons want to restrict you to just one host there are ways to do that. But it probably wont be by restricting subnet size. More likely they will still give you the /64 subnet but put up a firewall rule that only allows traffic to one of your gazillion addresses.
There is an option for DNS using stateless autoconfig: http://tools.ietf.org/html/rfc6106
But for the time dual stack is a more likely deployment option. If you are doing dual stack you are probably using plain old DHCP to assign IPv4 including DNS information.
Linux will happily pick up the IPv4+DNS from DHCP and the IPv6 address from stateless autoconfig.
DHCPv6 is still desirable for almost every other device you care to name, because autoconfig doesn't say anything about DNS servers.
Not true. Autoconfig can do DNS. It is specified in RFC 6106:
http://tools.ietf.org/html/rfc6106
Do you really need DNS to thousands of hosts? A normal PC on your corporal network should just get an IP using autoconf or DHCP exactly like it has always been done. Renumbering is just updating the DHCP server.
Servers yes, they need renumbering. But it is an easy task since you only need to change the prefix part of the address. If you use DHCP to assign addresses to your servers, this will also be a simple one line change to your DHCP server. Otherwise you could probably script the change.
There is also the option of using site local addresses if you really need to. This will allow you to assign addresses that will never change for internal use, and then in additional also assign DHCP/autoconf addresses for communicating with the rest of the internet.
And just to pre-empt anyone who argues it is too difficult for a non-geek to flash DDWRT onto a home router, remember that all Buffalo routers come with DDWRT as the factory default firmware, so actually you don't have to flash anything to get a home router with DDWRT and IPv6.
Only thing is that IPv6 support in DD-WRT sucks. I know, I am using it.
On my office network I got a tunnel til HE. The tunnel setup works, but the RADVD config is broken, so I had to do it manually. It is not something the average John Doe would have accomplished.
On my home network the ISP actually provides me with native IPv6. There is ZERO support for that in DD-WRT. Nothing. Zip. I made it work by using custom commands in the startup scripts and cheating a lot (how do you make a DHCP6-PD prefix request with no dhcp6 client?).