Well, Rasberry Pi [raspberrypi.org] could be described as a proof of concept for the whole SoC as a PC substitute idea.
The pi is a mobile device "SOC" on a small board, fine for low demand tasks but don't expect it to compare to a modern laptop or desktop on either processing grunt or (perhaps more importantly) ram. If you are prepared to pay more you can get better SOCs with more ram on similar sized boards and you can get them right now from well known suppliers like mouser (unlike the pi which should hopefully be coming out in early feburary if there are no further delays). Examples include the pandaboard and the imx53 quickstart.
Hardware wise the only thing that makes the pi notable is the pricetag.
I think upgradability is possibly not the main advantage of desktops though
Desktops have a number of advantages over laptops
1: better bang per buck 2: higher specs available 3: better egonomics (unless 4: upgradable. 5: easier to secure than laptops
They may call it a "system on chip" but while there is greater integration than with PC processors many components such as power management, main memory ethernet PHY (and sometimes MAC too), cellphone and/or wifi, serial level shift and so-on are nearly always on seperate chips.
The problem is different chips need different process compromises, DRAM needs capacitors with low leakage, processors need fast switching and lots of interconnect. Ethernet needs relatively high currents to drive a couple of volts into a low impedance transmission line. cellphone and wifi need usable analog behaviour at GHz frequencies and so-on.
You do realize that would completely fuck up the routing tables?
There is certainly a balance to be struck between how efficiently the market functions and how large it's impact on the routing table will be. At one extreme they could only allow resale of the original allocation blocks with no subdividing allowed so the sales would have no impact on routing table size but making freeing up blocks for sale trickier. At the other extreme they could allow arbitrary block splitting which as you say would completely fuck up the routing table. The right balance is probably somewhere in between.
But some kind of market is needed, without it providers who either have lots of IPs in reserver or serve lots of home lusers (who can be gradually pushed behind ISP level NAT to free up space) will the only ones who can continue to offer services to new customers until the vast majority of clients and servers are on dual stack (which i'm pretty sure is still years out)..
They'll just point to their boss who ordered them to do it or they'd be fired.
If they can prove the boss did that then the boss did so he should be jailed too.
If you say they shouldn't have complied, there's 10,000 people waiting just outside the building to fill in their position when they get fired
Will there be that many people waiting just outside the building to file bogus DMCA notices after a few people are in jail for doing so?
Yeah it sucks for the peons who are put in between a rock and a hard place but ultimately to stop psychopaths (and there will always be a certain portion of psychopaths in society) doing something it it necessary to make the punishment for doing it outweigh the benefit of doing it. That applies whether it's filing bogus DMCA notices or fitting dodgy parts to aeroplanes.
But your basic point seems mostly correct: Microsoft did have some initial offerings that considerably predate Android and iOS.
As did blackberry, nokia, palm and probably others.
Apple reinvented the smartphone by bringing together the multitouch capacitive touch screen with a proper browser engine to make a phone that people actually felt comfortable using the web on. About a year later they introduced a heavily hyped app store and were able to bring together far more apps than other phone vendors had managed in the past.
Google turned android (which aiui was already in development as a blackberry clone) into an iphone clone complete with an app store clone and was able to soak up those who wanted a multitouch smartphone with a decent web browser but either couldn't get an iphone (the iphone was intially limited to one network in each region unless you wanted to crack the network lock), weren't prepared to pay the price of an iphone or disagreed with apple's walled garden approach. Initially the iphone had the advantage in available apps but the android market has since overtaken it in app count and there are whole categories of app banned from the appstore.
Afaict most of the other smartphone OS vendors were caught off-guard by apple/google bringing the multitouch/decent browser/appstore revoloution to smartphones and have been flailing around ever since. MS decided to throw away all support for existing application software and develop an android/OS clone. Worse their new OS forced users to do all their development with.net tools (no native code allowed) making it very difficult to share code between WP7 and iOS/android. Nokia dicked arround with various linux variants before finally signing a deal with MS. Palm also dicked arround with it's own linux variants before getting bought up by HP and essentially killed.
Blackberry still seem to be around filling the corportate niche with their tie-ins to exchange etc (yeah it's crazy that it's blackberry who gets to capitalise on the exchange users not MS).
In our current banking system all banks "generate money" in a sense. It's just a case of whether it's pseudo-money or "real money" (so far as any fiat currency can be "real").
A regular bank creates pseudo-money. When you deposit $1000 at the bank the bank keeps $100 of it (assuming a 10% reserve requirement) as "real money" (either cash in a vault or a deposit at the central bank) and invests the rest (either in making loans or otherwise). However to you your bank balance looks and acts like money. Therefore the bank the bank has effectively created $900 of pseudo money.
The amount of pseudo-money a regular bank can generate is limited by reserve requirements. With a 10% reserve requirement for every $900 of psuedo-money the commercial banks generate they must keep $100 of "real money".
Plus it's still pseudo-money. If an unexpectedly large proportion of the bank's customers suddenly tries to withdraw their money the bank needs real money to pay those withdrawals. As long as the bank is financially healthy this isn't too much of a problem, the bank will just borrow money from either another regular bank or from the central bank but if the bank is not financially healthy (liabilities too close to or even exceeding assets) then it has a BIG problem and in the absence of government intervention it is likely to go bankrupt.
Central banks on the other hand create "real money", there is no reserve requirement on them, deposits at the central bank are considered legally equivalent to cash and if an unexpectedly large number of institutions (individuals don't usually have deposits at the central bank) withdraw their deposits then the central bank will simply issue more cash to cover them, it cannot go bankrupt (unless it's stupid enough to take on significant liabilities in foreign currency). Central banks are created by and get their authority from the government.
IIRC they often do use bags full of air to refloat downed ships, same principle as the ping pong balls but easier to control and can probablly displace more water (ping pong balls will have holes between them).
Re-reading the article it seems the article does in fact say he was on a visa not a citizen but it attributes that information to "a person who did not want to be identified", not to any official statement.
Read the article, he's Chinese. As in, from China.
The article just says chineese it doesn't clarify the exact meaning (racial, country of birth, current citizenship etc).
As I understand it there are some hoops to jump through but generally anyone who has lived in the US as a lawful permanent resident for more than 5 years can become a citizen and afaict it is generally advisable for them to do so.
One thing in your example above for the DS-lite case - are you assuming that both ends of the communication are IPv4 hosts? Or is that valid regardless of whether the initial destination point was IPv4 or IPv6?
DS-lite is a machanism for allowing IPv4 clients (including dual-stack clients) to access servers on the IPv4 internet through an IPv6 only access network. IPv6 clients will access the IPv6 internet directly through normal mechanisms (most likely the ISP will use prefix delegation to delegate a prefix to the CPE which will then advertise the prefix on the local network.
DS-lite does not provide a mechanism for v4 only clients to access resources on the v6 internet or a mechanism for v6 only clients to access resources on the v4 internet, there are other technologies out there that can do that sort of thing but they get REALLY messy and the benefit is questionable given that most important resources are likely to remain available on the v4 internet for the foreseeable future and pretty much every client that supports v6 also supports v4.
if the CPE is the point where the AFTR activities take place
The CPE is NOT the point where the AFTR activities take place The AFTR is a machine at the ISP that performs deencapsulation and address translation for many CPEs.
In this way ds-lite both allows IPv4 addresses to be shared among customers and means that the ISPs "access network" (that is the network that connects the ISPs customers to the ISP) can be IPv6 only and there is no need to assign any v4 address (public or private) to an individual customer.
It sucks for the store too. So you get a socket set and find it's full of rocks rather than sockets. You go back and complain. The store has too choices.
1: they assume you are telling the truth. This means they are stuck with the loss and for all they know you may be the one trying to screw them. 2: they accuse you of lying. This means they will likely lose you as a customer and may well get badmouthed all over the internet
Firstly the lets go through the basics of how typical home internet connection works today (BTW CPE stands for "consumer premisis equipment, basically a fancy term for "home router").
* The client sends an IPv4 packet from a private address to a public address. * The IPv4 packet travels across the local network to the CPE * The CPE changes the source address and port keeping a mapping table so it can perform reverse translation later * The IPv4 packet travels through the ISP's access network * The IPv4 packet travels through the IPv4 internet * The server replies to the IPv4 packet (swapping source and destination information as it does so) * The IPv4 reply tavels through the IPv4 internet * The IPv4 reply travels through the ISP's access network * The CPE looks at it's mapping tables and changes the destination information in the reply to the correct private IP and port * The IPv4 reply travels across the local network * The client receives the reply
And here is how things work with DS-lite
* The client sends an IPv4 packet from a private address to a public address. * The IPv4 packet travels across the local network to the CPE * The CPE encapsulates the IPv4 packet in an IPv6 packet, it SHOULD NOT perform any address translation * The IPv6 encapsulated IPv4 packet travels through the ISP's access network * The AFTR deencapsulates the packet and changes the source address and port keeping a mapping table so it can perform reverse translation and reencapsulation later * The IPv4 packet travels through the IPv4 internet * The server replies to the IPv4 packet (swapping source and destination information as it does so) * The IPv4 reply tavels through the IPv4 internet * The AFTR looks at it's mapping tables, changes the destination information in the reply to the correct private IP and port and encapsulates the reply in an IPv6 packet * The IPv6 encapsulated IPv4 reply travels through the ISP's access network * The CPE deencapsulates the packet and forwards it onto the local network * The IPv4 reply travels across the local network * The client receives the reply
The only difference between a regular v4 NAT and the NAT in the AFTR is that the mapping table needs to keep track of the IPv6 addresses of the CPE in addition to the IPv4 address and port information a regular NAT tracks so that replies can be sent back to the correct CPE.
Note that the only things that have changed are the CPE, the access network and the AFTR. From the point of view of the client, the server and the internet things work the same way they always did.
As for compatibility with IPsec my understanding is that you should be able to use IPsec on the v6 side fine while on the v4 side it will have the same impact as any other NAT.
Unfortunately, big websites have been hesitant to add AAAA records because of bugs in some software that cause A records to be ignored if an AAAA is present--even if the client doesn't support IPv6.
Haven't seen that at least not in any major software
The big problem has been software that does the following
1: lookup the DNS records 2: try to connect on v6 3: wait until that connection either succeeds or fails 4: if it fails try again on v4
If there is no v6 link available at all this is not a problem. The v6 connection fails quickly, the software falls back and the user doesn't notice. The problem comes when the v6 connection is either
a: really shitty but just about working b: a blackhole that neither delivers packets or sends back errors.
a is bad, the user gets a degraded experiance because of v6 b is even worse. the default OS timeout on a TCP connection is arround a minuite IIRC. Trying to browse the web with every pageload delayed by a minuite is EXCRUCIATING.
But I thought that NAT was horribly broken and downright evil according to the priests of IPv6?
Yeah that is pretty much the case. There is no theoretical reason you can't but the doctrine of the v6 zealots is that nat (and particually the stateful nat needed to map a large range down to a smaller range) is both bad and no longer needed so good f*cking luck getting an implementation into mainline linux or any common distro.
I thought part of the holy doctrine was that there was enough space for NAT to be discarded as it provides no possible benefits, evar and breaks the internet?
Unfortunately they are wrong. The big problem with the lack of NAT is small (but not tiny) to medium buisnesses, think somewhere with tens to hundreds of machine and a couple of sites. With v4 and NAT this is easy you run your internal network on private IPs, use NAT to access the internet and use tunnels to communicate between sites. How a subnet is addressed and how it connects to the internet can be completely inde
Whereas without NAT if you want to change how a portion of your network connects to the internet you have to readdreess it and while you may try to enforce use of private addresses for internal communication in practice it's likely that some stuff will get inadvertantly set up to point to public IPs.
Homes and very small buisnesses can just have thier IPs change whenever their ISP changes, their network is so small it's no big deal. Large buisnesses can run their own AS with private links and provider independent address space.
(Me, I like NAT, I'm fairly happy that my devices are not globally addressable.)
A stateful firewall can effectively prevent incoming connections from the internet and privacy extensions can prevent servers identifying which device is which on your network.
This isn't about seperate v6 hostnames, many sites have been offering those for years. The problem is for the web seperate v6 hostnames are not a reasonable way forward. Hyperlinks can only point at one hostname after all.
This is about AAAA records on the main hostnames of the site. Sites have been reluctant to add those because of the fear of degrading performance for people who have computers that preffer v6 and shitty (or even blackholed) v6 connectivity.
Given that 2^32=4.3 billion, you're wrong. There are a few million addresses locked up in old class A networks.
Your both wrong, by my count the direct/8 allocations compose about 700 million addresses. Not "billions" but a lot more than a "few million".
Still as you say just adding them back to the free pool wouldn't solve anything. What we need is a functional market so that addresses can be allocated to the uses that can justify their cost. Those that can't justify the cost of a public v4 IP will have to find other soloutions (be it v6 or natted v4).
From my vantage point it appears that it is still cheaper for MIT to do nothing
Indeed and that is really the rub with both IPv6 and improving efficiency of IPv4 allocations (which are somewhat related in that there are v6 based technologies that can be used to assist in using v4 addresses more efficeiently). Unless you are in immediate danger of running out of IPs or someone is offering you a lot of money to buy your IPs it's probablly more economical not to do anything.
Except that it's not. There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available
By my count there are
42/8 blocks (about 700 million addresses) allocated directly to early adoptor organisations (some of which are more heavilly utilised than others) 3/8 blocks allocated to special purposes ( private use, local identification and local loopback) 16/8 bocks allocated to multicast 16/8 blocks that are unusable because it was never defined whether they should be unicast, multicast or something else and at least one major OS won't accept them.
The rest of the/8 blocks are subdivided into allocations of various sizes
We're years away from ipv4 exhaustion.
It really depends what it meant by "exhaustion". If it means the point at which you can no longer get addresses at any price then that will probablly never come. OTOH I would expect the point at which ISPs can't justify including a public v4 IP at no extra charge with their normal internet packages to come pretty soon.
And the ones who do have issues, are looking at a simple case of setting up port forwarding.
Which works fine if the users in question have control of the NAT but as the IP shortage bites an increasing number of users are going to find themselves pushed behind NATs (whether conventional V4, NAT64 or DS-lite) that they do not control. Still while ISP level NAT won't be pretty but we don't have a lot of other options. V4 addresses have pretty much run out and the vast majority of the internet is still v4 only.
The only real question is what proportion of ISPs will be enlightened enough to deploy IPv6 at the same time they deploy some variant of V4 nat.
This isn't an alternative. NAT expands tha number of clients that can use the internet, but is largely useless on the server side
So if the ISP has any sense they find their least lucrative customers (e.g. home lusers on the bottom plan) and take away their public IP addresses (putting them behind an ISP level NAT). It won't be pretty but that is the corner that we are painted into. ISPs that only do hosting will be SOL of course and will have to resort to trying to buy IPs off some other provider, probablly at very high cost.
Plus in a few years with the phasing out of windows XP it will become feasible to use name based virtual hosting with SSL on a large scale thus considerably reducing the need for IPs for webhosting.
It's going to be messy but i'd expect most clients to have access to connect outbound to the v4 internet and most services to be available on the v4 internet for MANY years to come.
There is no import duty on any products within the EU (there is "excise duty" on a few products but nothing of relavence here), only when product from outside the EU enters the EU.
I just did a search for "raspberry pi gerbers" and all I found was one low res image of the complete stack (with lower layers mostly obscured and tracks run together by the resoloution limit) which would be completely useless for actually making the thing.
If it's successful it will probablly be cloned eventually regardless of if the gerbers are released or not but it will be by a company with connections and expertise, most likely in the far east. Not by some guy in an appartment complex in hull and unless it's one of their own parters who does it almost certainly not by the middle of febuary.
At best this guy is a reseller trying to cream off some profit from the pi with a delivery promise he is unlikely to meet (unless the pi flops), at worst the thing is one big scam.
The primary chip on this thing is a mobile phone chip in a fine pitch (think it's probablly 0.5mm) BGA with ram mounted on-top in a POP configuration. I'd think the number of hobbyists who could reliablly solder such a thing is tiny and all the failures would make a customer service nightmare.
Plus broadcom don't seem to like letting the general public have thier chips for some reason.
Slashdot Mirror
Well, Rasberry Pi [raspberrypi.org] could be described as a proof of concept for the whole SoC as a PC substitute idea.
The pi is a mobile device "SOC" on a small board, fine for low demand tasks but don't expect it to compare to a modern laptop or desktop on either processing grunt or (perhaps more importantly) ram. If you are prepared to pay more you can get better SOCs with more ram on similar sized boards and you can get them right now from well known suppliers like mouser (unlike the pi which should hopefully be coming out in early feburary if there are no further delays). Examples include the pandaboard and the imx53 quickstart.
Hardware wise the only thing that makes the pi notable is the pricetag.
I think upgradability is possibly not the main advantage of desktops though
Desktops have a number of advantages over laptops
1: better bang per buck
2: higher specs available
3: better egonomics (unless
4: upgradable.
5: easier to secure than laptops
You have one in your phone.
They may call it a "system on chip" but while there is greater integration than with PC processors many components such as power management, main memory ethernet PHY (and sometimes MAC too), cellphone and/or wifi, serial level shift and so-on are nearly always on seperate chips.
The problem is different chips need different process compromises, DRAM needs capacitors with low leakage, processors need fast switching and lots of interconnect. Ethernet needs relatively high currents to drive a couple of volts into a low impedance transmission line. cellphone and wifi need usable analog behaviour at GHz frequencies and so-on.
You do realize that would completely fuck up the routing tables?
There is certainly a balance to be struck between how efficiently the market functions and how large it's impact on the routing table will be. At one extreme they could only allow resale of the original allocation blocks with no subdividing allowed so the sales would have no impact on routing table size but making freeing up blocks for sale trickier. At the other extreme they could allow arbitrary block splitting which as you say would completely fuck up the routing table. The right balance is probably somewhere in between.
But some kind of market is needed, without it providers who either have lots of IPs in reserver or serve lots of home lusers (who can be gradually pushed behind ISP level NAT to free up space) will the only ones who can continue to offer services to new customers until the vast majority of clients and servers are on dual stack (which i'm pretty sure is still years out)..
They'll just point to their boss who ordered them to do it or they'd be fired.
If they can prove the boss did that then the boss did so he should be jailed too.
If you say they shouldn't have complied, there's 10,000 people waiting just outside the building to fill in their position when they get fired
Will there be that many people waiting just outside the building to file bogus DMCA notices after a few people are in jail for doing so?
Yeah it sucks for the peons who are put in between a rock and a hard place but ultimately to stop psychopaths (and there will always be a certain portion of psychopaths in society) doing something it it necessary to make the punishment for doing it outweigh the benefit of doing it. That applies whether it's filing bogus DMCA notices or fitting dodgy parts to aeroplanes.
But your basic point seems mostly correct: Microsoft did have some initial offerings that considerably predate Android and iOS.
As did blackberry, nokia, palm and probably others.
Apple reinvented the smartphone by bringing together the multitouch capacitive touch screen with a proper browser engine to make a phone that people actually felt comfortable using the web on. About a year later they introduced a heavily hyped app store and were able to bring together far more apps than other phone vendors had managed in the past.
Google turned android (which aiui was already in development as a blackberry clone) into an iphone clone complete with an app store clone and was able to soak up those who wanted a multitouch smartphone with a decent web browser but either couldn't get an iphone (the iphone was intially limited to one network in each region unless you wanted to crack the network lock), weren't prepared to pay the price of an iphone or disagreed with apple's walled garden approach. Initially the iphone had the advantage in available apps but the android market has since overtaken it in app count and there are whole categories of app banned from the appstore.
Afaict most of the other smartphone OS vendors were caught off-guard by apple/google bringing the multitouch/decent browser/appstore revoloution to smartphones and have been flailing around ever since. MS decided to throw away all support for existing application software and develop an android/OS clone. Worse their new OS forced users to do all their development with .net tools (no native code allowed) making it very difficult to share code between WP7 and iOS/android. Nokia dicked arround with various linux variants before finally signing a deal with MS. Palm also dicked arround with it's own linux variants before getting bought up by HP and essentially killed.
Blackberry still seem to be around filling the corportate niche with their tie-ins to exchange etc (yeah it's crazy that it's blackberry who gets to capitalise on the exchange users not MS).
The Fed is a bank with an enormous balance sheet.
More than that though it's a CENTRAL BANK
It doesn't print or generate money
In our current banking system all banks "generate money" in a sense. It's just a case of whether it's pseudo-money or "real money" (so far as any fiat currency can be "real").
A regular bank creates pseudo-money. When you deposit $1000 at the bank the bank keeps $100 of it (assuming a 10% reserve requirement) as "real money" (either cash in a vault or a deposit at the central bank) and invests the rest (either in making loans or otherwise). However to you your bank balance looks and acts like money. Therefore the bank the bank has effectively created $900 of pseudo money.
The amount of pseudo-money a regular bank can generate is limited by reserve requirements. With a 10% reserve requirement for every $900 of psuedo-money the commercial banks generate they must keep $100 of "real money".
Plus it's still pseudo-money. If an unexpectedly large proportion of the bank's customers suddenly tries to withdraw their money the bank needs real money to pay those withdrawals. As long as the bank is financially healthy this isn't too much of a problem, the bank will just borrow money from either another regular bank or from the central bank but if the bank is not financially healthy (liabilities too close to or even exceeding assets) then it has a BIG problem and in the absence of government intervention it is likely to go bankrupt.
Central banks on the other hand create "real money", there is no reserve requirement on them, deposits at the central bank are considered legally equivalent to cash and if an unexpectedly large number of institutions (individuals don't usually have deposits at the central bank) withdraw their deposits then the central bank will simply issue more cash to cover them, it cannot go bankrupt (unless it's stupid enough to take on significant liabilities in foreign currency). Central banks are created by and get their authority from the government.
Plan B:
Hundreds of millions of ping pong balls.
IIRC they often do use bags full of air to refloat downed ships, same principle as the ping pong balls but easier to control and can probablly displace more water (ping pong balls will have holes between them).
Re-reading the article it seems the article does in fact say he was on a visa not a citizen but it attributes that information to "a person who did not want to be identified", not to any official statement.
Read the article, he's Chinese. As in, from China.
The article just says chineese it doesn't clarify the exact meaning (racial, country of birth, current citizenship etc).
As I understand it there are some hoops to jump through but generally anyone who has lived in the US as a lawful permanent resident for more than 5 years can become a citizen and afaict it is generally advisable for them to do so.
One thing in your example above for the DS-lite case - are you assuming that both ends of the communication are IPv4 hosts? Or is that valid regardless of whether the initial destination point was IPv4 or IPv6?
DS-lite is a machanism for allowing IPv4 clients (including dual-stack clients) to access servers on the IPv4 internet through an IPv6 only access network. IPv6 clients will access the IPv6 internet directly through normal mechanisms (most likely the ISP will use prefix delegation to delegate a prefix to the CPE which will then advertise the prefix on the local network.
DS-lite does not provide a mechanism for v4 only clients to access resources on the v6 internet or a mechanism for v6 only clients to access resources on the v4 internet, there are other technologies out there that can do that sort of thing but they get REALLY messy and the benefit is questionable given that most important resources are likely to remain available on the v4 internet for the foreseeable future and pretty much every client that supports v6 also supports v4.
if the CPE is the point where the AFTR activities take place
The CPE is NOT the point where the AFTR activities take place The AFTR is a machine at the ISP that performs deencapsulation and address translation for many CPEs.
In this way ds-lite both allows IPv4 addresses to be shared among customers and means that the ISPs "access network" (that is the network that connects the ISPs customers to the ISP) can be IPv6 only and there is no need to assign any v4 address (public or private) to an individual customer.
It sucks for the store too. So you get a socket set and find it's full of rocks rather than sockets. You go back and complain. The store has too choices.
1: they assume you are telling the truth. This means they are stuck with the loss and for all they know you may be the one trying to screw them.
2: they accuse you of lying. This means they will likely lose you as a customer and may well get badmouthed all over the internet
Sounds like you are confusing DS-lite with one of the competing mitigation technologies. DS-lite most certainly does use stateful NAT at the ISP
DS-lite certainly does involve NAT.
Firstly the lets go through the basics of how typical home internet connection works today (BTW CPE stands for "consumer premisis equipment, basically a fancy term for "home router").
* The client sends an IPv4 packet from a private address to a public address.
* The IPv4 packet travels across the local network to the CPE
* The CPE changes the source address and port keeping a mapping table so it can perform reverse translation later
* The IPv4 packet travels through the ISP's access network
* The IPv4 packet travels through the IPv4 internet
* The server replies to the IPv4 packet (swapping source and destination information as it does so)
* The IPv4 reply tavels through the IPv4 internet
* The IPv4 reply travels through the ISP's access network
* The CPE looks at it's mapping tables and changes the destination information in the reply to the correct private IP and port
* The IPv4 reply travels across the local network
* The client receives the reply
And here is how things work with DS-lite
* The client sends an IPv4 packet from a private address to a public address.
* The IPv4 packet travels across the local network to the CPE
* The CPE encapsulates the IPv4 packet in an IPv6 packet, it SHOULD NOT perform any address translation
* The IPv6 encapsulated IPv4 packet travels through the ISP's access network
* The AFTR deencapsulates the packet and changes the source address and port keeping a mapping table so it can perform reverse translation and reencapsulation later
* The IPv4 packet travels through the IPv4 internet
* The server replies to the IPv4 packet (swapping source and destination information as it does so)
* The IPv4 reply tavels through the IPv4 internet
* The AFTR looks at it's mapping tables, changes the destination information in the reply to the correct private IP and port and encapsulates the reply in an IPv6 packet
* The IPv6 encapsulated IPv4 reply travels through the ISP's access network
* The CPE deencapsulates the packet and forwards it onto the local network
* The IPv4 reply travels across the local network
* The client receives the reply
The only difference between a regular v4 NAT and the NAT in the AFTR is that the mapping table needs to keep track of the IPv6 addresses of the CPE in addition to the IPv4 address and port information a regular NAT tracks so that replies can be sent back to the correct CPE.
Note that the only things that have changed are the CPE, the access network and the AFTR. From the point of view of the client, the server and the internet things work the same way they always did.
As for compatibility with IPsec my understanding is that you should be able to use IPsec on the v6 side fine while on the v4 side it will have the same impact as any other NAT.
I knew windows wouldn't take them but I didn't know about the others hence why I said "at least one major OS".
Unfortunately, big websites have been hesitant to add AAAA records because of bugs in some software that cause A records to be ignored if an AAAA is present--even if the client doesn't support IPv6.
Haven't seen that at least not in any major software
The big problem has been software that does the following
1: lookup the DNS records
2: try to connect on v6
3: wait until that connection either succeeds or fails
4: if it fails try again on v4
If there is no v6 link available at all this is not a problem. The v6 connection fails quickly, the software falls back and the user doesn't notice. The problem comes when the v6 connection is either
a: really shitty but just about working
b: a blackhole that neither delivers packets or sends back errors.
a is bad, the user gets a degraded experiance because of v6
b is even worse. the default OS timeout on a TCP connection is arround a minuite IIRC. Trying to browse the web with every pageload delayed by a minuite is EXCRUCIATING.
But I thought that NAT was horribly broken and downright evil according to the priests of IPv6?
Yeah that is pretty much the case. There is no theoretical reason you can't but the doctrine of the v6 zealots is that nat (and particually the stateful nat needed to map a large range down to a smaller range) is both bad and no longer needed so good f*cking luck getting an implementation into mainline linux or any common distro.
I thought part of the holy doctrine was that there was enough space for NAT to be discarded as it provides no possible benefits, evar and breaks the internet?
Unfortunately they are wrong. The big problem with the lack of NAT is small (but not tiny) to medium buisnesses, think somewhere with tens to hundreds of machine and a couple of sites. With v4 and NAT this is easy you run your internal network on private IPs, use NAT to access the internet and use tunnels to communicate between sites. How a subnet is addressed and how it connects to the internet can be completely inde
Whereas without NAT if you want to change how a portion of your network connects to the internet you have to readdreess it and while you may try to enforce use of private addresses for internal communication in practice it's likely that some stuff will get inadvertantly set up to point to public IPs.
Homes and very small buisnesses can just have thier IPs change whenever their ISP changes, their network is so small it's no big deal. Large buisnesses can run their own AS with private links and provider independent address space.
(Me, I like NAT, I'm fairly happy that my devices are not globally addressable.)
A stateful firewall can effectively prevent incoming connections from the internet and privacy extensions can prevent servers identifying which device is which on your network.
This isn't about seperate v6 hostnames, many sites have been offering those for years. The problem is for the web seperate v6 hostnames are not a reasonable way forward. Hyperlinks can only point at one hostname after all.
This is about AAAA records on the main hostnames of the site. Sites have been reluctant to add those because of the fear of degrading performance for people who have computers that preffer v6 and shitty (or even blackholed) v6 connectivity.
Given that 2^32=4.3 billion, you're wrong. There are a few million addresses locked up in old class A networks.
Your both wrong, by my count the direct /8 allocations compose about 700 million addresses. Not "billions" but a lot more than a "few million".
Still as you say just adding them back to the free pool wouldn't solve anything. What we need is a functional market so that addresses can be allocated to the uses that can justify their cost. Those that can't justify the cost of a public v4 IP will have to find other soloutions (be it v6 or natted v4).
From my vantage point it appears that it is still cheaper for MIT to do nothing
Indeed and that is really the rub with both IPv6 and improving efficiency of IPv4 allocations (which are somewhat related in that there are v6 based technologies that can be used to assist in using v4 addresses more efficeiently). Unless you are in immediate danger of running out of IPs or someone is offering you a lot of money to buy your IPs it's probablly more economical not to do anything.
Except that it's not. There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available
By my count there are
42 /8 blocks (about 700 million addresses) allocated directly to early adoptor organisations (some of which are more heavilly utilised than others) /8 blocks allocated to special purposes ( private use, local identification and local loopback) /8 bocks allocated to multicast /8 blocks that are unusable because it was never defined whether they should be unicast, multicast or something else and at least one major OS won't accept them.
3
16
16
The rest of the /8 blocks are subdivided into allocations of various sizes
We're years away from ipv4 exhaustion.
It really depends what it meant by "exhaustion". If it means the point at which you can no longer get addresses at any price then that will probablly never come. OTOH I would expect the point at which ISPs can't justify including a public v4 IP at no extra charge with their normal internet packages to come pretty soon.
And the ones who do have issues, are looking at a simple case of setting up port forwarding.
Which works fine if the users in question have control of the NAT but as the IP shortage bites an increasing number of users are going to find themselves pushed behind NATs (whether conventional V4, NAT64 or DS-lite) that they do not control. Still while ISP level NAT won't be pretty but we don't have a lot of other options. V4 addresses have pretty much run out and the vast majority of the internet is still v4 only.
The only real question is what proportion of ISPs will be enlightened enough to deploy IPv6 at the same time they deploy some variant of V4 nat.
This isn't an alternative. NAT expands tha number of clients that can use the internet, but is largely useless on the server side
So if the ISP has any sense they find their least lucrative customers (e.g. home lusers on the bottom plan) and take away their public IP addresses (putting them behind an ISP level NAT). It won't be pretty but that is the corner that we are painted into. ISPs that only do hosting will be SOL of course and will have to resort to trying to buy IPs off some other provider, probablly at very high cost.
Plus in a few years with the phasing out of windows XP it will become feasible to use name based virtual hosting with SSL on a large scale thus considerably reducing the need for IPs for webhosting.
It's going to be messy but i'd expect most clients to have access to connect outbound to the v4 internet and most services to be available on the v4 internet for MANY years to come.
There is no import duty on any products within the EU (there is "excise duty" on a few products but nothing of relavence here), only when product from outside the EU enters the EU.
I just did a search for "raspberry pi gerbers" and all I found was one low res image of the complete stack (with lower layers mostly obscured and tracks run together by the resoloution limit) which would be completely useless for actually making the thing.
If it's successful it will probablly be cloned eventually regardless of if the gerbers are released or not but it will be by a company with connections and expertise, most likely in the far east. Not by some guy in an appartment complex in hull and unless it's one of their own parters who does it almost certainly not by the middle of febuary.
At best this guy is a reseller trying to cream off some profit from the pi with a delivery promise he is unlikely to meet (unless the pi flops), at worst the thing is one big scam.
The primary chip on this thing is a mobile phone chip in a fine pitch (think it's probablly 0.5mm) BGA with ram mounted on-top in a POP configuration. I'd think the number of hobbyists who could reliablly solder such a thing is tiny and all the failures would make a customer service nightmare.
Plus broadcom don't seem to like letting the general public have thier chips for some reason.