Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Transitioning to IPv6

By nsayer in Internet
Mon Aug 26, 2002 at 07:41:13 AM EST
Tags: Internet (all tags)
Internet

The internet is currently built on Internet Protocol version 4. The next generation protocol is (more or less) ready for prime time, but how do we get to the shiny happy future of the Internet? One LAN at a time...


First, why?
  1. Virtually unlimited (certainly by comparison) address space. Currently the shortage of address space has resulted in the prominence of NAT, which is truly an anathema to a true Internet -- where any device can communicate with any other seamlessly.
  2. Autoconfiguration. Plug a machine into the network and it automatically obtains an address in all available prefixes and gets a default route. If the prefix(es) ever change, that change is propagated automatically from the routers to the clients.
  3. Fixed length subnetting. A single network has a 64 bit prefix. A single site gets a 48 bit prefix. So a single site can have up to 65536 networks of 2^64 hosts. A "site" is either IBM or your ADSL connection. The address space divided thusly still has 65536 times as many "sites" as IPv4 has total addresses.
  4. Simplified routing. Because it is so easy to change prefixes, they are more ephemeral than IPv4 addresses. When you change ISPs, your prefix will change. Because of this, the size of the non-default routing table (at the center of the Internet) will likely be much, much smaller, and the routes will be far easy to agregate. This will make the Internet scale better.
So, how?

Anyone with a single globally routable IPv4 address can easily set up IPv6 connectivity, giving them a 48 bit subnet that is globally routable. It's a great alternative to IPv4 NAT, since all of the machines on the "inside" will have globally routable addresses, at least when talking to other IPv6 hosts.

IPv6 packets encapsulated in IPv4 simply use IP packets of protocol 41. The only question is figuring out the IPv4 address to send the packet to. Some sites use preconfigured tunnels, but there is an easier way, called 6to4. With 6to4, there is a fixed relationship between the IPv4 address of the gateway for the network to its IPv6 prefix. To send a packet to a 6to4 network, you extract the gateway IPv4 address from the prefix and send it there. It's the perfect way for anyone with at least 1 static IPv4 address to start with IPv6.

But don't just stop with setting up IPv6. You can go further and actually eliminate IPv4 within your local LAN without giving up any access to the IPv4 internet. You do this with a NAT-PT gateway. NAT-PT is like NAT, except that it translates IPv6 sessions into IPv4 sessions. Since the IPv4 internet is a very small address space compared to the IPv6 address space, it is easy to set up a 1:1 mapping between the IPv4 address space and a subnet of IPv6. Having done that, you can set up a simple DNS proxy that translates DNS A records into AAAA records with the NAT-PT prefix. This way, the entire IPv4 internet will appear as if it was just another subnet of IPv6 space. Having done this, you can simply stop using IPv4 except on one machine at the border of your LAN (the IPv6 router and NAT-PT gateway), so long as all of your applications understand IPv6.

Of course, that last phrase is the tricky one. Converting applications to being transport-agnostic is relatively easy when you have the source code. You simply replace calls to gethostby* into calls to getaddrinfo. getaddrinfo returns results that include the arguments you give to calls to socket() as well as connect(), so for simple programs that open TCP connections to hosts by name, they need not care whether they're using IPv4 or v6 or anything else. Things get more complicated (worse) when the actual protocols include IPv4 addresses. Typically those protocols need to be extended to be transport-agnostic or to support IPv6. But a lot of the time that sort of effort is unnecessary. Even if you don't have the source it's possible to use tricks like (on Unix-like OSes) LD_PRELOAD to shim the networking API to make IPv4 network calls use IPv6.

I've got a web site with this and more information on 6to4, and there are lots of other sites as well.

The more people who take the plunge, the sooner we can eliminate IPv4 once and for all.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Do you plan to transition to IPv6?
o I already have 13%
o You've inspired me to give it a try 19%
o When my ISP encourages me to 30%
o When everybody else does it 25%
o Why bother? I like my NAT cacoon 12%

Votes: 183
Results | Other Polls

Related Links
o web site
o other sites
o Also by nsayer


Display: Sort:
Transitioning to IPv6 | 224 comments (222 topical, 2 editorial, 0 hidden)
No reason to switch! (3.47 / 17) (#2)
by tftp on Mon Aug 26, 2002 at 02:41:00 AM EST

First, why?

1. Virtually unlimited (certainly by comparison) address space.

I have plenty already, behind my NAT. More than I will ever need.

Currently the shortage of address space has resulted in the prominence of NAT, which is truly an anathema to a true Internet -- where any device can communicate with any other seamlessly.

I don't care about "true" Internet. I like how it works now. I don't need any hackers to "communicate" with computers on my LAN. If I have some servers (which should be in DMZ anyhow), I will carefully open some ports, and forward them exactly where I want them.

2. Autoconfiguration. Plug a machine into the network and it automatically obtains an address in all available prefixes and gets a default route.

Did you hear about DHCP? :-) Works just fine.

If the prefix(es) ever change, that change is propagated automatically from the routers to the clients.

I don't rename my business 20 times a day, and neither does my ISP.

3. Fixed length subnetting. A single network has a 64 bit prefix. A single site gets a 48 bit prefix. So a single site can have up to 65536 networks of 2^64 hosts.

I don't care. I don't have that many hosts. Next!

4. Simplified routing. Because it is so easy to change prefixes, they are more ephemeral than IPv4 addresses. When you change ISPs, your prefix will change.

If I change ISP then I have more problems than couple of fixes in routing tables. And I don't change ISPs that often anyway.

Because of this, the size of the non-default routing table (at the center of the Internet) will likely be much, much smaller, and the routes will be far easy to agregate. This will make the Internet scale better.

Maybe. But it scales well enough already, why should I do anything?

My point is clear already, I guess. IPv4 works just fine for 99.9999% of users, and there is no convincing reason to switch. Maybe ISPs will want to tunnel IPv4 over IPv6, it's up to them. Customers want legacy IPv4 because it works, and there is not a single good reason to upgrade, and the costs of such an upgrade would be huge (software, old OSes, routers, training, tech support etc.) If there is, I haven't seen it in the article above.

Re: No reason to switch! (3.00 / 4) (#4)
by kaltan on Mon Aug 26, 2002 at 03:09:46 AM EST

I don't care. I don't have that many hosts. Next!

Oh ! And remember, 640k should be enough for any application !

Sooner or later, your mobile devices, fridge, tv, your companies machine park with its sensors, robots, cameras, etc will all be hooked up. Have fun maintaining the NATs



[ Parent ]
Now, not then! (5.00 / 2) (#6)
by tftp on Mon Aug 26, 2002 at 03:19:21 AM EST

I am talking about my current needs - something that exists here and now. The article also talks about migration now. My response is that right now I don't need to migrate. If things change in the future, I will deal with that. But I am not going to replace all my IPv4 software and setups just because it is cool. It makes no sense.

Sooner or later, your mobile devices, fridge, tv, your companies machine park with its sensors, robots, cameras, etc will all be hooked up.

If this is to happen, I will be the first to know. Rest assured, I will think of their connectivity before I approve the purchase.

[ Parent ]

typical (3.00 / 2) (#18)
by dublet on Mon Aug 26, 2002 at 07:57:16 AM EST

And that, my good sir, makes you shortsighted. Goodday.

Badger. Badger. ←
[ Parent ]
Practical, and good if it is typical too (4.50 / 2) (#20)
by tftp on Mon Aug 26, 2002 at 08:10:49 AM EST

I see no justification for spending big $$$ on IPv6 migration if I can not show any business case for that. Fact is, all LANs work just fine as they are, and neither me nor many sysadmins will not embark on a venture without well defined goals. I will be all for IPv6 where it makes sense. But I don't see many examples of that anywhere, including in this article (modulo barely sane fantasies about Internet-connected fridges :-)

What is typical, however, is an [honest] attempt to apply a technological solution to a problem that is not only sociological, but nonexistent as well :-)

[ Parent ]

figures (4.66 / 3) (#44)
by dublet on Mon Aug 26, 2002 at 10:26:30 AM EST

The problem of overpopulating IPv4 is very real. As we speak the Internet is running out of space, hence why ISPs resort to dynamic IPs, and only giving one per customer.

http://www.netbsd.org/Documentation/network/ipv6/ has some nice information.

Some vital points:

[..]
  • Larger IP address space. IPv4 uses only 2^32 bits for IP address space, which allows only 4 billion nodes to be identified on the Internet. 4 billion may look like a large number; however, it is less than the human population on the earth! IPv6 allows 2^128 bits for IP address space, allowing 340282366920938463463374607431768211456 (three hundred forty undecillion) nodes to be uniquely identified on the Internet. Larger address space allows true end to end communication, without NAT or other other short term workaround against IPv4 address shortage. (In these days NAT has been a headache to new protocol deployment, and scalability issues, we really need to decommission NATs for the Internet to grow further)
  • [...]
  • Security. With IPv4, IPsec is optional and you need to ask the peer if it supports IPsec. With IPv6, IPsec support is mandatory.
  • [...]
  • A cure to routing table growth. The IPv4 backbone routing table size has been a big headache to ISPs and backbone operators. The IPv6 addressing specification restricts the number of backbone routing entries by advocating route aggregation. With the current IPv6 addressing specification, we will see only 8192 routes on the default-free zone.
  • Simplified header structures. IPv6 has simpler packet header structures than IPv4. It will allow future vendors to implement hardware acceleration for IPv6 routers easier
  • [...]
  • Follows the key design principles of IPv4. IPv4 was a very successful design, as proven by the ultra large-scale global deployment. IPv6 is "new version of IP", and it follows many of the design features that made IPv4 very successful. This will also allow smooth transition from IPv4 to IPv6.
  • [...]
[...]


The transition with be a smooth one, and allot of money is to be saved if you do it in advance, because most (decent) operating systems already have support for it. No new hardware is required, and most software already takes benifit of it, all it needs is configuring, and with IPv6, all you need to do is to configure the router, the rest is all dynamic: "With IPv4, DHCP has been there but is optional. A novice user can get into trouble if they visit an offsite without a DHCP server. With IPv6, "stateless host autoconfiguration" mechanism is mandatory."
For example, if you have an IPv6 enabled laptop, you can go on the internet anywhere there's IPv6, with IPv4, you need to be lucky if the network has DHCP running, if it doens't, one can always put up a static link, but the average user wouldn't know how.
It may requite a bit of investment, but the transition of at least the servers, should be able to take place in a day, apart form that it will require less supervision of a sysadmin because it's been designed to be automatic on the client side.

It may seem like a solution to non-existing problems, but it's like.. ermm... well, can't think of a good analogy, but the problems are visible on the horizon, and it's foolish to ignore the readily available solution.

Apparently IP-phones are replacing the POTS in Japan already, and if that was to take place worldwide, think of all those extra nodes that need an address, granted, those who have an Internet connection already could be subtracted of that, but it's still a few million extra nodes, which IPv4 does not have.

Chew on that.

Badger. Badger. ←
[ Parent ]
The same problem as always (3.00 / 2) (#85)
by Control Group on Mon Aug 26, 2002 at 12:28:09 PM EST

All the comments I've read in this particular sub-discussion illustrate the standard conundrum of any capitalist system: most businesses (and all corporations) are always short-sighted. This is neither surprising, nor even inappropriate within the context of a capitalist market economy. Remember that the sole function of a business is to make money, and bear in mind the time value of money. Money now is always more valuable than money later; even moreso when it is money now vs. potential money later. If there is no immediate, tangible (which, in this case, means "accountable") return on a capital investment, that investment is unlikely to be made. As it stands, tftp has made an excellent case for why most profit-oriented organizations will not migrate to IPv6 any time soon.

The flip side, of course, is that short-sighted behavior leads to short-term gain at the expense of long-term gain. In the case of something like IPv6, the adoption of which is a (borderline) public good, society as a whole is hindered by this behavior. Various other posters have made excellent cases for the overall benefits of everyone switching to IPv6.

Luckily, there are businesses for whom there is an immediate benefit to migration: any internet infrastructure business can see clear monetary advantages to the transition. If I were to predict, that will be where the switchover begins, most likely followed by wireless devices. Only when IPv6 services are being provided that are more desirable (more cost effective, be it because of increased functionality or decreased cost) to business will a widespread conversion take place. The only thing an individual can do to speed the process is to begin running IPv6 personally; the more IPv6 networks around, the more likely it is for ISPs to run them. The more activistic amongst us, of course, could go ahead and encourage their ISPs to migrate ASAP...

***
"Oh, nothing. It just looks like a simple Kung-Fu Swedish Rastafarian Helldemon."
[ Parent ]

One analogy deserves another (none / 0) (#215)
by dipierro on Mon Sep 02, 2002 at 12:49:11 PM EST

Oh ! And remember, 640k should be enough for any application !

And we'll run out of fossil fuels by 1990!

Sooner or later, your mobile devices, fridge, tv, your companies machine park with its sensors, robots, cameras, etc will all be hooked up. Have fun maintaining the NATs

Maintaining the NATs? I just hook it up to my linksys and it gets the private address by DHCP.

My mobile devices do not need a static IP address. In fact, they shouldn't have one. My fridge and TV do not need internet accessible IP addresses. Neither do a companies sensors, robots, cameras, etc.



[ Parent ]
You listed *lots* of reasons to switch (5.00 / 6) (#7)
by nsayer on Mon Aug 26, 2002 at 03:22:10 AM EST

I have plenty already, behind my NAT. More than I will ever need.

NAT breaks horribly when you have to communicate with others who are also behind a NAT. Most NATs pick the same range of addresses for the private zone. Even if you had a VPN linking you and your friend together, it won't work if you're both using 192.168.0.0/24. Hosts that want to communicate should be able to do so. There's no security need that NAT provides that can't be met by a proper firewall, and a firewall is far more flexible than NAT (even NAT with port mapping).

If I have some servers (which should be in DMZ anyhow), I will carefully open some ports, and forward them exactly where I want them.

How are you going to make a DMZ if you only have a handfull of addresses available to you? If you have a 3 bit netmask (8 IPs, 5 of which are actually usable - typical for Pac$Bell ADSL, and generous for most home users who typically get a single address, often dynamic), you can't really subnet at all. All you can do is NAT.

And when you say "open some ports," you're confusing NAT with firewall. This confusion is natural when you confuse the purpose of both, or you combine the two (inappropriately).

I don't care. I don't have that many hosts.

Nobody does. That's the whole point. In IPv4, how you subnet your network impacts how many hosts each subnet is allowed to have. That, in turn, encourages people not to subnet. That has spurred the growth of switches to take the place of routers, which is bad because broadcast traffic must span an entire switched domain.

Did you hear about DHCP?

DHCP is a hack that makes up for the lack of foresight of the design of IPv4. Since it is not designed into the protocol, it is simply one more thing to set up. One more thing that IPv6 users don't need to think about at all.

But it scales well enough already, why should I do anything?

Do you run an ISP? Have you worked with any Internet routers that do not have a default route (that is, routers with routes for the entire Internet)? If the answer to either is 'no,' then you are unqualified to comment about whether the Internet today is scaling well or not. In fact, the size of the non-default routing table is a bigger problem than the scarcity of IP address space.

Imagine a world where every mobile phone, hell even every wired phone, had an IP address, and they all had to interoperate. This is not as farfetch a scenario as it may sound. VoIP over IPv6 may be the replacement for the POTS line and cell phone someday. IPv4 will in no way be suitable for such a network.


[ Parent ]

More about that (4.75 / 4) (#12)
by tftp on Mon Aug 26, 2002 at 03:46:14 AM EST

NAT breaks horribly when you have to communicate with others who are also behind a NAT.

Define "communicate", please. Ports 22, 25 and 80 are what most businesses need. Even VPN is not required usually. I don't want company X's secretary to connect to my secretary's computer. You see, from business point of view, the business network is opaque, and it exports only few well-defined and audited interfaces, through a single firewall. This is good. There is simply no need for the secretary's computer to have Internet-addressable IP. Nobody from outside can't even tell if I have NAT or real IP addresses inside (outside of MTA-generated headers.)

you're confusing NAT with firewall.

Both are integrated in ipchains and iptables. I know that they are different beasts, and I know how they work. I am not trying to write a "TCP/IP Illustrated" book here :-)

In IPv4, how you subnet your network impacts how many hosts each subnet is allowed to have.

If you are building an office network for IBM then this is a concern. But for the rest of us it is not. I use 76.x.x.x network, how many hosts does it give me? Do you think it would be enough? :-)

DHCP is a hack

But it works amazingly well!

you are unqualified to comment about whether the Internet today is scaling well or not.

That's why I said "maybe" - and left it up to ISP to decide what they want to do. My authority ends at my firewall, and that's OK with me. Whatever happens within my LAN is my decision, and nobody's else. Similarly, I don't care what the ISP does, as long as they give me the IP protocol that I am confortable with. If they don't, I either won't pay, or fix my setup, whichever cheaper.

Imagine a world where every mobile phone, hell even every wired phone, had an IP address, and they all had to interoperate.

Scary thought :-) Yes, IPv6 would be better for such a network, if/when it gets built. But remind me, what does it have to do with my current needs? :-)

You see, IPv6 was conceived mainly because of limitation of number of hosts, in days when p2p connectivity was the king. But NATed cocoons developed, and it was found out that a NAT also offers additional benefits, such as compartmentalization and central firewalling. If you look at fluffy_grue's comment below, he is wondering how he can keep pretty much the same infrastructure on IPv6. That's because it makes sense.

[ Parent ]

76.x.x.x and NAT in general (5.00 / 3) (#31)
by Amorsen on Mon Aug 26, 2002 at 09:32:10 AM EST

That network is reserved by IANA. It is not intended for private use. When IANA decides to put that address space to use, you will be cut off from that part of Internet or forced to map the whole 76.x.x.x network somewhere else, including in DNS answers. Doing that is error-prone and hard to debug.

NAT works fine for medium-size companies. They are small enough to make the single firewall possible, but large enough to get a few real IP-addresses and to pay someone who knows a little about NAT once in a while.

NAT breaks for large companies. They have to work with too many other companies, most of which are using the same address space internally. So now you have to have NAT solutions where an application on the host with address 10.1.2.3 at company A speaks to an application on the host with 10.1.2.6 at company B, at the same time it talks to it regular file server which also happens to be 10.1.2.6. It is a nightmare.

NAT also breaks for private users. It cuts them off from many services. Internet telephony by H.323 is probably the worst loss, but other P2P applications are constantly fighting against the limits of NAT. It turns their routers from simple stateless devices into complex stateful devices which break.

While I am at it, IPv4 is forcing everyone to pretend that their networks are LAN's. Real physical LAN's are exceedingly rare in businesses these days -- everyone is using switches. Each computer has its own full-duplex point-to-point link with the switch, and it is rather stupid to waste effort to turn those point-to-point links into something that looks like a congested LAN.

Anyway, I must stop now before I get started on DHCP.

[ Parent ]

I am not sure your example is real (2.00 / 1) (#37)
by tftp on Mon Aug 26, 2002 at 09:57:07 AM EST

That network is reserved by IANA. It is not intended for private use.

I need to edit about 5 files on two boxes to change the whole network to any other address/mask. Most boxes will renew DHCP lease promptly and will get new marching orders. Easy to do on Friday night.

So now you have to have NAT solutions where an application on the host with address 10.1.2.3 at company A speaks to an application on the host with 10.1.2.6 at company B, at the same time it talks to it regular file server which also happens to be 10.1.2.6. It is a nightmare.

Such examples seem to be contrived. What real life application you mean here? Normally, companies don't allow strangers to connect to internal boxes, and that is not without a good reason. If a server is exposed to Internet, it will be one server, and it will be properly maintained anyway - with NAT or without. The point here is connectivity to arbitrary computer inside the company, not only to permitted servers, and I believe this is not needed.

[ Parent ]

The example is real (none / 0) (#39)
by Amorsen on Mon Aug 26, 2002 at 10:18:33 AM EST

The exact IP addresses were different, though. I am not talking about stragners connecting to internal boxes. In the last case I was involved in it was two financial companies which started working together. One employee needed access to systems in both companies. Other examples have been a select few customers being allowed access to the inventory database of one company. Most often it involved leased lines, VPN's are getting popular but the problem exists with a VPN too.

[ Parent ]
I see (none / 0) (#49)
by tftp on Mon Aug 26, 2002 at 10:33:13 AM EST

Yes, merging of two networks is messy, especially when addresses overlap. You probably want to map the foreign network somewhere else, and rewrite packets destined for it in the router, before they are packaged up for transit through VPN to the other side.

Of course, the right - and simplest - solution would be to create a permanent route from the company B's firewall to the internal database server. Then company A's employee would just connect to the firewall, port 23456 (for example), and the mapping of the external address to the internal one (whichever it happens to be) will be done automagically, in both companies, in fact. Two minute job, at most, and changes are needed only on firewall of company B:

ipchains -A input -p tcp -i $extIF -d 0/0 23456 -j ACCEPT
ipfwadm portfw -L $extIP 23456 -R 10.2.3.4 11234

... or something like that.

[ Parent ]

...Or use IPv6 instead (5.00 / 1) (#72)
by nsayer on Mon Aug 26, 2002 at 11:21:38 AM EST

Welcome to the hell that is IPv4 and NAT.

Some friends of mine had a business where they outsourced intranet site searching. It was a pretty good business model. Unfortunately, NAT ruined it. Why? Because everyone was using NAT, they actually had to put a 1U machine in at the customer site in order to get connectivity because there was no way for them to pick a block of addresses that would work with all of their customers and their varied NAT setups. They effectively had to abandon IP in order to index sites and instead use tunneling over TCP. That made the solution too expensive.

If IPv6 were prevelant, they could have avoided that and simply insisted on being able to reach the Intranet machine through the firewall (perhaps using IPsec for security) and the problem would have been solved.

That is a real example. Not a contrived one. Not involving huge corporations.


[ Parent ]

IPv6, you say? (none / 0) (#87)
by tftp on Mon Aug 26, 2002 at 12:30:11 PM EST

I am almost convinced :-)

Not that it is difficult, I am just busy. But I shall at least try. This very box is IPv6 ready, so all I need is basically knowledge of how to do it. Not to worry, Google is good for that, and extra knowledge does not hurt too much...

[ Parent ]

The traffic did not go through the Internet (none / 0) (#120)
by Amorsen on Mon Aug 26, 2002 at 05:33:27 PM EST

The traffic is confidential. That is why leased lines are used. The outermost Internet firewall is not trusted enough to be allowed to see the traffic -- each company employs a firewall at their end of the leased line.

[ Parent ]
NAT causes a lot of problems (5.00 / 2) (#8)
by Delirium on Mon Aug 26, 2002 at 03:22:42 AM EST

Since it's impossible for any two computers on the same NAT to be listening on the same port (since they share the same external IP), it's impossible to play any game that requires you to be able to accept incoming connections (quite a few of them, and all of them if you want to host a game). Lots of other stuff breaks as well.

Instead of using NAT as a default "blocks all incoming connections except the ones I forward" firewall, it'd be better to give each computer on the LAN its own external IP, and set up an explicit "blocks all incoming connections except the ones I let through" firewall on the border router.

[ Parent ]

It is possible (3.50 / 2) (#13)
by tftp on Mon Aug 26, 2002 at 03:52:21 AM EST

There are solutions to that. If you want to host a game, pick an outside port and portfw it to the destination box. If you have several boxes, pick different port for each of them. If the game does not allow you to select a port, the game is broken - because there are too many reasons why you might want to use your own port (running 2 instances of the game server, for example).

Sure, if you have plenty of IP addresses, you don't need NAT, and you only need a firewall. You can do that with IPv4 if you are rich, or with IPv6 if you want. I just say that for many typical business setups it makes no sense.

[ Parent ]

Business (3.00 / 1) (#23)
by marx on Mon Aug 26, 2002 at 08:53:22 AM EST

I just say that for many typical business setups it makes no sense.
Why are you only talking about "the typical business setup" though? The typical business setup doesn't need the Internet at all.

Join me in the War on Torture: help eradicate torture from the world by holding torturers accountable.
[ Parent ]

What is a business setup (none / 0) (#27)
by tftp on Mon Aug 26, 2002 at 09:12:02 AM EST

I assume that a sufficiently evolved business needs its own Web page and email server. Before this point, the business can have any network or no network at all - it is invisible, and on so tiny scale that it does not matter.

Many smaller businesses just outsource Web and email. Good for them - they wouldn't be able to maintain these servers themselves. Their connection of choice is dialup or DSL, with no firewalling, and they don't know what IP is, let alone how v4 differs from v6.

The critical point in evolution of a company is when it wants to have its own Internet connection, its own servers, and connect internal computers to Internet on 24/7 basis. This is when decisions about network architecture are made. And that's pretty much all the company ever needs - Web and email.

Some businesses (like my own) need more. Such businesses may need to run some specialized servers, or some VPN, or something else - but on a small scale, not like ISP. (ISPs are completely different category.) Even that is easy to achieve using existing tools and IPv4 (with or without NAT, it does not matter.)

If you want to implement IPv6, do it when you plan a totally new installation - new office, new network, new company. This is the cheapest. But once you settled into IPv4, stay in the groove unless you got a really good reasons to upgrade. IPv6 is surely better, but not better for everyone.

[ Parent ]

Solutions built upon solutions built upon.. (none / 0) (#28)
by xenthar on Mon Aug 26, 2002 at 09:21:18 AM EST

It was even more possible to play protected mode games in DOS. Small improvement 32-bit protected mode systems are.

Besides, you want to make computing easy. Not everybody is as smart and knowledgeable as you are, which makes your arguments rather selfish1 and irrelevant to the people that create the infrastructure. Those people like clean designs. Most of them learned it the hard way.

1 But you already knew that ;)

-- Conciousness is contagious. Work on improving yours, it will affect the world.
[ Parent ]

Necessarily selfish (none / 0) (#35)
by tftp on Mon Aug 26, 2002 at 09:44:43 AM EST

makes your arguments rather selfish and irrelevant to the people that create the infrastructure

I am an engineer, and this means that I try to achieve a given goal with methods most appropriate for this particular situation. Protocol designers, however, may be scientists - people who strive for perfection, however impractical it is. Neither approach is bad, it's just the right approach should be used for a given task.

[ Parent ]

Yeah (none / 0) (#52)
by xenthar on Mon Aug 26, 2002 at 10:36:51 AM EST

Of course, it's always about the right balance. What you want to do depends on the timespan for which you evaluate the benefits/costs. At the one side quick 'n dirty, at the other perfectionistic.

But, being practical sometimes amounts to not looking ahead far enough. There are plenty of examples why that is bad. That said, the dreamer that I am knows how annoying it is to be unpractical ;-).

In this case, all those 4 to 6 transitions will probably be made sooner or later. If you think that it will actually happen then it's probably cheaper overall to start doing it now. Whether it will happen depends primarily on how many people support it.

If you do think it's a good thing to happen but you think you don't make a difference; that thinking is the reason the world is in such a lousy state.

Just looking at the practical advantages just won't do.

-- Conciousness is contagious. Work on improving yours, it will affect the world.
[ Parent ]

Bah (none / 0) (#105)
by Logan on Mon Aug 26, 2002 at 02:21:09 PM EST

I am an engineer, and this means that I try to achieve a given goal with methods most appropriate for this particular situation. Protocol designers, however, may be scientists - people who strive for perfection, however impractical it is.
What a useless dichotomy.

Try reading RFCs for any of the widely used protocols out there. Except for some particularly dumb protocols, you will generally find a balance between good design and practicality. Revisions even more so, as the designers have the perspective of experience. You will see that a protocol designer's notion of perfection does include practicality.

IPv6 is not an attempt at the "perfect" design -- which for some reason means the exclusion of practicality to you -- but to fix the problems inherent in IPv4 that are rapidly making it impractical to use, by incorporating an improved design.

Personally I use a laptop with a wireless NIC. I can imagine how convenient these sort of devices could be to some businesses. Imagine, perhaps, doing inventory in large warehouses. These sort of devices are where IPv6 can really shine. Furthermore, IPv6 means savings for large internet providers, and presumably these savings would permeate the entire internet. And if it means I don't have to use NAT any more (which is very very obnoxious), even better!

Logan

[ Parent ]

poiu (5.00 / 1) (#9)
by fluffy grue on Mon Aug 26, 2002 at 03:25:11 AM EST

If the prefix(es) ever change, that change is propagated automatically from the routers to the clients.

I don't rename my business 20 times a day, and neither does my ISP.

Some of us still have a dynamic IPv4 address, sadly. Since 6to4 tunnels IPv6 packets over raw IPv4 packets, it seems like it'd be nice and stateless, and so at least sockets to other IPv6 hosts won't be disrupted when I get booted. At least if I understand these things correctly.

As far as DMZ and so on go, you can still configure your NAT firewall (which would now double as a 6to4 bridge) to reject incoming SYN packets by default on IPv6...
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

Why? (none / 0) (#213)
by dipierro on Mon Sep 02, 2002 at 12:35:37 PM EST

<p><i>Some of us still have a dynamic IPv4 address, sadly.</i></p>
<p>So?  Why do you <b>need</b> a static IPv4 address?</p>

[ Parent ]
Scoop sucks (nt) (none / 0) (#214)
by dipierro on Mon Sep 02, 2002 at 12:36:49 PM EST



[ Parent ]
I don't (none / 0) (#217)
by fluffy grue on Mon Sep 02, 2002 at 02:33:33 PM EST

But when the IPv4 address changes, the prefix changes, at least if I understand the 6to4 mechanism.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

Well, yeah... (none / 0) (#218)
by dipierro on Mon Sep 02, 2002 at 02:39:57 PM EST

6to4 is a hack. It's not meant to be a full transition.

[ Parent ]
But in the meantime.. (none / 0) (#219)
by fluffy grue on Mon Sep 02, 2002 at 02:51:41 PM EST

If you're stuck using 6to4 on dynamic IPv4, you'll want dynamic net prefixes.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

That's somewhat true... (none / 0) (#22)
by DeadBaby on Mon Aug 26, 2002 at 08:40:40 AM EST

You have to admit, you're playing dumb here. Just becuase most of us don't really NEED IPV6 right now shouldn't prevent us from realizing we will need it in the future.

Why wait to solve the problem? You suggest it will take a lot of time and money to convert the world to IPV6 and you're right.. if we wait until the last minute it's only going to cost more time and money.

I almost wish sometimes that Y2K had been a huge disaster so people wouldn't take this "why me worry" stance on things. Waiting till the 11th hour to fix a problem is NOT a very good solution.

"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]

I can agree to that (none / 0) (#26)
by tftp on Mon Aug 26, 2002 at 08:57:13 AM EST

Just becuase most of us don't really NEED IPV6 right now shouldn't prevent us from realizing we will need it in the future.

The article is not about "future". It is a hands-on guide (incomplete at that too) that argues that one shall convert right now. I tried to explain that there is no need to migrate at this time.

Why wait to solve the problem? You suggest it will take a lot of time and money to convert the world to IPV6 and you're right.. if we wait until the last minute it's only going to cost more time and money.

But you are wrong here. The longer you wait, the easier the migration will be. For starters, check how many Internet-enabled applications that you must have (as a person, or as a business) that support IPv6? Also, better migration guides will be available, more specialists, OSes will default to IPv6 right out of the box, your ISP will support you... see, there are benefits. Generally, whenever you take your time to carefully plan a migration, you save big money. Right now, if you want to migrate your single Linux box at home you need to bury yourself in HOWTOs even despite the fact that iptools package already has IPv6 tools, and the 2.4 kernel supports IPv6 as well. This is not easy even at home (though could be a neat exercise in learning). In a business setting such tinkering is suicidal - you'd need to test every single piece of production software to make sure that it works. This is a year-long plan in a company as small as 500 people. Even migration from one release of Windows to the next takes longer!

so people wouldn't take this "why me worry" stance on things

People take this stance because they are reasonably sure that they are right. Like an architect standing under his bridge. If one is not willing to stand there and be responsible for what he is saying, he should get out of the kitchen.

Waiting till the 11th hour to fix a problem is NOT a very good solution.

What problem?

[ Parent ]

It really depends... (none / 0) (#81)
by DeadBaby on Mon Aug 26, 2002 at 11:58:01 AM EST

I got the sense from this article that the point was "IPV6 is here TODAY so you better start planning for tomorrow" but I guess it goes both ways. Personally I cannot see purchasing hardware in the next 12 months that isn't going to support IPV6. I can't see commiting to any software that isn't already IPV6 ready.

I'm paranoid though.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]

Depends on ... cost! (none / 0) (#89)
by tftp on Mon Aug 26, 2002 at 12:49:59 PM EST

I cannot see purchasing hardware in the next 12 months that isn't going to support IPV6.

It was mentioned already here that the IPv6 hardware will cost you extra, and it will come with new and exciting bugs. Are you ready to pay twice as much today for something that is not as good, and you won't be using it to full extent any time soon anyway? This is a typical case of a business decision, with a calculator in hand. You might find yourself better off buying older and cheaper boxes just to write them off few years down the road (mind taxes as well!)

[ Parent ]

You miss too much with NAT (5.00 / 1) (#36)
by CtrlBR on Mon Aug 26, 2002 at 09:48:39 AM EST

I have plenty already, behind my NAT. More than I will ever need.

You're limiting yourself to a small subset of what is possible then. Mail and web work well but any peer-to-peer protocol fails. E.g. IRC DCC, H323 IP telephony and video-conferencing (try writing a proxy that supports the whole protocol...), Freenet and other P2P applications.

H323 is the one that is missed the more in a corporate setting and that could lead to adoption of IPv6 for cost saving reasons, an IP conferencing solution ending up being way cheaper than a leased line solution.

And don't start me up on multihosting behind NAT.

If no-one thinks you're a freedom fighter than you're probably not a terrorist.
-- Gully Foyle

[ Parent ]
These? (4.00 / 1) (#38)
by tftp on Mon Aug 26, 2002 at 10:11:59 AM EST

any peer-to-peer protocol fails. E.g. IRC DCC, H323 IP telephony and video-conferencing

They are explicitly banned on my network. My business does not require IRC, or streaming anything, or P2P. All Windows boxes can't even access the gateway; internal IMAP, SMTP servers and Squid is all they are allowed to see. I tuned the network to fit business needs.

There may be other businesses, of course, that need these services - or just want to allow employees to use them on a lunch break. Then these businesses need to pay money for the upgrade. I won't stop them :-)

But most P2P protocols actually work well in NAT conditions. They just use a persistent outgoing connection. DCC is lost, but it's hardly a big deal.

H.323 is not a big deal at all. Firstly, all businesses I know about (and that is quite a few) use telephone, email and Fedex. That's how far they are willing to go, technologically. So far, nobody managed to check my PGP signatures on my email - which I told Mutt to apply unconditionally, to every message. Nobody knows what it is. That's where we are.

[ Parent ]

Why all the separate networks? (4.00 / 1) (#57)
by edison on Mon Aug 26, 2002 at 10:45:20 AM EST

With all due respect, condoning the proliferation of proprietary networks (ISDN/PSTN, cable tv, alarm networks, non-ip wireless networks) is crazy.

All of these networks and services can with great success be "converged" onto the Public Internet, today. With IPv6, it gets easier for everyone.

Why do you insist on giving large corporations (possibly with local monopolies) control over your personal or business communications needs, when there is a perfectly natural replacement that is so much better?

My personal opinion is that people don't really understand (yet) what the Public Internet is all about, and (potentially) represents in terms of freedom. This leads to a catch 22, as this ignorance hinders deployment of new services.



[ Parent ]

The needs of the many (none / 0) (#65)
by whelk1 on Mon Aug 26, 2002 at 11:01:32 AM EST

The problem is that a single person or organization who makes the switch will usually need to pay a steep price in effort and convenience. The benefits don't really start to appear until a critical mass of users converts.

There are definitely many communications services that will eventually make their way onto the Internet en masse. But again, many of the required protocols are young, immature and/or not nearly widespread enough to be useful. And guaranteeing end-to-end quality of service will probably involve changes to billing and routing that will not sit well with IP purists.

I've worked enough with IPv6 to recognize its usefulness, but I'm not enough of a zealot to make my employer suffer through a conversion right now. NAT works perfectly well for most organizations, and it is a known quantity. Change will have to come from those who have more to gain from IPv6. Right now, that looks like wireless providers and developing nations that are going to suffer badly from the IPv4 address space crunch. For now, I'd be happy to see mature IPv6 implementations from all the major software and hardware vendors.

Anyway, I'll miss the easy-to-memorize IPv4 address format.

[ Parent ]

H323 Is important (4.00 / 1) (#64)
by bsg on Mon Aug 26, 2002 at 11:00:58 AM EST

H.323 is not a big deal at all. Firstly, all businesses I know about (and that is quite a few) use telephone, email and Fedex. That's how far they are willing to go, technologically.

Actually, teleconferencing is a big deal especially with the mess that business travel has become. Ever since 9/11, the large multinational that I work for has been pushing videoconferencing very hard. And I know that this company is not alone. Many of the larger companies are pushing videoconferencing in lieu of actual travel.

[ Parent ]

H.323 is not for everybody (none / 0) (#88)
by tftp on Mon Aug 26, 2002 at 12:43:27 PM EST

Most of our travels are because of trade shows and live demos. You can't do that in front of video camera.

Myself, I have VoiceBlaster and GnomeMeeting set up and available at the office at any time. But am yet to receive a request for a videoconferencing from any of my business partners. I know them, they are not geeks. Your company is just lucky to have knowledgeable people at the IT helm who can just *tell* other people to do it. Another factor that works for you is that this is the same - just big - company, and the same IP people can institute the same video policy everywhere. When different businesses interact, the telephone is the lowest common denominator, and I have no right to tell other companies how to do things...

[ Parent ]

Uhm (4.00 / 1) (#45)
by vile on Mon Aug 26, 2002 at 10:29:09 AM EST

First, why?

1. Virtually unlimited (certainly by comparison) address space.

I have plenty already, behind my NAT. More than I will ever need.


- and -

My point is clear already, I guess. IPv4 works just fine for 99.9999% of users, and there is no convincing reason to switch. Maybe ISPs will want to tunnel IPv4 over IPv6, it's up to them. Customers want legacy IPv4 because it works, and there is not a single good reason to upgrade, and the costs of such an upgrade would be huge (software, old OSes, routers, training, tech support etc.) If there is, I haven't seen it in the article above.

A good reason to upgrade is that space is running out. Think beyond yourself. Eventually, given rising numbers of usage, that static IP of yours won't be around for you to argue with. Could be years, but if the trend continues, it's gone. IPv6 is around for a reason.

~
The money is in the treatment, not the cure.
[ Parent ]
Wow.. you're the internet? (3.66 / 3) (#97)
by Kwil on Mon Aug 26, 2002 at 01:42:19 PM EST

My point is clear already, I guess. IPv4 works just fine for 99.9999% of users

Actually, your point is that IPv4 works just fine for you.  Even if you're Mr. Goat, I doubt you could account for 99.9999% of the users I see on the internet.

That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze


[ Parent ]
he/I is/am. (5.00 / 1) (#123)
by mrgoat on Mon Aug 26, 2002 at 06:06:35 PM EST

And believe me, I can account for that many. I am called legion, for we are many.

"I'm having sex right now?" - Joh3n
--Top Hat--
[ Parent ]

Missing Poll Option (2.00 / 2) (#3)
by babbitt on Mon Aug 26, 2002 at 03:03:12 AM EST

I will live happily in my IPv4 NAT cacoon for a long, long time :)

When my ISP provides IPv6 service, I will probably switch over.  But until the core switches to IPv6 and delivers an IPv6 address to my location, I don't really care.  NAT with DHCP provides excellent connectivity.

--
Ben Abbitt

Give a man enough rope, he'll hang himself. Teach a man to make rope, he'll hang other people.


nice, but... (none / 0) (#119)
by eudas on Mon Aug 26, 2002 at 05:28:18 PM EST

nice, except providers aren't going to care until their customers demand it. if the customers aren't going to demand it until the providers provide it, that's a real sweet catch-22.

eudas
"We're placing this wood in your ass for the good of the world" -- mrgoat
[ Parent ]

Very cool, but I need more information (4.50 / 6) (#5)
by fluffy grue on Mon Aug 26, 2002 at 03:15:21 AM EST

I'd been wanting to switch to IPv6 for a while, and was mostly concerned about actually being able to route to the IPv4 Internet - and this 6to4 stuff looks like it definitely solves that problem (much more elegantly than I'd have ever imagined, no less,and RFC3068 is really damn cool, though I'd be concerned about it working on my everyday PPP dialup connection). However, there's a lot of information that I (and I'm sure others) need before I can switch to IPv6 - namely, I need to know how to do it.

  • How do I set up IPv6 on my intranet? Do I need to upgrade dhcpd and BIND? How do I switch them to IPv6?
  • What do I need to do to still have static hostnames within my network?
  • Any special NAT issues with access to IPv4 hosts?
  • How well does 6to4 handle the inevitable thing with the IPv4 address changing, for those of us who still have a dynamic IPv4 address?
  • What do I need to do in order to get this stuff to work on my Win98SE and MacOS X systems?
  • What about firewalling stuff? One of the reasons I like my NAT is that I don't have to worry about securing my Win98 machine because it's implicit
  • Assuming I join in on a local guerilla wireless network which is in its formative stages, how do I convince the person running it to setup a Linux/FreeBSD/etc.-based firewall running 6to4 instead of the silly off-the-shelf embedded "broadband router" that he wants to use? Or is it possible to have a 6to4 device which is strictly internal to an IPv4 NAT firewall anyway? (From what I understand of the 6to4 protocol, it should be possible as long as the firewall itself can be configured for that purpose, but those broadband routers aren't very flexible when it comes to routing incoming sockets...)

--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]

Some answers (5.00 / 4) (#10)
by nsayer on Mon Aug 26, 2002 at 03:37:10 AM EST

You set up IPv6 by setting up an IPv6 router (most easily with an open source *nix OS) and having all of your hosts get set up to autoconfigure IPv6. You do not typically use DHCP with IPv6. BIND typically is not an issue either. You typically only put those machines into the zone that need to be reachable. One way you can simplify this is to set up easy to remember aliases for popular machines, like DNS servers. These aliases can be site-local (meaning they don't work over the Internet) if you like. For example, you typically provide a site local address of fec0:0:0:ffff::1 for a DNS server so that you never have to edit /etc/resolv.conf for client-side DNS to work.

IPv6 addresses are autoconfigured, but are typically tied to the Ethernet address on your machine. This makes them predictable, so long as you don't change Ethernet cards or prefixes frequently.

6to4 hosts that have dynamic IPv4 addresses will have their prefixes change every time their IPv4 prefix does. For them, it is better to use a tunnel broker. There are various ones available that will delegate you a fixed prefix and have daemons that allow roaming IPv4 to still work. One of them is at www.freenet6.net.

There are no NAT issues with IPv6, so long as your 6to4 router is reachable from the Internet (at least IP protocol 41). There is no IPv6 NAT equivalent. There is NAT-PT, which allows IPv6-only hosts to see the IPv4 internet, but that's not the same thing.

Windows XP ships with an IPv6 stack, and Microsoft has a stack you can download for win2k (experimental). For other versions of Windows, I believe the folks at Trumpet.com.au have something available, but I've never tried it. MacOS X had IPv6 support back in the developers' preview days, but I think it went away. I'm not sure if you can add it back or not.

NAT can be used as a lazy man's firewall, but is it that much tougher to say

pass tcp from any to any established
pass tcp from any to mail 25 setup
deny log tcp from any to any

? That's just about as effective as most NAT based firewalls are, in practice.

As to how to convince your buddy, well, I would volunteer to set the thing up *for* him if I were you! I bet he'd appreciate the help, and everyone would benefit!

[ Parent ]

Hm... (none / 0) (#11)
by fluffy grue on Mon Aug 26, 2002 at 03:41:48 AM EST

I don't think you understood my initial questions correctly, but I don't think I phrased them very well either. :) I'll try asking again when I'm more awake. Or maybe I'll understand the issues correctly then and I won't have to ask again. :)
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

osx (none / 0) (#30)
by dreancha on Mon Aug 26, 2002 at 09:29:10 AM EST

i believe mac osx 10.2 has ipv6 in it.. if only i had the money for a new computer :)

[ Parent ]
Jaguar + v6 (none / 0) (#128)
by ptudor on Mon Aug 26, 2002 at 07:24:37 PM EST

Yeah, you're correct. One of the features in 10.2 is ipv6 support is already enabled (bringing it up to speed with all the other BSDs). Prior to that (10.1.5 and below) if you wanted support you had to recompile your kernel with ipv6 turned on.


-- pt933
[ Parent ]

Stateless Autoconfiguration notes (none / 0) (#60)
by bsg on Mon Aug 26, 2002 at 10:52:05 AM EST

IPv6 addresses are autoconfigured, but are typically tied to the Ethernet address on your machine. This makes them predictable, so long as you don't change Ethernet cards or prefixes frequently.

Actually, the autoconfigured host portion should remain the same, even when the prefix changes. It is derived from the MAC address and is converted to the EUI-64 format (vs. EUI-48 that ethernet uses). Once the MAC has been converted to EUI-64, the universal/local bit (the second bit in the most significant octet) is complemented. This yields the IPv6 host address. You can see more here.

[ Parent ]

mm..fluffy (none / 0) (#75)
by tokage on Mon Aug 26, 2002 at 11:41:00 AM EST

There are ipv6 enabled versions of most software. They provide ipv4 functionality as well. You have to use ipv6 enabled servers(bind, postfix, apache etc), as well as clients(irc, wget, lynx). Not all applications are v6 enabled *shrug*.

I'm not sure what you mean by static hostnames; are you referring to dns?

Your regular ipv4 nat stuff that you may have setup wouldn't have anything to do with your ipv6 setup.

I'm not really sure about your ipv4 address changing when you have a v6 tunnel; I'm sure it's a fairly common problem that has been addressed. I imagine you have to update the whole shebang somehow though.

Getting it to work in win98, out of luck. In XP you type like ipv6 install and b00m:

C:\WINDOWS>ipv6 install Installing... Succeeded.

Scary stuff. Not sure about OS X either.

Most firewalling suits (ipf, iptables, ipfw) have provisions for ipv6 stuffs; I guess if your shitty win98 box isn't ipv6 addressable, you're not going to be in trouble till you're using true v6 and not behind an ipv4 nat w/tunneled v6;)

As far as convincing people you need to setup ipv6 stuff..use your charm I guess. Not many people are willing to look at it *shrug*

Sorry for the bad formatting; running late for work.

Some links: freenet6 he.net -tunnel brokers

I always play / Russian roulette in my head / It's 17 black, or 29 red
[ Parent ]

ipv6 in win9x (5.00 / 1) (#112)
by Joe Groff on Mon Aug 26, 2002 at 02:56:02 PM EST

Getting it to work in win98, out of luck.

Wrong. Try Trumpet Winsock.
--
How long must I travel on
to be just where you are?

[ Parent ]

Damn, are they still around? (none / 0) (#136)
by Trevasel on Mon Aug 26, 2002 at 08:18:24 PM EST

Glory be.
-- That which does not kill you only makes you stranger - Trevor Goodchild
[ Parent ]
hmm (none / 0) (#156)
by tokage on Tue Aug 27, 2002 at 02:09:49 AM EST

das coo - flashbacks to win 3.1 are eating my brain now though

thanks

I always play / Russian roulette in my head / It's 17 black, or 29 red
[ Parent ]

guerilla wireless? (none / 0) (#129)
by influx on Mon Aug 26, 2002 at 07:32:46 PM EST

Can I get some details on this? I've been wanting to play with this for some time. I'll be willing to contribute time and/or resources to this if its going down :)

---
The more you know, the less you understand.
[ Parent ]
seattle / nyc wireless (none / 0) (#138)
by drivers on Mon Aug 26, 2002 at 08:36:20 PM EST

Some links:
Seattle:
http://www.seattlewireless.net/
NY:
http://www.nycwireless.net/
Portland:
http://www.personaltelco.net/static/PersonalTelco.html

I'm currently considering trying to get on to seattlewireless.

[ Parent ]

It's someone at KRWG (none / 0) (#173)
by fluffy grue on Tue Aug 27, 2002 at 01:24:06 PM EST

It's basically a FOAF who's working on it. If you'd come to my party you could have talked to the friend who its a FOAF of. :)
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

Some Answers (none / 0) (#199)
by seeS on Wed Aug 28, 2002 at 07:30:10 PM EST

How do I set up IPv6 on my intranet? Do I need to upgrade dhcpd and BIND? How do I switch them to IPv6?

You could use a patched DHCP, but far easier is to use radvd or zebra. They allow you to have a system sending out router advertisements which tell the hosts your default gateway and their network address.

Most modern versions of bind already do IPv6 queries (AAAA type at least).

What do I need to do to still have static hostnames within my network?

Assuming your ethernet card stays the same, you can map the hostname to the statically assigned address. Alternatively you can nail an address into your host and use that.

Any special NAT issues with access to IPv4 hosts?

Double stacking your hosts means they'll talk IPv4 and IPv6 fine. With IPv6 there is rarely a need to NAT.

How well does 6to4 handle the inevitable thing with the IPv4 address changing, for those of us who still have a dynamic IPv4 address?

With a dynamic IPv4 address, you effectively have a dynamic IPv6 network. If it is a single device then its easy, a moving network would be difficult though. If you want to run servers on this moving address, then you'll need some sort of dyndns setup just like IPv4.

What do I need to do in order to get this stuff to work on my Win98SE and MacOS X systems?

I'm not up on what support, if any, is on these two systems.

What about firewalling stuff? One of the reasons I like my NAT is that I don't have to worry about securing my Win98 machine because it's implicit

I know at least the Linux iptables firewall has IPv6 support. One of the BSDs does too. Checkpoint firewall-1 also just announced they support IPv6.

Assuming I join in on a local guerilla wireless network which is in its formative stages, how do I convince the person running it to setup a Linux/FreeBSD/etc.-based firewall running 6to4 instead of the silly off-the-shelf embedded "broadband router" that he wants to use? Or is it possible to have a 6to4 device which is strictly internal to an IPv4 NAT firewall anyway? (From what I understand of the 6to4 protocol, it should be possible as long as the firewall itself can be configured for that purpose, but those broadband routers aren't very flexible when it comes to routing incoming sockets...)

Setting up a 6to4 firewall on a Linux system is very easy to do (My guess is BSD would be about as easy). From your point of view, you are not setting up a 6to4 gateway, you're setting up an IPv6 network that just so happens to have some magical address, the 6to4 gateway can be elsewhere.

Of course you can run your own 6to4 gateway, but for that amount of effort you might as well run a real live IPv6 network, if you can get the scummy NICs to give you addresses.
--
Where's a policeman when you need one to blame the World Wide Web?
[ Parent ]

Cool, a couple more questions :) (none / 0) (#201)
by fluffy grue on Wed Aug 28, 2002 at 08:58:47 PM EST

Thanks for actually understanding what it was I was trying to say. :) Anyway...

The stuff on DHCP and BIND in particular is something I meant to clarify. What I really meant to ask was: how can I know ahead of time what my IPv6 address will be, and configure BIND accordingly? Especially since my network prefix will be changing (due to having a dynamic IPv4 address on the firewall box).

In fact, how does that affect things? Will the systems inside my network know to change their own addresses/routes/etc. when the firewall system's address changes, or am I screwed on that?

Also, where BIND becomes particularly essential is that I have a whole bunch of systems, and most of them run a UNIX of some sort. I'm copying files between them all the time and otherwise needing to be able to access them from each other. It sounds like the entire network's addresses will change as my dialup server's address changes.

Essentially, I don't want to even try out IPv6 until there's some way for my network to continue to function in the same way that it currently does. Well, obviously the IPv4 functionality will continue to work, but then why bother with IPv6? I mean, aside from pedantic reasons.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

Spelling correction possibilities (3.00 / 3) (#14)
by ubu on Mon Aug 26, 2002 at 04:51:31 AM EST

I can't tell if your poll entry is supposed to be "cocoon" or "GAGOON!"

Ubu


--
As good old software hats say - "You are in very safe hands, if you are using CVS !!!"
whence IPv5? (4.00 / 1) (#16)
by Shren on Mon Aug 26, 2002 at 06:28:31 AM EST

What happened to IPv5? Do people just like even numbers? What was wrong with it?

According to Nokia (4.00 / 1) (#17)
by Freaky on Mon Aug 26, 2002 at 07:25:20 AM EST

Nokia's IPv6 FAQ:
IPv5 never really existed. It was assigned to identify an experimental non-IP real time stream protocol called ST. Although ST was never widely used, the decision was made not to reassign the number 5. So, IPv6 was born. Now there is even talk of developing the Internet in even-numbered increments.


[ Parent ]
Actually... (none / 0) (#68)
by vile on Mon Aug 26, 2002 at 11:12:40 AM EST

I think it's more in line with number schemes.. example:

127.0.0.1 (4, seperated by period, v4)

fe10::2d4:b8ff:fe8d:86b (6, seperated by colon, v6)

~
The money is in the treatment, not the cure.
[ Parent ]
I could be... (none / 0) (#69)
by vile on Mon Aug 26, 2002 at 11:14:01 AM EST

wrong.... *shrug*

~
The money is in the treatment, not the cure.
[ Parent ]
which would be all well and good (4.00 / 1) (#77)
by mikpos on Mon Aug 26, 2002 at 11:44:02 AM EST

Except that according to RFC 2373 section 2.2, there are 8 fields in a literal IPv6 address, not 6. Makes sense: an IPv6 address is 128 bits long, each field is 16 bits wide, ergo 8 fields.

Maybe you were thinking of writing mixed IPv6 and IPv4 addresses? For those you have 6 16-bit colon-separated hexadecimal fields followed by 4 8-bit dot-separated decimal fields.

[ Parent ]

ST2 was implemented (4.00 / 1) (#118)
by isdnip on Mon Aug 26, 2002 at 05:24:50 PM EST

ST2 (IPv5) did exist; it was implemented in some routers, including the BBN T-20 (I think) of the early 1990s and maybe even some better-known models.  But it didn't get widespread use.  It worked, doing QoS streams, but RSVP came along and got the big mo.  Then RSVP didn't quite pan out, but ST2 was dead, and nobody has quite solved the problem yet, though MPLS is a useful tool.

IPv8, I think, is TUBA, which is what SHOULD have been done instead of IPv6, which sucks.


[ Parent ]

ISPs (4.00 / 3) (#19)
by Simon Kinahan on Mon Aug 26, 2002 at 07:58:34 AM EST

I haven't been following this, so bear with me a minute. Why are the ISPs not rolling out IPv6 on the backbone ? It'll all be much more useful once that is done, and I would have thought it would pay off by simplifying the mess the ISPs have to deal with right now.

So why aren't they doing it ? Is the hardware not there yet ? or do they prefer the current system for some reason ?

Simon

If you disagree, post, don't moderate

Software (none / 0) (#32)
by komet on Mon Aug 26, 2002 at 09:35:55 AM EST

Cisco does offer IPv6 IOS software, but only in the T train (not General Deployment quality) and more importantly, only in the expensive IP Plus packages, not in the standard IP Only package.

Also, from what I hear, IPv6-capable BGP and OSPF are not quite there yet. Obviously, before production quality IPv6 BGP is commonly available, there will be no IPv6 backbone.

YOU HAVE NO CHANCE TO SURVIVE MAKE YOUR TIME.
[ Parent ]

Cisco's Master Plan (4.50 / 2) (#51)
by bsg on Mon Aug 26, 2002 at 10:36:27 AM EST

Actually, Cisco does have a game plan for the whole IPv6 rollout. They do have a v6 capable version of BGP, but the OSPFv3 support is somewhere down the road.

In order to provide a link state IRP (interior routing protocol), they did add v6 support to the infinitely flexible ISIS routing protocol. Unfortunately, that's only supported on the higher end platforms. Of course, this also means you have to deal with CLNS a bit to get the benefits of ISIS...

You can find the Cisco IPv6 roll out strategy at their IPv6 website.

[ Parent ]

reasons (3.00 / 1) (#47)
by F a l c o n on Mon Aug 26, 2002 at 10:31:06 AM EST

I'm aware of two reasons (and I work for an ISP, though not in the backbone department):

a) implementations, especially in router hardware, aren't as good and stable as they should be before you bet your backbone (i.e. your life) on them.

b) AFAIK not a single one of our customers has requested it so far.

--
Back in Beta (too many new features added): BattleMaster
[ Parent ]

Because... (none / 0) (#63)
by vile on Mon Aug 26, 2002 at 11:00:39 AM EST

1) There is not a need at the moment. Cost vs. Profit.

2) There is not a requirement. Hardware manufacturers have not required them to. The great government has not issued orders (unlike Cable companies.. Digital Cable is a requirement.. analog is a thing of the past.. keep your TV set! It's an antique.) The market has not required them to.

All in all.. it's not a need. It will be.

~
The money is in the treatment, not the cure.
[ Parent ]
Digital Cable? (none / 0) (#92)
by /dev/trash on Mon Aug 26, 2002 at 01:16:09 PM EST

It's law that says cable has to be digital? My local cable company must be breaking the law then.

---
Updated 02/20/2004
New Site
[ Parent ]
Digital TV [OT] (1.00 / 1) (#116)
by upsilon on Mon Aug 26, 2002 at 04:31:49 PM EST

It's not a requirement yet, but it will be, in the US at least. All broadcasters and providers (like your cable company) will be required to provide digital-only content in ~2006 or so, provided that 85% of the US populace owns equipment capable of receiving such digital broadcasts.

It's something like that, at any rate; I'm not clear on the details, though I'm sure I will be in the not-too-distant-future...
--
Once, I was the King of Spain.
[ Parent ]

I have my doubts. (none / 0) (#135)
by /dev/trash on Mon Aug 26, 2002 at 08:08:03 PM EST

I really doubt that DTV will be a requirement.  The entertainment lobby will throw some money around and the date will change (again).

Granted I already have a Digital Transmission.

---
Updated 02/20/2004
New Site
[ Parent ]

heh... (none / 0) (#158)
by vile on Tue Aug 27, 2002 at 05:15:51 AM EST

2008.... it was extended two years...

~
The money is in the treatment, not the cure.
[ Parent ]
Not cable (none / 0) (#178)
by nstenz on Tue Aug 27, 2002 at 03:22:38 PM EST

TV broadcasters using public airwaves for transmission are required to switch to digital. Cable companies using their private infastructure are under no such obligation (at this time). They're just doing it to try to get ahead of satellite and broadcast TV.

[ Parent ]
It'll happen someday (4.33 / 3) (#21)
by DeadBaby on Mon Aug 26, 2002 at 08:28:14 AM EST

IPV6 just really isn't needed right now. For all we've heard about running out of address space we still have some room left to grow and NAT has really decreased the needs for public addresses in a lot of situations. I think it's a good thing it's taken a while for IPV6 to catch on. The overall quality of IPV6 will probably be much higher. A lot of my favorite software has supported IPV6 now for quite some time and, I assume, they've worked out many 1st generation bugs already.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
Well.. (none / 0) (#55)
by vile on Mon Aug 26, 2002 at 10:40:02 AM EST

it's not going to happen for years anyway, because people will use old ipv4 hardware for years to come. Think ahead of time.... that's what's being done. We're okay for now.. but in 10 years? What about 6? It'll take at *least* 1-2 for vendors to only ship ipv6 hardware.. and years beyond that for the old hardware to fade out.

~
The money is in the treatment, not the cure.
[ Parent ]
Address Space Exhaustion (none / 0) (#102)
by Bad Harmony on Mon Aug 26, 2002 at 02:08:04 PM EST

I just had someone stop by my office with a list of IP addresses that they would like to reclaim for new uses, if they can verify that the old systems are permanently off the network.

I expect more of this sort of thing in the future as more Internet capable devices are deployed. That class B address block, which seemed huge at the time it was issued, is starting to get crowded. There have already been "evictions" of partner organizations that used to occupy chunks of the address block. They were told to get their own IP address space.

Our parent organization is in better shape than most, we received our address blocks when all you had to do was ask, and globally addressable class B address blocks fell from the sky. I've heard that it is much more difficult in those parts of the world that were relatively late in connecting to the Internet.

5440' or Fight!
[ Parent ]

There's this lake, and this weed growing over it.. (none / 0) (#117)
by davew on Mon Aug 26, 2002 at 05:19:50 PM EST

See, "we still have half the space left" isn't much use when your usage is growing exponentially. :-)

Admittedly, IP address space usage has slowed in the last few years, due to a few different things (NAT, more careful allocation, troubled economic times, etc.) So while growth it's still greater than linear, it's not exponential. But each of the factors that are slowing growth are also a hassle.

If I'm applying for an allocation, why the hell should I have to guess how many hosts I'm going to have in two years? If I'm on a NATted network, why should I be restricted to whatever protocols the NAT box is capable of? That decision should be with the user, security policy permitting - otherwise, do we really want to be on an internet where everything is tunnelled through HTTP?

I'm at the LBW at the moment, just after getting IPv6 running on the LAN. I really do have trouble answering the question "but why would you want to?" -- I can't reel off a list of killer apps that v6 can run and v4 can't. However, there are people here who can watch me ping my laptop from an external machine, and see the significance.

IPv6 isn't "needed" now, because we're not in IPv4 crisis land yet. However, I don't think the result of an IPv4 crisis will be a magical mass transition. If, gods forbid, we do end up in that mess, I think you'll see allocation policies changed to make address assignment a real hassle (peanuts to what it's like now), and ISPs slapping NATs up left, right and centre. To make a transition happen in six months, or a year, or two years, people need to mess with it and get experience now. And that's the reason why I want to run it here. :-)



[ Parent ]
multicast (4.42 / 7) (#24)
by akb on Mon Aug 26, 2002 at 08:55:36 AM EST

IPv6 is also multicast native.  This allows a live source to be served to an unlimited number of clients for the same bandwidth as a single client.  All 'net users should want this.

See this K5 article from April 2001.

Collaborative Video Blog demandmedia.net

Excellent Point [ot] (none / 0) (#42)
by vile on Mon Aug 26, 2002 at 10:23:16 AM EST



~
The money is in the treatment, not the cure.
[ Parent ]
NAT kills the Internet (4.70 / 10) (#25)
by edison on Mon Aug 26, 2002 at 08:56:02 AM EST

I had actually been contemplating writing an article about NAT and IPv6 for a while, nice to see this article getting FPed.

I believe the author is correct in his approach -- IPv6 must, and will, replace IPv4 in the future.

If you as an individual oppose this transition, you are basically saying "NO!" to cheaper long distance, cheaper local calls, cheaper cable tv, cheaper cell calls etc -- all things that require basic end-to-end connectivity, multicast etc. to work.

The ISPs are deploying IPv6 in their networks, one of the problems here is that the leading router vendor still does not have a mature IPv6 implementation (i know it is public, it is just not seen as mature). This will happen, though, with time.

I have myself been involved in projects where NAT has shown itself to be a showstopper. We have successfully worked around the problem (ofcourse by basically using automatic tunneling in an application layer running over NAT), but this defeats the purpose as it removes many of the inherent benefits of using the Internet as a transport network to converge other proprietary networks and services into.

Users keep clinging to NAT, because it solves an immediate problem for them -- being able to connect more devices simultaneously. In sincerity, most users who do this do not really understand what the problem with NAT is, the sad part is that these users are exactly the users who should be afraid of NAT. They see Internet merely as a tool for Web and Mail, and refuse to see it as more unless someone offers it to them as a clean-cut no-fuzz solution. Well, this won't happen; they opted out from new services when they chose to accept NAT.

Clueful people might say that you can do anything with NAT; while this is true in some cases, most users do not neccessarily even control their NAT mappings. They just have a stupid NAT router or service installed in front of their network, and live with what I prefer to call web services access, not Internet access. You cannot expect clueless end users to install and activate new ALGs in their NAT router, hence the battle is already lost if they run NAT with the "least common denominator" services; http, smtp etc.

ISPs, at least this is true for Europe where I live, almost universally offer some sort of NAT service by default for users, touting real IP addresses as an expensive alternative. Well, I believe they are shooting themselves in the foot -- the business model for Internet access is still sketchy, and I believe things will become much more interesting for ISPs when new services come along that use advanced end-to-end capabilities of the Internet and of IPv6.

I'm not really sure what to do to further IPv6 deployment. I guess it will just happen with time, since as the author suggests, you can actually today run IPv6 only and reach the rest of the Internet. I hope IPv6-only services start popping up soon, as this might convince people to switch.

But people need to stop clinging to NAT. It is detrimental. And detrimental only.

An advice (5.00 / 1) (#29)
by tftp on Mon Aug 26, 2002 at 09:24:09 AM EST

I'm not really sure what to do to further IPv6 deployment.

Teach by example. Find an Internet technology that everyone craves for, but which won't work in IPv4 and/or NAT environment. Tell everyone how this new and wonderful innovation is possible only with IPv6 - and then there will be a reason to migrate.

Preaching IPv6 in generic terms - "when new services come along that use advanced end-to-end capabilities of the Internet and of IPv6" - simply is not enough. Most people are practical, and lazy too. They need a good reason, a burning desire to upgrade. Give us such a reason!

[ Parent ]

Address Space... (4.00 / 1) (#40)
by vile on Mon Aug 26, 2002 at 10:20:51 AM EST

...is your number one reason. Back in the day, one would not have to worry so much about ARIN guidelines and 80% usage requirements.. and spending thousands upon thousands of dollars on IPs. Coming from an ISP point of view.

But, if enough people get on the net, the space is gone. No more IPs available. Possible? Maybe.. But definitely half of the reason IPv6 was created, if not more.

Address space is your reason.

~
The money is in the treatment, not the cure.
[ Parent ]
Another Reason (none / 0) (#43)
by vile on Mon Aug 26, 2002 at 10:24:05 AM EST

here [posted below]

~
The money is in the treatment, not the cure.
[ Parent ]
I use NAT on purpose (none / 0) (#83)
by koreth on Mon Aug 26, 2002 at 12:16:12 PM EST

My home ISP only gives me one IP address. If I want more I have to pay more even though I only use one of my computers at a time. NAT gets all my computers on the net for the least amount of money.

Now, I agree that one of the reasons the ISP charges for multiple addresses is that they're a scarce resource, and IPv6 will pretty much get rid of that problem. But I bet even in an IPv6 world a lot of ISPs will charge home users by the host on the assumption that multiple hosts equal more bandwidth consumption. I think we'll still have people gaming the system with NAT, even when we're all running IPv6.

Or another angle: people will certainly still put up firewalls to keep their hosts shielded from attackers -- and if my host is behind a firewall anyway, the benefit of having a globally unique address comes pretty close to evaporating.

[ Parent ]

I don't think so (none / 0) (#96)
by nsayer on Mon Aug 26, 2002 at 01:39:11 PM EST

But I bet even in an IPv6 world a lot of ISPs will charge home users by the host on the assumption that multiple hosts equal more bandwidth consumption.

I think that the only folks who will wind up with single IP addresses will be dialup users. I can see giving a dialup user a single IP address, mainly because of how IPv6CP (the control protocol for IPv6 over PPP) works. But broadband users will most likely end up getting at least a 64 bit prefix (if not a 48 bit prefix), simply because autoconfiguration demands it. ISPs would have to do a lot more work to subnet below the 64 bit boundary. Not doing so would be the path of least resistance.

I don't doubt that charging more for high bandwidth usage is something we'll have to get used to. But I do believe that IPv6 will get rid of charging more for more addresses.


[ Parent ]

Okay, color me confused (none / 0) (#111)
by koreth on Mon Aug 26, 2002 at 02:51:34 PM EST

How is it harder for my ISP to have its DHCP (or IPv6 equivalent) server feed me one and only one host address than to feed me one and only one subnet number? They'd just be turning on autoconfiguration for their customers.

Maybe it'll be the case that you either get a single address or a whole subnet, never five or six addresses like you can often get today. That I can believe. But I don't see how, if autoconfiguration works on a LAN, it can't be made to work over DSL or cable-modem or other networks. Heck, a cable modem network is a big LAN in many respects.

But I'm not terribly familiar with IPv6 autoconfiguration so quite likely there's some nuance I'm missing.

[ Parent ]

Re: Okay, color me confused (5.00 / 1) (#139)
by nsayer on Mon Aug 26, 2002 at 08:39:22 PM EST

How is it harder for my ISP to have its DHCP (or IPv6 equivalent) server feed me one and only one host address than to feed me one and only one subnet number?

What they would probably do is set you up with a bridged connection. That bridged connection would have their router on their end, and your hosts on your end. You could plug n hosts in and each would autoconfigure and get a unique address in the same prefix. They could have a single prefix for all of their customers if they wanted. Their bridge would filter non IPv6 traffic and any fe00::/7 (link local, site local, multicast, etc) traffic, with the exception of router and neighbor discovery packets.

That would be how they could configure a single router and a single subnet to handle an entire provider's collection of home ADSL connections if they wanted, and if they didn't care how many computers people hooked up. If they wanted to care how many computers people hooked up, there would have to be a lot more work done.

If they really wanted to count the number of machines you had, they would have to either force you to use PPPoE (which would be damn stupid, since its primary purpose is to cut down on the number of IPv4 addresses they need at any one time, and IPv6 obliterates that need) or they'd resort to link-level filtering of one sort or another. Either is more work for them that is totally unnecessary from a technical standpoint.

That's if they wanted to cheat and not give each customer their own 48 bit prefix, like they're really supposed to do (pessimistic Nick says they probably will charge extra for /48 prefixes just because they can).



[ Parent ]

Broadband with PPPoE (none / 0) (#122)
by DodgyGeezer on Mon Aug 26, 2002 at 05:50:34 PM EST

Can you explain how PPPoE affects your statements about broadband users?  After all, it's basically dial-up for broadband, and it seems to be getting quite popular.

[ Parent ]
Re: Broadband with PPPoE (4.00 / 1) (#140)
by nsayer on Mon Aug 26, 2002 at 08:46:09 PM EST

In an IPv6 world, PPPoE makes no sense at all. It exists because IP addresses are scarce. If IP addresses were not scarce, it would be pointless. That being said, it is possible to run IPv6 over PPP. There is an IPv6CP which negotiates unique link-local addresses for each end of the link, then the 'client' side simply does router and prefix discovery as usual. I've done this with FreeBSD, and it... almost... works (the problem is that running rtsol on a tun device does not work because tun devices may not have addresses added other than by the process that owns the tunnel. But the link-local connection does work).

If your question is, "how can I use IPv6 if I have a PPPoE connection?" then the answer is the same as using IPv6 over dynamic address PPP - get your prefix from a tunnel broker (freenet6.net or he.net) and you will wind up getting a 48 bit static IPv6 prefix for your own use regardless of the fact that you have a dynamic IPv4 address.


[ Parent ]

Agreed (none / 0) (#84)
by xtremex on Mon Aug 26, 2002 at 12:22:03 PM EST

My home network has around 9 or 10 boxes behind a honebuilt gateway/firewall/router. I have a million firewall rules (port forwarding etc). So, instead of memorizing IP's (which would be easier), I have to memorize the ports. I try to make patterns with the ports. Like, my Sun starts with 54...ftp is 5421, http is 5480, etc. NetBSD is 48. 4821, 4880, etc.When you accidentally screw up your routing tables, it takes a while to figure out when you do a remote X session from ONE box and it displays on the wrong machine! I have tried to set up IPv6 internally (by default all my boxes have an ipv6 address), but how do I make it usable? My gateway machine has an ipv6 address too, but will it talk with thte rest of the net?

[ Parent ]
What new services ? (none / 0) (#90)
by Simon Kinahan on Mon Aug 26, 2002 at 01:04:05 PM EST

This is the issue. If there were some compelling application that needed IP6, and couldn't be made to work with NAT, I'd switch as soon as I could afford a new router, and so would lots of other people.

AFAIK, there isn't one, and that is the issue. What is the point in using IP6 if there's not even another network I know of to connect to through 6to4, let alone a broadband ISP with an IP6 service in this area, and nothing interesting to do with it once it was up and running anyway ?

There's no use trying to persuade people to switch "for the good of the internet". They're not going to. NAT works for everything people want to run. When it stops working, they'll switch.  

Simon

If you disagree, post, don't moderate
[ Parent ]

RE: NAT kills the Internet (none / 0) (#108)
by James Thiele on Mon Aug 26, 2002 at 02:45:10 PM EST

ISPs will want to charge more for multiple IP numbers, even with IPv6. My buddy and his three teenage sons all have their own computers. He got a letter from his cable provider complaining about 4 computers on one line, and wanting him to pay more. The boys bought a firewall box with NAT which will make it harder for the greedy cable company to prove that there are multiple computers in use.

[ Parent ]
The reason they care (none / 0) (#147)
by fluffy grue on Mon Aug 26, 2002 at 09:50:40 PM EST

It's not the bandwidth they're worried about so much as the IP address space. In my experience, neither Comcast nor Roadrunner care how many computers you have online as long as it only takes one of their IP addresses.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

So why would they let you lease that many IPs? (none / 0) (#170)
by chrisbolt on Tue Aug 27, 2002 at 01:12:25 PM EST

When I had a cable modem with Shaw, it wouldn't even give up more than one IP unless I paid them $5/month extra. AFAIK, it's not that hard for the ISP to limit the number of computers which can lease an IP behind a cable modem.

---
<panner> When making backups, take a lesson from rusty: it doesn't matter if you make them, only that you _think_ you made them.
[ Parent ]
Yes, that's what I said (none / 0) (#172)
by fluffy grue on Tue Aug 27, 2002 at 01:22:00 PM EST

I said that cable network providers typically don't care how many systems you have online, as long as you only take one of their IP addresses, and I said nothing about whether they could limit the number of addresses or not, I was only talking about the different mechanisms that the providers do use to limit the address allocation, though it was mostly in terms of "How do we make sure that someone getting online is actually a customer?"

The fact that your provider charged extra per additional IP address shows that they considered each IP address to be worth $5/month. That's actually pretty cheap for an IP address these days.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

NAT is good for security (2.50 / 2) (#154)
by florin on Tue Aug 27, 2002 at 01:23:39 AM EST

NAT does a very simple thing: it makes very difficult to initiate a connection "from outside". Therefore, some people use it just for that, even when they actually have enough routable addresses.

[ Parent ]
National address assignment (4.50 / 4) (#33)
by acceleriter on Mon Aug 26, 2002 at 09:40:32 AM EST

I am disturbed about the allocation of IPv6 address space based on nationality--it will make it much easier than it is today to deny content based on accessor location and to firewall countries.

Good Point.. but... (none / 0) (#50)
by vile on Mon Aug 26, 2002 at 10:35:31 AM EST

That ability could be thought of as a good thing.

~
The money is in the treatment, not the cure.
[ Parent ]
IP addresses based on nationality = dumb (none / 0) (#76)
by Shren on Mon Aug 26, 2002 at 11:41:29 AM EST

Are they really going to readdress *everyone* whenever national borders change? Do they really want to get the people who assign IP ranges caught up in things like the Kashmir conflict? Are Sealand and the USA going to get the same number of addresses?

Dumb. Fortunately it's not critical to the IPv6 spec - it seems to just be the (braindead) way they've chosen to allocate addresses. They'll realize what idiots they were down the road, hopefully.

[ Parent ]

Of course not (5.00 / 2) (#79)
by nsayer on Mon Aug 26, 2002 at 11:51:51 AM EST

The rationale behind IPv6 is route agregation. The initial allocation is geographic, because it's the most likely way for the routes to agregate initially. That is, if you want to get to me, the easiest way is to get to North America first, then California, then Santa Clara. The route to Santa Clara from China can be agregated with the route to Redding, Sacramento, San Francisco, and probably Los Angeles, San Diego and Seattle.

Prefix decisions are absolutely not going to be based solely on geography. You will get a 48 bit prefix from your ISP, part of a block from their higher-up connection and so on to the non-default backbone of the Internet. If you switch from one ISP to another, that prefix will change. No addresses are ever "portable," which will insure that the NDRT will be kept very, very short, regardless of how many billions of machines get added. That is what will keep the Internet scalable.


[ Parent ]

ISP charge for multiple connected devices? (4.25 / 4) (#34)
by Brindisi on Mon Aug 26, 2002 at 09:41:47 AM EST

What happens when ISP's start charging a per device fee for everything that connects to the net?
If the ISP can see how many devices actually are connecting to the net through them, how long until they decide that new devices mean new fees?

With NAT they only see 1 device.

(Unless I am wrong about how NAT works)

Per-IP charges (none / 0) (#41)
by tftp on Mon Aug 26, 2002 at 10:20:52 AM EST

ISPs already charge fee per each IP address assigned to you. But today you can get away with only one IP, if you can live with restrictions of NAT.

I do not know how ISPs will be allocating IPv6 address space, but I am willing to bet that they won't hurt themselves in the pocket.

With NAT, indeed they see only one IP address. But higher level protocols, such as ESMTP and HTTP, can expose internal structure of your network.

[ Parent ]

Per IP charges... (4.00 / 1) (#48)
by vile on Mon Aug 26, 2002 at 10:32:33 AM EST

....would probably not exist if it were not for IPv4's inherent allocation shortage. If people had thought better, IPv6 would've been created, and noone would have to worry about allocating 100s of IPs to anyone who asked.

The charge is there as a deterrent.

~
The money is in the treatment, not the cure.
[ Parent ]
Not so fast... (4.00 / 2) (#53)
by tftp on Mon Aug 26, 2002 at 10:37:40 AM EST

Scarcity of resources is the cornerstone of capitalism. If scarcity does not exist naturally, it will be invented. For example, cable TV charges more for more channels even when it does not cost extra to broadcast them to you. Same goes with IP addresses, bandwidth cap, restrictions on servers, and many more.

[ Parent ]
Point Taken (none / 0) (#59)
by vile on Mon Aug 26, 2002 at 10:50:03 AM EST

Though, competition says that the market would lean to giving more for less, instead of taking a conservation approach.

~
The money is in the treatment, not the cure.
[ Parent ]
True, but... (4.00 / 1) (#54)
by upsilon on Mon Aug 26, 2002 at 10:38:26 AM EST

What you say is undoubtedly the truth. However, it seems to me that ISPs and their customers are now used to charges-by-the-IP-address. When IPv6 gets rolled out, we will probably see per-IP charges if only because everybody's used to them. Thus, the ISPs will do it because they can.

Now, with the huge number of IP addresses available, it seems likely that there will be some competition (particularly among DSL providers) in this area, and there may be some ISPs that will trumpet "65000 free IP addresses!", but by and large, I wouldn't count on it.
--
Once, I was the King of Spain.
[ Parent ]

*Very* good point... (none / 0) (#58)
by vile on Mon Aug 26, 2002 at 10:46:18 AM EST

in fact, I thought of it as I was writing my reply.. which is why I didn't say there wouldn't be ip-based charges in the future... but definitely an awesome point on how the effects of past implementations continue even in face of them no longer being necessary.. for the outcome of larger profit.

~
The money is in the treatment, not the cure.
[ Parent ]
Free IP addresses (4.00 / 1) (#71)
by Amorsen on Mon Aug 26, 2002 at 11:17:45 AM EST

If your provider will not give you any, just tunnel from someone who will. The ISP would however be violating the terms of use for their IPv6 assignment. An ISP is supposed to give out a /48 unless there is a specific reason to go lower.

[ Parent ]
Exactly. (4.00 / 1) (#95)
by CaptainSuperBoy on Mon Aug 26, 2002 at 01:36:56 PM EST

c. 1997: "We barely have enough IP's to meet estimated demand. We have no choice but to charge customers who want a static IP, or more than one IP."

c. 2003: "Now that IPv6 is rolling out, there is no longer any technical or financial reason to restrict customers to one, dynamic, IP. But we can make more money that way, so let's fall back on the old excuse: We don't want people to run servers on the network, so we'll charge you double for a static IP. More computers eat more bandwidth, so we charge more for multiple IPs. Yeah, even if the IP is just for your toaster."

And the answer? Competition, competition, competition. The day I can ditch AT&T Broadband for a competitor who doesn't dictate the exact ways I am permitted to use my Internet connection, is the day.. um.. I will be.. happy to ditch them. Ahem.

--
jimmysquid.com - I take pictures.
[ Parent ]

NAT (none / 0) (#46)
by Burning Straw Man on Mon Aug 26, 2002 at 10:30:04 AM EST

For info on NAT, visit the HowStuffWorks pages on the topic.

But in general, information allowing your router to look up the local address of the client (that's your Desktop, Toaster, of IP-enabled Microwave) is embedded into the IP packet which goes out through your router. This allows the router to keep a table of who should get what return packets from the Internet, since they will all be using the same Internet address.

So, theoretically, your ISP could be checking all the packets coming from your Internet address, and looking for varying embedded information about local addresses. However, since this is probably only changing the "source port" of the packet (Overloading), it would be extremely hard to identify, if not completely impossible (as most people broadly claim).

However, it has been about 6 years since I had networking (and it was Comer teaching... I'm sure I am making lots of blatant mistakes)
--
your straw man is on fire...
[ Parent ]

Home Hardware (4.40 / 5) (#56)
by Burning Straw Man on Mon Aug 26, 2002 at 10:40:19 AM EST

At home, I have a wireless LAN gateway which is probably not capable of IPv6. At home, I have a DSL "router" which is probably not capable of IPv6. I also have a print server which is probably not capable of IPv6. The barrier to upgrading to IPv6 is becoming a financial one, because I would find myself having to replace half of the devices on my network.

Of course, it is my fault for having bought the devices in the first place, but that doesn't help the issue. In other words, I won't be upgrading to IPv6 for the forseeable future, even though I logically know its benefits outweigh the obstacles. But as far as my wife is concerned, I'm probably not going to be buying $1000 of new network equipment, when she won't be noticing any difference in the way the network behaves to her.

Perhaps the makers of these devices will produce firmware upgrades, but barring that, I'm stuck in NAT hell.
--
your straw man is on fire...

Hardware Manufacturers (4.00 / 1) (#61)
by vile on Mon Aug 26, 2002 at 10:56:59 AM EST

This is the same problem that everyone is trying to solve. Noone wants to go out and buy a new implementation of the hardware for the *same* service that is currently being filled by device that *works*.

It's a barrier.. eventually hardware manufacturers will be forced (somehow, by market, by government, etc.) to ship ipv6 compatible hardware.. some are already. Most of the leaders are not.

It will take years.

~
The money is in the treatment, not the cure.
[ Parent ]
I just checked on my devices... (3.00 / 1) (#67)
by Burning Straw Man on Mon Aug 26, 2002 at 11:12:18 AM EST

Netgear RT-311 (broadband router) - no IPv6
Netgear PS-110 (print server) - no IPv6
Orinoco RG-1000 (wireless router) - no IPv6
--
your straw man is on fire...
[ Parent ]
One thing you could do.. (none / 0) (#70)
by vile on Mon Aug 26, 2002 at 11:16:39 AM EST

Is ask or recommend Netgear start furnishing IPv6 comatible hardware. That will start something.. especially if you spread word to your friends to do the same.. and ask them to spread word to their friends. It's how things happen.

~
The money is in the treatment, not the cure.
[ Parent ]
Netgear (4.00 / 1) (#104)
by Burning Straw Man on Mon Aug 26, 2002 at 02:20:00 PM EST

What gets strange is that Netgear was created and was owned by Bay Networks (in turn, bought by Nortel). Bay Networks is one of the companies preaching out in favor of IPv6 and against the evil that is NAT.
--
your straw man is on fire...
[ Parent ]
That doesn't *preclude* IPv6 (none / 0) (#73)
by nsayer on Mon Aug 26, 2002 at 11:32:28 AM EST

Netgear RT-311 (broadband router) - no IPv6
Netgear PS-110 (print server) - no IPv6
Orinoco RG-1000 (wireless router) - no IPv6

You may still be able to use IPv6 despite the RT-311. If you can get it to NAT IP protocol 41 to some other machine inside, then that machine could be your IPv6 gateway.

The print server is slightly less important, since it is unlikely to need Internet access (allowing people to print to it over the Internet would mean setting up a dual-stack print server to proxy the device).

The RG-1000 works perfectly well with IPv6 packets (when it is configured as a bridge). You only need IPv4 to configure it. Once.

I guess one thing I left out of the article is that replacing IPv4 entirely with IPv6 is possible, but optional. It is just as easy to set up both if you cannot get rid of IPv4 for now.


[ Parent ]

Broadband routers (none / 0) (#78)
by fluffy grue on Mon Aug 26, 2002 at 11:46:04 AM EST

I've yet to see an off-the-shelf broadband router which gives you control over the IP layer. The closest I"ve seen is where to relay incoming TCP sockets or UDP datagrams.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

SMC has an answer (none / 0) (#94)
by nsayer on Mon Aug 26, 2002 at 01:29:08 PM EST

The SMC broadband router at my parents' house has the ability to designate a single internal host to get all of the packets the router itself doesn't know how to handle. I haven't tried doing IPv6 that way, but I suspect that a host so designated would get IP proto 41 packets, which is what would be necessary.


[ Parent ]
Oh, cool (none / 0) (#98)
by fluffy grue on Mon Aug 26, 2002 at 01:58:26 PM EST

SMC > *. I love my SMC wireless access point, and it's nice to hear that their broadband routers are, unlike D-Link's and Netgear's, not total crap. :)
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

missing the point (none / 0) (#101)
by Burning Straw Man on Mon Aug 26, 2002 at 02:07:28 PM EST

If you can get it to NAT IP protocol 41 to some other machine inside, then that machine could be your IPv6 gateway.

If I'm going to have another machine inside acting as an IPv6 gateway, I would not even need the the RT311 :) I'd just set up some ipfiter tables and be done with it. But then I would have a clunky machine running, fans whirring, etc, instead of a small, silent box.
--
your straw man is on fire...
[ Parent ]

strangely enough (none / 0) (#180)
by Burning Straw Man on Tue Aug 27, 2002 at 05:47:24 PM EST

that's nearly what I use for my DNS/SMTP server. An old 486 laptop with an IDE flash drive. nearly silent.
--
your straw man is on fire...
[ Parent ]
My stuff (none / 0) (#82)
by xtremex on Mon Aug 26, 2002 at 12:11:08 PM EST

Home built firewall/router: IPv6 compatible (OpenBSD PC w/ 2 NICs)

Printer: Not IPv6 compatible
Sun Server running solaris 8 :IPv6 compatible
Linux Boxen: ipv6 compat
NetBSD Box: IPv6 compatible
HP/UX Box: IPv6 compatible
Win2k box as a test unit: unsure..does anyone know if Windows is IPv6 compat out of the box?


[ Parent ]

An experimental IPv6 stack for Win2k (3.50 / 2) (#86)
by acceleriter on Mon Aug 26, 2002 at 12:28:17 PM EST

is here.

[ Parent ]
IPv6 and Windows (none / 0) (#106)
by Burning Straw Man on Mon Aug 26, 2002 at 02:21:54 PM EST

There is no "fully supported" solution for IPv6 on Windows, AFAIK. Windows XP does come with IPv6, but it is not activated by default, nor is it "fully supported". Microsoft claims that Windows .NET will be the first release which will have "fully supported" IPv6.
--
your straw man is on fire...
[ Parent ]
Windows XP SP1 (none / 0) (#161)
by bsg on Tue Aug 27, 2002 at 10:43:32 AM EST

Microsoft is claiming that there will be a commercially supported IPv6 stack in Service Pack 1 for Windows XP. Since the SP was pushed back a bit, we'll have to wait and see if its true. -Ben

[ Parent ]
Exactly how many? (3.60 / 5) (#62)
by trebuchet on Mon Aug 26, 2002 at 10:58:29 AM EST

I bet I'm not the only one who wondered exactly how many possible IP addresses there are with IPv6, so on a boring day at work I did the following calculation:

There are 8 fields, and each can be a number from 0 to FFFF (65535). So, the number of possible combinations is 65535^8=3.402x10^38 (approx). That is a very large number. If you want to compare it to something, that's about 56,706,805,127,398,506,114,517,619,921 addresses per person (assuming 6,000,000,000 people).

This is somewhat misleading, because there are some addresses that are reserved for other functions. See page 5 of RFC 1884 for details.

The problem I see with IPv6 is that it will make it a lot harder for me to memorize my IP address.

--
I wanna be a new original creation,
A cross between a moose, a monkey, and a fig.
I'm ready, Monsanto, let me be your guinea pig.
--Moxy Fruvous

Memorizing IP addresses? (none / 0) (#66)
by nsayer on Mon Aug 26, 2002 at 11:10:48 AM EST

That's what DNS is for.

In practice, though, I find that memorizing prefixes is about on a par with memorizing addresses. If you always want to find a particular machine, you can create an IP alias for it in addition to its autoconfigured one. I have no chance of remembering 3ffe:1200:301b:3:a0:20fe:ffb5:2301, but I could remember 3ffe:1200:301b:3::1 (those are just examples).

[ Parent ]

Well (none / 0) (#80)
by DeadBaby on Mon Aug 26, 2002 at 11:53:09 AM EST

Unfortunately hostnames are often even more cryptic than a IPV4 IP. I seriously don't know what some companies are thinking when they name their machines.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]
Naming Schemes (4.00 / 1) (#91)
by sk00t on Mon Aug 26, 2002 at 01:11:13 PM EST

They're thinking they *should* be cryptic, most likely -- in a corporate LAN, naming a workstation 'BOBS_LAPTOP' is rarely prudent. Even worse is naming it 'BJOHNSON' or something. Most companies develop naming schemes based on floor, department, a workstation's service tag, etc., both because it makes internal attacks more difficult and for growth. The 'friendly name' approach doesn't work very well when you have 3k employees and 5 Bob Johnsons.

In a small shop, or a home network, it's another story.

"Somehow we get by without ever learning, somehow no matter what the world keeps turning"

--Ben Foster
[ Parent ]

Address space (none / 0) (#103)
by antiduh on Mon Aug 26, 2002 at 02:19:24 PM EST

IPv6 is 128 bits wide, therefore the max number of IP's available would be 2^128 = 340282366920938463463374607431768211456 ~= 340 undecillion. Less obscure. =)

[ Parent ]
Human-readable ipv6 (4.00 / 1) (#153)
by hardburn on Tue Aug 27, 2002 at 12:34:35 AM EST

There is a much shorter way of specifying IPv6 addresses. Whenever you have a string a zeros in the address, you are given a short cut.

Instead of saying:

834f:0000:0000:0000:0000:0000:463a:b893

You can say:

834f::465a:b893

The computer automatically fills in the double-colon area with zeros. Note that to make it possible for computers to parse it, you can only use the double colon once.



834f:0000:0000:1111:0000:0000:463a:b893

Using the above address, you can not say:

834f::1111::463a:b893

Because the computer won't be able to figure out exactly where the "1111" fits into address. Do you mean:



834f:0000:1111:0000:0000:0000:463a:b893

Or maybe:



834f:0000:0000:0000:1111:0000:463a:b893

So, you have to pick one set of zeros or the other.

Just design your networks so there are sure to be a large string of zeros together. This shouldn't be a problem for small to medium sized networks. In large networks, IP memorization is a problem even in IPv4, so nothing is really lost.


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
WARNING - posting a comment with zero research (2.00 / 1) (#74)
by el_guapo on Mon Aug 26, 2002 at 11:38:00 AM EST

i seem to recall that ipv6 also had stuff built in that was sort of stapled to ipv4? like ipsec, multicast etc? anyways - at work we have one of the largest networks on the planet i would think (150,000 people, 2 clas a's, 20ish class b's (noone's really sure - we just merged:) and i can only imagine how many class c's) and ipv6 is nothing more than a lab with some network engineers working in it - point being that if, with all of our resources, we aren't anywhere NEAR deploying this even on a tiny scale, i can't imagine anyone else is. converting my housenet to ipv6 is 1 thing, converting an enterprise to it is entirely another...
mas cerveza, por favor mirrors, manifestos, etc.
big established networks (none / 0) (#93)
by samedi on Mon Aug 26, 2002 at 01:26:39 PM EST

Big established networks with large address spaces are not moving quickly towards IPv6... the primary reason being that they don't really need what IPv6 offers.

The places where IPv6 is moving forward fast is in embedded markets like cell phones and internet-addressable applicances. These companies need a huge address space, need the new masking and multicasting that IPv6 provides, and in many cases they don't have established networks or large address spaces. NAT is an option for these people, but there are problems with RFC1918 NAT. Anyways, it's the embedded market that's really trying to pushing IPv6 into the marketplace.


i am the king... of no pants! - www.penny-arcade.com
[ Parent ]
Big networks already coming. Apps will help. (none / 0) (#151)
by funky womble on Mon Aug 26, 2002 at 11:35:48 PM EST

Really? I see quite a few big established networks using it - big EU/Japanese telcos, academic networks (including Abilene), broadband providers...admittedly it does seem that there's a bit more interest outside the US than inside, but then in a lot of countries there's not such a large established IPv4 infrastructure, so there's probably less resistance to change.

You're right about the embedded market, particularly mobile devices (where IPv6 gives rather strong advantages over IPv4 both in terms of mobility and multicast - I wouldn't like to imagine full mobile use including roaming between providers using RFC1918). Remote sensors could be another use (for example, meter-reading).

Another area which I think will cause a big take-up in a year or two is use in academic institutions. Plenty of people got their first taste of high-speed internet access while at university, back when elsewhere it was mostly unavailable or restricted to low speed. Obviously many of those leaving academia would rather not give that up - I'm sure many businesses first installed a leased line largely for that reason. If applications benefitting from direct addressing of hosts become commonplace in the academic environment, I think a similar thing is likely to happen.

If secure and easy-to-use file-and-printer sharing software capable of running over IPv6 were available for Windows (something that the average semi-technical home user could operate, and that would install very easily or, better, be built-in to the OS), I think that would provide a compelling application. Most people don't realise that it's possible to map a drive letter over the internet, if this worked *well*, there would be plenty of use for it... although Windows currently has an IPv6 stack, most of its services can't make use of it, including file-sharing... [don't suppose that matters too much on my w2k box right now though, since it keeps forgetting the default route it learned from my ipv6 router's rtadvd...sigh].

[ Parent ]

in the end (3.33 / 3) (#99)
by VoxLobster on Mon Aug 26, 2002 at 01:59:13 PM EST

there's no reason that we should need a bigger address space. The problem is that there are so many people wasting tens of millions of addresses. The other features are nice, but we don't need more addresses, really.

VoxLobster
I was raised by a cup of coffee! -- Homsar

Actually We do Need More Address Space (3.00 / 2) (#100)
by HidingMyName on Mon Aug 26, 2002 at 02:07:11 PM EST

Even if we eliminated heirarchical partitioning of addresses, we a 32 bit address is too small (only about 4 Billion), which will get exhausted as people are now having more than one device per user and the number of users are growing as the cost of entry diminishes. Just because the cycle on the tech economy is down, does not mean that the internet is not growing and won't exceed its current requirements.

[ Parent ]
i'm just going to take a guess here (5.00 / 1) (#107)
by mikpos on Mon Aug 26, 2002 at 02:35:05 PM EST

But are you possibly from North America, South America, Australia, or Western/Nothern Europe?

For a few years now, there has already been an IP shortage going on in Asia and parts of Europe (not sure what's going on in Africa), and it's going to grow quite considerably in the next few years. Getting a connection to the Internet there often does not mean that you get an IP address. Rather, your ISP might run all of their customers on a private subnet because they themselves only get one or a few IPs.

Tens of millions of wasted IPs is a drop in the bucket, quite frankly. Even if you were somehow able to scrounge up all of the IPs being wasted right now, that would make up for what, maybe a dozen cities in China? Look forward 10 years: even if China were exclusively awarded the entire IPv4 address space, they might run low.

However, that's a bit of a red herring. All the IPs being wasted right now are doing a lot of good. It's called "not keeping megabytes worth of routing tables on every router". If 28.149.25.14 is Joe Blow in New Jersey and 28.149.25.144 is Min Chang in Beijing, 20 hops away from Joe Blow, well, that makes routing very difficult.

IPv6 in theory will actually have a lot of performance benefits. The QoS and multicasting and whatnot are all well and good, but it'll also lead to faster switching (which means lower latency) due to simplified routing, I believe.

[ Parent ]

but (none / 0) (#126)
by VoxLobster on Mon Aug 26, 2002 at 07:19:45 PM EST

when you use CIDR (which is what's being used by everyone) you purchase blocks of IP's and you route via a common prefix. That way you don't get that situation you described...If companies and orginizations in North America, South America, Australia and Western/Northern Europe would simpy give up their crazy classful addresses, there would be plenty of addresses for everyone. The use of private subnets is the whole reason that you don't need a massive address space. ISP's should be using private addressing for their clients, not only would it be better for address space, it would save them money in bandwidth by preventing their users from having personal webservers and FTP sites. I agree that IPv6 has some performance benefits, due to the fact that it was designed for performance, but it has a major drawback, that being that it's really user-unfriendly. The size of a single address is rediculous.

VoxLobster
I was raised by a cup of coffee! -- Homsar
[ Parent ]

got lemons? make lemonade (none / 0) (#211)
by rtscts on Sat Aug 31, 2002 at 01:31:54 PM EST

If things are so fucked in Asia/Europe, they might as well make the best of it. Set everything up as IPv6 instead of private IP4 IPs, with the access points for users doing IP4/IP6 translations (internally, it's all v6). Then when the rest of the world half gets it's shit together, they're already there.


...
don't worry. i know exactly what i'm d@#^(!#NO CARRIER
[ Parent ]
Yup (none / 0) (#212)
by nsayer on Sun Sep 01, 2002 at 04:33:14 AM EST

The IPv6/v4 translators of which you speak are called NAT-PT. What you do is run a DNS proxy that changes A records into AAAA records with a given prefix, then you set up a route for that prefix so it goes into a router that is equipped with the NAT-PT. The IPv6 site sees an IPv6 destination, the IPv4 side sees an IPv4 source.

This breaks the usual sorts of protocols -- those that actually attempt to put IP address information in the stream, or that try and manage incoming connections (things like FTP, IRC DCC and various P2P, IM service and gaming things come to mind). It also implies that all of your applications can get along without having IPv4 configured at all (we're close to that world, but not quite there yet).

But all in all, I think you're a lot more right than wrong.


[ Parent ]

Dynamic IP? (4.00 / 1) (#109)
by DJBongHit on Mon Aug 26, 2002 at 02:47:05 PM EST

It's the perfect way for anyone with at least 1 static IPv4 address to start with IPv6.
What about those of us who live in the middle of nowhere and have no broadband options? Can I use IPv6 on my internal network with a dynamic dialup IP and have it be accessible from the outside world?

~DJBongHit

--
GNU GPL: Free as in herpes.

Dynamic IP? Yes. (5.00 / 1) (#110)
by nsayer on Mon Aug 26, 2002 at 02:51:13 PM EST

For folks with dynamic IPs, I recommend a tunnel broker, like freenet6.net. They generally have a system to dynamically update the IPv4 endpoint(s) for your IPv6 prefix.

The good thing is that even though you have a dynamic IPv4 address, you get to have a static IPv6 prefix!

[ Parent ]

Help (3.33 / 3) (#113)
by psicE on Mon Aug 26, 2002 at 02:57:16 PM EST

I have a Linksys BEFSR41 EtherFast Cable/DSL Router. It has no support for IPv6. Worse, my ISP, AT&T Broadband, requires you to tell them the MAC address of the computer using its IP; so to switch the connection to one of my desktops, and make that the router, would be unfeasible.

Is there any way, with 6to4 probably, that I can use IPv6 on this network exclusively, or will all computer on the network have to use both 6 and 4? Is there custom firmware that someone made for that router that supports IPv6? And is there any way that I can make Windows computers work with IPv6; or is it a waste anyway as no applications work with IPv6 (I personally have no idea whether they do or not)?

MAC address fix... (4.00 / 1) (#121)
by metsfan on Mon Aug 26, 2002 at 05:48:17 PM EST

This is not related to the IPv6 issue, but the Linksys router has a MAC address clone feature... You can call your ISP and tell them the MAC address of one of your desktops, and then put that MAC address into the router.

The router then pretends to have that MAC address - when your computer is behind the router, AT&T won't see the computer's MAC anyway. This way you can switch the cable modem connection between the router and a desktop without any problems to test things out.

[ Parent ]

I know, I know (none / 0) (#124)
by psicE on Mon Aug 26, 2002 at 06:41:30 PM EST

But I still have to call them up the first time. And that also ties me to a specific netcard - what if that card goes? What if I want to try it on a different one of my computers? Etc. It would be much easier to do it with the router.

[ Parent ]
wait a sec (none / 0) (#143)
by kalanar on Mon Aug 26, 2002 at 09:06:02 PM EST

You're saying that you have been told to call and give somebody your MAC address? Are you sure?

The ATT Broadband DHCP server will know your MAC address, but that is not stopping you from getting online with different network cards.

I run a FreeBSD nat server and have it connected to the cable modem (on an Att Broadband connection) and it works fine. I've never told anyone my MAC address, I've switched computers (and network cards) about 10 times since my install and have never been asked for a MAC address to any card. ATT will not support your network or your router, nor should they, but I'm pretty sure that you're mistaken about needing to report your MAC. Hopefully I'm understanding you correctly.

The only thing I can think of that you would have to tell them about is if you bought a new cable modem, and then it'd have to be registered on their network. Doesn't really require a phone call though.

I don't run IPv6 on my LAN, haven't even bothered to look into it. I'm perfectly fine with internal reserved IPs and FreeBSD translating/firewalling for me.


[ Parent ]

It depends on local provider policy (none / 0) (#145)
by fluffy grue on Mon Aug 26, 2002 at 09:46:33 PM EST

Some providers (such as AT&T) register the modem, some providers (such as Comcast) register the computer's MAC address, and some providers (such as Roadrunner) require you to run a special dhcp client which adds authentication. To further add to the confusion, many cable ISPs were acquired and merged and spun off and so on, and so there's legacy systems out there which have special local issues and so on.
--
"Is a sentence fragment" is a sentence fragment.
"Is not a quine" is not a quine.

[ Hug Your Trikuare ]
[ Parent ]

AT&T Broadband? (none / 0) (#150)
by psicE on Mon Aug 26, 2002 at 11:18:07 PM EST

Fifty bucks says you're a former TCI customer. Am I right?

Mediaone was a good company. But the one annoying thing they did was ask for your computer's MAC address. And your cable modem's MAC address. Believe it or not, they wanted both.

Now, maybe the policy's changed since the merger. I'll have to test it out. But I've called Mediaone many a time when I've gotten new network cards. And their website, at least for zipcode 02215, says that it hasn't changed. Ah well.

[ Parent ]

nope (none / 0) (#181)
by kalanar on Tue Aug 27, 2002 at 08:39:12 PM EST

You owe me $50. ;)

Signed up in March, my subscriber agreement/cable tv agreement/virtual tech cds all have Att broadband all over it. However, TCI did service the area I'm in now. (on the west coast)

I think ATT Broadband has fixed that little problem. Of course, with @Home being out of the picture now, a lot of things have changed. (For the better, I think)

I could be wrong about your area though,I know that in my service area they aren't blocking access if they don't know your mac address.

From what I understand they are tearing out all of the old 'stuff' (equipment and non-docsis leased modems,etc) in most of the major areas. I guess it all depends on how close you are to Boston when all that'll happen.

[ Parent ]

ah, i was right (none / 0) (#182)
by psicE on Tue Aug 27, 2002 at 09:00:58 PM EST

I didn't count on you signing up for service after the merger. You were in the former TCI area, which was my intent. We'll call it a draw. :D

AT&T Broadband corporate policy in the former MediaOne area was to require the MAC address. TCI was probably different. AT&T Broadband, at this point, doesn't care enough to integrate the networks; they'll let AT&T Comcast do the dirty work.

After that god-awful merger is complete, then the combined AT&T Comcast, if they can even keep track of all their cable subscribers, will probably attempt to consolidate their policies, networks, technologies, etc.

[ Parent ]

Change the MAC address in the NIC? (none / 0) (#224)
by Gromit on Tue Dec 03, 2002 at 07:20:53 AM EST

I've heard (elsewhere in this topic, actually) that many modern NICs allow you to change their MAC address, although in five minutes on google I couldn't find one (3Com's web site was throwing errors, which didn't help). You could find one of those, give it the address you've already registered, and then you wouldn't have to call AT&T.

But then, why is that such a big problem? I used to do it all the time with my old cable provider; took them typically 1-4 hours to update their tables.



--
"The noble art of losing face will one day save the human race." - Hans Blix

[ Parent ]
IPv6 to your hard drive! (3.00 / 3) (#114)
by Fen on Mon Aug 26, 2002 at 03:48:18 PM EST

I'm not sure about now (this is from working at Intel a few years ago), but infiniband, a new technology in the line of SCSI, uses IPv6 for signaling. I think this means that your hard disk has an IP address. The huge amount of addresses make this possible. IPv6==very cool.
--Self.
Oh, cool (3.50 / 4) (#130)
by Mantikor on Mon Aug 26, 2002 at 07:46:39 PM EST

Yeah, absolutely awesome - more overhead on my disk transfers... this sounds exactly like what the biggest bottleneck in my system needs.

Oh, it'll also be good when my hard drive has it's own IP, so random parties can disable it remotely, or directly monitor what ads I've been watching.  Then the RIAA can DOS my hard drive directly via it's IPv6 address too.  Cool.


[ Parent ]

Not that way (none / 0) (#141)
by Fen on Mon Aug 26, 2002 at 08:46:28 PM EST

It would be over a private channel. No need for that knee-jerk reaction.
--Self.
[ Parent ]
Consolidation of responses (none / 0) (#183)
by Mantikor on Tue Aug 27, 2002 at 10:45:10 PM EST

<I>If IPv6 is an extensible system, the overhead will be very minimal. The disk head will take longer to move than processing some header.</I>

Let me think.  I request some data from my hard drive, saying "give me file <x>".  The OS looks up file <x> in it's directory or allocation table, finds which sectors it's in, and then crafts one or more IPv6 packets to send to the hard drive to request the data.  The hard drive then receives the packet and has to decode the header, THEN the disk head moves.
So the time taken by the disk head travelling is additional to the IP processing overhead.  Not only that, but the overhead is on each and every request to the drive, not just one initial call.

<I>It would be over a private channel. No need for that knee-jerk reaction.</I>

Right, so the bonus of using IPv6 is...?  If it's a private channel, and only my PC can communicate with it via IPv6... what's the point?  It's just more "Wow cool" stuff, and frankly, it's not even that cool.  It makes the drives even more comlicated than they already are, since I doubt IPv6 has room in the specs for addressing physical drive geometry.


[ Parent ]

Shit (none / 0) (#184)
by Mantikor on Tue Aug 27, 2002 at 10:46:31 PM EST

Damned italic tags

That'll teach me not to preview

[ Parent ]
overhead? (none / 0) (#142)
by Fen on Mon Aug 26, 2002 at 08:47:39 PM EST

If IPv6 is an extensible system, the overhead will be very minimal. The disk head will take longer to move than processing some header.
--Self.
[ Parent ]
I got a simpler solution... (1.40 / 5) (#115)
by bigbtommy on Mon Aug 26, 2002 at 03:51:25 PM EST

...just kick all company web servers off the web. The content on them is useless anyway... then steal their IP addresses and use them for something useful...
-- bbCity.co.uk - When I see kids, I speed up
Issues with IPv6 (4.50 / 14) (#125)
by aetius3 on Mon Aug 26, 2002 at 07:12:54 PM EST

For those who really care:

RFC-2460

Disclaimer: I'm not a Cisco engineer, or somebody who knows everything there is to know about routing or TCP/IP. I do have some knowledge of people and some knowledge of technology. I'm not an IPv6 expert, but what I've read really bugs me. I think that IPv6 is suffering quite a bit from Brook's second-system effect, and needs a lot of work before it will be as robust and effective as IPv4.

The fact of the matter is that the *only* major impetus for IPv6 adoption is exhaustion of current IPv4 address space. However, instead of simply cutting the bits out of IPv4 that aren't used and upping the address space size, the designers of IPv6 have tacked on a bewildering (and extensible!) array of options, features, and tools.

1) IPv6 introduces a large amount of complexity where it is not necessary. For example, check out the extendable headers, hop-by-hop options, QoS headers, and (still!!) source routing. The designers of IPv6 are trying to fix application and session layer problems at the network layer. When was the last time you had an issue because of the version of your TCP/IP stack? Remember those days? Well, here they come again.

2) Complexity in the base protocol is very, very dangerous. There are actually very few security issues with IPv4 itself, most of which have now been fixed (fragment handling), blocked (source routing), or at least partially worked around by other means (spoofing). The only real security issue remaining is tracking network location to physical location. With all of the additional options, extensions, and the malleability of IPv6, I would expect a large number of security and/or useability issues to crop up. For example, RFC-2406 specifies that the default encryption standards are DES, MD5, and SHA-1. Okay, fair enough -- not too strong, but workable as a baseline. However, a vendor can apparently implement *any* authentication or ESP algorithm they want. That means that there will be authentication and encryption issues between different versions of IP stacks, OSes, and hardware products, and also opens TCP/IP to problems with encryption protocols. Don't like your competitor's products? Then alter your IP stack to utilize patented or copyrighted encryption algorithms, which can't be duplicated without paying royalties. "I'm sorry, my security gateway only supports communication with Microsoft products." That is the kind of thing that a standard is supposed to eliminate, and instead IPv6 is playing in application land and opening the door to a Pandora's box chock-full of intentional and unitentional incompatibilities.

3) Quality of Service. QoS is built into IPv6 from the ground up. If you think your gaming connection is bad now, wait till you have to pay $50 per quality level to boost your QoS back to the kind of connection you get today. Or, consider getting into a bidding war with your internet "neighbor" over the QoS for your website traffic. Pretty good for the ISPs, pretty bad for everyone else. Sharing the available bandwidth equally is not a bad system for a public network, and messing with that has implications that we've only begun to see. You may have a right to access, but if your QoS is low, your internet connection isn't going to mean much despite the bandwidth you have. It is conceivable that toying with QoS would send people back to dial-up, since their performance on broadband will be just as bad as a modem unless they are willing to pay more money. Think long and hard about who gets to define QoS on the Internet, and then tell me whether or not you think it is a good thing.

4) MAC addresses in IP addresses. There is a sort-of alternative to this now, but as using the MAC address is easier, vendors will likely just use it. Nothing like exposing data-link layer information in network-layer protocols, no sir. And doing it automatically, too.

5) IPv6 removes the human element from log-scanning and network sniffing. If you think you can recognize a specific IPv6 address when you see one, then you are a very special individual. This means that identification of attackers, hosts, and everyone *must* be done by automated systems. If you remove the human element from this sort of scanning, then you lose a portion of your ability to secure your hosts. Right now, with IPv4, I can troubleshoot hosts relatively easily by IP alone. With IPv6 it won't be that easy. Think about trying to troubleshoot DNS errors. Was that AE60:347F:239B:5AAB:C233:BBAF:784A:27FA or AE60:347F:239B:5AAB:C233:BBAF:783A:27FA? Someone run the host program on that address again, will you? It will lead to trusting the automated name resolution systems, when such system have well-known and far-reaching security issues (domain name hijacking, etc).

6) The very throw-away nature of IPv6 addresses will lend itself to abuse. The system is too automated. I can plug into any network and get an IP address instantly, then fade away to another network at the drop of a hat. At least with IPv4 an attacker usually has to sniff the network for a few minutes to get an idea of what address and subnet mask to use. The system's very complexity will cause users to lean on the automated systems, easing the task of infiltrating into a network and doing whatever needs to be done. If there is one lesson we've learned over the last few years on the net, it is "trust no one". This flies in the face of that knowledge. (And yes, I know that the security options can help -- but that's just one more thing that needs to be manually configured!).

7) The address space is NOT big enough. The practical limit of IPv6 address space is much lower than the theoretical limit people like to throw around. Much of the address space is intended to be devoted to subnetting and routing work, not host addresses. That means assigning networks and subnets by political, economic, and social boundaries, not network boundaries. Such a situation contributes greatly to our current IP shortage, and this limitation is already firmly established in the IPv6 protocol (in global aggregate address format). There are already signs that some field sizes in the protocol are already inadequate, because IPv6 is attempting to be too specific. It has been calculated that around 160 bits of address space will be required to handle address division and host address assignment for the "ubiquitous internet". If we're going to do it, then why not go completely overboard? The original designers of the Internet thought that IPv4 address space was beyond reason -- maybe we should make the same decision here, and make sure that we use an address space that takes crazy numbers of networks, subnets, and other identifiers into account.

8) The dns namespace is going to get ... interesting. Since manual control will no longer be an option for big networks, large-scale automated dynamic DNS will likely come into being, with all of the security and identification issues that entails. This will be pushed because identifying machines via IP address simply won't be an option any more - there has to be a human-useable method of identification. Unfortunately, there isn't really a way to load test this that I know of. I do know that the DNS system is under stress now; adding millions of hosts, all doing many DNS lookups as a matter of course, will put a load on the system that could have unforeseen effects.

These are just a few of the issues that I see with IPv6 as it is today. There are more, I'm sure. IPv6 does have some really good ideas in it, such as the ability to attach several interfaces to one network seamlessly. I think, however, that in the long run it will be at least ten years before IPv6 becomes necessary, and it will not look like it does now. The stress of real production use has a way of reducing complexity, and I think that is what will happen. What I'm hoping for is a careful evaluation of the security and performance issues with IPv6, and then a re-design that gets rid of all the crap. Here's to hoping. :)



Great Post (none / 0) (#127)
by Argyle on Mon Aug 26, 2002 at 07:23:31 PM EST

Thanks for the detailed and resonable post about the issues surrounding IPv6. Gave me much to think about.

[ Parent ]
Regarding human scanning of logs (4.00 / 2) (#131)
by prolefeed on Mon Aug 26, 2002 at 07:51:00 PM EST

Excellent post.

> 5) IPv6 removes the human element from
> log-scanning and network sniffing. If you think
> you can recognize a specific IPv6 address when
> you see one, then you are a very special
> individual. This means that identification of
> attackers, hosts, and everyone *must* be done by
> automated systems. If you remove the human
> element from this sort of scanning, then you
> lose a portion of your ability to secure your
> hosts. Right now, with IPv4, I can troubleshoot
> hosts relatively easily by IP alone. With IPv6
> it won't be that easy. Think about trying to
> troubleshoot DNS errors. Was that
> AE60:347F:239B:5AAB:C233:BBAF:784A:27FA or
> AE60:347F:239B:5AAB:C233:BBAF:783A:27FA? Someone
> run the host program on that address again, will
> you? It will lead to trusting the automated name
> resolution systems, when such system have
> well-known and far-reaching security issues
> (domain name hijacking, etc).

You're conflating two different things.  While you would need some "automation" to bring your log files into some format easier to analyze, you-the-admin can still analyze the data yourself.    What you would do, of course, is to move your log file into a database (trivial for those with vim; hell for everyone else -- I speak from direct experience at work.  I alone have vim.  I alone seem to be able to fully analyze large logs.  I lean on ctrl-[ and meanacingly laugh in the monitor strobe light of ":set vb"...) and keep a table of attackers that you can search through with the same flexibility you'd have with a text file.

Just because a little automation is necessary for record-keeping does not mean everything must be automated.  Some of the admin's ability to glance through a log file to see problems may be retarded, but I don't think it's the horrorshow you describe.

[ Parent ]

Rebuttal (4.83 / 6) (#144)
by nsayer on Mon Aug 26, 2002 at 09:10:42 PM EST

IPv6 introduces a large amount of complexity where it is not necessary

The IPv6 header is actually far less complex than the IPv4 header. The best evidence of this is that an IPv6 header has 4 times as much IP address as an IPv4 header, but is only twice as long. The space savings was made by eliminating seldom used options and turning them into extension headers. This relieves intermediate routers from having to examine those headers, for the most part (the exception being hop-by-hop options, which if they really want to they can reject. Also, the presence or absense of hop-by-hop options can be determined by examining one byte in the IPv6 header, which is reasonably fast, and the vast majority of packets won't have them). There is no IP checksum in the IPv6 header. This saves intermediate routers a lot of work since they must currently correct the checksum of EVERY packet they pass (because they decrement the TTL). In sum, it is far, far easier for an intermediate router to deal with IPv6 traffic than IPv4, and it is the fate of the intermediate routers (such as those in the non-default-routing-table backbone) that should be everyone's biggest concern, as they govern the overall scalability of the Internet.

QoS is built into IPv6 from the ground up

That's a feature, thank you. I'd very much like to make sure my router can tell the difference between a VoIP session and an FTP transfer. The traffic class field in the IP header may someday allow for this (currently it is so poorly defined that I don't know what there is for you to complain about).

The very throw-away nature of IPv6 addresses will lend itself to abuse

No more so than DHCP does today. If you really want to get rid of autoconfiguration, you are invited to disable router and prefix advertisements from your router, just as you can disable the DHCP server on your LAN. I don't think it will make anything any more secure, but it sure will make your life harder.

MAC addresses in IP addresses

What is so terrible about the world knowing that I have a 3com Ethernet card? That's less information than one can get from Queso today. And if you're really paranoid about it, you're invited to either use IPv6 aliasing to eliminate the "data leak" or change your Ethernet address (OS permitting).

The address space is NOT big enough

You can't have it both ways. Earlier you complained that the addresses were too long to remember and that they'd confuse administrators, etc. Now you say they're too small? Which is it?

In any event, we're currently not out of IPv4 addresses yet, despite the overwhelming record of spendthrift allocations (class As for apple.com and MIT come to mind) we are saddled with. All evidence suggests that allocation of TLAs and SLAs will be much more reasonable, and I don't know of anyone besides yourself who has suggested that the current Agregatable Global system is not going to be sufficient for the next 30-50 years, at least.

The dns namespace is going to get ... interesting

DNS will not change in any meaningful way. DHCP and Dynamic DNS updating is already a part of every enterprise I know of. IPv6 has no meaningful impact on any aspect of DNS that may be "under stress now." Substituting AAAA for A records and IP6.INT for IN-ADDR.ARPA just is not that big a deal.


[ Parent ]

Please do some more research next time (5.00 / 13) (#146)
by Ethan on Mon Aug 26, 2002 at 09:49:08 PM EST

Much of this comment, while superficially correct, shows a lack of understanding of IPv6 or the issues involved. I guess I'll have to point-by-point it to clear some of this up.

  • The fact of the matter is that the *only* major impetus for IPv6 adoption is exhaustion of current IPv4 address space.

    This is simply incorrect. There are many, very good reasons that IPv6 should be adopted. Address space is only one of the many. While it is true that large portions of the IPv4 address space is unused, reclaiming them would, in many cases, force additional entries to be added to the core routing tables ... routing tables that already have, in many cases, on the order of 10,000 entries (reference) This is something that simply cannot be sustained.

    Which is a perfect segue into one of the major bonuses of IPv6, being that it will allow true prefix-based routing by virtue of the address space it affords. Prefix-based routing means that a typical domain needs to know exactly one upstream host (typical of today) and a relatively small number of downstream routers, trivially distinguished by longest match prefixes. Core routers need only know about the assigned top-level aggregators (TLAs) and routes within their own TLA hierarchy.

    There are other reasons, but this is already going to be too long.

  • IPv6 introduces a large amount of complexity where it is not necessary.

    This one is going to take a point-by-point by itself. IPv6 is actually admirably light for what it provides.

    • extendable headers

      Quite on the contrary, IPv6 headers are not at ALL extendable. They are of a fixed length, unlike IPv4 headers, which have variable-length options. These variable-length options are problematic for fast-path computations, and have been empirically shown to not be useful in the vast majority of cases.

      Perhaps the author was confused by the concept of multiple discrete headers; there is nothing that says IPv4 cannot support the same thing. There is no law that says that an IP packet must directly carry ICMP, TCP, UDP, or some other transport protocol; as a matter of fact, in cases such as IPsec it does not. IPv6 merely removed a portion of the IP header that was seldom if ever used, and says, in effect "if you need this functionality you are better served with a specific additional header". This is easier, both conceptually and processing-wise, for routers and end hosts alike.

    • QoS headers

      IPv6 has roughly the same native QoS capabilities as IPv4. More on this later.

    • source routing

      While source routing is seldom used on the Internet at large (and, in fact, is often explicitly disallowed), it is still useful in debugging and management. Despite its relative lack of usage, it MUST be implemented at the IP layer, as an equivalent functionality cannot be provided higher up the stack.

  • For example, RFC-2406 specifies that the default encryption standards are DES, MD5, and SHA-1.

    I don't even know where to start here. For one, IPv6 and IPsec are two completely different things. Second, MD5 and SHA-1 are neither one "encryption", they are hashing algorithms -- and among the cryptographically strongest such hashes in use, to boot. (Although MD5 has been shown to have some (at least potential) birthday attack issues (collisions) recently.) DES, the one encryption algorithm mandated, is admittedly weak; however, as compliant stacks MUST implement these minimum standards, the selection of DES at the time was wise given the United States export policies. Nothing prevents the implementation of stronger encryption; in fact, numbers have already been assigned for several state-of-the-art encryption algorithms.

    The rest of this entire paragraph is a moderately informed (at best) rant on IPsec, and since this is an IPv6 post I will ignore it. I'm already wasting too much time.

  • Quality of Service. QoS is built into IPv6 from the ground up. If you think your gaming connection is bad now, wait till you have to pay $50 per quality level to boost your QoS back to the kind of connection you get today.

    Again, the QoS mechanisms are roughly equivalent to those provided by IPv4. They were, however, never utilized in IPv4, although research has been underway for some time on effective ways of providing (and, in turn, paying for) QoS guarantees.

    The crying about having to pay for QoS is just typical uninformed "wah I might have to pay"-type rant. The fact of the matter is that Sprint or MCI or whoever in the core doesn't have the time or inclination to do anything special with your individual packets. The core of the network is already massively robust, and very, very few packets are dropped in the core. Transmission times across any of the "big boys" approach line rate. These properties are not likely to go away any time soon, for various technological and economic reasons; the only place QoS really matters is at the edges of the network.

    At the edges of the network we have several interesting properties. One of which is that the providers at the edge of the network do have the time, and perhaps the inclination, to care about your packets on an individual basis. They're probably dropping some of them, as a matter of fact, unlike the core. What QoS is not, and likely never will be, is a way for them to drop more of your packets; this simply does not make sense. Their best-case situation is 100% utilization of all of their links all of the time; they're paying for them anyway, right? What it is is a way for you to say "hey, this packet is especially important, please don't drop it ... and it's kind of time-sensitive, please put it closer to the front of the queue." This means that the real gaming scenario is more likely to be that you can fork over an additional $5 a month to reduce your latencies if you so desire. Ditto for reducing jitter in video streams, blips in mp3 radio streams, etc.

  • MAC addresses in IP addresses

    This is just bunk. First off, MAC addresses on any modern (post-1990 or so) NIC are malleable. Second of all, the whole POINT of an IP address is that the other guy has to be able to find it. No more wasted breath here.

  • IPv6 removes the human element from log-scanning and network sniffing

    I fail to see how. If nothing else, the true hierarchical nature of IPv6 addresses obviates the need for (and unreliability of) address-to-name resolutions that you complain about. I don't have any idea what you're talking about here, or why.

  • The very throw-away nature of IPv6 addresses will lend itself to abuse

    I also fail to see this. Sure, you can statelessly get an IPv6 address on a network... This is no harder or easier (from the human user's point of view) than getting a DHCP address on an IPv4 network. It is, however, *much* easier from the network's point of view, requires no server state of any kind (whereas DHCP does), is quick to adapt and reliable in the fact of readdressing, and a hundred other things. The very statelessness not present in DHCP adds a robustness and plugs a DoS point -- the DHCP server itself.

    The access control mechanisms possible in IPv4 remain, and are in fact the same, in IPv6. If you don't want someone just hopping on your network, you can:

    1. Secure it physically
    2. Filter by MAC
    3. Filter by IP, with or without DHCP
    4. Require some sort of VPN
    5. or a hundred other things...

    ... and what says you can't go ahead and use the DHCP you've always used? Nothing says your routers have to advertise any routes. Without that advertisement, the autoconfiguration of IPv6 goes away. I'm willing to bet, however, that the majority of people who turn this off will do so because they are clueless or misinformed.

  • The address space is NOT big enough

    This is ridiculous. Please cite some of the "signs" and "calculations" you speak of. While it is possibly true that 128 bits divided as IPv4 is divided would be inadequate, the routing mechanisms and policies intrinsic to IPv6's design will cause divisions to be done differently, alleviating the dead space problems we have today.

    Note that every bit added to the address space doubles the available space. The portion of an IPv6 address dedicated to specifying the network of a host is 2^32 times the size of the entire IPv4 address space ... which is only 2^32 bits in total.

  • The dns namespace is going to get ... interesting

    I fail to see how having more addresses available will make naming the important addresses any more difficult. Either the address is important and requires a name, or it is not. If it's important and requires a name, then chances are you know what it is and can give it a name.

    It is true that DNS, and other general network services, are under stress right now. However, changing IP will neither help nor hurt those services for the most part. Simply making it possible to address more hosts will not make those hosts magically appear; on the flipside, not making it possible to address those hosts will nto make them disappear, it will merely push the problems they create into other destabilizing realms such as NAT. (Which is a larger problem, IM(actually informed)O.) It will also not remove the load they create, which is what is turning out to be the real problem.

    DNS (along with other such core services) is undergoing plenty of research and engineering to make it cope with the future of the Internet. Fortunately the Internet was, and continues to be, generally well designed and changes such as IPv4->IPv6 are largely decoupled from such issues.

A lot of very smart people have spent a lot of time on IPv6. While I'm sure time will tell that it has some weaknesses (as IPv4 has), none of the things you mentioned are show-stoppers or even close. Fortunately for us those very smart people were better informed and more savvy to the core issues of designing a major internetworking protocol.

I'm sure I've missed some important points in this summary, but I hope I have at least shown that IPv6 is, in fact, a reasonable and reliable step towards fixing the problems our Internet is developing and has developed. It may not be rolled out and in use everywhere this year, or next year, or even in four years; I do think it will happen, though, and I think it is the right answer. If nothing else, the reduction in load it will represent at the core of the network justifies its existence.

By the way, Fredrick Brooks' name is "Brooks", not "Brook".

Ethan (the exhausted)



[ Parent ]
Comments (3.40 / 5) (#152)
by aetius3 on Tue Aug 27, 2002 at 12:11:36 AM EST

This is simply incorrect. There are many, very good reasons that IPv6 should be adopted. Address space is only one of the many. While it is true that large portions of the IPv4 address space is unused, reclaiming them would, in many cases, force additional entries to be added to the core routing tables ... routing tables that already have, in many cases, on the order of 10,000 entries (reference) This is something that simply cannot be sustained.

However, it is, in fact, being sustained right now. And, given the reference that you listed, the rate of increase seems to be leveling off. And, IF IPv6 was so useable and so advantageous in the core, why are the vendors dragging their feet with implementations? Given your description, it would seem that the folks running the core routers would have jumped at the chance to simplify their routing tables. Maybe they are doing so, but it isn't exactly obvious from anything that I've read.

Which is a perfect segue into one of the major bonuses of IPv6, being that it will allow true prefix-based routing by virtue of the address space it affords. Prefix-based routing means that a typical domain needs to know exactly one upstream host (typical of today) and a relatively small number of downstream routers, trivially distinguished by longest match prefixes. Core routers need only know about the assigned top-level aggregators (TLAs) and routes within their own TLA hierarchy.

Except that in the current implementation, the available TLA addressing space is already exhausted. A source that I read was here (Google cache html, you might want to read the slides directly). His reasoning made sense to me. It's more of an argument of semantics really; the address space is big enough, but we can't divvy it up in an efficient way -- which amounts to "throwing away" a lot of address space.

Quite on the contrary, IPv6 headers are not at ALL extendable. They are of a fixed length, unlike IPv4 headers, which have variable-length options. These variable-length options are problematic for fast-path computations, and have been empirically shown to not be useful in the vast majority of cases.

Perhaps the author was confused by the concept of multiple discrete headers; there is nothing that says IPv4 cannot support the same thing. There is no law that says that an IP packet must directly carry ICMP, TCP, UDP, or some other transport protocol; as a matter of fact, in cases such as IPsec it does not. IPv6 merely removed a portion of the IP header that was seldom if ever used, and says, in effect "if you need this functionality you are better served with a specific additional header". This is easier, both conceptually and processing-wise, for routers and end hosts alike.

Could be. :) There is nothing that says you can't do the header shuffle in IPv4, but very few people do it. Why is that? Because it introduces complexity into something that doesn't need it. If variable-length options didn't work out, what makes variable-size (and variable number!) headers any better? I'll quote from 2460:

"Improved Support for Extensions and Options

Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future."

Take a look at the difference between IPv4 headers and IPv6 headers. The IPv6 header looks cleaner (if a lot larger) but that's because a lot of things were simply slipped into the extensions. You should actually extend that diagram down another 20 or so lines, to include the routing header, the fragmentation header, the authentication header, the ESP header, etc. Most of these only get processed at the end points, so that's good for the core. Many of them may not appear in all IPv6 packets; this simply adds to the complexity of the protocol, because the recieving stack must carefully deal with each header as it gets to it, in an arbitrary order (althought there is a recommended order). So, functionally, we go from dealing with a fixed-size known entity (with some variable options) to a variably-sized set of headers, some of which could be undefined or unknown to the receiving stack, in a possibly unknown order. Hmmmm. Sounds yummy. In other words, I cringe when I hear the word "flexibility" coming from computer scientists and engineers. Too many bad experiences, I guess. I think that arbitrarily defined headers is a pretty serious security and compatibility issue. The standard does not restrict in any way the designing of custom headers, which means that I could make Joe's IP stack, compatible only with other Joe's IP stacks (and since the headers are encrypted, you'll never see my special header!). More likely, I'll have to upgrade my stack (or kernel, more likely), if I want to use such-and-such a service that requires a new header. Otherwise, my implementation will simply drop the packets. Yay. :(

I don't even know where to start here. For one, IPv6 and IPsec are two completely different things. Second, MD5 and SHA-1 are neither one "encryption", they are hashing algorithms -- and among the cryptographically strongest such hashes in use, to boot. (Although MD5 has been shown to have some (at least potential) birthday attack issues (collisions) recently.) DES, the one encryption algorithm mandated, is admittedly weak; however, as compliant stacks MUST implement these minimum standards, the selection of DES at the time was wise given the United States export policies. Nothing prevents the implementation of stronger encryption; in fact, numbers have already been assigned for several state-of-the-art encryption algorithms.

Ummmm, no. IPsec is a vital and important part of IPv6, as is clearly stated in RFC-2460 (which references RFC-2401 in the Security Considerations section, which is, of course, the IPsec RFC). They are designed to work hand in hand, and two of the first extension headers are authentication and ESP (payload encryption). You really can't talk about one without the other, since ensuring the correctness and valid state of the packet is the responsibility of the security section of the protocol and standard.

And sorry, my fault, hashing algorithms. I just lumped them all together. My point was that if you feel the need to implement encryption at the network layer, then the standard should be something solid, open, tested, and free for everyone to use. The encryption implementation is separate from the IPv6 standard as much as is possible (a good design choice), but a solid standard is needed, and it isn't DES. How many of your "state-of-the-art" encryption algorithms are patented or otherwise unavailable for public use? Are we going to introduce encryption incompatibility at the network layer? Doesn't seem like a good idea to me.

This means that the real gaming scenario is more likely to be that you can fork over an additional $5 a month to reduce your latencies if you so desire. Ditto for reducing jitter in video streams, blips in mp3 radio streams, etc.

Maybe, maybe not. It is not the user who decides what the QoS is going to be, and the individual user's influence on QoS decisions will be minimal at best. The amount of money involved is unknown at this time, but it could be substantial. The amount of space in the IPv6 header dedicated to QoS is three times the amount of the limited IPv4 TOS. Assuming a 100% full connection, if something comes in that is higher priority than my communication, I get bumped. So the company paying for high QoS gets their movies, while my game gets jacked around. The packets may not be lost, but they most definitely will be delayed, likely moreso than if the connection were shared on a first-come, first serve basis. Anyway, this is something of a moot argument -- we won't know the impact until things are implemented, which so far has been very, very slow. I just think that it introduces a variable that doesn't need to be there, and could potentially have effects on the social structure of the net in some really bad ways.

If you don't want jitter in your video stream, don't run it across a public network that can't possibly guarantee a rate of delivery that will play video smoothly.

I'm gettin tired. Just remember that a lot of smart people built System 390 too, but it wasn't exactly a rip-roaring success. Being smart doesn't protect you from creeping featurism, security problems created by complexity, or from designing a good system. Anyway, a fun discussion, and a good excuse to read RFCs. Have a good night!



[ Parent ]
Re: Comments (4.50 / 4) (#155)
by Ethan on Tue Aug 27, 2002 at 01:33:35 AM EST

I don't have a lot of time for this, but here goes a quickie...
However, it is, in fact, being sustained right now. And, given the reference that you listed, the rate of increase seems to be leveling off. And, IF IPv6 was so useable and so advantageous in the core, why are the vendors dragging their feet with implementations? Given your description, it would seem that the folks running the core routers would have jumped at the chance to simplify their routing tables. Maybe they are doing so, but it isn't exactly obvious from anything that I've read.
That kind of growth is what cannot be sustained... And while that graph was "leveling off", it is still growing exponentially -- we just have a short reprieve while the constant decreases. This is a widely known and worked-on problem in the Internetworking community.
I think that arbitrarily defined headers is a pretty serious security and compatibility issue. The standard does not restrict in any way the designing of custom headers, which means that I could make Joe's IP stack, compatible only with other Joe's IP stacks (and since the headers are encrypted, you'll never see my special header!). More likely, I'll have to upgrade my stack (or kernel, more likely), if I want to use such-and-such a service that requires a new header. Otherwise, my implementation will simply drop the packets. Yay. :(
This is no different from IPv4 in any way. It was not abused in IPv4, I don't see why it would be abused in IPv6... The only difference is that rather than calling the field "Next Header", we called it "Protocol" (ip_p in the BSD headers).
Ummmm, no. IPsec is a vital and important part of IPv6, as is clearly stated in RFC-2460 (which references RFC-2401 in the Security Considerations section, which is, of course, the IPsec RFC). They are designed to work hand in hand, and two of the first extension headers are authentication and ESP (payload encryption). You really can't talk about one without the other, since ensuring the correctness and valid state of the packet is the responsibility of the security section of the protocol and standard.
No arguments from me that IPsec is important; however, it is truly independent of IPv6/IPv4. And the usage of "Extension Header" to define the ESP and AH headers is somewhat a misnomer (although less so for AH), as they are more of a next-protocol than an extension to IP. They do have the unfortunate layer-breaching tie back required by authenticity; protocols such as HIP (unfortunately all HIP drafts are expired; however it is still under active development) attempt to untie this. I just don't buy it that IPsec is any reason for IPv6 to fail.
And sorry, my fault, hashing algorithms. I just lumped them all together. My point was that if you feel the need to implement encryption at the network layer, then the standard should be something solid, open, tested, and free for everyone to use. The encryption implementation is separate from the IPv6 standard as much as is possible (a good design choice), but a solid standard is needed, and it isn't DES. How many of your "state-of-the-art" encryption algorithms are patented or otherwise unavailable for public use? Are we going to introduce encryption incompatibility at the network layer? Doesn't seem like a good idea to me.
Twofish, 3DES, Rijndael (AES)... There are a whole pile of free algorithms in this space. As well as, of course a pile of proprietary algorithms (IDEA, others that are not coming to mind :-).
I'm gettin tired. Just remember that a lot of smart people built System 390 too, but it wasn't exactly a rip-roaring success. Being smart doesn't protect you from creeping featurism, security problems created by complexity, or from designing a good system.
Touché. ;-) I've done a lot of work in this field, though, and I think IPv6 is not one of those failed ideas.

[ Parent ]
FreeNET6 and TSPC -- IPV6 made easy (4.50 / 2) (#132)
by strlen on Mon Aug 26, 2002 at 07:52:55 PM EST

FreeNET6 is another place you can find information on how to connect to IPV6. They offer a tool called TSPC, which is a DHCP-like tool which will give you an IPV6 address. And it will work right out of the box on an OpenBSD, FreeBSD, or NetBSD machine (don't know about Linux, since I haven't used Linux in ages), provided you didn't disable IPV6 support in the kernel. Many IRC servers, including EFNet, have now embraced IPV6, and many popular IRC clients now include IPV6 versions, too, so the protocol is getting more and more acceptance throughout the net.

--
[T]he strongest man in the world is he who stands most alone. - Henrik Ibsen.
P.S. on freenet6 (4.00 / 1) (#133)
by strlen on Mon Aug 26, 2002 at 07:55:44 PM EST

The way freenet6 actually works is by offering an IPV6 tunnel, over IPV4. Complete co-existance.

--
[T]he strongest man in the world is he who stands most alone. - Henrik Ibsen.
[ Parent ]
NAT is a _plus_ (4.33 / 3) (#134)
by srn on Mon Aug 26, 2002 at 08:01:19 PM EST

Although NAT was invented partially to compensate for a lack of IP addresses, there are advantages.

Using NAT makes it much harder to attack the internal machines - they just can't be reached most of the time. The only way to get at internal machines is to hijack existing sessions, which with proper protocols (e.g. ssh, HTTPS) is very hard.

what's wrong with a firewall? (none / 0) (#148)
by Delirium on Mon Aug 26, 2002 at 10:51:19 PM EST

The NAT box/router is acting as a firewall, passing through only certain packets to the internal (non-internet-addressable) computers. What's wrong with replacing this with an actual firewall, that only lets through the same packets? Having or not having an externally addressable IP isn't inherently a problem.

[ Parent ]
the problem is people don't care about firewalls (none / 0) (#167)
by gps on Tue Aug 27, 2002 at 12:15:14 PM EST

the reason many networks are inadvertently safe from  tons of outside attacks is because their user decided to be cheap and buy a NAT box for a connection rather than try and get that many routed IPs.  This had the added side benefit of acting as a crude firewall.

The firewall isn't the reason most people choose NAT.  Especially home users who really are just in it for the "i can hook up 3 computers for the cost of one?  cool." factor.

For safe IPv6 adoption at home we need all of the current el-cheapo NAT box vendors (linksys, dlink, netgear, etc) to release v6 firewalls.  they won't do that until there is demand.  chicken and the egg.

[ Parent ]

IPv6 design helps a bit (none / 0) (#176)
by nsayer on Tue Aug 27, 2002 at 01:45:33 PM EST

Many of the attacks are based on the fact that there is no distinction between a broadcast address and a regular IP address or segregate traffic strictly intended to be local. IPv6 helps this because in parallel to the globally routed address space, there are scoped address spaces. If you wanted your disk/print sharing stuff to be safer from attack over the internet, you could require it to take place only over site-local addresses. A checkbox could allow binding file sharing to a globally reachable address and a scary confirmation dialog could go along with enabling it. Border routers must never pass scoped addresses in or out (and a firewall rule just in case is certainly not a bad idea), QED.

[ Parent ]
Am I dumb? I still don't understand the basics. (4.50 / 4) (#137)
by Cluster on Mon Aug 26, 2002 at 08:34:45 PM EST

I have three computers at home, all of which are Linux 2.4.  The first is my server and has a static IP address.  It goes through a switch to my DSL modem.  The other two are my workstations and go out to the Internet through a Cisco 806 router.  The router's WAN interface is a public IP address (one digit higher than my server's IP address), and the internal IPs are 192.168.0.1 (DMZ) and 192.168.0.2.  The Cisco router then also goes through a switch.
My two public IP addresses are static.

Diagram:

[SERVER (public)]---------------------------\
                                             \
[WRKST A (DMZ)]-------\                       >---[switch]---[DSL modem]
                       >-[Router (public)]---/
[WRKST B (private)]---/


  1. My DSL plan includes 8 static IPs.  How can I claim static IPs with IPv6, one of whose main features is autoconfiguration?
  2. Since IPv6's pool theoretically offers millions/billions/whatever public IPs per human being, can I claim those?  Or does it depend on my ISP's configuration?
  3. One of the IPv6 howtos said that my ISP has to give me a prefix before my machines can be IPv6 hosts.  What prefix?
  4. Once my machine talks IPv6, how will it communicate with IPv4 hosts, including DNS servers?  If there's a IPv4 wrapper for IPv6 data, is this wrapper implemented at the ISP level or at the backbone level?
  5. There is all this talk about decentralization, 6Bone servers that offer connectivity to anyone who wants it, etc... does it mean that there's a new method for resolving domain names?

I think this list covers all my questions at this point.  Any answers would be appreciated.

Prefixes (4.00 / 1) (#159)
by Khendon on Tue Aug 27, 2002 at 05:49:03 AM EST

It's all quite simple; you are allocated a prefix - the first bit of an IPv6 address. The last bit is yours to do with as you wish.

The "default" thing to do with it is to let the machines pick their own address (stateless autoconfiguration). They do this by asking the router for the prefix, and then (in the case of an ethernet network) adding a suffix based on the MAC address.

If this isn't what you want for some reason, you can pick static addresses - either by normal static configuration, or with stateful autoconfiguration (DHCPv6).

Most hosts will be dual-stacked for ages yet; they will be capable of speaking both IPv6 and IPv4.

If you have a host that speaks only IPv6, there is a mechanism for mapping IPv4 addresses into IPv6 addresses. The IPv6 packets will be transformed into IPv4 packets by a router and passed on as normal.

The IPv6 internet currently exists only as "islands". IPv4 tunnels between IPv6 routers link IPv6-enabled hosts and networks. The connections between these islands are known as the 6BONE.

There isn't a substantially new method for resolving domain names; just new resource records (eg, A6 to replace A) added to the current DNS spec.

[ Parent ]

IPv6 is Vint's idiot bastard son (4.00 / 8) (#149)
by isdnip on Mon Aug 26, 2002 at 11:09:32 PM EST

IPv6 will not catch on for the simple reason that it sucks.  It takes a lot of effort to implement, burns HUGE network overhead with its headers (you think Microsoft code is bloated!?), and buys very little. But then that's to be expected, given IPv6's background.

Back in the early 1990s, before the Internet was a public commodity, the IETF was already looking at replacements for IPv4.  The old classful addressing scheme was wasting address space like crazy.  Now they had a perfectly good solution on the table.  It was called TUBA (TCP and UDP with Bigger Addresses). The major router vendors, including Cisco and Wellfleet, had already implemented it!  Why?  Because TUBA was a subset of the OSI Connectionless Network Protocol (CLNP), an ISO standard since the mid-1980s.

Now OSI the programme was almost dead by then.  OSI began in the late 1970s as a common protocol for multivendor networks.  TCP/IP was a small lab hack in those days -- the ARPAnet still supported NCP until 1982 or so -- and OSI had the "official" imprimatur of ISO and IEC.  All the vendors were on board.  HOWEVER, that was its downfall!  Some vendors, like IBM and the European PTTs, wanted to emphasize terminal-to-host networks, so they insisted on making X.25 a network layer standard.  Other vendors, like DEC, wanted peer-to-peer, and knew from IP, so they wanted a connectionless protocol.  So CLNP was written as a sort of improved IP, using variable-length OSI addresses (up to 20 octets).  The compromise was that OSI had two network layer standards.

In the late 1980s, there was a big push to do OSI, led by the US Govt's GOSIP.  But while layers 3 and 4 worked just fine, and the routers did it fine, the 1978 seven-layer Reference Model had a fundamental flaw -- layers 5 and 6 just didn't belong there and the standards that their committees wrote were unworkable.  So "native OSI" applications were hard to implement and rarely performed well.  And OSI's reputation sank into disrepute.  In the meantime, TCP/IP took on the role intended for OSI, and did the job Well Enough.

So it was quite natural to just stick TCP over CLNP, which I think was suggested to be IPv8, aka TUBA.  And the IAB tentatively voted to adopt it as the standard.  This was before Windows included a stack, so if TUBA had been adopted then, it would have easily caught on.

But the IETF had a lot of anti-OSI "NIH" sentiment. Paul Francis (Tsuchiya) had proposed a new IP called "PIP", while Steve Deering had his own "SIP".  Neither was very good.  One of them, I forget which, had a 64-bit address space in which the leading bits indicated country, with the country prefix length keyed to some estimate of population.  Big country, small prefix.  Somehow, North Korea got a smaller prefix than South Korea, and a few microstates, like Vanuatu, were included with notes indicating that they didn't know where the country was!  Steve and Paul were however very popular IETF insiders.

So they compromised.  PIP and SIP were mashed together, like a jackalope, into IPv6.  And when the final IAB vote was held, Vint Cerf, the Chauncey Gardner of the Internet (famous for being there, but basically a know-nothing) changed his vote from TUBA to IPv6.  This act of perfidy ended TUBA's run.  And it extended IPv4's lifetime by at least a decade.  NAT was invented, CIDR replaced classful addressing, DHCP made L2-based autoconfiguration unnecessary while privacy concerns made it undesirable, and IPv4 was implemented everywhere under the sun.

In the meantime, some vendors are looking to sell more kit by pushing IPv6.  But it was a bad hack then, is a bad hack now, and shouldn't be adopted.
IPv6 does not add more security (IPsec in v4 is just as good) or QoS (the flow ID is useless). It's just a waste.

hey, nsayer (5.00 / 1) (#162)
by Shren on Tue Aug 27, 2002 at 10:49:36 AM EST

Since you modded the parent comment low, I'm sure you actually have some counter points to isdnip and TUBA. Care to share?

[ Parent ]
Why (none / 0) (#163)
by nsayer on Tue Aug 27, 2002 at 11:00:01 AM EST

I modded the parent low because, though he may have made a good argument, he needlessly engaged in ad-hominem attacks against someone (Vint Cerf) who is (presumably) not here to defend himself. He could have said everything he said without tossing around a bunch of inflamatory insults and I would have had a lot more respect for the statement.

[ Parent ]
so he gets a little touchy (none / 0) (#164)
by Shren on Tue Aug 27, 2002 at 11:12:21 AM EST

So he gets a little bit off the hook, that doesn't invalidate the rest of his comment. The debacle that was OSI is by and large ignored when discussing computing history, which bothers some people.

[ Parent ]

It matters (none / 0) (#166)
by nsayer on Tue Aug 27, 2002 at 11:58:56 AM EST

So he gets a little bit off the hook, that doesn't invalidate the rest of his comment

I didn't say it did. I do say it makes the comment slightly below average. Had he stuck to the facts, it could have been a 4 or a 5.

[ Parent ]

just different standards of quality, I guess. (none / 0) (#171)
by Shren on Tue Aug 27, 2002 at 01:16:16 PM EST

I guess I like some bashing in online conversation. It takes the place of facial and voice cues which are absent. At least neither of us is moderating on opinion, which is really the only 'sin'.

[ Parent ]
It was not ad-hominem (none / 0) (#177)
by isdnip on Tue Aug 27, 2002 at 02:49:36 PM EST

Vint Cerf is a Public Figure, at least within the context of the Internet.  His press agent has gotten him described as "the father of the Internet".  It is on that assertion that I claim the illegitemacy of his offspring, IPv6.  (Get it?  Father, bastard son.)

Had Vint not changed his vote, apparently to placate some internal IAB politics wherein his Good Old Boys didn't want to touch anything with an OSI taint, then TUBA probably would have taken over long ago, at lower cost, with more benefits.  Vint was the swing vote.

His reputation is way, way overblown.  Pointing this out is not what I consider "ad hominem", because it is directly relevant.

BTW, Steve Deering himself has recently spoken out against IPv6.

[ Parent ]

not a waste if you want a -true- internet (4.00 / 1) (#168)
by gps on Tue Aug 27, 2002 at 12:24:04 PM EST

NAT has left us in a state where the internet can -only- be used for client server apps without useful amounts of direct node to node communication (peer to peer direct node-node communications was what tcp/ip was created for!).  If you're happy with todays internet and don't believe in the need to be able to communicate from one arbitrary device to another, stick with the current v4+NAT status quo.

If you realize how useful it is for any two devices to communicate directly, prey that v6 comes into being.  NAT is only good for consumers of data, not producers.  All nodes have great potential if they're allowed to produce.

[ Parent ]

Yeah, But... (none / 0) (#186)
by ewhac on Wed Aug 28, 2002 at 03:22:27 AM EST

NAT is only good for consumers of data, not producers. All nodes have great potential if they're allowed to produce.

Yes, but then every node must possess a complete, regularly maintained security implementation.

One reason more LANs, both corporate and personal, haven't been hijacked is because the machines themselves are invisible, and therefore inaccessible, behind the NAT gateway. Yes, I know there are clever hacks for penetrating NAT gateways, but that currently requires a level of sophistication not found in your garden-variety script kiddie.

We have trouble getting people to apply the patches to fix Windoze's Root Compromise Of The Week. If all nodes were equally accessible, wouldn't the problems we see today be exacerbated?

Schwab
---
Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
[ Parent ]

Firewalls make them inaccessable (none / 0) (#191)
by nsayer on Wed Aug 28, 2002 at 01:39:06 PM EST

Putting those windoze boxes behind a firewall will make them just as inaccessable as putting them behind a NAT box.

If you are so paranoid that a firewall is not enough for you, then a NAT firewall should not be either.

You indirectly raise an interesting point: People buy little router boxen because they need IPv4 address sharing. In an IPv6 universe, folks won't have address sharing as a reason to buy one. If simply having one for security is not enough to make them buy one, well, "Stupid is as stupid does."


[ Parent ]

A good solution to the wrong problem (3.75 / 4) (#157)
by debolaz on Tue Aug 27, 2002 at 03:35:21 AM EST

Has anyone given any thought to why we're "soon" out of IPv4 space? Could it possibly be because we've given an IP to most citizens of planet earth? No. Most IP's are used for nada and nothing.

To name one obscure, but not uncommon example, take the norwegian government organization "Statens Kartverk" (Roughly translated to government mapworks). Basically, they make maps. Plain old paper maps. How many IP's do you think they have? How many do you think they need? Well apparently RIPE instantly recognized their need for some 65 thousand IP's. Ok, so they got their IPs back in the days where you got 65k if you need more than 256, but can you seriously think of a reason why they would need more than 1? (And giving out 65k back then seemed like a strange decision from my point of view, CIDR certainly didn't require a genious to invent, it should've been there from the beginning)

That having been said, I don't consider IPv6 a bad thing. But IPv4 itself was never the real problem, it was the people running it. We're going to and have already run into similar (No, not space, but managment) problems with IPv6. IPv6 has been around for a long time. Theoretically, it's been available to the general population for a long time too. Why haven't it been widely adopted yet?

One argument is of course that software doesn't support it. It's a valid argument, but it's not the only reason. For software authors to make their software IPv6 compatible, it's a general adventage to have IPv6. The initial deployment of IPv6 was as far as I can figure, through tunnel brokers (Most of the net not being able to support "native" IPv6). These were, as with "important" IPv4 companies given large address spaces, so they again could pass space to the people needing IPv6. Whenever I asked how I could get IPv6, I was told to use my nearest tunnel broker. The only problem was that none of the local tunnel brokers (local being norway) was interested in giving out tunnels. They wanted to keep everything for themselves (This not being an impression, this being what I was told over the phone).

Now we've got easier ways to do it, like freenet6. But still.. IPv6's history has shown that the problem with IPv4 remains with IPv6. So while throwing a bigger address space at the problem at first view seems like a solution, it's just a temporary fix. It's a good solution for a problem, but not the real problem.

And yes, I do expect to be rated down the drain for this comment by blind IPv6 zealots, but it's my opinion.



-
--
If they can buy one, why can't we?
IP address allocation (none / 0) (#165)
by upsilon on Tue Aug 27, 2002 at 11:56:13 AM EST

There are a hell of a lot of IP addresses in IPv6. I don't think anybody's started to comprehend how many there really are.

Now, it's been covered and covered and covered that you will probably get a /64 prefix with a net connection under IPv6. This is roughly 18 * 10^18 addresses per prefix, and there are 18 * 10^18 such prefixes available. (Well, not all of them are available, but most of them are, I think.)

Now, if you spread 18 * 10^18 prefixes evenly over the entire surface of the earth, you end up with 36000 prefixes per square meter of surface area, including all the water and (currently) uninhabitable areas.

That's just the prefixes; if another way of distributing addresses more evenly comes about, then you could spread addresses evenly throughout the volume of the solar system (a disc 40 AU in diameter and 1 AU thick) and have 20 addresses per cubic meter. But then again, due to the high-latency issues, IP (of any form) is probably not suitable for interplanetary communication, eh?

Anyway, my point is that even if IPv6 addresses are as horribly mismanaged as IPv4 addresses were in the early days (what with MIT getting 2 class A blocks), it seems to me that there's still plenty to go around.
--
Once, I was the King of Spain.
[ Parent ]

One teeny tiny correction (none / 0) (#174)
by nsayer on Tue Aug 27, 2002 at 01:33:30 PM EST

In an IPv6 universe, I believe there will be 3 tiers of address allocation:

Dialup users will get a single address. In theory, this is the same as case 2, but an ISP may decide to prevent sharing the connection. Remember: IPv4 "Internet Connection Sharing" is NAT, and there is no NAT in IPv6. Sharing an IPv6 dialup really means proxy-neighbor/router/prefix-advertisement. New hosts will perform DAD, router and prefix discovery with the entity on the opposite end of the dialup link (proxied by the local end). Filtering link-local traffic other than with the peer would be how sharing would be prevented (the dialup user could not have his machine be a router, because it would have no routable prefix to advertise because it would have nothing delegated to it).

"Home" users, temporary users (broadband at an 802.11 hot spot or from the Ethernet jack in a hotel room), etc will plug into a /64 filtered-bridged network (filtered so that multicast will be disallowed except for router, prefix and neighbor discovery). An entire neighborhood of cable modems or an entire hotel can be served by a single subnet this way.

Businesses and "power" home users who have a need for it will have a /48 routed to them.

[ Parent ]

IPv6 Prevent NAT (none / 0) (#195)
by wnight on Wed Aug 28, 2002 at 03:12:45 PM EST

Actually, there's no reason IPv6 prevents NAT.

What giving someone a single IPv6 address prevents is their giving routable IPv6 addresses to anyone else. They're free to give unroutable addresses (even real addresses that they know are unroutable because of the source) and performing NAT just like it is done today.

Any network protocol can be used with a variant of NAT.

[ Parent ]

Sure. but... (none / 0) (#216)
by nsayer on Mon Sep 02, 2002 at 01:24:47 PM EST

Sure you could NAT IPv6, but it makes no sense.

NAT came into being because of the rules of subnetting IPv4 and CIDR. The more bits you give to the network portion of the address, the fewer you give to the host portion. So if you get a class C and cut it into 4 subnets, each will have 62 (usable) IP addresses. Cut it into 8 and each gets 30.

IPv6 is different because the boundaries are fixed. A single subnet will always have a 64 bit prefix. This means that if you wanted to, you could cram 18,446,744,073,709,551,616 hosts into a single subnet. So if you really had to, you could just bridge all of your machines together behind a single router with a firewall.

But that simply won't be necessary - a single site will get a 48 bit prefix, so you could have 65,536 subnets if you want to.

Let's look at the example of connection sharing that is typically done with NAT in IPv4. With IPv6, one would use discovery proxying instead. The router would proxy neighbor, router and prefix discovery over all its interfaces the same way that IPv4 machines can do proxy ARPing (say, for dialup nodes). All of the machines set up this way would wind up in the same prefix. It's a little bizzare, and the better solution would be to have both sides have separate prefixes and make the machine in the middle be a simple router, but it is still better than NAT.

NAT is possible, but it's simply unnecessary in IPv6. And the negative side effects that NAT has on the protocol and application layers are simply unacceptable.

[ Parent ]

Class A (none / 0) (#194)
by b1t r0t on Wed Aug 28, 2002 at 03:00:15 PM EST

How about some not so obscure examples?

HP now has two Class A prefixes, because they bought Compaq, who bought DEC. HP=15/8, DEC=16/8. Unfortunately they're not aligned properly, or they would have a /7 prefix. Genuity has 4/8 and 8/8. The Naval Ocean Systems Center has at least four Class A prefixes!

But the biggest waste probably has to be 19/8... Ford Motor Company!

-- Indymedia: the fanfiction.net of journalism.
[ Parent ]

Still not enough addresses (none / 0) (#197)
by PrettyBoyTim on Wed Aug 28, 2002 at 04:25:50 PM EST

There's still not enough addresses.

4billionish IP4 addresses

6billion people on earth.

Most people will want more than one - I could do with several at the momemnt - 1 for each of my computers at home and at work (5) one for my xbox, One for my PDA, one for my phone...

[ Parent ]

Why? (none / 0) (#210)
by dipierro on Sat Aug 31, 2002 at 01:03:27 PM EST

Why do you need more than one per person? Hell, why do you need more than one per location? 1 at home - for everyone in your home, and 1 at work - for everyone at your work, should be plenty. Your PDA and phone don't need one, and in fact shouldn't have one, because they are not in a relatively static location. They should obtain temporary addresses from whatever upstream provider they happen to be connecting to, and you should use a lookup service, such as DNS from there. Routing protocols should be sparingly.

[ Parent ]
Why? (none / 0) (#222)
by Xtacy on Tue Sep 10, 2002 at 11:52:56 AM EST

1 per person is not always the answer.

Say I have 3 machines at home and I want to FTP to all of them, you would need 3 IP's because redirecting would only work for one of them.  (unless you run different port #'s, which would just get confusing for many types of services)

[ Parent ]

Perspective... (none / 0) (#223)
by Gromit on Tue Dec 03, 2002 at 05:58:53 AM EST

The lack of an IP address is not the biggest problem most of those 6 billion people have. Would that it were.

--
"The noble art of losing face will one day save the human race." - Hans Blix

[ Parent ]
Answer (none / 0) (#200)
by nsayer on Wed Aug 28, 2002 at 07:37:32 PM EST

With IPv4 you get so many bits from your provider. More and more it is getting so that that number of bits is from 1 to 3 anymore, but let's be magnanamous and say you got a whole class C.

When you go to subnet that space, you wind up with two nets of 128 addresses, or 4 of 64, etc. The number of ways you split your address space up directly impacts the number of hosts you can put in those subnets.

That lead directly to the proliferation of bridges to replace routers, but that's a different story.

With IPv6, the nominal subnet boundary is fixed at 64 bits, and the nominal 'site' allocation is 96 bits (16 bits of SLA - site local addressing) so up to 65536 subnets.

I would hazard a guess that there are very few sites indeed that could not do with fewer than 65536 subnets of virtually unlimited size (remember, 64 bits is 16 bits longer than an Ethernet address).

Let's look at the rest of the address space.

There are 48 bits left. An IPv4 address is 32 bits long. That means that we can duplicate the current IPv4 address space 65536 times in the public portion of the address space alone.

Now imagine if every site on the Internet had a single IPv4 address. See where I'm going here? apple.com has 17.0.0.0/8. If they had only a single IPv4 address, that would be 16 million more available addresses. I think that's the very point you were trying to make about how IPv4 was allocated so poorly.

But in an IPv6 world, every site gets one 48 bit prefix. So MIT and Apple and all of the other class As that got allocated get the same address space that you get coming out of your cable modem. For you, maybe that much space is extravagant. For MIT, perhaps not (but it is very likely sufficient). So even if you say that there are only really 32 bits of the public hierarchy usable, that still means that we can fit millions upon millions more sites on the Internet without difficulty.


[ Parent ]

I suspected this (2.00 / 1) (#205)
by debolaz on Thu Aug 29, 2002 at 03:55:24 PM EST

People mainly (not all of you) misread my comment. I don't suggest we'll run into space problems using IPv6 the way internet is built today. I suggest that the people behind it will effectively (though without meaning it) will manage to create new problems. I could name quite a few examples of problems ranging from barely possible to extremely likely, but try I think it'll be more amusing for me to let people discover this for themselves.

Just don't forget that I told you so :)

-
--
If they can buy one, why can't we?
[ Parent ]
Forget what? (none / 0) (#206)
by upsilon on Thu Aug 29, 2002 at 06:05:05 PM EST

How can we remember you telling us so if you're not telling us what exactly you're supposedly telling us?
--
Once, I was the King of Spain.
[ Parent ]
Impossible problem (none / 0) (#207)
by nsayer on Thu Aug 29, 2002 at 07:31:24 PM EST

I don't suggest we'll run into space problems using IPv6 the way internet is built today. I suggest that the people behind it will effectively (though without meaning it) will manage to create new problems.

Hindsight is always 20:20. No one ever imagined that large numbers of households would have dedicated connectivity to the Internet, among other things. Clearly had they known at the time they were designing IPv4, they would have seen both that 32 bits was inadequate and that they needed to be more careful in how they allocated them, both from a routing perspective and a conservation perspective.

It is impossible to suggest that anything we humans do will lack unintended consequences. The best we can do is learn from the mistakes of the past and try to look forward enough to avoid new ones.

I do not believe that our offspring are going to have to deal with an IPv7 or beyond unless connections beyond Earth orbit are required. I have as much information to base that assertion upon as the folks who designed IPv4 did in 1980.


[ Parent ]

IPv6 Article (4.00 / 1) (#169)
by taerom on Tue Aug 27, 2002 at 12:43:26 PM EST

Linux Journal has a nice article on IPv6 available on their web site, archived from the August 2002 issue. It gives some nice background and info on how to set up IPv6-over-IPv4 (using your existing connection to access the IPv6 internet) on a Linux box.

If only i could have a real IP, even a dynamic one (2.00 / 1) (#185)
by artemis3 on Wed Aug 28, 2002 at 01:23:24 AM EST

I wish my ISP had a clue about IPv6, but alas, its impossible. With a 90% microsoft based platform, a few Sun machines, an IBM mainframe, and quite a lot of cisco and assorted miscellaneous devices; an organization that makes buroeucratic public departments seem efficient, legacy of a previous monopoly state telco, now under private hands, and the only DSL provider of the country, where a 256/64 dsl link costs 50$ a month, and possibility to get assigned an IP is not possible on any plan (even tho dial up users do get valid IPs assigned dinamically) being in the wrong side of a NAT makes you really wonder about both IPv4 and NATs. I am sure and agree that IPv6 contain many flaws, but if at least that could get me "presence" on the net, i wouldn't mind it. I really like the aproach other countries like Japan have done to the matter. Demanding IPv6 implemented in all ISPs with a deadline imposed (2005?) would be the kind of thing that could push it. Otherwise, ISPs love this game of selling IPs for 6000$ a month. Yes friends, things are weird outside of your country. When read some of you saying something along the lines "my DSL plan includes 8 IPs" makes me think: The things i could do if i could have a single "real" IP.

No friends, it ain't pretty when you are in the wrong side of the NAT, and you can't do a thing about it (no cable here, wireless mostly unavailable or too expensive for home use). I will always think in those wise minds that allocated IPs over the world, and those who love things the way they are. What can we do? If IPv6 is such a crap, who do we blame? where do we start IPv7 then? Does Tachibana lab has to be funded?...

He can't - he's screwed (none / 0) (#193)
by nsayer on Wed Aug 28, 2002 at 02:04:22 PM EST

From what I read of his comment, I'm not sure freenet6 will help him. He is behind a NAT he doesn't control.

What he really needs to do is PPP with IPv6 over UDP or some other whacky VPN-like solution.

To me, it's borderline bait-and-switch. They promised you Internet connectivity. What you got was more like what you get from AOL - access to a TCP proxy. Not quite the same.

[ Parent ]

Maybe shipworm (none / 0) (#203)
by nsayer on Thu Aug 29, 2002 at 12:45:01 PM EST

Microsoft has a proposal for something called shipworm that does IPv6 over UDP. It supposedly promises to allow tunneling IPv6 through one *or more* NATs, without getting cooperation from the NATs involved.

http://www.ietf.org/internet-drafts/draft-ietf-ngtrans-shipworm-07.txt

[ Parent ]

Why would I want to? (4.00 / 2) (#190)
by anon868 on Wed Aug 28, 2002 at 01:23:26 PM EST

I have a broadband connection with two dynamic IPV4 addresses. I have one computer, soon to be two. From the steps at the bottom of Freenet6, it appears that it should be fairly easy to get IPV6 up & working on both computers. So my question is why? In what way will this benifit me? The only thing I can think of is that I would get a static IPV6 IP address, so I suppose if I got my friends set up, we could use that to connect to each other for playing games (assuming the games support it). Since a static IPV6 address is impossible to remember (it might look cool on a buisness card though) are there any domain name registrars I could register a domain name with & have it point to an IPV6 IP address? Otherwise, how does me, having a almost completley unused protocol installed on my system, help further the cause of IPV6? How is this going to convince my ISP that they need to start switching over to IPV6?
Open a window. No, not that one! One made from actual glass, set in an acual wall, you dork.
answers (3.00 / 2) (#192)
by nsayer on Wed Aug 28, 2002 at 01:51:50 PM EST

The only thing I can think of is that I would get a static IPV6 IP address

Not just a single address -- a whole 48 bit prefix. You would probably set up a single machine with freenet6 access and use that machine as your IPv6 firewall and router. All of your machines would hang off the back end. Heck, if you got used to using IPv6, you may find you don't need the 2nd dynamic IPv4 address.

are there any domain name registrars I could register a domain name with & have it point to an IPV6 IP address?

Any registrar that will allow you to supply your own zone file and/or records will do. You would simply use "AAAA" records. Any reasonably recent version of BIND understands AAAA record (and if it's not that recent, it will have security issues), and all IPv6 implementations of which I am aware fully understand those records.

How is this going to convince my ISP that they need to start switching over to IPV6?

One user probably won't. But ISPs can spot trends. When IPv4 protocol 41 packets start being numerous enough, they'll take notice.

Speaking of which, if anyone at an ISP out there wants to help further the cause of IPv6 adoption, go read and implement RFC 3068. It will help any of your users using 6to4 get better connectivity with the non-6to4 IPv6 universe.


[ Parent ]

Thanks & 1 more question (none / 0) (#196)
by anon868 on Wed Aug 28, 2002 at 04:13:56 PM EST

Thanks for the answers, it makes some more sense now, but I have 1 last question... If I have a linux router handing out IPV6 IP's to the other machines on my network, presumably they will not have IPV4 IP's at all. Will they have access to the IPV4 internet? Excuse my ignorance if this is obvious, but will the router know what is destined for the IPV4 internet and send it there automatically doing any translation needed?
Open a window. No, not that one! One made from actual glass, set in an acual wall, you dork.
[ Parent ]
Parallel networking (none / 0) (#198)
by nsayer on Wed Aug 28, 2002 at 07:22:48 PM EST

Plug the access router (DSL box, cable modem, whatever) and the two machines into a hub.

For IPv4, both hosts deal with the DSL box or cable modem the way they do now.

For IPv6, the one doing the IPv6 routing duty speaks to the DSL box or cable modem with IPv6 packets encapsulated in IPv4. It talks to the other machine with straight IPv6 packets over Ethernet.

That's just one possible configuration. It's not how I would set things up because there is no IPv4 firewall available (unless there's one in the DSL box or cable modem).

IPv4 and IPv6 can coexist perfectly well on a LAN and can have very different routes and filtering and what not.

Having said all that, it is possible to do without IPv4 by using a NAT-PT, which translates outgoing IPv6 sessions that are intended for the IPv4 universe into IPv4 sessions. For this to work, you need a DNS proxy that makes A records turn into AAAA records with the NAT-PT's special prefix (there is one called totd - the Trick or Treat Daemon), and you need all your applications to work with IPv6.


[ Parent ]

i'll convert (none / 0) (#204)
by Prophet themusicgod1 on Thu Aug 29, 2002 at 03:00:32 PM EST

when i can get it in what...16 bit? if i can find a driver for MS-DOS (6.2). that'd be nice.
"I suspect the best way to deal with procrastination is to put off the procrastination itself until later. I've been meaning to try this, but haven't gotten around to it yet."swr
Privacy Concerns ? (3.00 / 1) (#208)
by rm888 on Fri Aug 30, 2002 at 07:14:05 AM EST

I don't know the last state of development (rfc.net seems to be down right now), but I seem to remember that your ipv6 address partially consists of your network card's MAC address. Wouldn't that be a problem? As MAC addresses don't change (usually, at least :) ), every connected host could be uniquely identified, just like the infamous Pentium-III processor id intended.

And what about dial-up connections (including DSL, cable etc.) - is there still a random part in the ipv6 number? It's not clear from the article, so if anyone who knows would expand...

I would have mixed feelings about every machine being assigned a static ip. Real "bad guys" (spammers, crackers, game cheaters, ...) could be filtered out more efficiently (until they figure out how to circumvent it), but of course, this medal has two sides.


Static IPv4 addresses had the same problem (2.00 / 1) (#209)
by nsayer on Fri Aug 30, 2002 at 11:54:29 AM EST

Anyone with static or near static IPv4 addresses has potentially the same problem. The difference with IPv6 is that you can actually do something about it if you like. I have 5 (usable) static IPv4 addresses. The most variation I can have is switching around between those five. With IPv6, I can pick from billions of different addresses if I like. The default link-local address for an Ethernet host is based on the MAC address, but nothing says you can't change that.

IPv6CP (the IPv6 control subprotocol for PPP) will negotiate unique link-local addresses. It's up to the implementation how those addresses are chosen, but the only actual implementation of which I'm familiar (the one in FreeBSD's PPP) will pick random ones (this implementation is rather immature, so I suspect in the future it will allow for other options).

I think static addressing is great. Potentially, it could eliminate the need for dynamic DNS in organizations. But IPv6 addresses are only as static as the user really wants them to be (OS permitting).


[ Parent ]

Reasons to switch (none / 0) (#220)
by tangocharly on Mon Sep 02, 2002 at 06:32:31 PM EST

Todays status of IPV6 still is a construction site. There are some people seriously developing and setting up test sites (especially in Japan) but most Non-PC don't speak IPV6 and most PC-application don't do though as well.

It's nice that the article makes some advertising for V6 but beside some self-teaching effects for programmers and administrators it makes no sense to setup IPV6 at home or at small sites.
The actually biggest need for IPV6 exists within the extranets of large companies with a lot of private peerings to other companies. There is a rapidly increasing number of intranets based on subnetting of the private class-A (10.0.0.0/8) and often you have to setup things like double-NAT to connect to LAN using both this private Class-A.
Another big need might be the incereasing number of  internet-Multimediadevices based on mobile-phones.
But I believe that the trouble you have with double-NAT etc. is still an easier job than switching the LANs to IPV6.

It makes some sense (none / 0) (#221)
by nsayer on Mon Sep 02, 2002 at 11:48:19 PM EST

[...] it makes no sense to setup IPV6 at home or at small sites.

I set up IPv6 so I could ssh from my work machine (behind a NAT) conveniently to any of my home machines (behind a different NAT), among other reasons. It's easier and more useful to set up than any of the available VPN solutions.


[ Parent ]

Transitioning to IPv6 | 224 comments (222 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!