What About IPv6? How Long Until Widespread Deployment? 407
Christopher Blood asks: "Over at the register, they talk about the EU adopting IPv6. So what about the USA? When do we get it?
IPv6 would solve some and DOS problems and we will need the extra address space. What's the holdup?" While IPv6 may be the cure for all of our IPv4 ills, upgrading the whole internet to the new technology isn't going to happen over night. What has been done to prepare for the jump, and what still needs to happen before it can become a reality?
Well, it's here already (Score:4, Informative)
Newbie question.. (Score:2, Informative)
for you freebsd types (Score:0, Informative)
Because of all the moron MCSE IT staffers out ther (Score:1, Informative)
The installed base is hard to change... (Score:4, Informative)
I've thought about running v6 at home and connecting up to the 6bone. However, the list of instructions was long and complex, and it was unclear to me that my existing ipchains based firewall code would continue to protect me. It was also unclear that I could enhance the ipchains rules to protect myself.
I quite like the idea of being able to expose multiple devices on different IP addresses, but it is (still) a non-trivial exercise.
On a side note, I'd like to see more deployment of multicast -- this could help Internet Radio stations significantly in the future. Yes, there aren't good multicast clients at the moment, but that is because there is little multicast to listen to, and no way of getting multicast to the end user. Lobby your ISP for multicast!
p.s. In case you think that I'm an idiot for not being able to configure IPv6 on Linux -- I'll tell you that I was kernel contributer in the pre-1.0 kernels.
Re:When Cisco decides to... (Score:2, Informative)
The same in html [google.com] from Google.
They say that by/in 2002 (hey thats now) they will have completed implementation of all IPv6 functions in the routers.
Re:Too costly at this point (Score:2, Informative)
They basically just wrap an IPv4 wrapper around the IPv6 packet and send it back out across the net. A lot of network edge routers do similar types of things already, and many edge routers are doing IPv6 tunneling now.
Check out info about netBSD's IPv6 packages [netbsd.org] to see what solutions are already available and starting to become more wide spread.
IPv6 and IPv4 can live together (Score:3, Informative)
As far as I recall (been a long time since I studied this), IPv6 and IPv4 can actually live and work together on the same network.. without being independent.
That is, IPv6 can be used on the backbones and to connect the larger networks, but IPv4 can still be used at a more local level. Gateways can be established that will translate addresses and the benefits of having far more addresses available can be realized.
However, one problem with running both protocols and using a gateway is that the only benefit you get is having more addresses.. but since we're running out of IP addresses with v4, this is kinda important. A local v4 and backbone v6 solution wouldn't help solve local DOS problems, or allow us to use any of v6's advanced features.
But is an Internet wide upgrade to IPv6 really a viable thing to do? It'd be like converting the US to drive on the left side of the road overnight. Even if you did it state by state, you're gunna have major troubles at the state borders.. converting the Net over to IPv6 will be the same.
That said, there is a network called the 6Bone [6bone.net] which you can join up to and actually play with IPv6 stuff from your existing IPv4 network. Go, and get your own IPv6 address today!
(Disclaimer: As I said, I studied IP way too long ago, so any updates, corrections or just plain disagreements with my post are welcomed, and indeed encouraged.)
Re:When? (Score:4, Informative)
No, it was Stanford that gave up their class A. What were they thinking? MIT still has ungodly amounts of address space. We have net 18 (18.0.0.0/8), plus random assorted /16s (128.52, for example, is the AI lab). There are a couple others.
The thing is, though, there's a whole lot of "reserved" address space out there. The IPv4 address space shortage is partially artificial. In some ways this is to preven the world from grinding to a screeching halt where there really are no more IPv4 addresses. Another is that maybe it will put pressure on people to be conservative with address allocation, which might make the shortage less pressing. Maybe it will also help to speed the deployment of IPv6.
Most OS vendors are already supportind IPv6 out of the box. WinXP, for example, can be set up as an autoconfiguring IPv6 host very easily (ipv6/install at a command prompt, IIRC). The BSDs support it very well, as do many Linux vendors. I think that it won't be long until IPv6 communication on the internet is very widespread. I don't, however, think the whole internet will be IPv6 any time soon.
noah
I've tried IPv6 with Windows 2000... (Score:5, Informative)
Let's see. To be widely deployed on WAN networks, IPv6 should first be widely deployed on local LANs.
It works very well on Unix systems. My little personal network has a bunch of OpenBSD and Linux boxes, 100% IPv6, and everything works like a charm.
But what about Windows?
I tried it with Windows 2000. Because the OS doesn't support IPv6 natively, I had to download a patch (and it's not very easy to find, I can't remember the exact URL, the link was posted on a ML a while ago)
Before the patch applied I had a big fat warning "Disclaimer: this is very alpha software, your OS can become extremely unstable. Don't call the Microsoft technical support any more after that, we won't answer" (the words were different, but it was the meaning)
And indeed. The system went very unstable, even for IPv4 requests. IE worked. *some* command-line tools worked. But third party packages like Mirc, CuteFTP and Opera crashed with no further warning.
It looks like there's no effort in the Windows world to provide IPv6-enabled software. This is a major showstopper.
Re:Well, it's here already (Score:3, Informative)
NAT causes a lot of problems. It's an ugly hack,
not a solution to the world's ills.
Re:What about the major backbone routers? (Score:4, Informative)
The reason I name the RIR's is that I base this on the amount of IPv6 space assigned. See:
http://www.ripe.net/ripe/meetings/archive/r
http://www.ripe.net/ripe/meetings/archive/ripe-4
and here for the up to date list of all assignments:
http://www.ripe.net/ripencc/mem-ser
Furthermore you might find it interesting that in the RIPE-area, the RIPE community has decided that all Local Internet Registries can apply for a
You can find that policy here:
http://www.ripe.net/ripe/mail-archives/ipv
You can use IPv6 today! (Score:3, Informative)
They already have. (Score:2, Informative)
You can check out Cisco's IPv6 page [cisco.com] for more information.
Juniper also has IPv6 available, here how to configure IPv6 on JUNOS 5.1 [juniper.net].
www.freenet6.net for your free tunnel (Score:1, Informative)
Re:An interesting question (Score:2, Informative)
The answer is to use a "Site-Local" address for any device that you don't want seen outside your site. From RFC 2373:
Try freenet6.net (Score:4, Informative)
They're supporting devices running *BSD, Linux, Win*, Solaris, HP-UX and Cisco IOS.
NAT provides convenience, not security (Score:5, Informative)
Does this machine on 10.200.120.4 have the ability to make direct outbound connections? Assuming yes, does you realize that the only difference between an inbound connection and an outbound connection is who sent the first packet?
Many people tend to believe that the *only* security risk they have to worry about is inbound SYN packets, so they base their entire security policy on stopping bad inbound packets. The last two sites I broke into, I did so by tricking a machine to come to me. Just for humor, here are the two scenarios:
The first one was quite a while ago, and I did it at contract. A co-worker found a potential hole in a CGI, but nobody took it seriously. By sending the right data through the CGI, I found that I could make it execute arbitrary commands. First, I did some basic stuff (id; ls -lR
The next time I saw something like this, it was out in the wild. There was a web server that was running a CGI that *seemed* like it was probably just handing the input over to a command, so I gave it a shot. This time, the web server didn't have a usable home directory, so the ssh thing was out, but it did have X installed, so I fired up a VNC server, opened it to the world and opened an xterm up in it. Before too long, I had an entire X desktop running on some guy's web server. I sent the local admin an E-mail (through pine) letting him know what was wrong and recommending he fix it before someone meaner than I am comes along.
Anyway, point of the story. Having an unroutable IP address is good internet security as long as you keep it unrouted. Once you give the thing direct internet access, the unroutability of it becomes much less relevant.
Re:What about the major backbone routers? (Score:1, Informative)
http://www.juniper.net/techpubs/software/j
Cisco's been working on their's but I dunno what it's status is as of late. So the core is en route to new era. Will be a while tho since the economy is garbage and the average NOC monkey's head will explode once s/he tries to figure it out.
IPv6 Header (Score:2, Informative)
Actually, it doesn't really make that much difference.
An IPv4 header is actually quite difficult to process for hardware routers because it can have a length of anywhere between 20 and 60 bytes.
An IPv6 header on the other hand consists of a main header with a fixed length of 40 bytes and possible extension headers which do not need to be processed on all systems.
The 40 bytes of the IPv6 main header includes the 128 bit source and destination addresses.
The IPv6 headers are actually quite efficient and are designed in such a way that they can be easily processed by hardware.
So no, there will not be a BIG increase in bandwidth because of the headers.
OT but needs to be said (Score:2, Informative)
The British hecklers in the audience may wish to remember that they are the only first-world nation without a written constitution.
And yet which country's people are currently more at risk of loosing their freedom (DMCA, terrorist pirates, etc)? You're acting like not having a constitution (assuming it's true) is equivalent to being lawless. It's still illegal to murder someone in Britain and, last time I checked, there was freedom of the presses by law. A constitution is just law that's hard to change. You could argue that Britain's system is more flexible and adaptable to our changing world.
Also, there's a reason most scientists in America use the metric system. Guess what it is.
Re:How to transition? (Score:2, Informative)
Now port all your apps to support IPv6. This involves changing IPv4 specific function calls to their IPv6 equivalent. For folks like me, who only use the web & ssh, this isn't even an issue, since OpenSSH and Mozilla support IPv6.
Viola, you're running IPv6 and nothing else.
Re:When Cisco decides to... (Score:5, Informative)
IPv6 is a bad job, period. Most Slashdotters probably don't know its provenance. It has been around for about a decade. IETF created it as a compromise. IETF insider Steve Deering had created a poor-quality hack called SIP (Steve's IP) while insider Paul Francis (aka Tsuchiya) created one called PIP (Paul's IP). How bad? SIP, for instance, assigned all addresses by countries, based on population, and thus gave a shorter prefix to North Korea than to South Korea because it was a bit more populous in his almanac. IPv6 is PIP and SIP glommed together.
Just before the time it was adopted, IETF had adopted a different replacement for IP, TUBA (which I think was also called IPv8). TUBA used a profile of the OSI Connectionless Network Protocol (CLNP). Cisco had already implemented it, along with CLNP's routing protocol, IS-IS. CLNP was elegant and flexible -- some of the OSI work stank, but CLNP and TP4 were gems. The only reason TUBA was dropped was because Vint Cerf, the Chauncey Gardner of the Internet (not really so smart, but he's famous for Being There), changed his vote and dropped TUBA support.
Had Vint not been so perfidious, IPv8 would have been phased in before the public Internet boom of the mid-1990s. The code has been in Cisco and other vendor equipment for a decade.
IPv6, on the other hand, has a wasteful 16-octet address field (only 8 octets are useful at a time) and does little else to solve IP's problems. It does NOT provide QoS (that's an urban legend) or security any better than IPv4 with its existing options. And given the inefficient assignment of IPv4 adresses in the past, the 32-bit field has a lot of life left.
Think about VoIP: With IPv4, the header has 8 address octets, while the payload has to be short in order to minimize delay. And it's bloody inefficient. With IPv6, the header has 32 address octets while the payload is the same. It's a bleedin' joke! IPv6 is just plain wasteful.
Re:The era of the 4 to 6 Gateway (Score:3, Informative)
if you mean "4 inside, 6 outside" then it has some limitations. If you're on a 4-only box inside and want to connect somewhere, it has to have an IPv4 address, or you have to have some IPv4 address mapped to the IPv6 address with corresponding DNS change (I hear this is what the BSD folks are doing). Doing servers this way is easier as the client (outside) is connecting to a specific IPv6 address, and the NAT can translate that easy enough to (inside) IPv4 (no DNS juggling needed).
Such network address translation should at least prevent any delays in upgrading servers from delaying IPv6 deployment to the backbone. Clients will seriously need to be upgraded, and if Microsoft drags their feet, that can set things back really bad. But we also need solid IPv6 router code for the backbone, and I gather that Cisco is not moving very fast on getting it widely implemented solidly. Maybe when the economy picks up they might be able to (if they see the demand for it).
Re:An interesting question (Score:3, Informative)
Tell your firewall to not route it. The only reason 10.0.0.0 and 192.168.0.0 (I don't remember the class C one) are non-routable is because every single hop has wired into it the knowledge that those aren't routable.
Plus, I have to imagine there are nonroutable IP6 blocks as well...
More than just more addreses (Score:1, Informative)
The portable nodes of the future will roam between different networks and network technologies, often be multihomed (although not always on the same interfaces, or the same addresses), support real-time data transfers (IPv6 might not support this very well at the current time, but it is coming!), multicasting etc.
I also expect the focus to change from IP addresses to "logical addresses". For example: Why can noone call me just because I left my cellular phone at home? I have a phone at work, I might have my laptop online, or I might even have another cellular somewhere. As long as I am me, and I can be reached, why should I need a specific client??? I hate having both my wireless ISDN telephone AND my GSM phone hanging around my person at home, as they are just two different "routes" to the same me...
So, IPv6 is not just about address space, it is also about usage. IPv4 is NOT dynamic, it does NOT handle multicasting well, it does NOT handle real-time data well and it was NEVER intended to be used as we use it today.
Ok, the specification of IPv6 is not yet perfect (data classes, multicast group lookups and IPsec), but the protocol has not yet been "tuned". This is currently beeing done in both Europe and Asia (and probably in some dark basements in the US
P.S: Linux is not at all bad at IPv6. Check out the USAGI patch and userland tools (they work quite ok with the normal kernel too), at http://www.linux-ipv6.org/. My Slackware Linux is running everything very nicely over IPv6.