IPv6 is Here

shawn(at)fsu writes "Reuters is running a story that Vinton Cerf of the Internet Corp. for Assigned Names and Numbers (ICANN) says that "IPv6 been added to its root server systems" I like how they said that it will run along side IPv4 for 20 years to get rid of the bugs. A few previous Slashdot stories out of many here, here and here"

A brief and redundant article

[Bold Marauder]

Really doesn't say much that slashdotters don't already know (it's a very

short article). There is one descrepcy that I'm sure I won't be the first

to notice it, either:

Rapid growth in the use of the World Wide Web has in recent times

prompted concerns about future scarcity of domain addresses, with

demand threatening to overload the existing system, the IPv4.

Now, I could be wrong; but my understanding was that the need for IPv6 comes from the scarcity of IP addresses (eg 12.34.56.78) not the scarcity of domain names (eg slashdot.org, slashdot.net, slashdot.jp).

Re:v6 could help solve some net problems

[The Darkness]

Also I'm not familiar enough with DHCP, can it do the same thing?

Yes, I have machines on my network that acquire static IPs through DHCP. It uses the MAC Address to determine when one of those machines requests an IP.

Re:I do wish

[Vancorps]

I would suggest you check this [freenet6.net] out.

You can have a whole octet to yourself right now. That's a lot of IP addresses and you're ISP doesn't have to support IPv6, it can be encapsulated in IPv4. There are plenty of gateways out there that will translate the request for you so that only your router will need both IPv4 and IPv6.

It's all up on FreeNet.

Re:v6 could help solve some net problems

[mattdm]

Sure, DHCP can do that. And lots of people use it that way. In fact, pretty much all of those Linksys/Dlink/whatever firewall/gateway/router boxes support it...

Re:A brief and redundant article

[bheerssen]

The term domain addresses refers to IP addresses, not domain names.

There, not here

[Anonymous Coward]

I can't get a native IPv6 address (block), and I'm on a university network. Neither can I get a IPv6 address from T-Online at home. To me this means that IPv6 is there, but not here.

Re:Feeling Old

[wonkamaster]

Not too many people remember v5. The IP version is a reference to the IP header "version" field, and 5 was reserved for ST2: See RFC 1819 [faqs.org] Sesion 1.2, 2nd paragraph.

So what do you call the next IP version? Version 6, of course!

Re:Running out of IPv6 (not)

[dmeranda]

IPv6 uses 128-bit addresses. For those who can't count that high, let's see, thats:

340,282,366,920,938,463,463,374,607,431,768,211, 45 6

in decimal. Just try to use all those up! Well, as long as you don't let the spammers onboard first.

Re:Is it just me

[DAldredge]

128 bit addresses allow for 2^128=340,282,366,920,938,463,463,374,607,431,768, 211,456 total theoretically assignable addresses.

THAT is a virtually unlimited number. ;->

Re:v6 could help solve some net problems

[Malcolm Chan]

Alternatively, the ISP could still dynamically assign IP addresses, but instead of internal addresses (192.168.x.x, 172.16.x.x, etc), externally routable addresses.

This way, no NATing is necessary, but there isn't any administration of IP addresses assignments necessary. The ISP simply has to make sure that he has enough externally routable addresses available for the max number of customers who could ever be simultaneously connected.

Re:Perfect!

[Anonymous Coward]

What does the percentage of used IPv6 addresses have to do with the duration of the coexistence of IPv4 and IPv6?

We will run out of IPv4 addresses within that timeframe, even if we don't colonize Mars and China stays mostly offline or uses its funny IPv4 translation.

IPv6 addresses are assigned differently to conserve router capacity and to avoid ugly hacks like NAT. It is recommended that end users are assigned blocks of /48 (2^80 addresses) or /64 (2^64 addresses) when there is only one subnet at the customer's site or /128 (1 address) when it is absolutely certain that just one device will be connected. This way of assigning addresses facilitates local auto-configuration and end-to-end connections.

Re:v6 could help solve some net problems

[rsidd]

Better still, bring back the old BOOTP protocol? Which if I'm not mistaken just simply keeps a database of MAC addresses to IP Addresses (manually entered),

An IPv6 address includes the 64 bit MAC address. [luv.asn.au]

It is out of date already in China due to IPv9

[Anonymous Coward]

China is already testing IPv9, something which promises to consume IPv6.

Link to article - China's New Generation Of IPv9 Network Technology Ready [chinatechnews.com]

;)

Re:v6 could help solve some net problems

[argmanah]

I don't see a way of making the sending of email spammer-proof without ending the concept of email-sender anonymity. But that is not the same thing as Internet anonymity. Such a scheme need have no effect whatsoever on all the other numerous Internet protocols, including the Web. You have no idea what you're talking about. John Doe is given static ip x.y. Free porn site logs incoming connection from x.y, immediately knows it's John Doe. So yes, forcing each user to uniquely identify their IP does affect web traffic. I can uniquely identify any user who connects to my webserver. Think what companies like Amazon and E-Bay could do with this information.

Freenet6 is obsolete

[Wesley Felter]

6to4 is simpler and more efficient.

Not a problem

[Wesley Felter]

This was solved years ago: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. [ietf.org]

Re:Still the anonymity problem

[Junta]

Huh? That didn't make much sense.

I assume you mean DHCP-Assigned IP addresses, which well, works significantly different in IPv6. Well, for now, I acknowledge that yes, the dynamic addressing scheme by *default* uses the system mac address in a very deterministic fashion to get an IPv6 address. However, IPv6 'privacy extension' does not, and thus your IP to MAC relationship to hosts not on your network becomes as undeterminable in IPv6 as it is in IPv4. Even if the outside world did have your MAC address, they have no way of knowing *where* that MAC address is. It is still a meaningless identifier until they actual get your machine physically, at which point they've already gone well beyond the point of getting into ISP logs, or have access to the current DHCP leases and physical network segment, which isn't too much more trouble than ISP logs. Hell, you can even set your own MAC address dynamically if you want your tin foil hat to be more fully engaged.

Proxying will persist, it is more about performance and conservation of bandwidth than, say, NAT, which almost certainly goes by the wayside in IPv6 by and large. However, few ISPs have resorted to NATing customers wholesale anyway, so that isn't the case today. I have not seen an implementation, but NAT could certainly be used in IPv6 if you *really* wanted, but it still traces to the nearest routable address, which, as in IPv4 networks, is typically still you.

Ultimately, relying on the 'anonymity' of dynamic IP addresses is really ridiculous if you are really doing something requiring anonymity. IPv6 is in no way the "end of the 'net as we know it".

Re:No good IPv6 firewalls..

[rleibman]

I believe IPTables fully support IPv6.

Re:v6 could help solve some net problems

[Just Some Guy]

Sometimes, although your source doesn't list that as as requirement. From the page you linked:

It is recommended that it be used as 16 bit internal network number and 48 bit MAC address, although sites can do what they liked.

For example, I get a /64 netblock from my IPv6 provider, but I split that out locally to three /80 subnets (LAN, DMZ, and WLAN). Everything I've read indicates that using the MAC address to autoconfig prefixes longer than /64 is impossible, so I have to manually specify the last 48 bits of the IPv6 address on each machine. Fortunately, that means that one host on the LAN is ::2, another is ::3, and so on.

Re:Slightly OT: Reserved IP adresses in IPv6

[rleibman]

IPv6 works in a very different way from IPv4, there is no need for private use networks. Each device on a network gets not one, but a few addresses, you have your loopback (::1), but you also have your link local (FE80::/32 an address that's unique in your network but doesn't get routed outside of it) and you can use this for many of the same things you use private addresses in IPv4. Oh, yeah, you also get a multicast address (FF02:/32 that other nodes and the router can use to find your MAC address). That's on top of a bunch of other addresses you may be listening to depending on what you are on the network (dhcp, router, etc)

Re:No good IPv6 firewalls..

[Just Some Guy]

ipfw and ipf on FreeBSD systems both have excellent IPv6 support. OpenBSD's pf, which is a Theo-ized BSD-licensed version of ipf, should also be solid choice.

Re:How is it implemened?

[TheSpunkyEnigma]

This took 2 seconds.
nslookup
>set q=any
>f.root-servers.org

f.root-servers.org nameserver = ns-int.isc.org.
f.root-servers.org nameserver = slave.sth.netnod.se.
f.root-servers.org nameserver = ns-ext.isc.org.
f.root-servers.org nameserver = ns-ext.vix.com.
ns-ext.vix.com internet address = 204.152.184.64
ns-ext.vix.com has AAAA address 2001:4f8:0:2::13

Re:v6 could help solve some net problems

[JPriest]

But someone has to manually add that entry to the dhcpd.conf file, and someone has to manually add the static route for the /30 on the router you connect to. If a network change is made, all these /30's have to be relocated to the other device.

We don't bother adding the /30's to DHCP becasue it is easier to let users do it with tech support than it is to pay UNIX admins to make the changes.

Re:ping6 slashdot.org

[tbaggy]

Ya I want this too..
As a side note, you can get to Slashdot (and google, and CNN etc) via sixxs.net [sixxs.net] with IPv6 by going here:
http://www.slashdot.org.sixxs.org [sixxs.org]

Re:v6 could help solve some net problems

[spektr]

Now I can't use BitTorrent.

BitTorrent still works (suboptimal) if you're NATed, because your client still connects to other clients (that aren't NATed) and uploads data to them (and thus receives data in return). You just won't get optimal download rates, because nodes that aren't NATed hold several times more concurrent connections. That's because everyone in the network can establish a connection to them, while a NATed node has only the connections it establishes itself (to clients that aren't NATed).

Re:where are the IPv6 native ISPs?

[IvyKing]

Speakeasy has been making noises about rolling out IPv6 support and apparently have done experimenting with it. Right now it still looks to be in the "near future".

A possible compromise would be for the ISP's to offer IPv6 tunneling hosts.

Re:where are the IPv6 native ISPs?

[Anonymous Coward]

Not for dgp, but perhaps some of the Dutch users might be interested. XS4ALL offers IPv6 for ADSL connections since october 2002. http://www.xs4all.nl/nieuws/overzicht/IPv6.html [xs4all.nl] (in dutch)

Re:I do wish

[gunpowder]

I was indeed referring to an IPv6 router with no NAT involved, which is what I meant by "live" IP addresses. Sorry about the confusion.

Well, there are global scope IPv6 addresses (like official 'live' IPv6 addresses), site local (internal lan addresses, like 192.168.x.x for IPv4, but its use is deprecated) and link-local (used for IPv6 autoconfiguration). If you want to have a working IPv6 connection to the rest of the world, you will need (a) global scope IPv6 address(es). Thats what the IPv6 providers (native ISPs, tunnel broker) will assign to you.

Most IPv6 tunnel brokers (freenet6, sixxs, ...) will give you one (single) IPv6 address for your end of the IPv6 tunnel, and if you requested e.g. a /48 subnet, they'll additionally give you the 48bit-prefix you have to use within your subnet. So you can use a whole (128 - 48 =) 80bit address range for your subnet, just the first 48bits are fixed.

Usually the IPv6 addresses are derived from your (48bit)-MAC address to automatically create a (64bit)-EUI-64 IPv6 address. For this to work you have set up a router advertizing service (e.g. radvd under Linux), which will broadcast - within your lan - the prefix to use, and the PCs in your lan will use this info and automatically create proper IPv6 addresses by themselves.
However if the IPv6 'privacy extensions/temporary addresses' are enabled on a PC (by default enabled on Windows, disabled on Linux), it won't create a EUI-64 IPv6 address (from which you can easily figure out their MAC), but it will use a randomized IPv6 address instead.

You can also avoid using 'radvd' entirely and just setup your PCs to use statically assigned IPv6 addresses (e.g. in the PC's boot scripts), and thus you can make full use of the 80 bit address range.

N.B. there is also a DHCPv6, so you can assign to each MAC address a unique IPv6 address YOU specify, but the DHCPv6 protocol is work-in-progress and I haven't seen a working implementation yet.


I suppose your current network setup is something like this:

Internet ------ NAT box ------ Hub ====== PCs

In this setup you can either use the NAT box itself as a IPv6 tunnel endpoint/router, which will provide your subnet with IPv6 connectivity.
Another way would be to port-forward the IPv6 tunnel traffic to any of the PCs behind the NAT box, and do the IPv6 routing from there.

Anyway, when the PCs in your lan want to connect to a host on the internet via IPv6, they will connect to the IPv6 router, and the router will forward the packets though the IPv6 tunnel to your IPv6 tunnel broker.
Since the tunnel broker need to know that you are entitled to use their service and where they should forward the IPv6 tunnel traffic, you might also have to 'login' or use a special software to initiate/enable the IPv6 tunnel. How this works exaclty depends on your IPv6 tunnel provider.

Re:where are the IPv6 native ISPs?

[anticypher]

Move to Europe [ripe.net].

The AMSix [ams-ix.net] is a major IPv6 peering point, where many of their clients [xs4all.nl] offer IPv6 to customers.

Nerim [nerim.net] is a major provider in France. They offer IPv6 natively to all their home users, just enable it on your router/firewall.

The UK has any number of IPv6 capable ISPs [btexact.com] (blech, puke), you just have to keep an eye on their internal support groups for help from those who have managed to make it work. Tunnels are always a way around broken providers, but are not an answer to your question.

There are a number of other transit and peering providers all over Europe who provide IPv6, and the ISPs are all starting to follow along. Demand only started when a handful of providers realised their was a large enough market for extra added services, even though very few customers made it an important item. The problem with IPv6 is that there is no WOW! factor, it just works as well as IPv4, transparently, and currently doesn't bring any new features to the internet that users can see.

Completely off topic...
I had a great time at CeBit this year, talking to the chinese ADSL modem makers. After asking if thier boxes supported IPv6, I then told them I needed 20,000 boxes right away for a small scale test, but only with a product with IPv6 enabled right out of the box, no upgrades allowed. Once I started talking about the 20-40 million unit market over the next year, you could see their eyes light up. But if they offered an upgrade within a few weeks (in other words, they'd have their coders pull some all-nighters), I'd walk off to find another with IPv6 already built in. I have a feeling that next year there will be dozens of small ADSL routers with IPv6 capability. Once we can get cheap ADSL routers with IPv6 as a checklist item, ISPs will start offering it.

In the U.S., the term for your situation is TSOL.

the AC

Re:IPv6 address per-connection?

[j h woodyatt]

Does anyone have a link to this information?

Look at the latest draft [ietf.org] of RFC 2462. Nodes are allowed to use a EUI-64 address for the host number, but the recommendation for stateless autoconfiguration is to generate a unique number and test for duplicates with neighbor solicitation. You don't have to use a MAC address with stateless autoconfiguration, and furthermore you don't have to use stateless autoconfiguration if you use a DHCP server on your IPv6 network.

On the other hand, some of the docs I've read say the IPv6 address is based on your MAC.

You haven't read the docs in a long time...

--