One Step Closer to IPv6 281
gbjbaanb writes "IPv6 came a step closer yesterday as ICANN added IPv6 host records to the root DNS servers, reports the BBC. 'Paul Twomey, president of Icann which oversees the addressing system, told the BBC News website there was a need to start moving to IPv6. "There's pressure for people to make the conversion to IPv6," he said. "We're pushing this as a major issue." The reason for the urgency, he said, was because the unallocated addresses from the total of 4,294,967,296 possible with IPv4 was rapidly running out. "We're down to 14% of the unallocated addresses out of the whole pool for version 4," he said. Projections suggest that this unallocated pool will run out by 2011 at the latest.'"
Sad (Score:5, Interesting)
I mean, if those companies complain, who cares. They wouldn't get such large and prestigious allocations in an IPv6 network anyways. So what's the difference.
I know, I know, we should move to IPv6 anyways. Just a suggestion. Poor initial planning warrants changes down the road.
I don't expect much to change (Score:5, Interesting)
They're not going to be very eager to give up their position as a gatekeeper of a limited resource just so their customers can frolick in a vast address space for free. Since most of them operate in a monopoly or duopoly situation, the proverbial "free market" won't force them to move off IPv4 either.
Re:Just Like Oil (Score:2, Interesting)
IPv6 migration behind a NAT (Score:3, Interesting)
If you are stuck behind a home router, with NAT then you will probably find yourself unable to access IPv6 sites. In the meantime there are two solutions:
- Teredo. If you have Vista this is standard. For everything else there is Miredo [remlab.net]
- Aiccu. A litte more work and bureaucracy to get up an running, but a solution non-the less
Of course there is also Apple's Airport Extreme, which is one of the few home routers out there that support IPv6. I believe some of the third-party firmwares will do this too, but I don't think the IPv6 support is mature. As for Linksys, D-Link, et al. I think you are out of luck for the moment.
Also, if you running Apache, you will need a minium of Apache 2 and specify IPv6 support, using the configure script, prior to building it.
Consumer router support (Score:4, Interesting)
Well, I'm happy to say that my wait is finally over. They didn't make a big deal about it, so I don't know exactly when they did it, but Apple added that support to their Airport Extreme. So now when I go anywhere that has one of those, I can directly SSH into those inside machines that I've opened ports for without undue muss or fuss.
Apple has been a stalwart supporter of IPv6, from my observation. It's been possible to use AFP file sharing over IPv6 since at least Tiger and the built-in VNC stuff works over IPv6 too (though there is a naming lookup bug that requires you to connect using the IPv6 address literal if you use the command-K "Connect to" dialog).
So, Netgear and Linksys, what's holding you guys up?
What about NATs (Score:3, Interesting)
Re:Sad (Score:3, Interesting)
IBM may actually use a lot of 9 (Score:1, Interesting)
Re:Just Like Oil (Score:3, Interesting)
wanna get sadder? (Score:2, Interesting)
003/8 May 94 General Electric Company
So GE has a whole
And now, look at this:
www.ge.com has address 216.74.131.56
Re:NAT Sucks (Score:1, Interesting)
1: People see one external box, and have to crack that box to get to your internal network segments. Yes, this can be regarded as security through obscurity, but this keeps someone who is "driving by" with some autodiscovery tool from gleaning info they shouldn't have.
2: An attacker has to figure out if the box with a web server is one machine, or actually multiple, with the router redirecting ports. For example, if there is an attack that requires something done with both the FTP server and a SSL server at the same time, it won't succeed. Another example is having the SSL port to one machine and the non-secure Web server point somewhere different, or having the dynamic Web stuff hanging off of a different port than the static (which is not all good -- a lot of businesses block Web stuff that isn't going to port 80.)
3: A NAT box allows one to protect traffic, and deal with an abuse problem internally rather than have an outside person come in. For example, if someone is sending out obnoxious content, without a NAT, the outside place can bypass the net admins and try legal action against the owner of the machine. With a NAT, they would have to go through the company or organization's security (including legal team).
4: Legal reasons. If someone is being prosecuted for hacking, it gives a better case to show that the knowledge of internal network segments is protected and shielded, forcing the defendant to bypass security.
5: Business intelligence. Its always good to keep the number of machines (and what segments they are on) hidden, so the competition can't easily find out that one is ramping up a new backend infrastructure for a service rollout (for example.) This also goes for foreign intelligence as well. For example, if country A finds out that country B is adding a lot more computers to their IPv6 segment of a certain type in their infrastructure, it can bring meaningful info that country B may be ramping up for a military offensive.
6: Contracts. In a lot of security contracts, internal traffic and external Internet traffic have to be completely separate (separate IP address space), or else severe criminal and civil penalties can ensue.
7: Corporate laws like SOX, HIPAA, and PCI compliance. These laws make NAT a requirement. Fail to do this as a network or security admin, and you just lost the "due diligence" protection. This can mean shareholder lawsuits and prison time should a security breach occur.
Yes, NAT is ugly, but its something that is a must have on the Internet for most companies, even with the vastly larger address space of IPV6. NAT is also the law in a number of countries (as a consequence of "due diligence"), and not protecting internal assets by this could mean civil and criminal liabilities.
Re:It's a sham - the Internet is mostly dark (Score:3, Interesting)
NAT just makes it easy for the network to have a single point-of-contact going in/out of the network.
And Firewall issues would still be the same - as far as having to poke-holes, etc. And not-having firewalls would make for a rather in-secure network and not solve any of the problems that we have today any way.
So the issue really is an IP allocation issue, and NATing would be good regardless of using IPv4 or IPv6. It would be nice for everyone to be able to have a static IP at their network gateway, but not beyond that.
Re:Just Like Oil (Score:5, Interesting)
It simply doesn't follow that Co2 levels haven't ever been this high. That Co2 that we are generating; you know, from fossil fuels?
Where do you think it was before it became fossilized?
http://www.geocraft.com/WVFossils/PageMill_Images/image277.gif [geocraft.com]
For most of the current Cenozoic era, Co2 levels have been *higher* than they currently are. The *only* possible issue with "global warming" right now is whether or not the rapid rate of change in Co2 levels will be damaging, not the absolute level of Co2 in the atmosphere.
For example, during the Jurassic period, Co2 levels were at 1800 ppm. During the Cambrian period, Co2 levels were 5000 ppm. Currently, Co2 levels are at 378 ppm, and even if we burn ALL known sources of Fossil Fuels it is unlikely we will drive that above 900 ppm or so.