CNN On IPv6 163
i am the waltuss writes "CNN has tackled The Great IP Crunch of 2010 in this article. Its a good overview/intro to the subject that will likely take the place of the Y2K "bug" after January 1. "
This discussion has been archived.
No new comments can be posted.
CNN On IPv6
Related Links Top of the: day, week, month.
If you have a procedure with 10 parameters, you probably missed some.
Re:Every toaster on the internet? (Score:1)
I don't think I'll ever be a fan of that sort of thing, though..maybe I'm just really goofy, but I don't mind not having a fully automatic lifestyle..I'm just not comfortable with having my life controlled to that extent by appliances, I don't mind adjusting the thermostat or manually timing my watch or things of that sort..if everything around me or physically on me is just a node in a vast mechanical network, what does that make me?
Eventually, just a node in a vast mechanical network.
Peace,
Take the place of Y2K? (Score:2)
Oy. First El Nino (sorry, no tilde). Then 9.9.99. Y2K is coming up. Then it's going to be either the IP crunch or the solar maximum.
I'm betting on the solar maximum. IP addresses are too much for the hardwired little brains of most end-users...
Re:too much misinformation... (Score:1)
For one thing, allowing an outside entity to control an appliance which you have purchased sounds like a potential privacy issue to me - without some really strict regulations on what a company can do with the information, do I really want a company to know when & how much toast I make? (Slightly more seriously, think DIVX...)
I agree with your fears. However, I feel that this will be inevitable, regardless of the privacy implications.
In any case, I see NAT as a highly desirable way for me to control what is talking on my subnet to stuff outside the subnet, regardless of whether you're talking IPv4 or IPv6.
NAT is not designed for security, it just coincidental that it is more secure than traditional means. If you want security, IPsec is the best way to go (and is much easier on IPv6 anyway).
Why is there some limit of effort @ opening NAT walls to different protocols? If the protocol is simple, then you can communicate through a single connection, and the owner of the NAT box can open that single port & attach it to the proper machine.
The limitation I speak of is a manpower/development limitation. It is not efficient to have someone spend their valuable time fixing the current NAT implementation for the latest and greatest vendor protocol. Often, vendor protocols embed the source/destination address somewhere inside the packet, which is why NAT fails. IPsec is a great example; it needs to embed the source and destination IP inside an encrypted packet. No NAT program will ever be able to route this correctly, which means people running NAT can't use IPsec, which won't fly economically.
Maybe I'm not quite understanding what you mean by "IP expansion" using ports, but as far as I'm concerned NAT is _supposed_ to make your subnet look like a big server on a single IP address, and I can't think of any performance/utilization metrics used by ISPs where this paradigm would cause "Bad Things" to happen.
By "IP expansion" I meant the mapping of unused ports on one host to ports on a different host (NAT), thus virtually giving you "more IP addresses" (bad phrase, sorry).
ISP metrics depend heavily on being able to uniquely identify evey host in the network, internal and external, for a variety of very good and time-tested reasons (I won't go into detail). NAT is designed to obscure this, and thus represents a problem for any network admin.
Here goes my Karma (Score:1)
It's stalling because it CO$T$, guys! (Score:3)
The regional registries are charging big bucks for blocks of numbers and managing them as if they were as scarce as IPv4 address space - or as if the world was beating down their door and needed to be throttled. Results: Only the big router builders' research departments (garage shops need not apply) and the universities (grant money and need to keep at the cutting edge) are interested.
ISPs aren't going to buy numbers until they roll out the infrastructure. Why tie up even a few grand now, when you're not going to use the numbers until later? There's enough numbers to give one to every hair on every human's head, so they won't run out if you don't jump early. (And they want to encode routing in the numbers, so it might be better to wait.)
What burns me is that price tag. The home experimenters can't get in on this unless they ante up (or do all their work with bogus numbers - which is problematic when you want to start interconnecting with the other guys). So we get to depend on the Cisco/3Com/Ascends of the world.
Microsoft would be proud.
Hmmm... Maybe we ought to pick a block UNofficially and divy it up for playing with. B-)
Re:Trillions of pennies (Score:1)
-Restil
IP v6 DNS and memory (Score:1)
>>127.12.255.234.127.123.55.234.124.121.253.231
> You're not. The obvious solution is to make sure you use DNS so you don't have to worry about what the IP is.
How in the hell are we supposed to remember DNS names like www.toaster.upstairskitchen.myhouse.org.au.earth.
Re:The Great Telephone Number Explosion... (Score:5)
Re:proxy server...? (Score:1)
Why would your company need more than a minimal number of IP addresses, unless you want every box on your network directly connected to the internet?
Its not that simple. The technique you suggest is, basically, what got us into this mess in the first place. The problem comes when you merge two networks (i.e. two companies). Both have used 10.* addresses, so you wind up with two computers on the network with the same number. Uh oh. Somebody has to renumber their entire network or it just won't work.
So you put a NAT box between the two subnets. Now some applications won't work because they put port numbers and IP addresses in the data packets. Urk.
We'll do it that way if we have to, but we would really rather find something better.
IPv4 and area codes (Score:3)
Erm. I guess that's as likely, feasible and practical as running your toasters on in a Beowulf cluster through your kitchen Intranet. :)
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Re:Every toaster on the internet? (Score:1)
There are tremendous business uses for this sort of thing.
Do you know what a hassle you would have if every time you had a misbehaving register on the other side of the country, you had to verify that a hacker hadn't telnetted into it and trashed it?
There are tremendous business uses, and also tremendous business liabilities to everything being mapped to a publicly available IP address.
Re:URL for information on IPv6 (Score:1)
What if we could build a public network built on IPv6? Would it [ompages.com] be useful? The benefit to society would be increased privacy the cost would be the need for people to eschew complacency.
Trillions of pennies (Score:5)
OK, so I'm a math weirdo, but play along for a moment. If one trillion Bill Gateses were standing in a circle and threw all their pennies in, how tall would the pile of pennies be?
Actually, there wouldn't be a pile at all: the density would only be one penny per 2.5 square cm. Assuming three Gateses per linear meter. Evenly spread out, there's plenty of room to spare. 1*10^12 people -> (1/3)*10^12 m circumference -> 1.06*10^11 m diameter -> 2.5*10^21 m^2 area -> 2.5*10^13 cm^2 per Gates. Each Gates gets to throw his wealth [webho.com] of 1.06*10^13 pennies into a square 50 km on a side.
If all those Gateses were standing in a circle, light would take over five minutes to cross its diameter. The circle would be not quite the size of Mercury [seds.org]'s orbit around the sun.
To be precise, about 2.9%.
But good luck rewriting the TCP protocol for your penny network -- its end-to-end space-time delay is ten minutes!
Jamie McCarthy
Re:WRONG! (Score:2)
IPv6 is much more geared toward route aggregation. And since its just being rolled out, and people already know the effects of the messy routing setup of today, route aggregation will be encouraged to a much greater degree.
Yes, this could be done with IPv4. But it isn't going to happen. Far too late into the game.
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
Re:Suggestions for corporate Intranet? (Score:1)
DHCP has a similar story. It has been looked into, but I gather that there were security problems. Around here, that was enough to scupper the whole idea.
AFAIK we don't currently have NAT within the intranet, but thanks to the various new aquisitions who use 10.* addresses (plus at least some bits of the existing intranet) it has been suggested as the way forwards. I'm looking for better ideas.
Someone else asked if I work for MS. I don't work for MS. Beyond that I refuse to confirm or deny anything. Oh, except that I don't actually work in the IT support department, so don't judge my employer by my comparative ignorance on the subject.
Every car on the internet? (Score:1)
Imagine, if you will, GM coming to the IETF every year for 10 million more IP addresses. Because GM is imagining it.
Re:Every toaster on the internet? (Score:2)
I carry a digital cellular phone. Maybe it uses Voice over IP, or maybe it can just connect to the web to check my email. Either way, it needs its own IP address.
I carry a PDA, hopefully a descendant of my beloved Palm V. I carry it because my phone is a tiny little thing, making its screen so small that I'm willing to carry a separate PDA. My PDA can hotsync itself to my databases, which are on a server on the Internet of course. So my PDA needs an IP address.
My watch synchronizes itself to the atomic clock, using multicasted NTP packets. It also sets its alarm to tell me when its time to take my heart medication. It sets its alarm by checking my medical schedule, which is on a server on the Internet of course. So now we have three IP addresses on my body.
After my last heart attack (brought on by the stress of working 70 hour days in Silicon Valley back in 2003), the hospital gave me a monitor to affix to my ankle which monitors my blood pressure, hydration levels, etc. It collects its data and sends a packet to the hospital once per hour.
At my house, all five of my very expensive cars (the oldest being my old 1999 junker) have a mobile entertainment center which can pull in HDTV broadcasts, connect to whatever the WWW looks like in 2004, etc. So I have 5 more IP addresses.
And of course, the fax machine in my main vehicle is an aftermarket addon which doesn't cooperate with the car's built-in gigabit ethernet network, preferring to use its own wireless net connection. Another IP address.
These are all mobile connections. MobileIP doesn't work with NAT: you have to have a globally unique IP address for the remote proxy to route things to you.
NAT is useful to hook up the 27 computer systems I expect to have in my house by 2004.
Humm (Score:1)
Re:Suggestions for corporate Intranet? (Score:2)
Every ethernet packet has an ethernet header. There is a two byte field in the ethernet header called the ethertype (also called the SAP in some terminology). The ethertype identfies what kind of packet it is. For example, IPv4 is ethertype 0x0800, which IPv6 is 0x86dd. Thus, you can happily mix IPv4 and v6 packets on an ethernet, your machines will look at the ethertype to figure out what to do with them. Likewise your routers can simultaneously handle IPv4 and IPv6 traffic.
BTW, it isn't just ethernet. Every modern network type, including FDDI, ATM, Token Ring, PPP, etc has a two byte SAP field in its header. The only two network links I can remember which didn't are SLIP and Apollo Token Ring, and I'll wager you aren't using either of those.
How Comforting. (Score:2)
I'm glad to know that there is at least one more technological crisis to worry about come 1/1/2000.
Seriously, won't the switch require huge changes to existing infrastructure? The big routers on the great big cables -- won't they have to be changed/upgraded/reprogrammed to handle the larger numbers without screwing up the network addresses?
Seems like it to me... but I haven't been following too closely. What are the low level changes we need before we can switch?
--
QDMerge [rmci.net] 0.21!
Re:Why IP? Lets Invent a new Protocol... (Score:1)
And if you were to flip it all to IPX or something as remote, who'd want to rewrite Apache (web servers), netscape (browsers) and IE (market-space) just so that they'd work over the new protocol?
To achieve ipv6 critical mass.. (Score:3)
IP (more) over everything.
-or-
IP over everything from anywhere.
You get the idea.
-Chris
Nics and other hardvare don't care. (Score:1)
LINUX stands for: Linux Inux Nux Ux X
Not just addresses. (Score:2)
Besides, if I stick knife in my toaster to get out the bread, I'll probably blow the whole Internet.
Hotnutz.com [hotnutz.com]
Re:Why IP? Lets Invent a new Protocol... (Score:1)
Unfortunatly Banyan suffered from a lack of marketing, and a scant regard for quality control in their later years - ever seen BeyondMail 3.0.
I have many tales of Banyan if anyone is interested.
Every toaster on the internet? (Score:4)
Seems like NAT and IP Masq. are perfect for this kind of thing. What most people do on the internet can be perfectly done through NAT or Masq: web, mail, ftp, ssh, etc.
How does having your own large address space help anything?
(Not to slam on ipv6, tho. I do like build in ipsec).
Re:DNS? (Score:1)
Re:How Comforting. (Score:2)
Just think of the upgrade potential they have... (and people think MS have a corner on a market)
-Chris
Re:IPv4 address space subset of IPv6 (Score:1)
Re:Humm (Score:2)
It's really neat, there are a few networks that support it (vBNS has some limited support right now). Think ip addys with hex numbers instead of deciaml and you're halfway there
vBNS link at http://www.vbns.net/IPv6/index.html for those interested.
Re:Address selling.. (Score:1)
WRONG! (Score:4)
Hit up this [arin.net] FAQ put out by ARIN. To quote: IPv6 was not designed to address the routing table overload.
Not only that, CIFS is supposed to address this issue for ipv4. The biggest problem IMO is that router tables will simply become too large and cumbersome to maintain. There is a practical limit to how much routing info you can squeeze into a embedded system (router!) before the costs outweigh the benefits.
--
Re:Address selling.. Renting ipv6? (Score:1)
IPv6 vs IPv4 (Score:3)
However, organizations and companies have to tackle issues such as hardware and OS support, software written to recognize and work with *both* IPv6 and IPv4 until the transition has been made, as well as all the little differences in network architecture that may be necessary due to IPv4 vs IPv6.
I had heard that Linux already has support for IPv6; but how about hardware(NICs, routers, network topologies)? And do they work with Linux? And will the software we use, will they work with Linux?
For example take USB. Everything is USB today except for WindowsNT. Linux has better USB support, for crying out loud! Can't use USB mice, keyboards, printers, anything, under WinNT. Will there be a similar situation for IPv6? If the M$s and Suns of the world don't actively try to promote IPv6, and smaller alternatives such as Linux can't/don't/won't step up to the plate, how will anyone ever switch over?
Of course this is just another opportunity for Linux to show it's superiority =)
Linux vs WinNT
Better USB support
IPv6 support
Better low level scalability
Higher efficiencies and runtimes
Better clustering capability(Beowulf)
etc.
-AS
Re:It's all about widespread acceptance (Score:1)
See http://ftp-eng.cisco.com/pub/IPv6/ for IOS images for a lot of Cisco routers
Telephone # problems similar to IP address issue (Score:1)
However, the problem isn't really cell phones, pagers, and finding new phone numbers for them, in the same way that the IP address problem is not about exactly about new computers needing IP addresses. The problem is inefficient allocation; IP addresses, like phone numbers, are allocated to the people that need them blocks at a time. Unfortunately those blocks are not granular enough, and lots of numbers end up getting wasted.
IP example: many companies need only slightly more than a class C address space (255 IPs), but nowhere near a class B address space (65536). So they get a class B IP, but end up wasting thousands of IPs. Now imagine this with class A vs. class B addresses, where you are potentially wasting millions of addresses.
Telephone example: with all the new local telephone companies offering service, they are assigned phone number blocks they can distribute by exchange (i.e. first three digits of a seven digit local number). You now basically have potentially thousands of wasted numbers depending on how successful they are in signing up customers.
In any case, I am sure I'm off on a few technical details on the above, but the gist of it I'm pretty sure is correct.
----------
Re:It's all about widespread acceptance (Score:1)
Check the rumors on http://www.sunhelp.org/
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
It's already happening in San Jose (Score:1)
There's a quick explanation over at Pac Bell [pac-bell.com]. There are even commercials on television to make people aware that they have to start dialing 10 digits.
I too foresee LOTS of problems with the shortage of numbers in the near future.
Re:Every toaster on the internet? (Score:1)
I'm kidding about the lazy comment, of course!
I disagree with the opinion that you would just turn into a 'node' - your life controlled by the other nodes around you. If I start thinking about automation it leads me to a future where I no longer even have to think about many of the mundane tasks that fill up so much of my day currently. All that time can be devoted to more enjoyable things like deep-thinking (some would say philosophy, but I don't have the creds), artistic endeavors, futzing around with the automation software, television-enhanced weight gain, etc.
Re:The Great Telephone Number Explosion... (Score:1)
Re:Returning some of the 16.7 million... (Score:1)
Re:IPv4... (Score:2)
You lose transparency, flexibility and ultimately performance from doing this kind of thing. For a $100 student house network, it's great to use NAT, for a $100M company it gets ugly really fast.
Look more closely at your NAT box some time, it has Application-Level protocol handlers, because otherwise apps like Quake, CuSeeMe, FTP etc. wouldn't work correctly.
As time passes, and users demand more sophisticated services, it gets harder for NAT to work properly, and the implementation gets more and more fragile.
Supporting NAT because it's cheaper than upgrading is a false economy, like sticking with Win16 to save on NT licenses. You'll feel the pain later.
Re:Telephone # problems similar to IP address issu (Score:2)
The wastage of numbers via ineffective use of exchanges does indeed suggest another vector via which "name space" may vapor away. The only good news is that cell phones and pagers are likely to "pack in" more effectively as they are not forced into a tiny geographic zone as would be the case for a local exchange.
The merely makes the "crunch" happen quicker; as the numbers of phone numbers per person grow, the population of needed numbers is still growing pretty rapidly.
The issue is not, in this case, one where there is a sudden date when everything breaks (as with Y2K, [hex.net] but rather something more like a ``brown-out'' where it becomes increasingly difficult to manage systems, and where new subscribers cannot be admitted, which will hit some geographic areas before others...
It may result in businesses moving to ``economically depressed'' areas where there are exchanges with space free :-).
Re:Address selling.. Renting ipv6? (Score:1)
Re:Every toaster on the internet? (Score:1)
I don't know about anyone else, but I just don't want to live that way.
Peace,
Re:WTF 128 bits? (Score:1)
Secondly, MAC addresses may be 48 bits now, but there's rumblings about making them 64 bits. There's a specific process to make a 48 bit MAC address into a 64 bit link-local address (split on the 24 bit boundary, insert 0xfffe, add 0x02 to the first byte). So 16 bits are NOT being "thrown away".
So that top 64 bits is everything, including subnet id, and the bottom 64 bits are GUARENTEED to be unique within that subnet. And believe it or not, but your IP changes depending on which upstream you go through to get to the destination.
That top 64 bits varies all over the place.
I also have no doubt that IPv6 addresses CAN be assigned manually, having nothing to do with the ethernet address, if you choose not to do Neighbor Discovery. But otherwise, who cares? Guess what, my MAC address is 08:00:20:77:88:d1. What are you going to do to me with that? If you use authentication, the other end ALREADY knows who you are. If not, how does that differ from IPv4? You track me down via my upstreams, which anybody can do via IPv4 ANYWAY. And how do you know whether I've moved location, or I'm simply going out a different link to get to the end station? How do you know its me sitting at the station? How do you know that I haven't given/sold my laptop NIC to someone else? How do you know I'm using in.ndpd or an ethernet card at ALL?
If you're going to get worked up over something, get pissy over online phonebooks which give out your home address, or websites which publish your email address to spammers. Worry about that stuff associated with your name, rather than someone writing down 3ffe:b00:1802:1:a00:20ff:fe77:88d1 every time they see it.
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
Even nanotech not a problem with 128-bits... (Score:1)
earth's surface area = 5.099*10^11 m2 [robinsonresearch.com]
earth's land area = 1.4835*10^11 m2
That's surface area, but we live in a volumetric space; let's define that space as 1 km high above/below earth's land-mass(part of that 1km being underground, part being in the air.) Thus the volume of human space above/below land is 1.48*10^14 m3. With 10^6 cubic centimeters per cubic meter, and approximately 10^23 atoms per cubic centimeter, we get 1.48*10^43 atoms in our human-habitable slab of space on earth.
Now, how many IP addresses for that space? Well, 2^128 = 3.4*10^38th.
Ergo we have enough IP addresses for nanotech devices of 43,600 atoms each, in a human-habitable volume completely covering the land-mass of Earth and extending to fill a volume of space above and below the earth's surface for a full 1 km. Sure, you might get nanodevices smaller than that, but would they be independent enough and sensing/generating enough information to communicate via IP?
Well, if that isn't a problem for 128-bits, what is? Let's check a few other test cases that your friendly sci-fi reader might imagine...
Well, that was just land-mass. What if we filled the sea with nanodevices, would that exhaust it?
The sea is 11km deep at worst, 3.8km on average. Water surface area is little over double land. Thus water basically requires a factor of 10x more devices. Given that you probably won't have more than 10% of the volume of any space being nanodevices (and this would seem to remain an extreme upper bound), this probably isn't an issue.
So what about interplanetary colonization? Still not too much of an issue for this solar system (ignoring the latency issues.) At least the first few planets (Mars/Venus/Mercury) which only add a factor of 3-4x expansion once 100% colonized form due to the roughly similar size of available nanodevice space on those planets as earth. True, a colonized Jupiter might pose problems down the line...
And if you used nanoprobes to fill/convert entire atmospheric systems, you end up covering a lot more volume (99% of earths' atmosphere fills approx 8.6*10^19 m3 by my calculations, five orders of magnitude more space than our 1 km slab.) Of course, any nanodevice design on that scale would probably use its own non-IP protocol.
Ah, but what other assumptions could be misleading us? For example, what is the efficiency of the 128-bit name space? Can we really use all those addresses? Well, I admit, I'm less an expert on this. The issue that Ethernet MACs will typically be your bottom 64-bits definitely chews up a lot of space, but if Ethernet doesn't make sense for nanodevices, we'll probably be using something else, or our self-assembling nanoprobes will build and configure themselves so that they share 1 higher-level IP but under the covers each have an colony-wide (not globally) unique ethernet address. How efficiently allocated is the rest of that (non-Ethernet) space? Well, I think CIDR-like tweaks can squeeze a fair amount out.
Still, even in the case where 128-bits isn't quite enough(!), I suspect reverting to NAT-type approaches in IPv6 will be workable. Certainly inter-stellar communications which will be limited to a relatively small number of transmitters will scale up with NATs for quite a while, assuming photon-based communications.
So I suspect the 128-bit addressing scheme of IPv6 will last us at least another 200 years, not just "decades" as the IPv6 committee conservatively claims. [ietf.org]
Of course, they probably know more weaknesses in that timeframe than I. Pretty hard to extrapolate out that far. For example, will the 4-bit header for IP version numbers be sufficient? Only 255 (8bit) hops? Who knows? Maybe IPv6's optional extension headers will even let us kludge around those issues.
Still, I think 128-bit IPv6 addressing will last us through nanotech and intra-planetary travel. Perhaps it will even last as long as our 4-digit field Y2K fixes!
--LP
Re:Trillions of pennies (Score:2)
Re:Even nanotech not a problem with 128-bits... (Score:1)
I had a bunch of these ready, the most apparent is that at one Nanogram a piece, 2^128 devices would still have a mass something like 10^5 times as much as the earth. But then I realized it was this sort of examples that the guy I was replying to complained about.
The IETF did the write thing by choosing to go to 128 bits rather than 64, and given that I don't think we have to much to worry about.
But then consider the flip side, if we think that getting the entire terrestrial Internet to move to ipv6 (with only 2 billion or so Nodes) is a big task, imagine moving the entire Wormhole-Switched MilkyNet, spanning a million planets with 2^108 Nano-sized nodes each, in a few hundred years...
-
6bone (Score:1)
As far as software routers go, GateD and MRT work well with IPv6. I believe that there are others, too, but those seem to be the main ones.
Software - Sendmail, Inetd, Telnet, FTP, Traceroute, Ping, Fetchmail, INN, various news readers, and BIND work with IPv6. Mail readers only need to talk to the local Sendmail, so mail to/from IPv6 networks does NOT require any change to mail reader software.
Very little software actually -needs- to get ported. eg: Web Browsers don't =NEED= any special IPv6 capability. Just modify a proxy, like Squid, and you'll be able to access IPv6 web servers without problems.
To port software, though, requires a bit of work. Not actual EFFORT, as the change is largely one of altering the structure you use, and the socket type from AF_INET to AF_INET6. Oh, and you need to remember that IP addresses need not be entered in a fixed-length format. Yes, there are other details, but those are really trivial.
Linux will interoperate with all other IPv6 stacks, and has been able to do so since the experimental patch for 2.0.20 came out. :)
Hardware doesn't care about the protocol, so any hardware will work with any stack. Microsoft isn't pressing IPv6, yet, but MOST of their publicity surrounding Windows 2000 touts the very things that adding the IPv6 stack gives it. My guess is that we're going to see Microsoft push IPv6 in a BIG way, to maximise publicity.
Re:too much misinformation... (Score:1)
It appears that I'm misusing the terminology - I usually lump NAT/firewall functionality together - being able to ignore or transform packets based on selection/rejection criteria and knowledge of protocols. In my following comments, when I talk about a NAT server, I also mean firewall functionality.
This has nothing to do with obscurity (and I'm not even sure how you managed to bring that up w/respect to my previous reply!) - the whole point is that the owner of the "gateway" has total control of the flow of information through it.
" You're relying on the upper layer protocols to make assumptions about the lower levels of network. This isn't proper. The network should be the network. The applications shouldn't have to know and shouldn't have to care what boxes they travel through to get to the end station. NAT breaks that. "
I don't see why this is so. As I stated before, properly implemented, on the outside the NAT server looks like a single host. Any applications running on the outside won't be able to tell the difference (logically, although performance-wise might be another issue). Applications on the inside will think they're talking directly to the network through a gateway.
The only problem you have is when you try and use a protocol which requires active participation by the NAT server. *You* think this is a problem - *I* think this is a good way to control who is talking to what, and what they're saying, from my subnet.
" NAT, most frequently, tends to break low traffic datagram protocols. I'm pretty sure what you envision is a network using nothing but TCP, and proxy upon proxy upon proxy to pick up the slack. Sorry, but I find that a bit shortsighted. It may be great for you, but your situation is just that... yours. "
NAT only breaks low traffic datagram protocols which it doesn't understand. I do *not* envision a network with nothing but TCP - I envision a network where I have control over which protocols are allowed through my gateway to the net.
Being able to upgrade a NAT server to understand new protocols is a technical issue which I am not addressing, but which doesn't (to me) seem to be a big deal to solve.
" Just as an example, a local ADSL provider in my area used to do just that... running their entire ISP behind a single NAT-overloaded IPv4 address. It was a dismal failure. Users couldn't play games like Diablo. One person would piss off an IRCOp, and the k-line would ban EVERYBODY. The NAT box would get overloaded and crash, and suddenly nobody had connectivity. "
This points out the stupidity of that ISP provider rather than anything particularly wrong with a NAT implementation. An ISP is supposedly to provide relatively uncontrolled access to the net - a NAT server is going to, because of its nature, "filter" out any protocols it doesn't understand.
ISP service provided by the IT department of a corporation might find a NAT server arrangement quite desirable, since they might not want people to easily play games like Diablo or access IRC. Without the NAT server, they would have a difficult time blocking attempts by people to do these things.
As far as overloading & crashing is concerned, that's just a matter of systems-analysis & load-distribution - the fact that the ISP couldn't handle that just indicates their incompetence.
" A NAT'd IP can never provide the full, unrestricted functionality of a real IP address. End of story. "
A NAT'd IP provides ENHANCED functionality over a "real IP address" - the ability to control how any packets are accepted/rejected/transformed. Your "end of story" is not very final.
Re:The Great Telephone Number Explosion... (Score:1)
Re:Trillions of pennies (Score:2)
Just use a good setup of seperated bridges and gates along with a few wormholes, and such a network would not be a bit of a problem.
mac addresses? (Score:1)
What about better security? (Score:1)
It seems to be there some sort of sane routing rules could be put into place with a new IP system, so a router could spot spoofed packets (then again, in some cases this could be done now, and I sort of doubt anyone does, probably based on the overhead).
Also, when they defined this sort of thing, did they give any consideration to the various attack methods that would be possible via IPv6? I suspect some of the issues we've seen in the past (i.e. Ping of Death) were caused because the protocol didn't suggest what to do in cases where the packet was malformed, or intentionally busted.
Re:The Great Telephone Number Explosion... (Score:1)
Quack
Re:Every toaster on the internet? (Score:2)
Why exactly should every toaster, microwave, dishwasher etc be connected? And even if they are all connected, why in the world do they need their own ip address?
Once enhanced with "net" access, these appliances will report your usage habits back to the manufacturer. (Anyone remember DIVX?) The theory is that they'll be able to improve their product as they better understand how their products are actually used. Since people are reluctant to have their habits recorded in this manner, expect to see "discounts" and other "perks" from devices that allow your usage to be tracked. (Example: People love those supermarket "value" cards -- you get cheaper prices, and the store gets a profile of your shopping habits.)
In the home of tomorrow, "net" outlets will be as common as electrical outlets. The first devices you'll plug in will be your phone, TV, and computer. But it won't be long before the toasters, microwaves, and others follow suit. And Big Brother will be there to watch each and every device.
IPv6: Putting the 6 in 666.
Re:It's already happening in San Jose (Score:1)
When NYNEX bought New England Telephone, ten-digit dialling became mandatory up here in Maine (only one Area code--207--for the whole state still) for all non-local (i.e., toll) calls. People complained, so when Bell Atlantic bought NYNEX and wanted to raise rates, the Maine Public Utilities Commision told them that they'd have to reallow state-wide 7-digit dialling.
They want to make a new area code soon, though. People are complaining about this too. It'll be entertaining to see how it turns out.
Re:Every toaster on the internet? (Score:1)
I used to program cash registers. Do you know how much I would have given to be able to telnet to a misbehaving register on the other side of the country?
Re:Every toaster on the internet? (Score:2)
However, you're off on the NAT/Masq issue. Say I've got a couple of machines going out over a cable modem (I don't; I've got DSL). Now, people on both computers want to use NetMeeting and receive incoming "calls" (I know NM is bad, but it illustrates my point, as its something that most home users have). NAT and Masq can't do this. Why, because the effective port-forwarding can't forward a connection to both machines.
Now, say you have machines behind two separate NAT'ed connections. The users can't set up a NetMeeting connection, as neither is directly connected.
Having a larger address space helps by giving each machine its own address so it can accept connections such as NetMeeting directly, because 15 machines won't be trying to use 1 IP.
Re:WRONG! (Score:1)
You mean CIDR (Classless Inter-Domain Routing). CIFS is the Common Internet File System (SMB for the rest of us).
Re:Every toaster on the internet? (Score:2)
Coca Cola already does this, but not using IP. They use a different sort of protocol. Dunno how it works exactly, but I know it's implemented widely enough that it made its way up to Northern Maine a couple of years ago.
Re:Address selling.. Renting ipv6? (Score:1)
At those prices, it will compleatly come out of end users to implament, and hell, you halfto rent.
Im supprised nobody has had a problem with this or Brought it up, but this is not good, i mean, with all thows addresses, one would logicly think, that it would be Free, or atleast a whole lot cheeper, like 100 bucks.
i wonder if the 6bone is still up and running
Re:IPv6 vs IPv4 (Score:1)
It's my understanding that the Linux TCP/IP stack is the weakest of the three major stacks in present use
1) If the sentence starts with "It's my understanding..."
the impression I have gotten is that the Linux stack is the odd man out
2) Toss in comments based upon "the impression I have gotten..."
The TCP/IP stack is an area of development where a common code base is a valuable thing, enablng all machines on the net to speak a common language. It's an area where the GPL, which tries to act as a crowbar to force all code everywhere wide open, ends up being very divisive. Because Linux ends up always having to play catch-up on it's own implementation, the Linux stack will always be the least compatible with everyone else. This is viewed as a real problem, except, of course, for those people who hope there soon won't be anything on the net except Linux.
3) Wrap up with a resounding jackass comment.
Re:Trillions of pennies (Score:1)
You're not. The obvious solution is to make sure you use DNS so you don't have to worry about what the IP is.
However, if you're a glutton for punishment, you could theoretically represent them by 32 hex digits, reducing the maximum number of "digits" you'd have to remember. If you wish to reduce the number of digits to remember more, you could also conceivably represent the IP by 28 letters (letters being defined as the 26 alphabetic characters used in the Enligsh language), or 26 alphanumerics (the alphabet plus the 10 arabic numbers) or, if you really want to get silly, 16 characters (if each dotted quad is represented by one "ASCII" character (ranging from 1 to 256).
Take your pick, I'd rather use DNS.
Why IP? Lets Invent a new Protocol... (Score:2)
True.. We could Run out of IPv4 Space By 2010...
But since we're going to have to freaking upgrade every router, adn networked piece of software.. do we really want to stick with IP?
I mean, I wonder if there's Some folks out there.. working on a good replacement protocol.. something that does all that Ip does.. But faster, Lower on memory, and easier?
Maybe IPv6 Isn't the answer.. Maybe We'll end up using Some weird Child of Banyan Vines.. Oor Ipx.. Or maybe there will be an open sourced Protocol.. Or maybe We will all fall under the Sway of Mr. Gates. and us MicrosoftIP-2000
-Warning I'm too lazy to spellcheck---
-And I could be making all of this up-
-So Take it all with a grain of Salt.-
Re:running out of IPs (Score:1)
I don't think it will stop car steeling, but dumb thieves will have to go away. Then only hackers will be competent enougth to steel cars.
Re:No (Score:1)
--
Re:IPv6 Myth Debunking (Score:1)
I would like to clear up a false thing that article states about IPv4: The IANA, NOT the InterNIC, hands out IP address blocks. What a gauche statement. You'd expect Bay Networks to know better.
IPMasq to [your toaster's] rescue (Score:4)
Except for the appliances that one might need to gain access to from the outside world (security system, garage door opener, etc) you wouldn't even need (any in many cases you specifically wouldn't want) any incoming connections from the outside world. If i'm surfing the web with my toaster, all I need is an internal IP address and an IP Masquerading firewall between me and the rest of the internet. Simple port redirection would suffice for gaining access to most other appliances.
This is how I handle computers at my own place, I have an @Home cable modem, with a single IP address attached to a 486 box with two NIC cards running debian. This box acts as an IPMasq'ing firewall/dhcp server for the rest of the computers in my house. I use port redirection to ssh or ftp into the rest of the machines, and save myself having to pay for all of those extra IP's.
There's no reason that I can think of why every machine on the net needs its own IP address anyway, it's far more secure to have a firewall sitting in between you and the rest of the world, and IP Masquerading works with everything that a typical user would need (http, ftp, instant messenger, icq, quake, realvideo, etc.) and as far as latency is concerned, my 486 only has 8 megs of ram, and both NICs are old ISA NE2000 clones, but I get an average of 50-100 pings for quake2, and have downloaded up to 180 KB/s (which is darn near the max for my cable connection anyways), with room to spare - certainly more than my toaster needs to tell me that it's done or for my X10 server to tell my coffee maker to start brewing in the morning.
Re:Humm (Score:3)
I -can- list some of the additions/changes, though.
RIGHT. (Re:WRONG!) (Score:2)
How I know? I was on the IESG when we approved most of those documents.
Re:It's all about widespread acceptance (Score:1)
Building a good IPv6 router requires IPv6 (obviously), but also extensions for RIP, OSPF, BGP4 (ack!), ISIS, ... to handle the bigger name spaces. I believe that many of these extensions are floating around in drafts. But they're not very widely deployed (if they are at all). And until the backbone routers all speak IPv6 (or some other solution, like MPLS tunnels to keep the "good" IPv6 traffic away from "bad" IPv4 routers), IPv6 traffic will be restricted to sketchy IPv4 tunnels.
What about using reserved IPs and proxies? (Score:1)
Re:It's all about widespread acceptance (Score:1)
Re:What about better security? (Score:1)
Yes. IPsec, IP-level authentication and encryption, is included in IPv6. It is available for IPv4 as well. Several free implementations (KAME, FreeS/Wan, etc) are under development.
Re:How Comforting. (Score:1)
-philsky
Re:The Great Telephone Number Explosion... (Score:1)
I got fed up.
I moved.
"The number of suckers born each minute doubles every 18 months."
URL for information on IPv6 (Score:5)
http://www.ipv6.org/ [ipv6.org]
If you just want a in-depth understanding of why you should use IPv6 instead of Ipv4 take a look at
http://www.ie tf.org/internet-drafts/draft-ietf-iab-case-for-ip
Address selling.. (Score:2)
It's all about widespread acceptance (Score:4)
As I understand it, IPv6 devices can still handle IPv4. So what we really need is for a few of the real leaders to come out and boldly adopt IPv6. I hate to say this, but: Are you listening, Microsoft? IBM? Cisco? Transition your products and services to IPv6, and the world will follow.
Now if we can just get everybody to strongly encrypt ALL IPv6 traffic...
Re:Every toaster on the internet? (Score:2)
But if every Palm or Visor were networked? Or all the millions of Gameboys? As well as PCs, cell phones, cars, etc?
Ostensibly anything that can use information can/should be connected to the internet.
And the dynamic capabilities of IPv6 should be very useful for such roaming devices as cars, trains, airplanes, Gameboys, Palms and Visors, cell phones, beepers, pagers, e-books, WinCE machines, wristwatches, and whatnot.
-AS
Suggestions for corporate Intranet? (Score:5)
This was a good article on a technical subject. I've looked into this a bit already, and this article agreed with what I already knew and confirmed a few things I'd only suspected.
This is of more than passing interest to us. My employer has recently aquired some other largish companies, and we need to set up a corporate Intranet. Problem is, we don't have enough IP addresses.
(Well, maybe we do. There are rumours of a class B address owned by some research lab somewhere in the company. People are currently trying to track it down. Failing that, we might just have to buy a company that already owns one.)
So now what do we do about IPv6? Everyone in the company is using IPv4, often with 10.*.*.* addresses hidden behind firewalls that do NAT. We need to integrate all these networks into one corporate Intranet, and the idea of having lots of NAT boxes playing games with IP addresses does not sound good. Neither does the prospect of renumbering all those boxes by hand. We don't run DHCP anywhere (someone once talked about security issues as the reason for that, I don't know anything more).
One idea is to create an IPv6 backbone for the Intranet with IPv4 subnets hanging off it, and use protocol translation routers to connect the subnets. That way we can get the subnets on with minimum hassle, and upgrade them as and when it becomes feasible.
As far as upgrading goes, our favoured solution would be to just buy new machines with IPv6 stacks installed. We certainly don't want a flag day. Reading the IPv6 site [ipv6.org], it looks like IPv6 and IPv4 machines can co-exist on the same Ethernet spur or whatever. Am I right about this?
Any information would be gratefully received.
DNS? (Score:3)
IPv6, USB, NT (Score:2)
And Microsoft has an "unsupported" ipv6 stack for NT for download here: http://research.microsoft.com/msripv6/
-------------
The following sentence is true.
Re:Trillions of pennies (Score:2)
It will take Nanomachines before we break 2^128 nodes,and once Nanotek happens we will have quite a lot of things to consider about the way our world works, of which the number hosts on the Internet does not really rank. I think we can sleep safely knowing that the people we are fucking things up for are not ourselves, but our children (and they deserve it, dog gonnit, the lazy little bastards!)
About the memory thing: Consider that 128 bits is exactly the length you need for a truely safe crypto key (assuming it is your own info you are locking in, it can be symetric). If the world is heading where I think it is, it's about time to start practicing memorizing those...
-
WTF 128 bits? (Score:2)
128 bits for an IPv6 IP address? Why _4_ times bigger? Since each packet's header needs both a destination and the source, that's 32 bytes vs 8.
If we say the average packet is 500 bytes (?), then IPv6 is imposing at least an additional 5% overhead on bandwidth limited lines. Like a tax--what are _we_ getting for it?
I'm sure the extra bits will be rapidly stolen to help routing (ie, a couple of bits for continent, a couple more for region (state), or the network topographical equivalents.
I have privacy concerns about this (static IPs) plus I wonder if Cisco isn't doing this to scr*w their competition (Linux routers?).
-- Robert
too much misinformation... (Score:4)
I see a lot of posts saying that IPv4 is just fine and we should stick to it. Wrong, wrong, wrong. I realise that people on this group don't design routers every day, but I think you would be amazed at how much protocol hacking goes on under the covers. The vast majority of routers out there do some amazing things to try and hack together things like quality of service (QoS) and NAT that IPv4 just isn't designed to do.
Yes, IPv4 is working. But the amount of time now spent in the design phases to kluge together ways for NAT and QoS to work is becoming way more than most design houses will stomach. Features like VoIP, VPN, and QoS have major cash potential for ISP's, and they in turn will pay to get capable equipment. Doing this with IPv4 is a bitch, and a lot designers secretly wish IPv4 would go away and use IPv6 instead, because VPN and QoS are much easier to do.
One other major piece of misinformation here is that all boxes need to be replaced for this to happen. Not so. The vast majority of routers, hubs, switches, and all desktop computers are perfectly capable of running IPv6 right now. It involves a code load change, not a hardware upgrade. On a related point, most ISPs completely replace all their network boxes every 2 years anyways, so the threat of scrapping all hardware for IPv6 won't faze them much anyway (it's part of their cycle).
The last point is that people don't think that their toasters need IP addresses. This is also not so! Yes, in the next 10 years your toaster will need an IP address. Why? Because ToasterCompany will want you to do a firmware upgrade on your toaster because their have been field problems (like toasters burning operators). You will go across the wire, flash your firmware, and now your microprocessor-controlled toaster has CrispyToaster(tm) v1.16b firmware. We've already seen web servers implemented in ~4mm PIC processors, so expect them to become popular in the near future in your favorite household appliance.
To do this, you need an IP address (to speak IP of course). Please don't tell me how great NAT is... yes, I also run a Linux ipMasq box which works fine, but NAT fundamentally breaks many of the underlying IPv4 mechanisms. We can't keep dumping more patches to the NAT engine every time someone wants to NAT some new protocol; eventually we are going to reach a limit of effort.
Also note that using ports as a means of "IP expansion" is also a Very Bad Idea. A port is specifically designed (in TCP/IP spec) to represent a different service on a given host, not across different hosts. Yes, you can use this technique in NAT, but it tends to make performance/utilization metrics used by ISP's blatantly wrong, which leads to Bad Things.
Please also read Singal11 [mailto]'s message above, he is right about the routing table issue. There is no current proposal (beyond CIDR) which can solve this problem. Also, see jd's post, it is a good summary of why IPv6 is needed.
There is still an overflow... (Score:2)
After all, there are doubtless lots of software packages out there that assume that telephone numbers are exactly ten digits long.
This doesn't break the phone system itself, but it breaks systems that track telephone numbers.
The upshot is that this breaks just any sort of "business" system that uses telephone numbers...
Happily, one of these systems that breaks will be the Circuit City systems that track who you are based on your telephone number. Customers may be quite happy about this, but Circuit City doubtless won't be...
Ten Digit Dialing Is Not A Solution (Score:2)
The problem is not that.
The problem is that even ten digits may not be enough...
Are forgetting somebody? (Score:3)
Shouldn't Al Gore share some of the blame too? -Hasdi
P.S. sorry, i couldn't resist. ;-)
The Great Telephone Number Explosion... (Score:3)
After all, there are only a theoretical billion numbers, which get cut down due to positional issues ( e.g. can't start either an area code or a local number with a 0 or 1, amongst other constraints).
When you count up telephone numbers used by home phones, business phones, fax machines, pagers, cell phones, and start tossing in Internet usage, the system will be running out of room at some point.
I hear rumor of some ideas the Telcos are working on to consolidate numbers; it won't be trivial...
running out of IPs (Score:3)
As for toasters,cars,coffeepots, all having their own IPs... I can see it happening with cars. Think about it, your car has a computer inside it that monitors the system, and -today- you can take your car into a mechanic, and with their own kind of computer, can hook up with your car's computer and find out what is wrong. I bet that in the near future, cars will have IPs, so that they can remotely talk to the mechanics' computers. And while we're at it, have a thing, where if someone steals your car, they can find out where the IP is located at. There are a hell of a lot of cars on the planet, aren't there?
And then there is the connectivity of cell phones, PDAs, people having dedicated lines to their computers in their home (eg. cable modems - connected all the time, so always have an IP). You have to remember that the IPs are not just for the USA, but for the rest of the world as well... the LDCs are beginning to be more connected, and as this develops, more IPs will be needed. With 6 billion people, if even half of them had at least one device that had an IP, it's easy to see that the 4 billion limit can run out very quickly.
It's going to eventually be like the area code problem, and have to punch in 10 digit numbers for local calls. Gawd, hopefully they won't run out of area codes...
Re:DNS? (Score:2)
IPv6 Myth Debunking (Score:3)
The best new thing I am waiting for IPv6 to to do is force everyone to upgrade their routers to include multicasting. The large address spaces of IPv6 multicasting should have some extrememly interesting effects on internet broadcasting. I can't wait
Re:Every toaster on the internet? (Score:3)
You betchya!
Wouldn't a company love it if they could use ip to tell how full a soda machine was? Wouldn't they love it to change the electronic signs outside their stores?
I used to program cash registers. Do you know how much I would have given to be able to telnet to a misbehaving register on the other side of the country?
There are tremendous business uses for this sort of thing.
IPv4... (Score:2)
Lets say IPv6 was made a standard tomorrow and everyone had five years to convert or even ten years. Every router would have to be replaced with the cost being put now on the major backbone providers. Then every server and embeded system on the internet would have to be replaced by people like MCI and Aletnet. That means high speed access companies and ISPs who rent their services have to pay higher prices, and all the people that utilize their services have to pay a higher fee to make up for it. It comes down to a 40$ monthly dialup bill. My suggestion? Keep your microwave and toaster off the internet and think up more effective uses for NATs and network configurations.
Re:IPv4... (Score:2)
IPv6 isn't hard to upgrade to. Its a software upgrade. And machines can run both stacks simultaneously. Pick up R. Stevens' network programming text, volume two, he gets heavily into coexisting IPv4 and IPv6 stacks. 10.0.0.1 is
And IPv6 isn't near as complex as it looks. Sure, perhaps if you're implementing a stack, but for the most part its plug in and go. Neighbor Discovery is a Good Thing. And for the programmer, the library functions are cleaner and more direct.
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
Re:too much misinformation... (Score:2)
Wrong, a firewall is the means to do that. You're relying on obscurity to protect you, which, as we all know, is no security at all.
You're relying on the upper layer protocols to make assumptions about the lower levels of network. This isn't proper. The network should be the network. The applications shouldn't have to know and shouldn't have to care what boxes they travel through to get to the end station. NAT breaks that.
NAT, most frequently, tends to break low traffic datagram protocols. I'm pretty sure what you envision is a network using nothing but TCP, and proxy upon proxy upon proxy to pick up the slack. Sorry, but I find that a bit shortsighted. It may be great for you, but your situation is just that... yours.
Just as an example, a local ADSL provider in my area used to do just that... running their entire ISP behind a single NAT-overloaded IPv4 address. It was a dismal failure. Users couldn't play games like Diablo. One person would piss off an IRCOp, and the k-line would ban EVERYBODY. The NAT box would get overloaded and crash, and suddenly nobody had connectivity.
A NAT'd IP can never provide the full, unrestricted functionality of a real IP address. End of story.
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
Returning some of the 16.7 million... (Score:2)