Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Networking The Internet

One Less Reason to Adopt IPv6? 174

alphadogg writes "For a decade, IPv6 proponents have pushed this upgrade to the Internet's main communications protocol because of its three primary benefits: a gargantuan address space, end-to-end security, and easier network administration through automatic device configuration. Now it turns out that one of these IPv6 benefits — autoconfiguration — may not be such a boon for corporate network managers. A growing number of IPv6 experts say that corporations probably will skip autoconfiguration and instead stick with DHCP, which has been updated to support IPv6."
This discussion has been archived. No new comments can be posted.

One Less Reason to Adopt IPv6?

Comments Filter:
  • But... (Score:5, Funny)

    by gzerphey ( 1006177 ) on Monday September 17, 2007 @10:24AM (#20636899)

    from the adopt-a-puppy-instead dept


    But puppies don't have a "gargantuan address space" or end-to-end security. Trust me, puppies leak all the time.
    • Re: But... (Score:5, Funny)

      by Bogtha ( 906264 ) on Monday September 17, 2007 @01:06PM (#20639843)

      Not to mention the fact that sniffing is a constant problem.

    • But puppies don't have a "gargantuan address space" or end-to-end security. Trust me, puppies leak all the time.
      And don't even ask about the problems you run into when you try to patch those holes. (I started to type "plug" but that seemed in bad taste, even for Slashdot.)
  • by morgan_greywolf ( 835522 ) on Monday September 17, 2007 @10:24AM (#20636911) Homepage Journal
    DHCP in an IPV6 world is a buggy whip [wikipedia.org]. It's not necessary. An IPV6 device can discover its own IP address and gateway router and subnet mask (if necessary) without the help of any servers because it's built into the protocol stack.

    DHCP doesn't give a network admin any more control over a network, either. That's just a silly statement. How does having a server doling out IP addresses make it any easier to control a network? It's not a like a device *must* be set to use DHCP. It's not difficult to figure out what IP address ranges a DHCP server is not doling out and use that, even on IPV4.

    • by igjeff ( 15314 ) on Monday September 17, 2007 @10:32AM (#20637049)
      DHCP does a whole lot more than that.

      The reality of the situation is that stateless autoconfig in IPv6 is one way to get basic networking connectivity setup, DHCP is another. Depending on your situation, the phase of the moon, and any of a number of philosophical viewpoints held by the network admin, stateless autoconfig might or might not get used. *shrug* Even with stateless autoconfig, DHCPv6 might also get used to configure other information that is not handled by stateless autoconfig (DNS servers, NTP servers, any of a huge list of other things).

      The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize. Can you be ready for IPv6 in 2 years? You need to be. If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.
      • by Silver Sloth ( 770927 ) on Monday September 17, 2007 @10:40AM (#20637173)

        If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.
        or have I got two years to configure the gateway between the corporate network and the internet? That's a much smaller task.
        • by igjeff ( 15314 )
          Yes, that's a smaller task (though I wouldn't call it small...there are all sorts of corner cases to consider with that sort of solution).

          But its the same answer. If its gonna take you 2 years, you need to start now. If its gonna take less than 2 years, then you've got a little bit of time...but do you really want to risk painting yourself in a corner if it doesn't go as smoothly as you expect?

          I would say start now (if you haven't already) and if you get done before hand...well, good for you, you're ready
        • Re: (Score:3, Insightful)

          by walt-sjc ( 145127 )
          But what about the application protocols? That's what matters. We are not just talking "gateway", but a full-blown proxy that translates IPv4 / IPv6 sessions / protocols. Then there is encryption that is built-in to IPv6 which makes this MUCH more difficult.

          IMHO, this "much smaller task" isn't quite so small anymore. In fact, it's massive.

          IPv6 enabled machines talking to "legacy" IPv4 applications / services is a TRIVIAL task compared to the other way around.
      • "The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize. Can you be ready for IPv6 in 2 years? You need to be. If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.

        Well, a lot of governments are g

      • by afabbro ( 33948 ) on Monday September 17, 2007 @12:45PM (#20639475) Homepage
        The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize.


        Son, they've been saying that for 15+ years.

        Yes, there is a limit. But once IPV4 address space at the "top level" becomes scarce, it will be handled according to the rules of any scarce commodity - it'll become more expensive. That will encourage efficiency, free space from wasteful users, etc. Then we'll get close again, lather rinse repeat, etc. We will eventually hit the point of "full" but it's not like in September 2010 suddenly there will be no more routable IPs for the next system that needs one.

      • by asuffield ( 111848 ) <asuffield@suffields.me.uk> on Monday September 17, 2007 @01:57PM (#20640771)

        The important point to remember, though is *2 YEARS*. That's how long we have until the IPv4 address space is fully allocated at the top level. It may take a little longer (months?) before people start really feeling any pain from that at the end-user level. But its the critically important point for people to realize. Can you be ready for IPv6 in 2 years? You need to be. If its gonna take you 2 years to get IPv6 functioning in your network, then you need to start *NOW*.


        About once a year I investigate the current state of ipv6 support, and every time so far I have found every major operating system (including linux-based ones) to be inadequate to the task of deploying ipv6. The software support is just not there, on both the system and application levels. Sure, I can configure ipv6 interfaces on hosts and even have some of them set up tunnels and talk to each other, but it is entirely impossible for me to configure a non-trivial network without ipv4 support on every host and still expect it to work, so there's no damned point.

        NAT is the solution to the address space problem. Get used to it, because ipv6 has spent the last five years failing to become a solution. When we finally run out of ipv4 addresses, we aren't going to switch to ipv6, we're going to switch to using NAT at the ISPs. You won't get an internet-routeable address for anything other than a server, after that happens - regular DSL lines will be allocated an address from one of the private ranges and NATted onto a smaller pool of routeable addresses as they leave the ISPs network.

        It's going to come down to a choice between a technology that has spent years going nowhere and a technology that has spent years being used as the solution to the problem. I know which way the ISPs are all going to jump.
        • Re: (Score:3, Interesting)

          by belphegore ( 66832 )

          NAT is the solution to the address space problem. Get used to it, because ipv6 has spent the last five years failing to become a solution. When we finally run out of ipv4 addresses, we aren't going to switch to ipv6, we're going to switch to using NAT at the ISPs. You won't get an internet-routeable address for anything other than a server, after that happens - regular DSL lines will be allocated an address from one of the private ranges and NATted onto a smaller pool of routeable addresses as they leave th

    • Short answer? NAC and 802.1X.

      You don't take access. We grant it to you.
      • That's exactly what I was thinking, but I didn't know for sure whether or not IPv6 had some crazy native support for this.
        • I suppose there might be (I no longer remember since autoconfig always seemed like a gimmick to me) but it takes time to convince an admin that they should change from old and not busted to new and unknown.
    • Good luck figuring that out over a VPN connection.

      I can see both sides of this argument pretty easily. Perhaps you have multiple gateways for different reasons but are too dumb to subnet/VLAN. Of course with 802.1X authentication I'm not sure how that would work without DHCP given that an address is assigned dynamically and RADIUS accounting determines when and if they gain access and for how long among other features.

      Theoretically it could be done without DHCP although I imagine the software clients wo

    • by thegameiam ( 671961 ) <thegameiam@@@yahoo...com> on Monday September 17, 2007 @10:36AM (#20637115) Homepage
      Yes, you can get your IP address and router, but you won't get a DNS server. I don't know about you, but I'm not a huge fan of manually entering 128-bit addresses...

      IPv6 Autoconf resembles bootP or inverse-arp more than it does DHCP. Also, DHCP has steadily developed a bunch of knobs over the years so that (for instance) IP phones can be told about which TFTP server to use - that sort of functionality doesn't exist in v6 autoconf today. Not to say that it never will, but v6 autoconf doesn't currently have anywhere near the capabilities that v4 DHCP does.
    • by Imagix ( 695350 ) on Monday September 17, 2007 @10:47AM (#20637273)
      And DHCPv6 provides for more information than merely the IP, Subnet, and Router addresses (say, DNS, boot server, configuration file name, time server, etc). And yes, you can configure a network in such a way that the device is required to be known by the DHCP server before it is allowed to talk (off of its local network anyway...).
    • by markom ( 220743 ) on Monday September 17, 2007 @10:50AM (#20637317) Homepage

      DHCP doesn't give a network admin any more control over a network, either. That's just a silly statement. How does having a server doling out IP addresses make it any easier to control a network? It's not a like a device *must* be set to use DHCP. It's not difficult to figure out what IP address ranges a DHCP server is not doling out and use that, even on IPV4.
      I beg to differ.

      DHCP combined with modern network infrastructure allows network administrators complete control over all addressing issues in the network - including preventing non-DHCP hosts from participating in the network (called DHCP snooping) and location-based services ("DHCP option 82"). DHCP is so much more than just a kludge to get an IP address to the host. Scalability of DHCP allows network administrators to append information such as DNS, NTP, TFTP (for IP Telephony/TV) server information and so much more - default gateway, static routes just to name few. All this is pretty much lacking from IPv6 autoconfiguration.

      That's why we tend to like DHCP ;-)

      Marko
      CCIE #18427
      • Don't forget the WPAD information so that web browsers can find their proxy server. Handing this out in DHCP is faster for the browser than just configuring WPAD in DNS (it can be done both ways, and should be for redundancy - but setting it in DHCP generally results in better behavior).
      • by Sique ( 173459 )
        The Siemens Deployment Service for IP phones (Siemens optipoint 4xx) even sends VLAN number and Gatekeeper address via DCHP, using option 43.
    • by TemporalBeing ( 803363 ) <bm_witness@HORSE ... minus herbivore> on Monday September 17, 2007 @11:15AM (#20637725) Homepage Journal

      DHCP doesn't give a network admin any more control over a network, either. That's just a silly statement. How does having a server doling out IP addresses make it any easier to control a network? It's not a like a device *must* be set to use DHCP. It's not difficult to figure out what IP address ranges a DHCP server is not doling out and use that, even on IPV4.
      As others have said, DHCP does so much more.

      I run DHCP on my home network to setup: DNS, WINS, Gateway, IP Address, NTP (Time), and other services. I also use it to record MAC addresses for security reasons, and to easily grab them so that I can configure static IPs and DNS names for specific systems without having to ask people for their specific MAC (unless they're coming in wireless...then they need to to get access anyway...).

      Point is, it gives me an easy way to manage my network. And honestly, I was looking forward to playing around with IPv6 in the same manner on my home network (because I could, and wanted to experiment), but some things just aren't ready for it yet, and the lack of a DHCPv6 server (at the time) to manage the auto-configuring was an issue too.

      Additionally, I have played with IPv6 with its auto-config, which at least under Windows 2003 is a joke as it is a half-baked implementation that is just plain broke. Half the time it works, and half the time it doesn't. And when it doesn't, it is seriously borked, and breaks everything else too. (And I was only running a set of 6 systems (4 servers, and 2 clients) in my test network.) It took a lot of time to get systems reconnected when things failed out due to IPv6 addressing not working. Haven't tried it much under Linux yet...but I would still have Windows clients to support, and VPN and other software that would need supported. (Software I don't control the version or support on...work does.)

      Any how...DHCPv6 would have made supporting that test network a lot easier, and actually would have kept it functional. I cannot imagine what kind of problems admins will have trying to deploy IPv6 with auto-config on a larger network. (Imagine, your computer gets a new IPv6 address just because you rebooted...not make that your server and you could really screw up your network quickly.)
    • Re: (Score:3, Interesting)

      >DHCP doesn't give a network admin any more control over a network, either.

      Sure it does.
      I can set certain classes of my clients to use a certain set of DNS servers; I can black list specific MAC addresses from getting an address, or I can grant them addresses on a VLAN that has no corporate access but has Internet access; I can have a central location that records the addresses of my clients and who they're linked with, etc...

      At least these are services I'm used to right now with DHCPv4. I'm going to be
    • by mellon ( 7048 )
      That's not a great analogy. A buggy whip is obsolete in an automotive world because automobiles can't be made to accelerate by scaring them.

      It's true that stateless address configuration takes away one problem that DHCPv4 solves. So stateless is a bit like Bonjour, only you get a routable address. Not a bad thing. But there are a lot of other things that DHCP does in a network infrastructure that stateless can't do so easily, from DNS updates (unless you solve the key distribution problem somehow) t
  • I mentioned this when IPv6 was being touted as a good idea, years back. What's up with the OSI protocols? NIH I guess. Lets all re-invent the wheel instead.

    And look, nobody wants the new wheel anyway.

    Meh. Get of my lawn. Go on, the lot of you.

     
    • Re: (Score:2, Informative)

      by T-Ranger ( 10520 )

      I guess it boils down to: because the full ISO stack never worked.

      First off, it was never "finished", insofar as many features available in other things were/are not available in OSI.... Given the level of "optional" features of OSI, in practice, full systems never did manage to communicate with each other. Given the complexity of the standards, building software, and debugging things, was very, very hard.

      I am more then willing to grant that some very specific bits coming out of the OSI process were good

    • by jc42 ( 318812 ) on Monday September 17, 2007 @01:45PM (#20640569) Homepage Journal
      What's up with the OSI protocols? NIH I guess. Lets all re-invent the wheel instead.

      That's not the problem that I saw, 15 or 20 years back, when I was involved in a number of OSI implementation projects. We were in fact looking at several competing protocols, with the idea of implementing them all and developing test suites to determine their good and bad points.

      But something interesting happened on all the OSI projects: We'd need the specs, of course, and you couldn't download them. You had to order the hard copy. This meant going through the usual corporate red tape for ordering stuff. You'd fill out a requirement doc, get it ok'd. You'd fill out a purchase req, figure out whose signatures you needed, and have the secretaries work on collecting the signatures. You'd mail off the order, and wait.

      Meanwhile, since there was a lot of waiting to do, we'd work on the IP version. We'd download the RFCs, spend an hour or so reading and a few hourse discussing, and then we'd sit down at a terminal and start coding. We'd be at the testing stage within a day, and have usable results in a few days. By the time the OSI specs showed up on our desks, we'd have had the IP version up and running for weeks. While we were reading the OSI specs (always much larger than the IP specs), we'd have users getting experience with the IP version, and sending in bug reports and/or change/feature requests. By the time we finally got an OSI version to the alpha stage, the IP version would be ready to send to the first customers.

      If the OSI gang had had the sense to make their docs available free on the Internet, they might not have lost so badly. But by trying to make the specs a profit center, and by using a different competing delivery network (the postal system), they put a major time blockade in the way of developers. So they lost out big time to IP.

      I've never been all that convinced that IP was any better than OSI, especially now with the big migration to IPv6 peering over the horizon. But I never really got a good chance to test them and compare their capabilities. The OSI version of our code was always so far behind the IP version that the whole issue was moot. IP won every race, because OSI was so slow out of the starting box. And that was because we developers couldn't get out hands on the specs in a timely manner.

  • Missing DNS (Score:5, Insightful)

    by thegameiam ( 671961 ) <thegameiam@@@yahoo...com> on Monday September 17, 2007 @10:30AM (#20637019) Homepage
    IPv6 Autoconfiguration is close but no cigar in a couple of signignificant ways:

    1) DNS server information wasn't baked in from the beginning (there are now some drafts to fix this, but I haven't yet seen the working code) - all this time, and we managed to recreate BootP...

    2) Because autoconfiguration uses /64 addresses for hosts, the address size gain, while large, isn't anywhere near the original promise, and encoding the MAC address into a globally-visable IP address does release information about hosts which was formerly private (NIC vendor, for one, as well as the more theoretical complaint about the layering violation).

    3) Just try it with VMWare or other virtualization software. Ouch. There's a whole lot of borked there.

    4) Obviously you wouldn't want to use it for a true server, becuase who wants their server IP to change when a NIC burns out?

    All that said, in a dual-stack environment it works reasonably well: but it doesn't honestly look like anyone gave much thought to a time when IPv4 wouldn't be present on the LAN or on the hosts...
    • Re:Missing DNS (Score:5, Informative)

      by Znork ( 31774 ) on Monday September 17, 2007 @10:44AM (#20637239)
      "3) Just try it with VMWare or other virtualization software. Ouch. There's a whole lot of borked there."

      Eh, what?

      As far as I could tell, as soon as I started radvd on my gateway all my xen guests autoconfigured their global v6 address. Perhaps you have a VMWare specific issue?

      "4) Obviously you wouldn't want to use it for a true server, becuase who wants their server IP to change when a NIC burns out?"

      Obviously you dont have a server-hardware ip address to use for a true server service. You dedicate an IP address to the actual service so you can move it around freely decoupled from the hardware and any other services on the box. (And to tie back to your earlier point; if you're virtualizing, there's no connection between the hardware and the MAC address anyway).

      When you have a bazillion ip addresses it's not like you have to save them for a rainy day.
      • I haven't used Xen with v6. VMWare had problems getting the guest to do the autoconfiguration instead of having the host do it - that provides a vector to get from guest -> host...

        You do have a fair point: I should probably consider that a VMWare issue rather than an autoconf issue, but the general v6 approach is to have a single gigantic broadcast domain per "site," instead of learning the lessons we all have in the past 10 years about the benefits of small layer-2 islands connected with layer-3... So
        • Re: (Score:3, Insightful)

          by Znork ( 31774 )
          "VMWare had problems getting the guest to do the autoconfiguration instead of having the host do it"

          Could be a bridging issue with VMWare. As long as the virtualization software acts as an unfiltered bridge, v6 autoconf really should work.

          "instead of learning the lessons we all have in the past 10 years about the benefits of small layer-2 islands connected with layer-3."

          I agree in part, but it depends on how you look at it. I think the idea is to use it as huge, very sparsely populated layer-2 islands conne
        • You do have a fair point: I should probably consider that a VMWare issue rather than an autoconf issue, but the general v6 approach is to have a single gigantic broadcast domain per "site," instead of learning the lessons we all have in the past 10 years about the benefits of small layer-2 islands connected with layer-3... So the natural way of doing things in v6 will encounter this problem.

          Are you sure, I though this would have been link-local? Basically you would break your net into pools and then the com
          • The problem is that "link-local" isn't. Layer-2 devices will happily forward frames with fe80:: source and destination addresses. Routers are supposed to stop it, but that requires a layer-3 boundary, which defeats the point of having a /64 for a single site (i.e. single router or router-pair)
    • On an IPV4 network, DHCP is quite handy even for true servers, because it gives you single point-of-control of MACIPhostname mapping. When you have to move a machine from one subnet to another, it means that you can take the machine down, update your DNS/DHCP tables, and restart the machine on the new subnet. You don't have to update anything on the machine, itself. Autoconfig doesn't do that.

      I've looked a little at DDNS with DHCP, and from what I've been able to tell, the trust model appears to be rever
  • by Lxy ( 80823 ) on Monday September 17, 2007 @10:31AM (#20637025) Journal
    Autoconfig is nice for home networks and such. For the corporate world, DHCPv6 is far more useful.

    Most people think of DHCP as just giving an IP address, mask, gateway, and DNS. DHCP can do SO much more. We're talking HUNDREDS of pieces of data, including custom strings. Want to tell your IP phone where the call manager is? DHCP. Want to tell your Netware clients where the nearest replica server is? DHCP. Still using WINS for some strange reason? DHCP.

    Autoconfig is nice for the lazy admin, but for folks who want to keep track of where their IPs are going and want to deploy additional features, DHCP is the better option.
    • by jd ( 1658 ) <`imipak' `at' `yahoo.com'> on Monday September 17, 2007 @11:24AM (#20637885) Homepage Journal
      Want to tell your IP phone where the call manager is? DHCP. Want to tell your Netware clients where the nearest replica server is? DHCP.

      IPv6 Anycast returns the nearest server that supports the capability you want. True, you wouldn't use the router advertisement protocol, but there are major advantages to having lightweight protocols that can be added to as extra needs develop, as opposed to having one monolithic protocol that requires excessive space on the network and heavyweight processes to churn over.

      • by Lxy ( 80823 )
        Hmmm... I will need to check that out.

        Sounds like Anycast is similar to a service advertisement though. Wouldn't it make more sense to use a challenge-response mechanism like DHCP instead of a multicast? DHCP can take a bit of bandwidth, yes, but it only transmits when asked. That's why you see less and less service advertisement kind of stuff coming from Novell and Microsoft.
    • I've started my open DHCPv6 implementation over 4 years ago. Once in a while, someone reports a bug or says that it works fine, so people are using it. The rate of adoption is not that great, but I've got feedback from 28 countries. Anyway, that's hardy a news. Basic DHCPv6 spec has been published in 2003. By the way: there's a small misunderstanding. Formally, the whole autoconf process in IPv6 is split into stateless and stateful (DHCPv6) parts.
    • by _KiTA_ ( 241027 )

      Most people think of DHCP as just giving an IP address, mask, gateway, and DNS. DHCP can do SO much more. We're talking HUNDREDS of pieces of data, including custom strings. Want to tell your IP phone where the call manager is? DHCP. Want to tell your Netware clients where the nearest replica server is? DHCP. Still using WINS for some strange reason? DHCP.


      Forgive me if I'm wrong, but that sounds less like "DHCP is awesome" and more like "Lazy devs have added extensions to DHCP rather than implement a proper
      • Forgive me if I'm wrong, but that sounds less like "DHCP is awesome" and more like "Lazy devs have added extensions to DHCP rather than implement a proper auto-configuration protocol for their other services."

        What what what???

        Instead of writing proprietary, incompatible protocols, developers have plugged their products into the industry standard, openly documented auto-configuration protocol, which was designed to be extensible. And they get called lazy?!

        That's slashdot for you. My head a splode.

      • Why would you want everybody and his dog to have their very own autoconfiguration methods when you can have one nice, centralized point?

    • by jc42 ( 318812 )
      Want to tell your IP phone where the call manager is? DHCP. Want to tell your Netware clients where the nearest replica server is? DHCP. Still using WINS for some strange reason? DHCP.

      So can it also tell my wife where her keys are? If so, I'll be adopting it right away.

      (I've been looking for a key-chain gadget that combines GPS and wifi capabilities. I could write my own program that queries it and tells me where she left it. Then the only remaining problem would be the not-so-good accuracy, to within ab
  • Not just corporate (Score:5, Informative)

    by Dolda2000 ( 759023 ) <<moc.0002adlod> <ta> <kirderf>> on Monday September 17, 2007 @10:31AM (#20637033) Homepage
    From what I've been able to tell from the discussions on the IETF's IPv6 mailing list, it probably won't just be corporate networks going with DHCPv6. The greatest problem with IPv6 autoconfiguration (probably since its inception) is the fact that while you get a network address, you don't get any information about available DNS servers, which no modern IP node can do without in reality.

    There have been a number of suggestions to solve it that problem, of course, ranging from adding an extra field for DNS servers in the autoconfig ICMP messages to using well-known unicast addresses for the closest recursive DNS server to using a dedicated protocol just to discover DNS servers. The first and last of those have (rightfully, IMNSHO) been shot down because then one might "just as well" use DHCP, which exists and has a solution ready for the issue at hand. I cannot remember why the unicast suggestions have been rejected, though, and it has been disturbing me, because I think it is the best solution. I really just cannot see the drawbacks to it. I guess there might have been some talk about lack of security in that model, but that's a problem with DNS in general, though. That's why DNSSEC was invented.

    Last I looked, the consensus seems to be to use autoconfig for address generation, and then request network information (such as DNS servers) from a link-local DHCPv6 server. When everything comes around, I think that's a rather good solution. Clients can still get whatever non-occupied address they want (which means the privacy extensions will also continue to work), and still get the information they find relevant, and a DHCPv6 server should be easy to implement on a network of any scale.

    • I'm deploying an IPv6 VPN at my company, and I've avoided the use of DHCPv6, as they have avoided DHCPv4 to make it less easy for people to attach to our networks. By using stateless autoconfig and not having DHCPv6, I can still restrict use of company nameservers to systems with our loadsets that have the DNS setup statically defined.
      • Note that that won't restrict use of your nameservers. It just means a rogue machine has to find out what the IP addresses of the nameservers are so it can configure them. That may be easy if the rogue machine is an unauthorized laptop belonging to a legitimate user who's got the configuration of his desktop readily to hand to copy information from.

        And autoconfig pretty much makes it impossible to restrict access to the network at all. Autoconfig'd machines probably can't get through the router and may not

  • Why Not Both (Score:5, Insightful)

    by maz2331 ( 1104901 ) on Monday September 17, 2007 @10:38AM (#20637145)
    Autoconfig is a nice default for something that "just works" without much need for an admin to plan out the network, and DHCP is great for tighter control where needed. What's wrong with having both options available?
  • IPv6 isn't that good because DHCP has been updated to support IPv6?
    O.O *blink blink* O.O
  • The real reason... (Score:3, Insightful)

    by yogi ( 3827 ) on Monday September 17, 2007 @10:49AM (#20637309) Homepage
    IPv6 may offer a range of new features over IPv4, but realistically, people will move to IPv6 for one of two reasons

    1. They have run out of IP addresses ( remember the 10.0.0.0 private network is pretty big! )
    2. Everyone else is doing it.

    Option 1 is only really going to be a problem for the really big firms, and they will be really careful. All those Corporate apps need retesting with the new IP addresses, and that is a non trivial exercise ( think Y2K all over again!, except you could do it piecemeal ). It's a hard sell to the business : Mr PHB, we'd like to spend a large amount of money retesting all the applications in Globocorp to use a new IP numbering scheme. Nope, you won't get any business benefit.

    ISPs may force people of IPv6 at some point, but that's only been an issue in South Korea so far. Everyone else still has enough IP addresses right now.

    And until we get a critical mass of people going for Option 1, option 2 is a no go.
    • by igjeff ( 15314 )
      >Nope, you won't get any business benefit.

      Here's a problem.

      I consider the basic ability to grow the IT infrastructure (and therefore the business) to be a business benefit.
      • That's a problem for Internet facing companies who require public address space but not so much for places with only a few public IPs.

        Many companies will find it hard to justify the investment in ipv6 while there's plenty of space left in 10.0.0.0/8.
  • by monkeySauce ( 562927 ) on Monday September 17, 2007 @10:58AM (#20637443) Journal
    IPv6 33% Pointless

    One Less Reason to Adopt IPv6

    IPv6 Address Assignment Choices

    Some May Forgo IPv6 Autoconf. for DHCP

    IPv6 Autoconf. Vs DHCPv6


    NetworkWorld chic: Well, I like "33% Pointless" the best, but my editor struck it down. The informative ones are too boring. I'll get more page views with "One Less Reason..."
    • <GrammarNazi>

      The (fictional) Editor, given his/her job title, should have known better than to choose a title with a glaring grammatical error.

      "Less" is used for continuously variable amounts. The correct word when dealing with discrete quantities is "fewer". Hence, "less oil", but "fewer barrels of oil".

      </GrammarNazi>
      • "Less" is used for continuously variable amounts. The correct word when dealing with discrete quantities is "fewer". Hence, "less oil", but "fewer barrels of oil".

        <ScienceNazi>
        The amount of oil is not continuously variable. It's "fewer molecules of oil". ;)
        </ScienceNazi>

      • "Fewer" can only be used with plurals. The editor is not the one who needs a grammar lesson.

        If you like the sound of "one fewer reason", I can only offer my sympathies to whoever taught you English.

  • Isn't the headline and summary putting this entirely backwards? Now that DHCPv6 is available IN ADDITION to auto configuration, that's one MORE reason to adopt IPv6, or rather, on less reason to stick with IPv4. It's not like auto configuration suddenly can't or doesn't work now that DHCP is available as an alternative option.
  • by vertinox ( 846076 ) on Monday September 17, 2007 @11:03AM (#20637521)
    Look, if we don't switch to IPv6 one of these days, then in 100 years from now an angry IT network sys admin is going to go insane with the mess we left him and invent a time machine and come back to blow us all up.

    It is going to have to happen and the longer we put it off the more expensive it is going to get over time to replace all the equipment. Yes, NAT works but its like trying to keep an old system road infrastructure in place that will be more costly to maintain at a certain point than to replace.
    • Re: (Score:3, Funny)

      by NewWorldDan ( 899800 )
      Your argument completely ignores the COBOL paradox. If time travel were possible, some angry programmer from the future would have already come back to prevent COBOL from ever being created.

      And NAT works very well as the poor man's firewall. Broadband routers have prevented more worm/virus outbreaks than any patch ever will.
  • address space (Score:5, Interesting)

    by SuperBanana ( 662181 ) on Monday September 17, 2007 @11:07AM (#20637581)

    a gargantuan address space,

    Methinks one reason IPv6 hasn't been adopted is because those who have chunks of the IPv4 space are quite happy having what is essentially an artificially precious resource.

    Most people think the IP address space is "nearly full", but a handful of companies are sitting on prime real estate (nevermind there is a huge amount of "reserved" space which is not in use.) For example, why do the following companies have entire class A's to themselves?

    • Ford
    • Prudential Securities
    • Department of Social Security of UK (WTF?)
    • Eli Lily and Company
    • Haliburton
    • Defense Information Systems Agency has FOUR, YES, FOUR, ENTIRE CLASS A's
    • Re: (Score:3, Informative)

      by Detritus ( 11846 )
      Because they were pioneers. As in other things, pioneers take the risks and reap the benefits, or get 30 arrows in their back.
    • by zenray ( 9262 )
      The Last time I checked Zenith Electronics had an entire class B block.
  • I always thought with that big of an address space they could force everybody to have their own unique biometric hash and gps coordinates encoded in the ip address.
    • I always thought with that big of an address space they could force everybody to have their own unique biometric hash and gps coordinates encoded in the ip address.
      Parkinson's Law: Programs expand to fill the memory available to hold them.

      (And here I was hoping to post, "Reasonable limits aren't.")
  • premature... (Score:2, Interesting)

    by pjr.cc ( 760528 )
    It all seems a little premature to me. Both sides have benefits and pains.

    But IPv6 (while i remember it being chosen as "the standard" we'll go with moving forward back in 1994 or 5?) is seriously at a point where IPv4 was when the internet was nothing more than a research network used by universities.

    DHCPv6 has a number of advantages for a corporation, where it exists in the network and where it doesn't will still remain the same.

    Cisco IOS's many integrations into dhcp v6 are interesting, but so much of it
  • DHCP (and bootp and RARP before it) served primarily the purpose of letting an otherwise unconfigured node discover which IPv4 address it should use. Along with that, DHCP could deliver more information important to the node as well - default router, DNS information and so on.

    With IPv6, the basic networking information is automatically configured when a node connects to the network. DHCP's purpose in such environments is to allow unconfigured nodes, once they've configured IPv6, to discover things like DNS
  • So there are huge swaths of IP space tied up in entities which don't need any where near as many as before NAT. If ARIN's requirements for usage were enforced then we may be fine for the next 10 years. Anyone with a Class A needs to figure out what they're doing and return some major swaths of IP space:

    1.0.0.0/8 - IANA
    2.0.0.0/8 - IANA
    3.0.0.0/8 - GE
    4.0.0.0/8 - Level 3
    5.0.0.0/8 - IANA
    6.0.0.0/8 - DoD
    7.0.0.0/8 - DoD
    8.0.0.0/8 - Level 3
    9.0.0.0/8 - IBM
    10.0.0./8 - NAT (we all love it)
    11.0.0.0/8 - DoD

    Come on peopl
  • Too much magic (Score:3, Insightful)

    by sjames ( 1099 ) on Monday September 17, 2007 @01:06PM (#20639847) Homepage Journal

    I'm not sure if autoconf and IPv6 addresses in general have too much or too little magic. Admittedly, these are in part Linux implementation bugs, but the kitchen sink nature of v6 sure isn't helping. If I can't reach anything by v6, I don't really care that I can secure my connection to nowhere with crypto.

    On the too much magic side, I announced 5001::/64 on my LAN at home as a test. Yet, when I try to go to a v6 enabled site, firefox tries to use v6 even though 5001::0/64 in no way impleis that I can reach 2001:: from here.

    On the too little magic side, some sites have more than one router (It's called a private network, some people don't care to splatter their private business all over the world). I tried setting that up with both overlapping and non-overlapping prefixes. Neither worked at all. The machines bounced from one to another so that they didn't even keep a consistant address. Good thing I had v4 so I could fix it without hopping from machine to machine. Possible good behaviours might have been:

    1. Just pick one and use it
    2. Actually assign both and just pick one when there is an overlap otherwise use the most specific route.

    The success or failure of v6 will be in client support. Nobody is going to accept a v6 only web server if clients can't reach it. Many of those clients have v4 only ISPs with dynamic IPs. They will not want their entire lan to renumber every time they get a new dynamic assignment. So, they will want a non-routable prefix for local to local traffic. Too bad the silly machines will try to use that for non-local traffic!

    Admins are often busy people. They don't want to devote their professional life to a v6 rollout, especially when practically nothing out there is reachable by v6 yet. If it's not dead simple it won't happen at all. I tried dead simple and as a result some sites became unreachable. I killed it again and they came back (falling back to their v4 addresses).

    Link local addresses don't seem to work AT ALL. I see the route but I get EINVAL if I try to ping.

    I suppose my next attempt will be to rip all the autoconfig stuff out of the kernel and implement a userspace daemon. It doesn't really belong in the kernel anyway. That's what initramfs is for.

    In general, this business of having to add one of 6, -6, -A inet6 or other junk to the command line or appending a 6 to the name of the utility has got to go. It's one thing to need a software update to handle v6, I can understand that older software might not even know v6 exists, but the v6 version has no excuse for not knowing v4 exists. ping6 192.168.2.1: unknown host.

    All of this tells me that v6 still has the status of a toy to play around with, not a supported standard ready for worldwide use. That's fine as far as it goes, but it's not exactly making people anxious to get on with the upgrade.

    It's been over a decade now. Let's quit pretending it's just inertia and try to address the real adoption barriers while there are still v4 addresses left.

    My advice:

    Just forget about scope. Prefix lengths are more than adequate for making routing decisions.

    Quit appending a 6 to everything (this is not marketing!). That includes structs and function calls in the library. For the most part, a v6 address as ASCII is distinguishable from v4. Likewise, in binary 4 octets followed by nulls or nulls followed by 4 octets is a v4 address. An app that won't run when the size of sockaddr_in changes was wrong to begin with. If you must, make -DV4ONLY use the old v4 only structs etc so broken source will compile and run. Done right, a number of old but well written programs could support v6 just by recompiling.

    Allow multiple router announcements and behave gracefully. Use the prefix that best matches the destination.

    Simpler handling of 6to4 and 4to6 translations. With so many people using APs and other routers for a broadband connection now, automatic en/de-capsulation in IPv4 can go a long way with very little configuration and a few simple rules.

    • by amorsen ( 7485 )
      Link local addresses don't seem to work AT ALL. I see the route but I get EINVAL if I try to ping.

      Link local addresses are only valid when coupled with an interface name. The reason why is rather obvious.

      I suppose my next attempt will be to rip all the autoconfig stuff out of the kernel and implement a userspace daemon.

      I would recommend that you get a good understanding of IPv6 before you implement it.
      • by sjames ( 1099 )

        Link local addresses are only valid when coupled with an interface name. The reason why is rather obvious.

        As in assigned to an interface? It is (or rather they are) assigned to an interface and have (automatic) routing entries. Manual manipulation of the routing table doesn't help. Smells like hard coded policy implemented in kernel code (bad form).

        Why would my belief that autoconfiguraation belongs in userspace indicate a lack of understanding?

        • by amorsen ( 7485 )
          As in assigned to an interface?

          No, you need to specify which interface you're talking about when using link local addresses. Sit back and think for a moment. How is the kernel supposed to guess which interface a link local address is on? Do you want it to just spit the packets out all interfaces?

          Why would my belief that autoconfiguraation belongs in userspace indicate a lack of understanding?

          The fact that you think that a link local address is valid without an interface name indicates a lack of understandin
  • I'd be reluctant to go without IPv6 autoconfig. I run a DHCP server for IPv4 and enabling IPv6 wouldn't be too much hassle, but it's a great deal nicer not to have to. Arguments re shifting addresses are bogus, since you'll usually allocate addresses for services/network entities when you wish them to remain persistent anyway, just like you currently reserve static IPs in DHCP for servers.

    I'm not too happy that no agreement has been reached on anycast DNS, though. The lack of a mechanism for clients to disc
  • Of course they'll skip "stateless autoconfiguration." Even if it could be upgraded to provide enough information to the client (such as the location of the DNS servers) the fact remains the the autoconfigured IP address is selected by running a reversable algorithm on the MAC address. This means that in every communication you're advertising to the entire network:

    1. What manufacturer made your NIC chipset
    2. With high probability which NIC chipset is in use
    3. With high probability which firmware revision is

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"

Working...