Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Concurrent Multi-path and Multi-streaming (Score 1) 109

TCP port 443 is the new waist of the Internet, and it doesn't look like that's going to change with the transition to IPv6 either. Should we just forget about concurrent multi-path and multi-streaming at the transport layer and do it all at the application layer? Or do you think there might still be room for fixing these problems at the transport layer?

Comment Re:Yes, it's coming (Score 1) 167

We're talking about an attack that only currently originates from a user population representing less than 0.3% of the Internet user population. If you're under attack over IPv6, then just pull the plug. Seriously, I get that you need to keep your family jewels in a bank vault. You can probably keep the rhinestones under the bed and save on the safe deposit fees.

Comment Re:Yes, it's coming (Score 1) 167

Turns out for external facing web services, you don't need any of that. You just rack up an IPv6 load-balanced proxy and point it at your existing IPv4 servers. The trick is making sure you don't shoot yourself by implementing a stupid per-source address limit and kill your site over IPv6 because all the IPv4 source addresses are the for the proxy array.

Comment Re:Beside the point (Score 1) 173

Most of the IPv4 stuff that ISPs are already using today was either never designed for the NAT444 subscriber model, or if it was, then it's badly broken and not as well engineered as the comparatively older and better designed IPv6 stuff. This is especially apparent when you're looking at service providers with more than 16 million subscribers, who need to number subscribers in multiple separate address realms. This is the main problem cited to me by operators who have rejected NAT444 in favor of IPv6 DS/DS-lite.

For evidence, I don't have much to point out except the fact that every major ISP in the United States and Europe, and many in Asia as well, having looked at the operational considerations associated with the NAT444 and IPv6 DS/DS-lite alternatives, now seems to have concluded that the latter is superior to the former. Admittedly, I have nothing but anecdotes to relay if you want help explaining their observed behavior.

As for making GoldenShield workalikes, yes Virginia— that's a piece of cake with IPv6. Easier, actually, because you have only a single address realm to manage.

Comment Re:Beside the point (Score 1) 173

All of those things can be accomplished at lower cost and with higher scalability and manageability with IPv6. There are some reasonable arguments for deploying NAT444 instead of IPv6 DS or DS-lite, but none of them have anything to do with tightening your grip on what your user community is doing with your network.

Comment Re:Non Networking Guy Question... (Score 1) 231

Um... because we'd all rather write 2001:db8:0:a::101 instead of Especially since, for anyone with much experience in IPv6 at all, we can look at the former and see the special documentation prefix 2001:db8::/32 at a glance, then see that the subnet identifier is "0:a" and the host identifier is "101" and we're good. That dot delimited version doesn't look so good next to that, does it?

Comment Re:Trouble with Tribble (Score 1) 132

Hell, your wireless provider has almost certainly set up a special backdoor for them to get this information about anyone they want without even having to write a letter or speak to a human being. It's a pain in the ass to read and respond to all those letters. It's a pain in the ass to have to write them. Everyone is happier when the cops just log into the LE portal and take whatever data they want.

Everyone loves cops, and everybody wants to help them fight crime and stuff! You love the cops, don't you? Of course, you do. Now, shut up and go back to whining about the fact your location services cache got backed up in the clear to your personal computer.

Slashdot Top Deals

Any sufficiently advanced technology is indistinguishable from a rigged demo.