OK, so I know why it was invented: IPv4 running out of space.
But having followed the various conversations about IPv6 capable ISPs, I'm left wondering why anyone wants to actually use IPv6 right now?
That isn't to argue that they shouldn't, I genuinely want to know. I switched to 64-bit pretty early (because with Linux I could), and dealt with the occasional issues (flash, etc) in return for a system which was theoretically "better" but which felt no real different to a 32-bit machine. But (sad but true) I enjoyed the smugness of running 64-bit without (major) problems, something I couldn't have done with Windows.
So what reasons are there to play with IPv6? Just because we can? Because we want to learn about it for the future? Or is there actually anything practical I could do with IPv6 that I can't with IPv4, or that just works better on IPv6?
If you convince me that there is a good reason to play, my next question will be how to get started, so be warned :-)
PS: For anyone with 64-bit capable hardware there really isn't any downside to using 64-bit Linux now as far as I can tell.
On 3 February 2010 09:28, Mark Rogers mark@quarella.co.uk wrote:
OK, so I know why it was invented: IPv4 running out of space.
But having followed the various conversations about IPv6 capable ISPs, I'm left wondering why anyone wants to actually use IPv6 right now?
...
So what reasons are there to play with IPv6? Just because we can? Because we want to learn about it for the future? Or is there actually anything practical I could do with IPv6 that I can't with IPv4, or that just works better on IPv6?
My main reason for wanting to use it is "Because we want to learn about it for the future". Learning about stuff is a major driver for a lot of the things I do with my PC.
JD
Hi,
On 03/02/2010, Mark Rogers mark@quarella.co.uk wrote:
But having followed the various conversations about IPv6 capable ISPs, I'm left wondering why anyone wants to actually use IPv6 right now?
Native IP level security? More addresses.
Can't remember any other advantage.
But I've always found the addressing horrible to understand. IPv4 has an advantage there. It's easier to remember 10.1.0.23 than 2002:421a:3423:377b:aedf::0323 etc
Can you imagine a LAN Party with IPv6? :o I know people suggest running a DNS server to helpfully translate IP addresses to names, but is it really feasible for everyone to run their own DNS server? .... even on a LAN party? (or similar ad-hoc LAN gathering)
(maybe this is one motivation for Bonjour/Zeroconf/Avahi?)
Anyone care to prove me wrong?
Srdjan
Srdjan Todorovic wrote:
Hi,
On 03/02/2010, Mark Rogers mark@quarella.co.uk wrote:
But having followed the various conversations about IPv6 capable ISPs, I'm left wondering why anyone wants to actually use IPv6 right now?
Native IP level security? More addresses.
Can't remember any other advantage.
Well "more addresses" is so many more we can ditch NAT which was a horrible hack in the first place.
Even ignoring that I believe the routing overhead of ipv6 is actually lighter.
What about the things like multicast built into the spec ? I dunno if this will get implemented everywhere but if it did then it could change how we deal with media on our networks.
Flow Labels could also simplify things like QoS
Can you imagine a LAN Party with IPv6? :o I know people suggest running a DNS server to helpfully translate IP addresses to names, but is it really feasible for everyone to run their own DNS server? .... even on a LAN party? (or similar ad-hoc LAN gathering)
Well I am sure for ad-hoc networks you are already going to be using DHCP to reduce setup times and it's trivial then to add a DNS server into the mix, in fact I believe many consumer routers can do this by default.
The only real issue here is once we ditch NAT's (which hopefully will become redundant) you no longer have the same common private address subnets in use everywhere. 192.168.0.whatever isn't in itself particularly memorable except that we are used to seeing it so frequently.
I am not sure how we are going to cope with default configurations on Network kit like routers where you need to talk to it once to set the correct address. Will we rely completely on DHCP auto configuration and hope that the new device isn't the thing that is supposed to be providing that. Or is new equipment going to be factory configured somewhere in the fc00::/7 space ?
On 03/02/10 10:59, Wayne Stallwood wrote:
Well "more addresses" is so many more we can ditch NAT which was a horrible hack in the first place.
NAT is a horrible hack, but does have significant benefits; imagine having an office full of internet-addressable Windows PCs! It may or may not be trivial to configure a firewall (and maybe IPv6 has something to offer here? I know very little about IPv6 as yet) but with IPv4 and NAT it's difficult to give multiple PCs in one office unrestricted bi-direction internet access, and the world would probably we a worse place were that not true!
The only real issue here is once we ditch NAT's (which hopefully will become redundant) you no longer have the same common private address subnets in use everywhere. 192.168.0.whatever isn't in itself particularly memorable except that we are used to seeing it so frequently.
Because most people don't need DNS most people don't have it, but if most people needed it then it would become even more trivial to install (and all routers would have it in the same way they have DHCP now). "Most people" don't know IP addresses now anyway, they access machines on the network by name (\Dave, \Server, or the GUI equivalents). I like knowing IP address now but I don't suffer as a result of not remembering MAC addresses and I don't recall the IP address for (eg) Google.
Anyway, my appetite has been whetted, so where do I start?
At home I have a Virgin cable connection, but at work we are an Enta reseller and I recall reading in the previous thread that this might be a Good Thing as far as IPv6 is concerned?
On 03 Feb 11:22, Mark Rogers wrote:
On 03/02/10 10:59, Wayne Stallwood wrote:
Well "more addresses" is so many more we can ditch NAT which was a horrible hack in the first place.
NAT is a horrible hack, but does have significant benefits; imagine having an office full of internet-addressable Windows PCs! It may or may not be trivial to configure a firewall (and maybe IPv6 has something to offer here? I know very little about IPv6 as yet) but with IPv4 and NAT it's difficult to give multiple PCs in one office unrestricted bi-direction internet access, and the world would probably we a worse place were that not true!
Meh - drop in a stateful firewall on the router, done. Make it so that ipv6 outbound can go anywheres and inbound is only on things that it knows about - usual firewall/routing practice. NAT has made most people lazy about what their firewall should be doing.
The only real issue here is once we ditch NAT's (which hopefully will become redundant) you no longer have the same common private address subnets in use everywhere. 192.168.0.whatever isn't in itself particularly memorable except that we are used to seeing it so frequently.
Because most people don't need DNS most people don't have it, but if most people needed it then it would become even more trivial to install (and all routers would have it in the same way they have DHCP now). "Most people" don't know IP addresses now anyway, they access machines on the network by name (\Dave, \Server, or the GUI equivalents). I like knowing IP address now but I don't suffer as a result of not remembering MAC addresses and I don't recall the IP address for (eg) Google.
Erm, I think everyone in the world cares about DNS... It's very difficult to do name based virtual hosting without it! If you're meaning small offices, then, erm, most of those by now will be running a DNS server of some variety, maybe even dnsmasq (which is a lovely dhcp/dns server pairing). Also, with "zeroconf" or whatever it's called these days... (avahi-daemon supplies the service in linux) - there's a whole other way of doing lookups too.
Anyway, my appetite has been whetted, so where do I start?
At the beginning!
At home I have a Virgin cable connection, but at work we are an Enta reseller and I recall reading in the previous thread that this might be a Good Thing as far as IPv6 is concerned?
Don't believe that Virgin provide native ipv6, so you'd be looking at tunnel providers for home, I'd suggest looking at: http://tunnelbroker.net/
Terminate the tunnel on to a permanently on linux box on the network, use radvd to then advertise the ipv6 space to anything else on the network, rejoice as it all "just works".
With Enta, I believe that they'll do native IPv6 on the ppp session, at which point it'd be down to wether or not your router supports it.
Thanks,
Brett Parker wrote:
On 03 Feb 11:22, Mark Rogers wrote:
On 03/02/10 10:59, Wayne Stallwood wrote:
Well "more addresses" is so many more we can ditch NAT which was a horrible hack in the first place.
NAT is a horrible hack, but does have significant benefits; imagine having an office full of internet-addressable Windows PCs! It may or may not be trivial to configure a firewall (and maybe IPv6 has something to offer here? I know very little about IPv6 as yet) but with IPv4 and NAT it's difficult to give multiple PCs in one office unrestricted bi-direction internet access, and the world would probably we a worse place were that not true!
Meh - drop in a stateful firewall on the router, done. Make it so that ipv6 outbound can go anywheres and inbound is only on things that it knows about - usual firewall/routing practice. NAT has made most people lazy about what their firewall should be doing.
What he said.
I think probably that would end up being the default configuration for any consumer grade router/gateway appliance much as it is now. You'd get people clicking the "allow everything, everywhere" button to try and get something working and mostly they will get exactly what they deserve :)
Once every script kiddy on the planet has emptied the trays on their network printer overnight a few times they will get the point.
At home I have a Virgin cable connection, but at work we are an Enta reseller and I recall reading in the previous thread that this might be a Good Thing as far as IPv6 is concerned?
Yes you just need to contact ipv6@enta.net to get it enabled for a new or existing connection and as Brett says, make sure you have ipv6 friendly equipment at your end.
On 03/02/10 21:30, Wayne Stallwood wrote:
I think probably that would end up being the default configuration for any consumer grade router/gateway appliance much as it is now. You'd get people clicking the "allow everything, everywhere" button to try and get something working and mostly they will get exactly what they deserve :)
That's my point really: the "allow everything, everywhere" option isn't technically possible with NAT so people can't just enable it.
Installing a firewall correctly is just like using a USB modem on a desktop PC and configuring it so that your PC is safe: putting in a router is *much* safer and *much* less easy to break open by mistake or carelessness.
I'm not saying IPv6 is a bad thing. It's just that over the years I've become quite fond of NAT for the reasons above. When I need to work around it I can, but there's a big step from the default to the dangerous.
Once every script kiddy on the planet has emptied the trays on their network printer overnight a few times they will get the point.
Unfortunately we all get hit by this. ISPs take actions like blocking all traffic on certain ports because they can't trust their customers to do it, so even if you have a legitimate reason to open something up you'll find you can't.
Yes you just need to contact ipv6@enta.net to get it enabled for a new or existing connection and as Brett says, make sure you have ipv6 friendly equipment at your end.
OK, it looks like I have IPv6 unfriendly kit, so for the time being I'll go looking at tunneling options. This has the advantage of making it something I can play with at home.
Which consumer routers do support IPv6? I have a cheap router which runs RouterTech firmware but that doesn't seem to support IPv6.
I've been following this with quite some interest and have managed to get an IPv6 tunnel into my web server. My next question is how can I provide DNS for AAAA addresses? My external DNS hoster (freeparking.co.uk) don't offer this, and there are a few other technical reasons I want to move away from them, one being to do with how the deal with CNAME records. As my domain is up for renewal in a few months, can anyone recommend a DNS provider who offers IPv6 that I can transfer my domain too? -- ATB, Karl
On 4 February 2010 11:08, Mark Rogers mark@quarella.co.uk wrote:
On 03/02/10 21:30, Wayne Stallwood wrote:
I think probably that would end up being the default configuration for any consumer grade router/gateway appliance much as it is now. You'd get people clicking the "allow everything, everywhere" button to try and get something working and mostly they will get exactly what they deserve :)
That's my point really: the "allow everything, everywhere" option isn't technically possible with NAT so people can't just enable it.
Installing a firewall correctly is just like using a USB modem on a desktop PC and configuring it so that your PC is safe: putting in a router is *much* safer and *much* less easy to break open by mistake or carelessness.
I'm not saying IPv6 is a bad thing. It's just that over the years I've become quite fond of NAT for the reasons above. When I need to work around it I can, but there's a big step from the default to the dangerous.
Once every script kiddy on the planet has emptied the trays on their
network printer overnight a few times they will get the point.
Unfortunately we all get hit by this. ISPs take actions like blocking all traffic on certain ports because they can't trust their customers to do it, so even if you have a legitimate reason to open something up you'll find you can't.
Yes you just need to contact ipv6@enta.net to get it enabled for a new or
existing connection and as Brett says, make sure you have ipv6 friendly equipment at your end.
OK, it looks like I have IPv6 unfriendly kit, so for the time being I'll go looking at tunneling options. This has the advantage of making it something I can play with at home.
Which consumer routers do support IPv6? I have a cheap router which runs RouterTech firmware but that doesn't seem to support IPv6.
-- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Wed, Feb 03, 2010 at 09:28:49AM +0000, Mark Rogers wrote:
But having followed the various conversations about IPv6 capable ISPs, I'm left wondering why anyone wants to actually use IPv6 right now?
Why not? What disadvantage is there to learning something new? :)
Adam
-
Adam Bower -
Brett Parker -
Jon Dye -
Karl Foley -
Mark Rogers -
Srdjan Todorovic -
Wayne Stallwood