dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4952
share rss forum feed

macbookproi5

join:2012-05-27

1 recommendation

IPV6 advantage

What's the advantage of having IPV6?



timcuth
Braves Fan
Premium
join:2000-09-18
Pelham, AL
Reviews:
·Charter
·AT&T Southeast

2 recommendations

The IPv4 internet is pretty close to being out of addresses. IPv6 will provide millions of times more addresses. That is the main advantage.

One /64 block assignment, which is what I currently have for my home, will provide many times more addresses than the entire IPv4 address space. NAT will no longer be necessary. Every device will have its own unique IPv6 address.

I believe major parts of the IPv6 internet are going to become permanent on June 1, which is this coming Friday. I am ready. Are you?

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~



timcuth
Braves Fan
Premium
join:2000-09-18
Pelham, AL
reply to macbookproi5

Sorry, it is June 6, not June 1. 6/6, heh heh.

Anyway, here is a promotional site with a lot more info than I can provide.

»www.worldipv6launch.org/

Tim


macbookproi5

join:2012-05-27

thanks


IamGimli

join:2004-02-28
Canada
kudos:2

1 recommendation

reply to macbookproi5

said by macbookproi5:

What's the advantage of having IPV6?

Right now? Not a whole lot. Since most of the consumer-grade equipment and software doesn't support IPv6 natively it's mostly just about bragging rights.

Eventually it'll be like Tim says, but I don't see a truly IPv6 world happening within the next 10 years, possibly 20.
Expand your moderator at work


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

3 recommendations

reply to macbookproi5

Re: IPV6 advantage

said by macbookproi5:

What's the advantage of having IPV6?

The main advantage of having IPv6 right now is to be ready when IPv6 becomes necessary down the road. There are a lot of guesstimates when that will be but the truth of the matter is that nobody knows. Theoretically we should have run out of IPv4 addresses a long time ago but because of many mitigating efforts this hasn't happened yet.

One aspect of IPv6 that is sometimes advertised as an advantage is that support for encrypted connections are a mandatory part of the IPv6 specification (IPSEC) and not something that needs to be added on separately.

Not everything that changes is necessarily for the better. Some people are concerned that the ability to give every networked device a globally unique network address will lead to a loss of privacy/anonymity as well as creating vulnerabilities that don't exist in the IPv4+NAT world of today.
However that might just be a good reason to get informed about the future today.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

1 recommendation

One thing to clarify for our readers though, if I understand this correctly...IPSec is mandatory to implement in IPv6, but not mandatory to utilize. All this means is that to be IPv6 compliant, if a connection comes into me requesting IPSec, I must interchange packets using IPSec. When I initiate connections, it's my option whether to employ IPSec for that connection or not.

It's been my experience that the vast majority of IPv6 traffic does NOT have IPSec applied to it.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

You are absolutely correct and I apologize if my comment mislead anybody into thinking otherwise.

Just using IPv6 doesn't mean all traffic is encrypted, however any standard compliant implementation of IPv6 must support and accept encrypted connections. This does make it easier to establish encrypted connections (vendor and platform independent).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

1 recommendation

reply to rchandra

I thought they backed off the IPSec integration to make life easier on embedded platforms. (ipsec is not a tiny bit of code)



rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

It's problematic anyway. Suppose I generate my own key and run an IKE daemon. How do you know me from the billiions of potential other people connected to the Internet? How can you assure yourself that there is no MitM attack going on? It's nigh on impossible.

The FreeSWAN folks attempted to get users to use Opportunistic Encryption as they called it. I think for the MitM/no PKI reasons it was never widely implemented. It was an extremely good (and ambitious) idea but I'm not too sure it had a secure foundation.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to cramer

It's not that large.

m0n0wall has IPSec and the released version fits into a 16MB CF easily. The next release beta needs more but still fit easily into 32MB.



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
reply to cramer

I had read earlier discussions (pros and cons) for eliminating the mandatory implementation of IPSEC but my impression was that the status quo (IPSEC is mandatory in IPv6) was maintained.

I see now that RFC 6434 obsoletes an earlier IPv6 RFC about IPv6 Node Requirements (RFC 4294) and replaces the original MUST implement IPSEC with SHOULD implement (a weaker statement that allows omitting it).

Thanks for pointing that out.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to graysonf

Think "1MB flash" embedded devices. And the RAM required to actually run an IPv6 stack. Add those together and you have a long list of things out there that will absolutely never support IPv6. (and, btw, IPv6 ipsec is a lot more complex than a builtin https server.)



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Tell me about a few 1MB flash devices out there. m0n0wall with IPSec runs comfortably in 128MB of RAM, and if you had to have a 128MB stick of RAM you'd have to look on the surplus market.


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

1 recommendation

What part of "embedded devices" did you miss? I'm not talking about your laptop or desktop computers. I'm talking about purpose built, fixed configuration devices. There are thousands of linksys, netgear, dlink, etc. devices that have very little flash and ram -- pretty much everyone has at least one of these in their house... a cable modem, or a dsl modem/router. (only recently made one have or (maybe) will have v6 support.) Not to mention the millions of other various IP connected devices... print servers, tv's, alarm/security systems, power monitors/switches, etc., etc. So many things we completely forget about many of them.


druber

join:2000-04-11
Stow, MA
reply to macbookproi5

I think it was a smart move to make ipsec optional.



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

I think calling it 'optional' takes it further then the IETF intends.

The terms "MUST", "SHOULD" and "MAY" have very specific and well defined meanings in a RFC with "MUST" indicating something that is mandatory and "MAY" something that is optional. The term "SHOULD" used in the new RFC still tells vendors/manufacturers that IPSEC is to be included where possible.

Also keep in mind that the RFCs for IPv6 Node Requirements (the obsolete 4294 and the recent 6434) are Informational RFCs. The RFC for the IPv6 protocol is on the Standards track (RFC 2460) and as of today still states that a full implementation of IPv6 includes implementation of the AH and ESP extensions (IPSEC).

I don't think the change is intended for typical network devices such as computers (including tablets and smartphones) or routers (including customer premise equipment such as cable and dsl modems). The argument against mandatory IPSEC implementation seems to be that there are classes of network devices that don't have and don't need any user interface and adding one just to manage preshared keys or security certificates would be.a vast increase in complexity and cost for such devices.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!



timcuth
Braves Fan
Premium
join:2000-09-18
Pelham, AL
Reviews:
·Charter
·AT&T Southeast
reply to macbookproi5

Does anyone know what a typical end user (who is already supporting IPv6) should expect on and after World IPv6 Day 2012? Will more activity be transparently changed from v4 to v6? Will anything noticeable happen?

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~



Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink

1 recommendation

said by timcuth:

Does anyone know what a typical end user (who is already supporting IPv6) should expect on and after World IPv6 Day 2012? Will more activity be transparently changed from v4 to v6? Will anything noticeable happen?

If they're configured correctly, it should go unnoticed. I only noticed Facebook and Netflix switching over already because I run separate traffic graphs for IPv6 and IPv4+IPv6.
--
If you can't open it, you don't own it.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to timcuth

A lot of hype and marketing FUD (there's plenty of that already), but little to no actual operational difference. 99% of people have no clue what's going on behind typing "www.foo.com" in their browser.

Despite all the ISPs and vendors standing up to be counted, there's next to no IPv6 deployment from any of them. What they have done is the dead minimum to get counted. (the same crap they did last IPv6 day.) My Bellsouth DSL line... no IPv6 of any kind with zero plans to ever support it. [AT&T's party line is "upgrade to Uverse", where they deploy CGN (ipv4) and 6rd (ipv6) -- i.e. a complete d***ed joke.] My Earthlink cablemodem (via TWC, D2) has no IPv6 at all -- who knows if those two will ever support it. TWC Business Class... nope. TWTC T1... negative. Megapath T1... what's IPv6? VZB DS3... no. (given how long it took to install, I'm not poking at it.)

My IPv6 is provided by tunnels to HE.net. And it has worked perfectly for years.



rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

I might also add onto that for TWC...sure, they have their shiney name out there as "we support World IPv6 {Day, Launch}" yet do very little. I replaced my D2 cable modem with a D3 one in anticipation that they just MIGHT start utilizing it for Roadrunner/HSO. Nope. That's OK, I know it's a Herculean effort to get that going properly, with all the tier 1 people trained to answer queries in case someone calls up, as well as a lot of infrastructure work.

But even more maddening, when logging in to monitor/administer your account (myservices.timewarnercable.com), one of the steps in their login process is to access "ids.rr.com". The CNAME for that is "ids.gidms.rr.com". They are so paranoid about their DNS that they will NOT answer an AAAA query for either...meaning they don't answer at all, they just allow your DNS resolver (client) to time out. The most compatible way is to answer with an SOA record (meaning there's a record with that label, but no AAAA is available), or (if applicable) NXDOMAIN.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

Actually, it's a classic broken DNS server. It won't answer *any* but "A" queries.



rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

I sort of associate their name "ids" with "intrusion detection system," although I don't know their true intent. I'm going to guess they've set up a firewall somewhere along the way doing deep packet inspection which passes only certain queries, which only includes A, CNAME, possibly also SOA and NS.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

You aren't talking to "ids". The query is answered by the NS for gidms.rr.com -- gtm-01-ns.rr.com and gtm-02-ns.rr.com. Those are the broken DNS servers. They appear to not answer anything but an "A" query. You'd have to ask them what the three letters I-D-S mean. (it looks to me like id's, but who knows what mess they have internally.)



rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

1 recommendation

reply to cramer

Thing is, when users of those devices realize the marginal utility of continuing to operate them, they will get "kicked to the curb"....much like many of the CRT and NTSC televisions are these days. Hardly a trash pickup day goes by on which I'm driving that I don't see at least one CRT-based TV set out for pickup. It's sad to see that kind of electronics waste, but with the ATSC transition, it was nearly inevitable.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!

Expand your moderator at work