| IPV6 advantage What's the advantage of having IPV6? |
|
|
|
 timcuthBraves FanPremium
join:2000-09-18
Pelham, AL
 ·AT&T Southeast
| The IPv4 internet is pretty close to being out of addresses. IPv6 will provide millions of times more addresses. That is the main advantage.
One /64 block assignment, which is what I currently have for my home, will provide many times more addresses than the entire IPv4 address space. NAT will no longer be necessary. Every device will have its own unique IPv6 address.
I believe major parts of the IPv6 internet are going to become permanent on June 1, which is this coming Friday. I am ready. Are you?
Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~ |
|
timcuthBraves FanPremium
join:2000-09-18
Pelham, AL | reply to macbookproi5
Sorry, it is June 6, not June 1. 6/6, heh heh.
Anyway, here is a promotional site with a lot more info than I can provide.
»www.worldipv6launch.org/
Tim |
|
| thanks |
|
| reply to macbookproi5
Right now? Not a whole lot. Since most of the consumer-grade equipment and software doesn't support IPv6 natively it's mostly just about bragging rights.
Eventually it'll be like Tim says, but I don't see a truly IPv6 world happening within the next 10 years, possibly 20. |
|
 leiboldPremium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:6
·SONIC.NET
| reply to macbookproi5
Re: IPV6 advantage The main advantage of having IPv6 right now is to be ready when IPv6 becomes necessary down the road. There are a lot of guesstimates when that will be but the truth of the matter is that nobody knows. Theoretically we should have run out of IPv4 addresses a long time ago but because of many mitigating efforts this hasn't happened yet.
One aspect of IPv6 that is sometimes advertised as an advantage is that support for encrypted connections are a mandatory part of the IPv6 specification (IPSEC) and not something that needs to be added on separately.
Not everything that changes is necessarily for the better. Some people are concerned that the ability to give every networked device a globally unique network address will lead to a loss of privacy/anonymity as well as creating vulnerabilities that don't exist in the IPv4+NAT world of today.
However that might just be a good reason to get informed about the future today.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire! |
|
 rchandraStargate Universe fanPremium
join:2000-11-09
14225-2105 | One thing to clarify for our readers though, if I understand this correctly...IPSec is mandatory to implement in IPv6, but not mandatory to utilize. All this means is that to be IPv6 compliant, if a connection comes into me requesting IPSec, I must interchange packets using IPSec. When I initiate connections, it's my option whether to employ IPSec for that connection or not.
It's been my experience that the vast majority of IPv6 traffic does NOT have IPSec applied to it.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.
Jeopardy! replies and randomcaps REALLY suck! |
|
leiboldPremium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:6 Reviews:
·SONIC.NET
| You are absolutely correct and I apologize if my comment mislead anybody into thinking otherwise.
Just using IPv6 doesn't mean all traffic is encrypted, however any standard compliant implementation of IPv6 must support and accept encrypted connections. This does make it easier to establish encrypted connections (vendor and platform independent).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire! |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | reply to rchandra
I thought they backed off the IPSec integration to make life easier on embedded platforms. (ipsec is not a tiny bit of code) |
|
rchandraStargate Universe fanPremium
join:2000-11-09
14225-2105 | It's problematic anyway. Suppose I generate my own key and run an IKE daemon. How do you know me from the billiions of potential other people connected to the Internet? How can you assure yourself that there is no MitM attack going on? It's nigh on impossible.
The FreeSWAN folks attempted to get users to use Opportunistic Encryption as they called it. I think for the MitM/no PKI reasons it was never widely implemented. It was an extremely good (and ambitious) idea but I'm not too sure it had a secure foundation.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.
Jeopardy! replies and randomcaps REALLY suck! |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to cramer
It's not that large.
m0n0wall has IPSec and the released version fits into a 16MB CF easily. The next release beta needs more but still fit easily into 32MB. |
|
leiboldPremium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:6 Reviews:
·SONIC.NET
| reply to cramer
I had read earlier discussions (pros and cons) for eliminating the mandatory implementation of IPSEC but my impression was that the status quo (IPSEC is mandatory in IPv6) was maintained.
I see now that RFC 6434 obsoletes an earlier IPv6 RFC about IPv6 Node Requirements (RFC 4294) and replaces the original MUST implement IPSEC with SHOULD implement (a weaker statement that allows omitting it).
Thanks for pointing that out.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire! |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | reply to graysonf
Think "1MB flash" embedded devices. And the RAM required to actually run an IPv6 stack. Add those together and you have a long list of things out there that will absolutely never support IPv6. (and, btw, IPv6 ipsec is a lot more complex than a builtin https server.) |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Tell me about a few 1MB flash devices out there. m0n0wall with IPSec runs comfortably in 128MB of RAM, and if you had to have a 128MB stick of RAM you'd have to look on the surplus market. |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:7 | What part of "embedded devices" did you miss? I'm not talking about your laptop or desktop computers. I'm talking about purpose built, fixed configuration devices. There are thousands of linksys, netgear, dlink, etc. devices that have very little flash and ram -- pretty much everyone has at least one of these in their house... a cable modem, or a dsl modem/router. (only recently made one have or (maybe) will have v6 support.) Not to mention the millions of other various IP connected devices... print servers, tv's, alarm/security systems, power monitors/switches, etc., etc. So many things we completely forget about many of them. |
|
| reply to macbookproi5
I think it was a smart move to make ipsec optional. |
|
leiboldPremium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:6 Reviews:
·SONIC.NET
| I think calling it 'optional' takes it further then the IETF intends.
The terms "MUST", "SHOULD" and "MAY" have very specific and well defined meanings in a RFC with "MUST" indicating something that is mandatory and "MAY" something that is optional. The term "SHOULD" used in the new RFC still tells vendors/manufacturers that IPSEC is to be included where possible.
Also keep in mind that the RFCs for IPv6 Node Requirements (the obsolete 4294 and the recent 6434) are Informational RFCs. The RFC for the IPv6 protocol is on the Standards track (RFC 2460) and as of today still states that a full implementation of IPv6 includes implementation of the AH and ESP extensions (IPSEC).
I don't think the change is intended for typical network devices such as computers (including tablets and smartphones) or routers (including customer premise equipment such as cable and dsl modems). The argument against mandatory IPSEC implementation seems to be that there are classes of network devices that don't have and don't need any user interface and adding one just to manage preshared keys or security certificates would be.a vast increase in complexity and cost for such devices.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire! |
|
timcuthBraves FanPremium
join:2000-09-18
Pelham, AL Reviews:
·AT&T Southeast
| reply to macbookproi5
Does anyone know what a typical end user (who is already supporting IPv6) should expect on and after World IPv6 Day 2012? Will more activity be transparently changed from v4 to v6? Will anything noticeable happen?
Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~ |
|
 CabalPremium
join:2007-01-21
Austin, TX
 ·Suddenlink
| said by timcuth:Does anyone know what a typical end user (who is already supporting IPv6) should expect on and after World IPv6 Day 2012? Will more activity be transparently changed from v4 to v6? Will anything noticeable happen? If they're configured correctly, it should go unnoticed. I only noticed Facebook and Netflix switching over already because I run separate traffic graphs for IPv6 and IPv4+IPv6.
--
If you can't open it, you don't own it. |
|
