dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5241
share rss forum feed


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

[IPv6] World IPv6 Launch is coming in a few days...

World IPv6 Launch will begin on the evening of the 5th of June in the U.S. (midnight UTC on the 6th). Keep track of »www.comcast6.net for the latest updates...



--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

Get Your Home Network Ready for IPv6

You can find helpful directions on configuring your home gateway device (such as an Apple Airport Extreme) on MyDeviceInfo (»mydeviceinfo.comcast.net). It is significant and notable that, up to now, IP addressing (with IPv4) has been shared. That means a typical Internet user has used Network Address Translation (NAT) to share a single IP address across multiple devices in the home. That all changes with IPv6 - which means the need for NAT and shared addressing goes away. We hope this change will unleash new innovation in home networking and other in-home Internet services.



--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to jlivingood

Re: [IPv6] World IPv6 Launch is coming in a few days...

BTW, I'll post more of these through early next week...
--
JL
Comcast


cmslick3

join:2004-05-24
Joliet, IL
reply to jlivingood

Please forgive my bleak understanding of IPv6 BUT wouldn't the removal of NAT essentially put every device in your home directly on the internet?

To me this seems like a bit of a security and privacy issue. I don't have the desire to allow any random entity on the net to see when my PC comes on-line and potentially track my every move. Maybe there is something i'm missing here, I need to do more research.

I can see the use for this capability from a business perspective, but for the average home user it seems less than desirable.


biomesh
Premium
join:2006-07-08
Tomball, TX

1 recommendation

Just because an address is visible to other hosts on the Internet doesn't necessarily make it vulnerable. Security through obscurity is not a good model. You would still need a IPv6 capable firewall to protect your devices.



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to cmslick3

said by cmslick3:

Please forgive my bleak understanding of IPv6 BUT wouldn't the removal of NAT essentially put every device in your home directly on the internet?

It does, but you still have a device (home gateway device for example) that aggregates the traffic in/out. Those devices are expected by default to block inbound connections unless you configure it otherwise - which you might for certain parts of your network that you want to have unsolicited inbound traffic to.
--
JL
Comcast


Streetlight

join:2005-11-07
Colorado Springs, CO
reply to biomesh

said by biomesh:

Just because an address is visible to other hosts on the Internet doesn't necessarily make it vulnerable. Security through obscurity is not a good model. You would still need a IPv6 capable firewall to protect your devices.

That's why one needs a router, at least today. The router provides Stateful Packet Inspection in addition to Network Address Translation, to be sure incoming packets are meant for your local (home) network. This is true even if you only have one computer connected to the Internet. Presumably a IPv6 capable router will also provide this level of security. I'm not sure how a network with a router can handle multiple IPv6 addresses, one for each device attached to an intranet.

See the Wikipedia page regarding Stateful Packet Inspection:

»en.wikipedia.org/wiki/Stateful_firewall
--
There is nothing more deceptive than an obvious fact.

Sherlock Holmes in
The Boscombe Valley Mystery
A. C. Doyle
Strand Magazine, October 1891


PGHammer

join:2003-06-09
Accokeek, MD

True.

However, a router with SPI that is IPv6-hostile is also not a good thing going forward. That is why a router with SPI that is not deliberately (and unchangingly) IPv6-hostile is important going forward. Such routers exist today (even in the home userspace, from Cisco/Linksys, Netgear, D-Link, Buffalo, ASUS, and others) and there are even retrofits for a large number of older routers with common third-party chipsets (especially those from Broadcom).

The big issues for home users and IPv6 aren't at the computer level, amusingly enough. Microsoft Windows (retail since Windows XP Service Pack 2, and back-patchable back to Windows 2000 Service Pack 4) is IPv6-aware and dual-stack. (Yes - this *includes* Windows 8 to date.) Mac OS X since Leopard, and any Linux distribution with at least kernel 2.6, is also IPv6-aware/dual-stack.

An SPI *and* IPv6-capable router should also support DHCPv6-PD (to handle IPv6 routing chores) in tandem with the existing DHCPv4 capability inherent in any router. Fortunately, most existing IPv6-ready routers (and third-party firmware for older routers) does meet this recommendation. You should still check the documentation for both router and firmware to be sure.


cmslick3

join:2004-05-24
Joliet, IL
reply to jlivingood

I'm not condoning security through obscurity, though it does work for people with ADD, if you're less visible your less of a target. I wouldn't connect a PC directly to the internet now, and I won't do it in the future, pingable or not.

I'm just trying to gain an understanding of how the IPv6 world will see the devices in my home. From what I've read it's possible that every person in the work could have a massive amount of addresses assigned to them, obviously it's not going to be implemented like that. So what device supplies the IPv6 addresses to your home network devices? Does my home gateway do this, does the modem do this, or is it further up the chain? Who determines how many devices you can connect to your home network?

It's counter intuitive to me that each individual device would be uniquely identifiable to the internet as a whole, yet also be part of a home network. I guess I just like playing in my own sandbox is the point.



SHoTTa35

@optonline.net
reply to Streetlight

I'm not sure how a network with a router can handle multiple IPv6 addresses, one for each device attached to an intranet.

An IPv6 router will be assigned a specific range of of addresses called a /64 or /56 or however long your ISP decides.

Take a look here at the Linksys screenshot - perfect example:

»[IPv6] Evidence of Comcast IPv6 CPE Dual Stack (CPE and CPEPD)

You will be assigned a block of addresses, for example:

2601:c:x:x;x:x:x

Your router will then give all your other devices an address say:

2601:c:5601:AF:23:11:11
2601:c:5601:2B:43:1c:1F
2601:c:5601:23bf:a30c:f33e

Or whatever - Those aren't exact IP addresses but you get the idea. Your router will also have the IPv6 Firewall which will block scans/pokes and whatever else coming to your addresses unsolicited.

This is why it's inportant to have a good firewall for IPv6 and not just enable tunnels back to your network. Surely you can connect to IPv6 networks but without the support of router or software firewall they can connect just as easily back to your system.


SHoTTa35

@optonline.net
reply to cmslick3

As much as you like to think you are obscure because of NAT you would be wrong.

NAT is like a gated community except without actual guards or gates. You feel all safe inside because. Any normal thief could just walk right in and do as they wish. The problem in the internet world is that hackers wouldn't be able to "see" your house right away. They would just scan for packets and then have the "addresses" of every single house in the area as well as have some basic information about the house (size, bedrooms, garages, etc).

You are doing what most people do and think of NAT as a "security" measure which it's not at all. If you had no firewalls on the router or computers in the NAT then anyone could walk right in and have a look around just the same.


Daemon
Premium
join:2003-06-29
Berkeley, CA
Reviews:
·Comcast
·webpass.net
reply to cmslick3

said by cmslick3:

From what I've read it's possible that every person in the work could have a massive amount of addresses assigned to them, obviously it's not going to be implemented like that.

Actually, right now comcast is assigning a /64 to each account/household, which works out to 18 quintillion (18 billion trillion) addresses per account.

It's hard to fathom just how many IPv6 addresses there are. There are so many you literally could not build enough devices using today's technology because you'd use up the entire mass of the earth on the devices, even if they were all tiny micro computers, long before you'd run out of addresses. Until we start building trillions of nano robots that all need their own unique addresses, we'll have an enormous IP address surplus.
--
-Ryan
I use Linux, OS X, iOS and Windows. Let the OS wars die.


Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA
kudos:1

1 recommendation

reply to jlivingood

Since the launch is happening in a few days, do you have a listing of Comcast areas/states that are IPv6 ready? I would like to know just out of curiosity



SergeyE

@microsoft.com

»mydeviceinfo.comcast.net/ has a small list of routers tested for ipv6 compatibility. Anyone knows if there are any plans to add SamKnows units to the testing effort?

I'd expect them tested at some point, as the program has blessing from the FCC, and participants, while free to leave, are discouraged from doing so.



mackey
Premium
join:2007-08-20
kudos:12
reply to cmslick3

said by cmslick3:

To me this seems like a bit of a security and privacy issue. I don't have the desire to allow any random entity on the net to see when my PC comes on-line and potentially track my every move. Maybe there is something i'm missing here, I need to do more research.

That's why they made the privacy extension. »en.wikipedia.org/wiki/IPv6#Privacy

Privacy extensions for IPv6 have been defined to address these privacy concerns.[32] When privacy extensions are enabled, the operating system generates ephemeral IP addresses by concatenating a randomly generated host identifier with the assigned network prefix. These ephemeral addresses, instead of trackable static IP addresses, are used to communicate with remote hosts. The use of ephemeral addresses makes it difficult to accurately track a user's Internet activity by scanning activity streams for a single IPv6 address.[33]

Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS (since version 4.3).[34] Some Linux distributions have enabled privacy extensions as well.[35]

/M


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

1 recommendation

reply to jlivingood

If You Own Your Modem, Consider a New One That Supports IPv6

If you have purchased your own device, and it does not support DOCSIS 3.0, we of course always recommend that you upgrade to a DOCSIS 3.0 device to take advantage of all the speed possible in our network. You can certainly contact us and we will be happy to lease you a DOCSIS 3.0 device. If you would like to buy your own device, you can find a list of approved devices at MyDeviceInfo @ »mydeviceinfo.comcast.net. On that list you will see a checkmark next to the devices that support IPv6, which is a factor you may want to consider when you select a new device.



--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to Chris 313

Re: [IPv6] World IPv6 Launch is coming in a few days...

said by Chris 313:

Since the launch is happening in a few days, do you have a listing of Comcast areas/states that are IPv6 ready? I would like to know just out of curiosity

We are working on that as either a map or lookup tool. Don't have it finished yet though. Think of it this way though - if you are on an Arris CMTS you will be IPv6 enabled (with the right modem obviously) within maybe 90 days or so. Cisco will be after that - but they are not yet ready (we're working like heck to change that).
--
JL
Comcast


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to jlivingood

Re: If You Own Your Modem, Consider a New One That Supports IPv6

How current is that MyDeviceInfo table?

It says that the Zoom 5341J is not IPv6 ready. But the box it came in says it supports both IPv6 and IPv4.

Snipped from the web page within the modem:

Standard Specification Compliant DOCSIS 3.0
Hardware Version A0
Software Version 5.5.4.4J



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to SergeyE

Re: [IPv6] World IPv6 Launch is coming in a few days...

said by SergeyE :

»mydeviceinfo.comcast.net/ has a small list of routers tested for ipv6 compatibility. Anyone knows if there are any plans to add SamKnows units to the testing effort?

I'd expect them tested at some point, as the program has blessing from the FCC, and participants, while free to leave, are discouraged from doing so.

SamKnows added some v6 tests last year at our request, and had them for World IPv6 Day. We asked for similar data from them for World IPv6 Launch and that they add an IPv6 test for each of their current tests today. My guess is that will be ready for their Fall 2012 measurement period.

Another good one is the RIPE Atlas program and we're talking to them to see if there's an interesting way to do more of their analysis in the U.S., especially for IPv6.
--
JL
Comcast

nysports4evr
Premium
join:2010-01-23
kudos:1
Reviews:
·Comcast

1 edit
reply to jlivingood

said by jlivingood:

if you are on an Arris CMTS you will be IPv6 enabled (with the right modem obviously) within maybe 90 days or so.

Wow. This is much quicker than I could have expected. Awesome job you and everyone else who was involved with IPv6 at Comcast. You guys will be the first major ISP in the US to rollout native, dual stack IPv6. Awesome!


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to graysonf

Re: If You Own Your Modem, Consider a New One That Supports IPv6

said by graysonf:

But the box it came in says it supports both IPv6 and IPv4.

Over the years we have found many devices from many companies that claim IPv6 support. But sometimes that may mean IPv6 on the management interface and not the customer interface or something entirely different. In any case, we're working with each of the D3 vendors to get firmware that can handle IPv6, meaning pick up a prefix from our DHCP servers and then hand out v6 addresses on the wired and wireless LAN.
--
JL
Comcast


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Wouldn't statically assigning IPv6 avoid such problems, or is that something Comcast would not consider even if it did?

Thanks.



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by graysonf:

Wouldn't statically assigning IPv6 avoid such problems, or is that something Comcast would not consider even if it did?

That would be a huge pain when a network move is required due to a topology change.


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to jlivingood

IPv6 Offers Many More IP Addresses

If you have a home gateway device, we'll issue you much more than the single IPv4 address you get today. In fact, you will get what is called a /64 -- which is 18,446,744,073,709,551,616 IPs. That's 18 quintillion unique IPv6 addresses!



--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to jlivingood

World IPv6 Launch on June 5-6: Launch Into the Future

The World IPv6 Lauch is almost upon us! It begins on the East Coast of the United States on the evening of June 5, 2012 (at midnight UTC on June 6). For all the details, see the special event website setup by the Internet Society at »www.WorldIPv6Launch.com.



--
JL
Comcast

medbuyer

join:2003-11-20
kudos:4
reply to jlivingood

Re: [IPv6] World IPv6 Launch is coming in a few days...

will this mean that Comcast will replace my SMC D3G modem since it's not IPv6 compatible?

I know I can buy my own....I'll reserve my thought for that later...



jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

said by medbuyer:

will this mean that Comcast will replace my SMC D3G modem since it's not IPv6 compatible?

I know I can buy my own....I'll reserve my thought for that later...

Most devices will be software upgradable (which we do often)...
--
JL
Comcast

andyross
Premium,MVM
join:2003-05-04
Schaumburg, IL
reply to medbuyer

From what I've read, all D3 modems are supposed to be IPv6 compatible. Of course, until it's really used, you never know what bugs there may be and there will certainly be some updates. Of course, the manufacturers can just say it's too old, and if it works well enough, then live with the bugs!

I'm guessing there is no guarantee that older D2 modems would be updated to properly support IPv6.



YukonHawk

join:2001-01-07
Patterson, NY
reply to jlivingood

Re: Get Your Home Network Ready for IPv6

Hi there Jlivinggood...I went to the link about to see how to manually set up my AE5, but my system could not view the PHP file. The pdf symbol is there but when I try to download the file is PHP any idea on how to open those? Thanks for your help.



chc

@comcast.net

Are you using firefox to download the .pdf file? If so, try using another browser. I am seeing the same problem using firefox on a mac but it doesn't appear to be a problem with chrome/safari.