dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
17
share rss forum feed

Walter Dnes

join:2008-01-27
Thornhill, ON

1 recommendation

reply to cowboyro

Re: There's a long way to go.

said by cowboyro:

Just because IPv6 is available, it doesn't mean everyone will embrace it too soon. After all there is no real NEED for it, at some point during the transition big ISP's will start selling IPv4 blocks as there is still a market for them... and smaller ISPs will just continue with IPv4 as there will be no need to switch.

I expect that it'll probably be government-mandated, just like the digital TV switchover. The MAFIAA will probably lobby "the best government that money can buy" to do it for them. I understand Obama has the power to shut down networks "in an emergency". Declare an "IPV4 security emergency" and shut down IPV4.

BTW, don't be surprised if ISPs block incoming SYN packets for residential connections on IPV6 "because they can".

34764170

join:2007-09-06
Etobicoke, ON
said by Walter Dnes:

BTW, don't be surprised if ISPs block incoming SYN packets for residential connections on IPV6 "because they can".

Not if they don't want the government after them.


cowboyro
Premium
join:2000-10-11
Shelton, CT
reply to Walter Dnes
said by Walter Dnes:

I expect that it'll probably be government-mandated, just like the digital TV switchover.

I would highly doubt, we are talking about the Internet, not the US-net...
Cutting off IPv4 would essentially render old devices unusable, old servers would be put offline. There are still many devices that can't use IPv6 - I have seen a ton of small business VPN gateways that don't support it.


rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105
reply to Walter Dnes
There's a half-easy solution to that. Turn up IPSec on each end of the link. The only ways around that would be to block AH, ESP, and or IKE.

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to cowboyro
said by cowboyro:

I would highly doubt, we are talking about the Internet, not the US-net...
Cutting off IPv4 would essentially render old devices unusable, old servers would be put offline. There are still many devices that can't use IPv6 - I have seen a ton of small business VPN gateways that don't support it.

No one said anything about cutting off v4, but v4 address space eventually running out all together and CGNAT and so forth being added it'll be that much more painful than it already is and become considerably less useful.

Those devices in time will experience problems depending on their use. But that's expected. I won't cry a river over it. That's what comes from sticking with v4 in the long run.

34764170

join:2007-09-06
Etobicoke, ON
reply to rchandra
said by rchandra:

There's a half-easy solution to that. Turn up IPSec on each end of the link. The only ways around that would be to block AH, ESP, and or IKE.

So everyone on said hypothetical ISP has to go out and purchase a VPN account or setup a VPS and run their own VPN. Not realistic. You would have to block practically everything. VPNs and forms of tunneling could be setup on TCP/UDP and other protocols.


rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105

3 edits
Purchase nothing. IPSec is merely an encryption standard. Any two endpoints can use it, and in IPv6, its implementation (though not its use) is mandatory. The only prerequisite is the ability to exchange keys; that's what IKE is for. If AH is used, the additional prerequisite is lack if NAT, which IPv6 de facto provides.

The point was, as IPSec is mandatory, both ends SHOULD support it, and any ISP can't tell what it's blocking because it's all encrypted. Thus the only two options are blocking all encrypted traffic  (AH and ESP) or the exchange of keys (IKE). All you have to do is turn it up on both ends, and what's being passed is nobody's business except the two endpoints'.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.

Jeopardy! replies and randomcaps REALLY suck!