IPv6 networking: Bad news for small biz IPv6 is traditionally a networking topic. Yet IPv6 is as much a business consideration as it is a technical one. As world IPv6 day rolls around again, we're going to see an ever-increasing amount of technical IPv6 coverage. Before we do, I think a business interjection is warranted. IPv6 was neither designed for small biz nor …
First of all, there are still site local addresses, and those can be used easily for local stuff. Remember on IPv6 you usually have multiple addresses.
This also means that your internal servers simply can be configured to not listen on their global IPv6, but only on the site local one... which is actually even the default for many systems.
Changing ISPs is a hassle, but not to hard. You simply re-assign your global IPv6 addresses, leaving the local ones as they were. That's essentially automatic, and your home router will do that for you... automatically.
You can assign the local IPv6 addresses statically if you want, BTW. There is little harm in that. Otherwise they will be defined by your MAC address, which rarely changes.
Whilst we have DHCP for production IPv6 interfaces, we have each and every device that has a management LAN interface have a fixed IPv4 address on that management interface, so we can at least get to them and dish out fixed IPs if required. We have been bitten before by DHCP and DNS failures.
Given that IPv6 permits multiple addresses per interface, you can configure the link local address either be assigned statefully (statically) or statelessly (auto generated), similarly the Unique Local Unicast can be assigned statefully (statically) or statelessly (auto generated) and like the Link Local are non routable addresses. In the same Global routable addresses can be assigned statefully or statelessly. Should stateful assignment be selected then this includes manual assignment or DHCPv6. Unfortunately configuring the computer system to do this is generally not just a tick box for each of the address types; which is more a limitation of the operating system and not the IPv6 standards
The problem with the IETF, the EU and all these other standards and other rule making bodies is that they start from an academic (read purist) position and do their utmost to avoid allowing any changes to what is a great theoretical approach so long as everything is the same or at least vaguely similar. The problems arise when the real world tries to interfere and points out that few if anything is the same for everyone and therefore you need a scalable model which may mean that you have inter-interoperability between sat IPv^ on your ISP provided firewall but IPv4 private addresses on your servers and other network connected devices for consumer or small business types. Although to be honest I think even biggish companies would appreciate that type of flexibility.
However the issue is that it breaks the purists view of the world and therefore it should not be allowed. Business impact assessments need to be carried out when we develop these new standards and the models to do the business impact assessment must reflect ALL user types and not just the big boys with the budgets.
" Although to be honest I think even biggish companies would appreciate that type of flexibility."
Too right. We can afford Ci$co in the big offices, but in our business model, the small ones have to stand on their own two feet financially with no/minimal subsidy from the centre. E.g, try setting up a two man and a dog branch office in the UAE and watch your local profit go down the drain if you aren't prepared to settle for a domestic-grade dynamic IP4 address ASDL connection.
Err: IETF standards just happens to be written by "the real world" doing the real work: Companies like CISCO, Ericsson, Juniper and countless independent developers. If you, personally, dislike something because it is not real-world-ly enough for you, you can trot over and contribute by writing up your own proposals exactly like everyone else had to do. It is an entirely open process.
when the standards committee meets.
I have been. I wasn't the policy wonk. I was the guy who got to translate it back into regular words when they were done. They all claimed they were engineers not academics. It wasn't too terribly long after I'd actually graduated from uni. And if you'd have put them in a room with academics and told me to sort them out, I couldn't.
The problem with the IETF, the EU and all these other standards and other rule making bodies is that they start from an academic (read purist) position
Ahem
http://www.ietf.org/tao.html
"In many ways, the IETF runs on the beliefs of its participants. One of the "founding beliefs" is embodied in an early quote about the IETF from David Clark: "We reject kings, presidents and voting. We believe in rough consensus and running code". Another early quote that has become a commonly-held belief in the IETF comes from Jon Postel: "Be conservative in what you send and liberal in what you accept"."
I've been using IPv6 at home for a couple of years now with no ill effects, initially with a Hurricane Electric v6 tunnel and then native v6 from A&A.
I don't see the problem, I really don't, and I've rolled out v6 in a commercial scenario and then changed ISP with very little hassle. As Mr. Berger above says, judicious use of link- or site-local addressing sidesteps the majority of the problems.
In a domestic situation, do you care if your IP address changes? No. uPNP, rendezvous, DLNA etc take care of most firewall / "finding things" issues and so once again it becomes a non-issue.
Obviously just my experiences, but with very little effort v6 has been deployed both domestically and commercially with essentially zero fallout on networks I deal with.
And I don't use Cisco or Juniper kit anywhere...
Well said. The article's premise was "IPv6 was neither designed for small biz nor consumers. " That's dead wrong. Actually it was true of IPv4, and that got all kinds of add-ons as a result (DHCP and NAT, for example). IPv6 was designed at the time when Appletalk was all the rage for small biz and consumers - that's why IPv6 has had address autoconfiguration since the first commercial release (in 1996, when DHCP was hardly deployable). Etc.
What is true is that IPv6 opens all sorts of new possibilities for home and small office networks. They haven't all been worked out yet.
There isn't supposed to BE any 'new connection from the outside', at least not to anything behind a NAT Firewall.
A 1:1 mapping as indicated with the ::1234 gives the attacker a straight path into the network without even knowing the 'Internal' addresses. (That's what it looks to me at least. May be wrong. Haven't read that much about it as all IPv6 docs give me a headache.) Which means that even the slightest programming error in the Firewall can have potentially disastrous results...
You might want to consider that there is more to this world than just web browsing. VOIP is already hugely encumbered with ugly hacks just to work around NAT and there are things I just can't do with the current setup. With IPv6 you can still leave the firewall to no incoming connections by default and enable privacy extensions if you are worried about people knowing the internal address of your machines.
Not that it matters much anyways, we have long since past the point where even windows tends to be mostly secure port wise and the most common attack vectors are browser plugins and tainted downloads.
There is absolutely NO WAY the consumer world is going to transition to IPV6 without a NAT router that hides IPV4 addresses behind and IPV6 NAT router.
Big companies may have the resources to implement IPV6 internally but not Mrs Jones in her council flat. She wants to plug and play.
So I am sure that IETF approved or not, the consumer router companies will do some sort of NAT solution..
Nope with TVs you actually had devices relying on television network access. So it mattered if your kitchen TV had access to television or not.
However most IPv4 devices in the typical household do not need Internet access. Your printer doesn't need to be able to talk to the Internet, therefore it will still be usable if the IPv4 Internet should get closed down.
In fact, for local services you will probably be able to run IPv4 for a _long_ time. The company I work at still uses NetBEUI, others use IPX. On your local network you can do whatever you want.
"However most IPv4 devices in the typical household do not need Internet access."
My less then one year old Blu Ray player has internet features from software upgrades to playing content from the internet. It's IPv4 only...
Are there any "smart" TVs that support IPv6?
Q: Are there any "smart" TVs that support IPv6?
Yes - Samsung. All of their recent TVs are Android inside which has native support for IPv6. No idea if it is enabled or not though.
In any case, there are a lot of untruths and half-truths in the article. The "Holy Church" of IETF is actually actively looking into all of this - the relevant workgroup is called homenet with the most active participants being Linksys, Dlink, Apple and other classic "consumer" device vendors.
What devices don't support IPv6? Windows XP does back to SP1 I think, OSX does back to about 10.4, even old iPhones done, iPads do, everything with Linux back to God Knows When either does or can, etc, etc.. There's problems in enterprise, but in residential environments most kit, apart from the router which is often the ISP's anyway, will support IPv6 perfectly happily, and is probably chatting amongst itself behind your back already.
By definition, end-users will get a 64-bit host segment with IPv6, which means you will always have at least a 2^64 address range, eliminating the need for NAT in most consumer markets. Consumer routers can simply implement the same firewall rules they do today, but they'll get a load off their back on preserving state for NATted connections.
Local connectivity can be done with link-local addresses or the site-local ones if you really need to subnet the local IPv6 addys.
And contrary to what this article's poster said, you *can* set up static addresses on IPv6.
> Call a consumer grade isp and ask how much they charge for "fixed ip", nothing else.
> Now imagine having to pay for every single internet connected device.
FFS! If someone is stupid enough to pay money to an ISP with a stupid business model, that's their problem. Both for the user and the ISP.
You also appear to have no understanding of how IP addressing works.
IPv4 addresses are almost exhausted, so ISPs are forced to suppress demand. That's why there's this abortion of private address space and NAT hard-coded into most CPE and also embedded in the mindset of ISPs serving the DSL and cable markets. Another aspect of this brain-damage is charging extra for customers who want fixed IP addresses. Or no NAT. These mean the ISP has less address space to make available for general use on demand. So they charge extra for something that should be already included in their base offering. But because they don't and customers value these things, the ISPs charge for them. Marketroids even have a term for this sort of evil: functional pricing.
With IPv6, the *minimum* address space a customer will get is a /64. This gives each customer 2**64 addresses to play with: 4 billion times the size of the entire IPv4 Internet's address space. Almost none of that customer-specific address space will ever need to be "managed" and everything on the local network will have a fixed IPv6 address. There's no need for NAT or IPv4 style renumbering if you move providers either. A device on the home network will almost certainly use SLAAC, so the bottom 48 bits of the IPv6 address come from the MAC address of its wi-fi or ethernet interface. This will just work automatically. There's no need or reason to "ration" fixed IPv6 addressess or charge for them. The high end bits of the IPv4 address come from the /64 prefix given to you by the ISP, which leaves you with 16 bits to use for your own subnets.
No ISP - not even the fuckwits at BT or TalkTalk - is going to build systems and procedures so they can provision the IPv6 addresses of every domestic appliance, beer can or mains socket that each one of their customers has allowed to connect to their domestic IPv6 net.
I mean, I was shopping for cheap router, wireless stuff. While the companies doing cheap stuff have great quality software and run Linux which is trivial to use ipv6, there is nothing on configuration etc.
They don't seem to care and funny is, I didn't care too. If it matters? Buy another cheap thing.
Ipv6 should have something that will impress end users and small companies. A lot of people have thrown away or (wisely) demoted their 28k modems to fax once 56k shipped.
Or, like vhs to dvd.
Let me tell the real elephant in the room which is way bigger than "internet" we talk about. Cell phone networks. If they pushed ipv6 to cell networking and give real ip to cell phones, ipv6 would see explosive adaptation. Just the idea of extra income from smart phone users for fixed ip instead of mad trickery and natural extension to home/ business net would convince them. Home users and 3 PC networks will adapt once they never have to do nat or even dmz trickery to access their screen/ media etc.
But IPv6 is working in houses anyway. I only found by accident that my AppleTV was talking to my iMac over IPv6 because I happened to look with an analyser (geek) and found that even my iPhone was talking to the AppleTV to run "Remote" over IPv6. One of the Windows machines was talking IPv6 as well, even to the Internet once I had a tunnel up. IPv6 autoconf is extremely effective.
You lack IPv6 clue. If/when the consumer world gets IPv6, they will have no need for NAT AT ALL.
Mrs Jones in her council flat will just plug and play: devices will just automatically get IPv6 addresses when they get plugged in. It will all just work.
However she might have some stuff that's only IPv4 capable and this will need NAT or proxies, just as at present. She might well be surprised at how much stuff at home is already capable of speaking IPv6 if it was given the chance: printers, cameras, TVs, tablets, smartphones, etc.
Anyone who talks of NAT in the context of IPv6 is like someone who expects mp3 players to stop and turn over an album half way through, just like was done in the days of vinyl LPs. Kids, ask your grandparents about 33rpm long-playing records.
IPv6 is a game-changer. It doesn't need or use the assumptions that sadly seem to be held by some blinkered IPv4 users who are clinging on to horrors like NAT that belong in the same 1980s graveyard as dot matrix printers, X.25 and rotary phones.
You lack real day-to-day administration experience of networking.
We have to have firewalls. Why? Back in the dream days of IPv4 nobody expected routine spam, port scanning, and hack attempts. Now one wouldn't dare plug their Windows computer directly into the Internet without at least a router in the way.
What OS are you running?
Windows XP has the poorest of the IPv6 implementations (it's not there out of the box, you have to add it in later). IPv6 was there in Vista. Windows 7 and 2008 server both have IPv6. Solaris does. I think all the Linux distros have IPv6 support, certainly all the ones I have used do. MacOS and iOS both have IPv6 support. What is that I need?
A NAT router that hides IPv4 addresses behind an IPv6 NAT router? Er, no. You don't. If you have some antique bit of kit that can't do IPv6 then IPv6 to IPv4 translation is a straightforward operation at the router. You don't need IPv6 NAT at home because your ISP gives you a prefix that you can use for all your machines at home. You need a firewall, just like you do now, it just doesn't need to be able to do NAT. (There is a use case for IPv6 address translation, but this isn't it.)
Oh, not this tired old argument again. Mrs. Jones won't care, because one day she'll get a new router in the post with a note attached saying 'please swap this for your old router or your internet will stop working'. IPv6 is already plug and play in simple deployments; IPv4/IPv6 translating proxies have been available for some time now and work just fine for basic email and web traffic which is all that Mrs. Jones wants.
The problems the article highlights are entire suffered by 'power users' and small businesses with complex requirements and without the wherewithal (financial, technical or both) to implement suitable solutions. Mrs. Jones does not need multiple ISPs. Mrs. Jones does not need to open any ports on her router. Mrs. Jones does not want to be able to use her home printer when she is out. Mrs. Jones wants no part of your technical arguments.
The lack of these is the main problem. Cheap domestic adsl routers are usually cpu-challenged and are probably also running out of memory footprint. Moore's law is curing that but probably not fast enough. And it'll be a chicken & egg situation - no demand so no supply. The low-cost ISPs will probably also start using RFC1918 internally & double NAT, like the mobile providers, suppressing demand even further.
Having built my own router on a Alix board & Leaf-Bering Linux, once I ironed out the build bugs, it worked fine. It only took me less than an hour to change IPv6 prefix after I lost the old one due to some ISP cock-up. So it is possible to do IPv6 plug & play solutions for domestic use.
If I were a small business with diverse routing, then 1:1 NPT at the border routers might be quite useful, and the internal routing protocol probably wouldn't even need to know about it.
Billion BiPAC 7800 ADSL+ Dual WAN router is cheap router which supports IPv6 and it is possible to tweak the ADSL modem settings to maximise performance. Since upgrading and tweaking the modem settings I have never failed to get the maximum connection rate. The Ethernet WAN connection will allow connection to VDSL or Fibre modems.
"Cheap domestic adsl routers are usually cpu-challenged and are probably also running out of memory footprint. Moore's law is curing that but probably not fast enough."
Moore's Law has nothing to do with it. Sure the some/most of the products are CPU challenged, but that is because they are using the cheapest processor and the least amount of memory in the devices. All they need to do is buy more memory and a better CPU. How about a newer ARM core. You still have products using an Intel Xscale processor; ones launched in 2003!!!!!!! Using Moore's Law, how much more powerful do you think a processor that is 9 years newer is? Why not a Cortex A8 or A9 to replace that old processor with. How much RAM do some of these products have; 16 or 32MB. Surely they could install more than 32MB; look at the current RAM chips (not modules), they are far more than 32MB. Look at the ASA line from Cisco, it is x86 based and they are using multi-core processors.
It comes down to that the manufacturers buying the cheapest components they can and maximizing their profit; Moore's Law has nothing to do with it.
For example the Fritz!Box routers which support IPv6 (except for really old ones) and they are usually the ones ISPs hand out because, although they may be more expensive, they are very reliable. Mine currently has an uptime of nearly a year.
That's why they have a quite high market share.
... both in the DECnet Phase V debacle and in the early days of IPv6 (and we're talking around 20 years that this has been in gestation), the failure to acknowledge the painful nature of transitions of this kind has a long history.
DECnet Phase V (essentially based on ISO CLNS) was supposed to "fix" the 16-bit limitation of DECnet IV addresses in much the same way as IPv6 is supposed to "fix" IPv4. In theory, Digital should have had an easier time of it being a single vendor, but it didn't work out like that. Two of the many problems were finding people to take ownership of transition in a large organisation and finding money to spend on major changes that brought no immediate benefit. People inside Digital were deaf to the warnings because they saw no alternative except losing out to TCP/IP. And when the same warnings were sounded about IPv6, people in the IETF were deaf because TCP/IP had beaten DECnet and that's all they wanted to hear.
In many ways, IPv6 is less complex (Phase V was more than a network-layer change), but the problem of co-ordination and proof of benefit is much bigger because the Internet is now so large and the existing user base doesn't see the problem. How do you get individual end users to replace their IPv4 routers? If you're a new business and you can't get an IPv4 address because they've run out, that's your problem as far as your clients are concerned - they can get to everyone else and they're not going to spend money just to solve your problem. Expecting incumbents to pay up to make way for new entrants is just not a workable strategy.
Most end users, whether they be individuals or small businesses or bigger businesses, are going to do nothing. And, unless the ISPs want to deal with the support calls when the result of doing nothing is that stuff breaks, a solution will have to be found in which the result of most people doing nothing is that everything continues to work. However many layer violations are required...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
