Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Hardware Hacking Hardware

IPv6 for the Linksys WRT54G 232

Posted by CowboyNeal from the wishful-thinking dept.
AndersBrownworth writes "Earthlink Research and Development has released a firmware load for the Linksys WRT54G wireless access point that supports end-to-end IPv6. They suggest features such as extremely large address space, stateless autoconfiguration and low cost restoration of end-to-end addressability will revolutionize IP communications. It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet."
This discussion has been archived. No new comments can be posted.

IPv6 for the Linksys WRT54G More

IPv6 for the Linksys WRT54G

Comments Filter:

  • WRT54G is an awesome piece of hardware (Score:5, Informative)

    by LiNKz ( 257629 ) * on Thursday May 26, 2005 @06:05PM (#12649474) Homepage Journal
    With the firmware being so easily changed, you can run just about anything on it.

    I mean, I telnet into mine right now and review settings.. Which I love.

    There is a list of firmware at wikipedia:
    http://en.wikipedia.org/wiki/WRT54G [wikipedia.org]

  • How does this increase adoption rate? (Score:4, Insightful)

    by eln ( 21727 ) on Thursday May 26, 2005 @06:08PM (#12649489)
    Plenty of devices and operating systems fully support IPv6, but that doesn't mean anyone uses it. With things like widespread usage of NAT making the IP availability crunch less and less of a problem, there is no real incentive for the average user to convert to IPv6.
    • Yes, but NAT breaks a lot of other things like, say, incoming connections. It'll be really nice to not have to connect to the router, forward a port, and then lose all of your existing connections while the router reboots.
      • Yep, that's exactly why the ISP don't want IPv6. Incomming connections?? No way!! Leave that to more expensive plans with public IPv4 addresses. Incomming connections for things like Bittorrent and other p2p programs?? No way!! Better keep the users behind a NAT to keep bandwidth use low.
      • You can change port forwarding without a router reboot on Linksys routers. IIRC, D-Link routers do make you reboot, which is definitely annoying. Not sure about other manufacturers.
      • Yeah, it does a great job of breaking all those incoming connections from, say, the 1000 worms traversing the internet as well. I'll stick with having to configure my router to forward a port, thank you.
        • Yeah, it does a great job of breaking all those incoming connections from, say, the 1000 worms traversing the internet as well.

          Accually, yes it does. Walking through 8 or 16 bits of address space is not really that much work for a worm. Walking 64 bits of address space to find 50 computers - well, thats a fair bit more.

          Thing about it this way - You're on an ethernet network, and you need to walk through all of the MAC address space to find a computer. IPv6 is roughly the same.

          Granted, its security by
          • OR the worm could just wait till you establish connections to other machines (P2P anyone?) and just spread to those addresses, which it knows are good. Maybe not quite as fast as random search, but still fairly good. Also chances are that most admins would assign addresses to their networks in some sort of pattern (consecutive numbers come to mind..) that the worms would be able to make use of once they got to a machine.
          • specious argument. You are assuming, of course, that worms in the IPV6 world will crawl the way they do now, by generating a random IP address and trying to attack it.

            Suppose they listen for broadcasts, and attack addresses they hear from?

            Suppose they assume that a PC which has an Intel NIC in it, is in an organization that likely has more Intel NICs in it, and concentrates it's energies searching for other PC's in that 40 bit space?

            Suppose the worm simply accepts the slow build-up of hosts; rathe

  • Does anyone support IPV6? (Score:4, Funny)

    by couch_warrior ( 718752 ) on Thursday May 26, 2005 @06:08PM (#12649492)
    For the great unwashed masses, using IPV6 will mean that:
    1) Their ISP supports it
    2) The Windoze protocol stack uses it.
    I know that Linux on my machine has an IPV6 stack available, but do any commercial ISPs deliver connectivity? It isn't exactly something they put in their TV ads.
    • Lets tally it up... +1 - Elitism in the terms of your superior computer knowledge vs. whatever else they do, the irony being the average Slashdotter's hygiene is probably somewhat below your "unwashed masses" +1 - Use a clever name in reference to Microsoft or its OS. +1 - Mention you use Linux. +1 - Mention you are ahead of even the elite Linux crowd by doing something special (IPv6, hand compiling kernel code would also have applied here.) Total: +4. Summary: Mod Parent Up! The comrade speaks the truth

    • Re:Does anyone support IPV6? (Score:3, Informative)

      by Anonymous Coward
      You can get IPv6 tunnels (some free, although you need to prove you're a real person and send in ID stuff), so if that works with this new firmware, that's an option.

      As for ISPs, I've only actually seen one U.S. backbone company that actually claims to support IPv6, NTT (which has a lot of experience from Japan--IPv6 rollout in other countries with less IPv4 space/more mobile devices is farther along). Before end user ISPs can provide IPv6, we'll need the big backbone companies to provide IPv6 to their cu

    • Re:Does anyone support IPV6? (Score:4, Interesting)

      by Wesley Felter ( 138342 ) <wesley@felter.org> on Thursday May 26, 2005 @06:19PM (#12649549) Homepage
      You don't need any ISP support if you use 6to4.

      Windows supports IPv6 already, although not perfectly.

      The ThreeDegrees P2P app automatically enables and configures IPv6 when you install it, and all its traffic goes over IPv6. It turned out not to be a killer app, but imagine if something like Kazaa or Skype decided to enable IPv6 on everyone's computer.
      • threedegrees sets up teredo which is similar to 6to4 but works behind nat. It also sets up the system for 6to4 if its not behind nat but a large proportion of desktop systems nowadays have ended up behind nat.

        unfortunately unlike with 6to4 teredo isn't yet an approved standard and does not have in place the relays needed to interact with the rest of the ipv6 internet so its only really usefull for connecting between systems on ipv4 right now even though it uses the ipv6 apis

        for ipv6 to really take off imo
    • Windows XP and Windows Server 2003 seems to have IPV6 support already [microsoft.com](not installed as default though), so I'd say network hardware (routers etc) and ISPs is the real major barrier.

    • Re:Does anyone support IPV6? (Score:4, Informative)

      by thanasakis ( 225405 ) on Thursday May 26, 2005 @06:43PM (#12649714)
      Windows does indeed support ipv6. Just typing ipv6 install at the command prompt just about does it if you want to enable it. It sets up your 6to4 tunnel too if you don't have native ipv6. Plus, windows are ahead because their ipsec stack does work. In linuxland, ipsec is supposed to be implemented by openswan, but last time I checked it was sort of incomplete and configuration was somewhat difficult.

      On the other hand, most pppd daemons in solaris,freebsd and linux support ipv6. Windows will support ipv6 ppp in longhorn.
    • Admittedly, to my surprise, the Windows protocol stack does support it, at least in XP. Open a DOS prompt and type "ipv6 install" to enable it. Of course, this isn't default, so the "great unwashed masses" still won't be using it.

  • Great! (Score:5, Funny)

    by s20451 ( 410424 ) on Thursday May 26, 2005 @06:10PM (#12649502) Journal
    I really need that new address space. I mean, there are only 16842752 addresses in the 10.x.x.x and 192.168.x.x address spaces. With the 15 million wireless devices I keep in my home, I was starting to get worried!

    • Re:Great! (Score:2, Informative)

      by mikewren420 ( 264173 )
      Don't forget about 172.x

      • Re:Great! (Score:4, Insightful)

        by fo0bar ( 261207 ) on Thursday May 26, 2005 @06:21PM (#12649567)
        Don't forget about 172.x

        Don't forget that you are overlapping with public space if you use all of "172.x". Private space in the Class B range is only 172.16.0.0/12, or 172.16.0.0 - 172.13.255.255 (which is 1048576 IPs).

  • Wow. (Score:4, Informative)

    by krisp ( 59093 ) * on Thursday May 26, 2005 @06:12PM (#12649514) Homepage
    OpenWRT has had this for what, a year now?

    ipkg install kernel-ipv6
    modprobe ipv6
    ip tunnel add .... etc

    this isn't news

    • Re:Wow. (Score:3, Interesting)

      by caluml ( 551744 )
      But when is Slashdot going to get some IPv6?
      Call themselves a site for geeks?
    • I was thinking that.

      It's just a frikkin' kernel recompile. Why does this warrant a whole article.

      I just upgraded my DG834GT to IPV6.. not that I'd call it that.. the IPV6 bit took, what, 3 seconds? Woot. I'd better email slashdot right away!

  • They do if you ask for it... (Score:4, Interesting)

    by Supp0rtLinux ( 594509 ) <Supp0rtLinux@yahoo.com> on Thursday May 26, 2005 @06:14PM (#12649528)
    I use Earthlink and saw a link on their site about 6 months back for "testers" of their broadband offerings. I signed up cause it offered discount service. About 3 months ago, they sent me a new router (a Linksys, but not the same one as this article) and set me up with end-to-end IPv6. So far, all's worked fine and w/o issue. Perhaps this firmware patch is to be released before they start offering it to more users...

  • IPv6 incremental support won't help (Score:5, Insightful)

    by jquiroga ( 94119 ) on Thursday May 26, 2005 @06:19PM (#12649554)
    Some people think incremental steps like this will somehow help IPv6 rollout worldwide. I think that is a completely different problem, and very hard to solve. Any volunteers to solve the hard and difficult problem?

    The best description I know about The Problem comes from Dan Bernstein, The IPv6 mess [cr.yp.to].

    The IPv6 designers don't have a transition plan. They've taken some helpful steps, but they typically declare success (``IPv6 support'') when the real problem---making public IPv6 addresses work just as well as public IPv4 addresses---still hasn't been solved.

    • Re:IPv6 incremental support won't help (Score:4, Insightful)

      by mellon ( 7048 ) * on Thursday May 26, 2005 @07:31PM (#12650085) Homepage
      Dan does mention some real problems on the page to which you've linked, and I agree with some of his criticisms of the IPv6 process, where a lot has been invented prior to identifying a need for it, and in many cases all of this theoretical invention has wasted valuable time and opportunity.

      However, a lot of what he says is quite out of date at this point. Furthermore, he complains that he's willing to hack but wants to be able to autoconfigure his hosts, and the implication is that he would hack if only he were told what to hack on, which frankly doesn't sound like the Dan we've all grown to know and love in the DNS world. If he really wants to fix these problems, the best way to show what the big bad people at IETF are doing wrong is to demonstrate it with working code.

      The fact is that right now having an IPv6 address doesn't get you a whole lot of goodness in the U.S., and so we probably will be the last to adopt it if everybody here maintains your attitude.

      IPv6 deployment in Asia is a reality, and to a lesser extent this is true in Europe as well. Anywhere where the IP infrastructure is being expanded is an easy place to deploy IPv6. 6to4 gateways are doable, just as are NATs. So you will see widespread deployment of IPv6 in Asia in the relatively near term.

      As far as the U.S. and Europe go, slashdotters are precisely the people who should be thinking about trying to use IPv6 as soon as possible - as geeks, we are the early adopters, and as we try out the technology and try to use it, the world will catch up with us. The more we poo-poo it and don't try to actually deploy it, the longer it's going to take to address the concerns that Dan raises, and, I think, the more it's going to cost us in the long run.

      One last thing: IPv4 link local addressing is fairly badly broken. If you want to be able to do link local addressing, it works a lot better in V6-land. This is largely an accident - nobody thought to cripple it until it was too late. But it's still true that you do get some value from deploying IPv6, even if only within your own home. If you use Rendesvous/Bonjour, you're probably already using IPv6 and just don't know it yet.

      • Re:IPv6 incremental support won't help (Score:4, Insightful)

        by jquiroga ( 94119 ) on Thursday May 26, 2005 @10:08PM (#12651065)
        You're right in the technical aspects, but I believe the big problem isn't technical.

        I agree with Dan in these two:
        • The big mistake was not to extend IPv4 to make it easier for normal users to adopt the New Way.
        • The problem that the previous mistake caused is that most normal users are deadlocked, all of them waiting for the others to adopt the New Way first.
        That's why I think this discussion is quite relevant, especially if you expect IPv6 to finally enter the mainstream. It seems the mainstream is deadlocked. That won't be solved by pitching the technology, they don't care. They are sensitive to economic arguments and to marketing, and both are stacked against IPv6.

        I post from Europe, and we've been enticed and encouraged to adopt IPv6 for years. However, it remains exotic for most techies and almost completely unknown to normal users. Why? Because IPv4 already won. Even if I decide to embrace IPv6 myself, I can't recommend it to paying clients who hire me to help them avoid dumb mistakes. The adoption of a new technology to do the job of an existing and deployed old technology that seems to work OK, and a real expense to get some unknown benefit with no timeframe will look like a dumb mistake to many of them. And I can't change their short-term way of thinking.
    • Wow, I have to reply to undo my up-moderation.
      Bernsteins article is actually full of misconceptions.
  • it really doesn't matter how slow NAm and EU are in changing, because most of humanity will be using IPv6 regardless.

    You either surf the wave or it crashes over you. .-/

  • Why IPv6 is needed (Score:5, Insightful)

    by Jimmy_B ( 129296 ) <jim.jimrandomh@org> on Thursday May 26, 2005 @06:23PM (#12649578) Homepage
    This thread will of course trigger a bunch of replies from people saying we don't need IPv6, but in fact, we do, badly, and the need is only increasing with time.

    NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple). And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses.

    There are theoretically 4 billion IP addresses total. That sounds like a lot, but an IP address isn't just a number which can be assigned individually; what you do is hand out big consecutive blocks of them, so that routers can say things like "for 123.231.*.*, send packets in this direction". The shortage of IP addresses has introduced lots of special cases, so that internet routers need tons of memory and processing power to figure out the mess.

    Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.

    • Re:Why IPv6 is needed (Score:3, Insightful)

      by TCM ( 130219 )
      Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a si
      • the fact is a complete switch to ipv6 WILL to all practical perposes make tradidional net-scanning worms of this type an unworkable way of spreading. Some may view this as security though obscurity but then doesn't that apply to passwords etc as well after all a password is just an obscure cobination you use to gain access to a system.

        i'm not sure how the gp got the figure of 10^-28% but the figure is still so small that a worm could hit random addresses for a very very long time before having a reasonable
        • <blockquote>i'm not sure how the gp got the figure of 10^-28% but the figure is still so small that a worm could hit random addresses for a very very long time before having a reasonable chance of hitting anything.</blockquote>

          An IPv4 address is 4 bytes (32 bits), an IPv6 address is 16 bytes (128 bits). If about 10% of IPv4 addresses are used currently (which is just an order-of-magnitude estimate), then there are 4x10^8 addresses in use now. There are 2^128=3x10^38 IP addresses in use now, so
          • thats bad math at least if the worm writer has a clue (i considered checking if that was what you had done but i'm too tiered to do the numbers right now)

            all addresses on the ipv6 internet currently are in one of 3 /16 blocks

            2001::/16 production ipv6 internet
            2002::/16 6to4 stateless ipv6 over ipv4
            3FFE::/16 6bone experimental ipv6
        • Please don't make the mistake of treating a specific IP address in a huge address space as a secret of some sort. I wouldn't ever compare an IPv6 address with a password. If you plan to keep your address secret and never connect anywhere from it, then that's ok. But an address that's actually used is in effect public. Relaxing the security of the box because it has a hard-to-hit-randomly address would be foolish.

        • The fact is a complete switch to ipv6 WILL to all practical perposes make tradidional net-scanning worms of this type
          While that would be a temporary boon, I suspect worms writers will just quickly adapt and find other ways to spread worms quickly. Scan the local subnet, look at traffic received/sent by the host and send the payload to those subnets, look through ARP tables, etc. There's probbably even more clever ways to find new hosts I'm not even aware of. Security through obscurity only makes life
    • NAT is a "Good Thing"(tm) because most machines shouldn't have incoming access from outside their LAN. The inconvenience of manually mapping incoming packets forwarding far outweights the blatant lack of security. And god knows our networks are insecure enough already.
      • This is a very good point.

        Yes, NAT can break some application protocols such as H.323 (among others), and does require a NAT/PAT device, ideally with some sort of packet filtering of stateful firewalling ability, but it does provide some basic security.

        With end to end publically addressable space being used, the ability to portscan for exploits not only extends from ISP access network to ISP access network, but also in to what should be private LANs. LANs in your home and your place of work.

        If people con
        • well nat has the disadvantage over a more traditional firewall that you can't just say open port xyz to all systems so app abc can work you havw to give machines fixed lan ips and then make mappings to each one individually using different ports.

          frankly i've always belived that firewalls are a kludge anyway the whole point of the internet is to be a network of computers accross the world. If your app can't live securely in that environment then imo it shouldn't be using ip in the first place.

        • If people continue to want security in an IPv6 world, then firewalling will still be required at the edge of such private networks. The private nets won't have private addressing any more, so rules will be required to filter access to/from those assigned v6 addresses.

          They already do filter access to/from existing addresses, and in fact the rules to do the filtering are no different at all on most firewalls. Not many people use NAT without filtering.

          So if you've still got your firewall at the edge

      • True dat. I think of my NAT box as a firewall that cuts off a lot of crap.

        I installed a new cable modem the other day and to configure it I had to connect it directly to the computer. ZoneAlarm (thank God I had it) immediately went ballistic about the number of incoming attacks. I'm not running any servers, and I hope I'm reasonably current on the patches, but God only knows what program that I'm running has a backdoor port open. I was actually queasy.

        As soon as the thing was configured I re-rigged it t

        • Re:Why IPv6 is needed (Score:3, Insightful)

          by TCM ( 130219 )
          When IPv6 comes and I have my own address I may have to buy an IPv6 NAT box just for safety's sake.

          WTF? See if you can make something out of the following two lines:

          block in from any to any
          pass out from any to any keep state

          NAT for IPv6 is the most stupid thing I've seen today.
      • NAT is a "Good Thing"(tm) because most machines shouldn't have incoming access from outside their LAN. The inconvenience of manually mapping incoming packets forwarding far outweights the blatant lack of security. And god knows our networks are insecure enough already.

        NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.
        • And your point is...? NAT may not be a proper firewall but for most uses it's a good enough security measure. Which is why I'm saying we shouldn't discard it.

          Personnally I don't run any firewalls in my behind-a-router home network. Sure it may allow trojans and viruses to "call home", but apart from that what possible attacks am I vulnerable to?

          • And your point is...? NAT may not be a proper firewall but for most uses it's a good enough security measure. Which is why I'm saying we shouldn't discard it.

            No, actually it is not good enough because nat doesn't actually drop any packets, it just rewrites some fields in the packet headers. That's why practically every firewall sold today does filtering in addition to NAT. Taking away the NAT and leaving the firewall will not degrade security one bit.

        • MOD PARENT UP! (Score:3, Insightful)

          by swillden ( 191260 ) *

          NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.

          You, sir, have hit the nail on the head.

          What people like about NAT boxes from a security perspective is that they must implement a particular sort of stateful firewalling in order to do their job. But a very simple stateful firewall accomplishes *exactly* the same security task without the limitations of NAT.

    • NAT helps somewhat, but if you're using NAT your computer can't receive incoming connections. That's a problem for servers, for peer-to-peer networking, for games, and for VoIP. Home users can usually work around this with their firewall configuration, but businesses usually can't (one important reason being that only one computer behind the firewall can receive connections this way, not multiple).

      Not true. You can forward ports from your NAT box to any computer behind it. You can have port 80 go to your

    • Re:Why IPv6 is needed (Score:4, Insightful)

      by tyagiUK ( 625047 ) on Thursday May 26, 2005 @07:33PM (#12650101) Homepage
      I have to disagree.

      Firstly, most VoIP architectures currently look to SIP proxies for segmentation between the operator's network and the user agent or equipment. A SIP proxy is basically just an application-layer gateway. This type of software is being incorporated in to many of the forthcoming customer premises equipment. Therefore, if your application layer gateway is at the edge of your network, proxying incoming and outgoing SIP requests, what does having end-to-end IPv6 buy you?

      Secondly, despite evidence of a shortage of IPv4 addresses, there is some confusion over what this really means. There is a shortage of AVAILABLE IPv4 addresses. This is distinctly different from having a shortage of UNALLOCATED IPv4 addresses. Basically, many telcos, ISPs and large institutions are sitting on some very large blocks of address space. This address space was handed out readily in the 1990s because demand (i.e the dotcom boom) wasn't anticipated.
      Due to certain organisations receiving such large allocations, there was little or no control over how this resource was allocated to their networks. The result of this is highly wasteful allocation, some still using classful addressing (so summarising subnets on classful boundaries such as 255.255.255.0 or 255.255.0.0, /24 or /16). A similar problem exists where organisations have gradually learned about HOW to allocated public address space. In some cases, large portions of significant allocated blocks are wasted on infrastructure, customer link connections and some other, unnecessarily wasteful applications.

      Many of these places could actually go back over their allocated address ranges and re-claim huge chunks. All it requires is a motivation to do so and the time and resource to plan and execute it. At the moment, the motivation is rarely there and organisations would generally prioiritise such activity at the bottom of a long list of things to do.

      The problem arises when they are required to demonstrate to their regional registrar that they have sensibly used their current allocations in order to obtain new blocks of unassigned space. Generally, this is when you will hear the cries of "Oh no, the Internet is running low on available IPv4 space! Panic!".

      Finally, your worm theory is just wrong. Yes, it decreases the probability of hitting an exploitable host, but it increases the depth to which the worm can scan. What I mean by this is that the worm will be able to scan in to people's private networks if NAT and firewalling are not used. If rules are not explicitly put in place to protect your home IPv6 LAN, then worms will be able to scan all hosts from the outside.

      How many people put up a NAT/PAT box or a firewall, and then think they're perfectly safe from the outside? Most networks conform to the Twinkie theory -- crunchie on the outside and soft and squidgy in the middle. Chances are that an IPv6 home lan would be totally unprotected once on the inside. If this inside is exposed to the Internet then the chances of remote exploitation increase dramatically in my opinion.
    • The NAT you speak of is called NAT overloading. If you want multiple computers to receive connections from the outside you can use Static NAT.... most real routers handle this with no problems.

      Also, let me add that the IPv4 blocks are a lot smaller today. We don't give out 4 million or ~250 addresses at a time, we give out a small block here and there (CIDR). Plus, since the rest of the world is going to move to IPv6 we can reclaim those billions of Asian addresses.

      Just a thought...

      • I think China was only allocated 20 million addresses and I doubt the rest of asia combined (minus Japan) was allocated many more than China was. The US has some incredible large percentage of the IP address space (half memory/half making it up) 90% I think it is. So reclaiming the Asian address space when they upgrade to v6 isn't exactly that great for the US.
    • From the recent GAO report on IPv6:

      http://www.gao.gov/new.items/d05471.pdf [gao.gov]

      "As a region, Asia controls only about 9 percent of the allocated IPv4 addresses, and yet has more than half of the world's population."

    • (one important reason being that only one computer behind the firewall can receive connections this way, not multiple

      That's a limitation of consumer routers, using the DMZ feature. You can map individual ports to different places on just about any hardware. And, I can't see much of a reason to map all incoming ports to a DMZ, over a few selected ports.

      And, as someone pointed out in the last IPv6-related thread, merging the networks of two corporations is a nightmare - they both use the same IP addresses

  • IPv6 - solution without a problem? (Score:5, Interesting)

    by lheal ( 86013 ) <lheal1999NO@SPAMyahoo.com> on Thursday May 26, 2005 @06:29PM (#12649621) Journal
    Is IPv6 a tool looking for a job to do?

    It's not a chicken-and-egg thing, where everyone would do it if there were only the infrastructure, but there's no infrastructure because no one's doing it yet. At least, it doesn't seem that way to me.

    IPv6 came about when the Internet exploded in the early 90's. Folks looked at the address space and said "Hey, we're running out of room!"

    The solution in IPv6 was to use 128-bit addresses instead of 32-bit ones, and to design the next gen of protocols using the lessons learned from the previous one. TCP/IPv4 was designed in an era when security was not in as much focus as it is now.

    It seems like about two minutes after IPv6 began to be developed, the world discovered NAT and firewalls. We'd always had routers with private networks, but NAT made it possible for mortals to set up. A whole company with thousands or millions of IP addresses can be hidden behind a very small set of IPv4 addresses.

    That solution has worked so well that few feel the need to use IPv6.

    I wonder what will happen to force the issue?
    • Is IPv6 a tool looking for a job to do?

      Let me guess - you're American/Canadian. You don't get "cellphones" or mobiles as we call them. You don't think about the Chinese/Indian market. IPv6 is big. If you guys aren't interested, then you'll lose out. Get involved now - get a start on the competition.

    • Well, except that in my network here at work (~25 machines), I want IPv6. Why? Because we run about 8 servers (some of those internal only, true, but we want to expose them to employees from home, and an extranet), 14 desktops, and a few laptops. Plus VPN users. And I get to do all of this on 5 public IPs. I have to use NAT. Don't even talk to me about FTP - even with the right module, some sites won't talk to us still. But with IPv6, I can drop the NAT, just go back to the firewall being a firewall. Everyo
    • Not to mention that without NAT, I'd be paying my cable company something like $140 a month for extra IP's (plus bandwidth!)

      There's also security. Unless I've specifically mapped an incoming port, you won't see my internal machines. At all. IPv6 potentially allows outside traffic to see my internal machines, and my firewall now has to monitor an address block rather than a single address.

      What I'd like to see is something where the last ip grouping is is not addressable past your router - like NAT. But, fo
    • Is IPv6 a tool looking for a job to do?

      IPv6 is often simplified to one feature: increased address space. Then the matter with NAT is brought up, which is not a very good solution for reasons mentioned numerous times elsewhere in these comments. Here are some more features of it to consider:

      - IPv4 has optional support for end-to-end encryption via IPSec. In IPv6 it's mandatory.

      - IPv6 doesn't require manual configuration or DHCP.

      - IPv6 support QoS by router.

      - IPv6 routers doesn't fragment packets like i

  • Breaking the cycle (Score:3, Interesting)

    by whitis ( 310873 ) on Thursday May 26, 2005 @06:31PM (#12649635) Homepage

    This could be useful for breaking the cycle that prevents adoption of IPv6. ISPs don't provide service because there isn't enough user demand. Users don't demand it in part because a lot of software would break. And software developers don't provide IPv6 support because their ISP doesn't support IPv6. Yes, you can configure tunneling software but if you are behind a NATing and Firewalling router, there are likely to be some problems and by the time you are done configuring it, you don't have time to work on the software; this project actually replaces a commonly used router with one that enables IPv6 rather than getting in the way. And likewise, most people can't really switch to IPv6 only until almost everyone supports IPv6. So, this could help provide critical mass.

    The web page is pretty vague about what is actually going on under the hood. Presumably this distribution creates a tunnel to some IPv6 relay router but what gateway or tunneling protocol is used is not specified.

  • i've seen a couple articles about IPv6 lately and was wondering if someone could explain it to the 'unwashed masses' such as myself? i am a shade-tree computuer person - knows enough to get in trouble.

    what is it?

    what is the benefit to the average user like me?

    • IPv6 For Beginners, A Guide (Score:3, Insightful)

      by jd ( 1658 )
      I was one of the Early Adopters of IPv6 in England - my site was the first listed in the UK (by 1 day) and ran under Linux 2.4.20 with the experimental IPv6 patches and a whole bunch of NRL software ported to Linux.

      IPv6 is an attempt to re-engineer the IP protocol to solve a number of problems, but exactly how it does so has shifted a few times over the course of time. Here is a summary of what it does, why it matters, and what it means to the newcommer:

      • IPv6 has more addresses. Many, many, many more
  • I'd be interested to see more devices embedding 6to4 routing, so that IPv6 can be transparently added while not interfering with the user's normal use, while adding access to the IPv6 space without requring tunnels or seperate addressing to those already assigned. This kind of transparent, background rollout would begin to address the issues that djb [cr.yp.to] identified with the move to IPv6. If i could benefit from IPv6 without disrupting my IPv4 communications and not having to set up routing and tunneling manuall

  • I like my WRAP (Score:3, Informative)

    by TCM ( 130219 ) on Thursday May 26, 2005 @06:46PM (#12649729)
    The WRT54G might be a nice piece of hardware. But I still like my WRAP [pcengines.ch] more. It has a Compact Flash slot and, most importantly, a serial port.

    I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.

    With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).

    Speaking of BIOS, there even is a BIOS update [pcengines.ch] for WRAP with included Etherboot to boot an OS over the net, yay!
  • I had slow access times on my network copying files via scp, samba, and nfs. And my ssh logins seemed slow as well. However, my only XP laptop it didn't seem like an issue. I found a post somewhere's while searching for what I thought was an OS X Samba problem and it suggested disabling IPv6 on all interfaces. Hmmm, I thought. I sorta felt OS X having this turned on outta the box was kinda a neat thing. However, when I did turn v6 off, ALL my network traffic sped up dramatically.

    I haven't really dove into
  • I've been saying [slashdot.org] that this is overdue for a while.

    I'd bet that what they're doing is setting up 6to4 and advertising the 6to4 prefix to the inside LAN. Makes perfect sense.

    They could also be implementing NATPT and a DNS proxy, but that would be, IMHO, more trouble than it's worth (it presumes that all of your applications are IPv6 aware and that you can't, for some reason, set up IPv4+NAT). Much more likely that they're doing traditional NAT for IPv4, and doing IPv6 in parallel with 6to4.

    Alas, I got

  • 6to4 anycast router (Score:4, Interesting)

    by Dolda2000 ( 759023 ) <fredrik@dolda200 0 . c om> on Thursday May 26, 2005 @07:50PM (#12650199) Homepage
    It would be interesting if releases like this significantly boost the IPv6 take-up rate but as far as I know, Earthlink doesn't supply end-to-end IPv6 yet.
    Have you tried checking if they support the IPv4-to-IPv6 anycast router address 192.88.99.1? If they do, you can set up a 6to4 tunnel Real Easy (R).

    Just set up an IPv6 tunnel (Linux SIT tunnels support this natively), and point it to 192.88.99.1 to send to non-6to4 addresses. Other 6to4 destinations will be auto-tunnelled with IPv6-over-IPv4, and any IPv6 packets sent to you will also be automatically routed over IPv6-over-IPv4 by the Internet. Therefore, there's no need to set up a tunnel with a third party if you're using 6to4.

    Fedora Core supports 6to4 more or less out-of-the-box. All you need to do are two things:
    1. Add these lines to /etc/sysconfig/network (why does Slashdot split the lines?):

    NETWORKING_IPV6=yes
    IPV6FORWARDING=yes
    IPV6_DEFA ULTDEV=tun6to4
    2. Add these lines to the /etc/sysconfig/ifcfg-* describing your outbound interface:
    IPV6INIT=yes
    IPV6TO4INIT=yes
  • Not that I think the switch to IPv6 isn't a worthwhile undertaking, but I'm surprised at the extent to which the article seemed to be bashing NAT. When I was shopping for a wireless router recently, I noticed all the models tout NAT as an effective security tool. Perhaps that's just marketting hogwash, but I did think (correct me if I'm wrong) that because I'm using NAT, my ISP doesn't know how many computers I have connected. They charge for extra IP addresses, and if they could specifically charge for

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close