IPv6 support

If only.
DSL modems as installed, recently, in UK premises are not IPv6 capable.

Complicating matters is the fact that different ISPs will do things differently. My ISP doesn’t even supply a router by default (you can buy one if you wish, but at a glance it doesn’t seem to support IPv6 either). My own router does support IPv6, but with no ISP support it’s not all that useful yet.

Meanwhile, a competing local (NZ) ISP does offer IPv6 today, and apparently provides a unique address to each device. From the press release:

Moving to IPv6 means each device can reach others directly on the Internet – this is called the end-to-end principle, and it ensures the best network performance possible, with the least complexity.

Presumably there is still some form of IPv4 fallback though!

If only.

Sorry. I mean, in France :)

Sorry. I mean, in France :)

Which I thought was where Rick was located, with zero IPv6 support…

I can foresee static addressing being “premium” and dynamic addressing being the regular option. If this is correct, how the hell will anything be able to find anything?

To do that takes a particularly special flavour of braindeadness. I’m not saying some ISPs aren’t that dumb, but it seems like rather a lot of work for little gain.

The more likely question is whether you get delegated a /64 or a /56. A /64 means you aren’t able to do any form of routing behind it and still use stateless address autoconfiguration (SLAAC). You can still do DHCPv6 but you lose the benefits of things ‘just working’. OTOH some people will want to lock down their networks and block Neighbour Discovery packets, in which case I think they’ll have to do DHCPv6. But life is a lot simpler if you can do SLAAC. So that might be the basic/premium split. My tunnel broker (Sixxs) gives out /64 by default but a /48 on request, for instance.

(Special silliness is reserved for the VPS hosts that give out 16 random /128s. It’s not like addresses are in short supply, and you can’t even give me a /124?)

Sorry. I mean, in France :)

If only.

Of course, you David, you are with Free. Perhaps the only ISP in the land that Has A Clue. As for Orange, they are apparently “doing tests” with IPv6. For the grockles, it’ll likely be a while yet. And I expect the first two tries to be horribly broken in all sorts of exciting ways.

Theo:

To do that takes a particularly special flavour of braindeadness.

The same sort of braindeadness that frequently has the ISP messing up its own site certificates? The same sort of braindeadness that force-upgrades a surely barely-tested firmware to all of the client’s ADSL routers? (and leaves it like that for nearly a year until a working version turns up)

But life is a lot simpler if you can do SLAAC. So that might be the basic/premium split. My tunnel broker (Sixxs) gives out /64 by default but a /48 on request, for instance.
[…]
(Special silliness is reserved for the VPS hosts that give out 16 random /128s. It’s not like addresses are in short supply, and you can’t even give me a /124?)

Does that come with English subtitles? ;-)

Seriously though. I have a setup. I have machines given “fixed” IP addresses by DHCP (except the Pi which uses static IP as it boots WAY faster than the router). Things have addresses, other things know those addresses. There is only one point of entry and one “world visible” device, that’s the router. Life is pleasant.
Can I have the same with IPv6?

If so, I’ll go memorise how many “0:”s are in 0:0:0:0:0:0:0:1.

Can I have the same with IPv6?

You can, but things are a bit different in IPv6 land.

In the IPv6 way of thinking, you have your 64-bit prefix assigned. That’s a /64. The next 64 bits are yours to decide. That’s assuming you only have one network – if you have more you may have many (contiguous) /64s.

SLAAC is very simple. Listening for neighbour discovery packets will tell you what the prefix is (and nameservers, gateway, etc).
Once you know the prefix, you take your MAC address and pad it to 64 bits. Prepend the prefix and that’s your IPv6 address. It’s a bit like DHCP except there is no negotiation and no big table of addresses stored anywhere. All IPs are static.

In some circumstances you might not want your MAC address to be visible to outsiders, so the privacy extensions give your machine two addresses in the /64 – one derived from the MAC address and one that’s randomly selected and changes from time to time. Your outbound packets use that one, but you can still be reached using the static address derived from your MAC. A machine can have as many IPv6 addresses as you like, there’s no limit – different programs can listen on different addresses and you can firewall them differently if you like.

Unlike in NAT, firewalling is not related to addressing. So it’s up to you what you choose to let through. The default for consumer routers is to allow outbound traffic and block inbound connections – not much different from most NAT setups but without the address remapping. Even if you allow inbound traffic, ‘port scans’ don’t work on IPv6 – the address space is too big. So only if someone has observed traffic from you can they tell that a machine exists.

If so, I’ll go memorise how many “0:”s are in 0:0:0:0:0:0:0:1.

None, that’s ::1 ;-)

Which I thought was where Rick was located, with zero IPv6 support…

Not zero. It’s optional for most ISP. And even if we don’t have IPv6, our DSL routers are ALL compatible with IPv6, as we all have sophisticated DSL boxes. There is almost no USB modem or dumb Ethernet modem here. And we all have free phone on DSL too :)

Perhaps the only ISP in the land that Has A Clue.

The one who slows down YouTube every night, who reboots DSL boxes (and so TV) at 9pm every evening or who blacklist old spammer’s IP, used today by legitimate servers? Free is a nightmare. But their boxes are compatible with IPv6, as the Livebox from Orange (even if Orange don’t use IPv6, but why would they want to do that?).

our DSL routers are ALL compatible with IPv6,

With Orange, I believe the Livebox Play is compatible with IPv6. The Livebox 2, not yet.

as we all have sophisticated DSL boxes.

The latest firmware upgrades to the Livebox 2 have added so much stuff that it has broken Samba streaming. I have an un-upgraded box that I can use with the iPad to stream animé from a USB stick (so much less bother than messing around with iTunes – I just switch on the box and VLC streams over WiFi). The upgraded box struggles to manage to stream a mid bitrate 480P video that runs to 180MiB for a half hour.
The hardware inside the Livebox 2 is old – practically the sane as in the Livebox Mini (1.2). In other words, it should have been obsolete, not part of a new generation of boxes.
And that’s supposed to cope with IPv6 (and all that entails) as well?

Call me cynical.

The one who slows down YouTube every night,

Is that Free or is that Youtube not coping?

who reboots DSL boxes (and so TV) at 9pm every evening

Interesting way to ensure boxes stay reliable. ;-)
I get brownouts so often the box probably isn’t up long enough to trigger a timeout if it was going to do similar.

or who blacklist old spammer’s IP, used today by legitimate servers?

Are you sure that is Free? I’ve had trouble in the past thanks to the likes of Spamhaus blocking entire IP ranges from ISPs thanks to a spammer.

is that Youtube not coping?

I can’t imagine that Google/YouTube would be having throughput problems!

I’ve been talking a bit more with our local IPv6 expert this lunchtime.

In IPv6, it would be common for a device to have two addresses. One can be externally visible, the other can be a non-routable address. This solves the problem of the externally visible address(s) changing. Devices on the LAN can continue to communicate with no disturbance. It’s not even necessary for multiple externally visible addresses to have the same prefix.

It has always been possible for IPv4 devices to have multiple addresses, but the facility has rarely been used.

The case that still bothers me is what happens when an IPv4-only device, e.g. any RISC OS device, tries to contact an IPv6-only address, e.g. a web site that has an IPv6 address but cannot get an IPv4 address because there are no more available. The first problem occurs at name resolution. An IPv6 address is returned. What is any IPv4-only device to do with it?

In order to solve the problem by shifting it onto someone else, we would have to have a protocol-aware router, translating the IPv6 address to a fictional IPv4 address and altering the content of the DNS packets. This is emphatically not what we have in today’s IPv4 world. NAT happens at IP layer, not at the higher layers.

Is that Free or is that Youtube not coping?

It’s Free.

Are you sure that is Free?

Tested on different DSL lines. Same problem. no problem with another ISP. Free confirmed that they blocked the URL (virtualacorn). Last time, they did block all SMTP servers on an hosting company, because one guy sent too much mail. Funny thing ; it was the mail server from Online… a subsidiary of Free.

I have also problem with Freelists. Not because of spam (there is no spam on Freelists) but simply because the server send mail from people with other domains. A mail xyz@free.fr can be rejected too :)

Now they begin, as other ISP, to whitelist mail servers. ISP, Microsoft and Google are accepted, all the other rejected. Really cool.

AIUI
IPv4 has four billion addresses. A quick google tells me that there are about 1 billion websites but with most being shared hosting and about 75% not being active, so say 100 million servers? (Google results suggest that there are less than 50 million servers of any type so that 100 million web servers probably needs a nought knocking off!)

For IPv4 users to carry on accessing the internet fully, we only need web/email/ftp servers to be on IPv4.
As home/small business ADSL/DSL customers upgrade their routers IPv4 address will start to become available for server use.
Anyone operating a website will want to keep it accessible to IPv4 users.
Whilst we need to start making plans, I’d be very surprised if 1% of websites are only accessible by IPv6 in 10 years time.

I wonder if routers could (if you are using them as your DNS) do a NAT like translation from IPv6 to IPv4?
I’m sure someone will come up with a work around router or ISP based.

Please do point out any errors!

What you describe is roughly NAT46+DNS46 (IPv4 hosts, IPv6 servers), which is the opposite to the more popular NAT64+DNS64. I’m not sure if NAT46 has made it through IETF officially – I can’t find a ratified standard, but Cisco seem to implement it.

However you want to keep the IPv6-only path NAT free, because putting NAT in the way makes things slower. Facebook is faster over IPv6, and they measure this generates them 3% more ad revenue. Time is money.

The figure for number of servers is probably being held back by IP exhaustion – quite often there are lots of VMs or containers behind one public IPv4, because IPs are expensive and limited in supply. Each piece of ‘iron’ may be using hundreds of IPs, but they are all behind multiple layers of private IP addressing because there aren’t enough private IPv4s to have them uniquely addressed across a company, let alone public internet access.

IPv6 celebrates its 20th birthday by reaching 10% deployment:

Article

IPv6 in the real world clearly has really gained traction and is rapidly gaining more traction. It’s closer than many of us would like to believe.

Remind us again why people with routers that don’t do IPv6, on either side, and have networks smaller than the internally offered /24 need to take the latency hit of IPv6 or IPv4/6 dual stack?

I’ve got a network with 10-15,000 connected devices depending on day and time that’s all IPv4 and I’ve yet to find a good reason to move it to IPv6.
I’ve found several reasons to drop the connected devices to single stack IPv4, particularly the many Win7 clients.

The big increase quoted is down to the major internet providers switching their IPv6 capability on. Until the small client level providers supply IPv6 capable routers that increase will just be a hump in the slow rise graph.

10%? That’s like a Mac market share statistic… [http://www.w3schools.com/browsers/browsers_os.asp]

10% after only 20 years? I’d like it if my lifespan was 10% after 20 years.¹

While IPv6 is something RISC OS will eventually need to deal with, there are many many devices that will remain IPv4 for their expected service life (think of all sorts of inexpensive IP cameras and the like), older/legacy/retro systems that only talk IPv4, not to mention a tonne of code that thinks an IP address is a dotted quad. My own server does, because, ta-dah, it is IPv4.
This, plus the overheads of sensibly dealing with IPv6-IPv4 translation on already underspecified built-to-cost routers may be behind why numerous ISPs are not exactly pushing it hard.

I’d be interested in giving IPv6 a whirl, just for the hell of it, see how much of the world is IPv6. See if I can remember what the hell my local machine’s IP addresses are in IPv6. But I can’t. If I’m really lucky and I pray lots to every God known to man, maybe Orange will get IPv6 running this decade!

¹ <glances at the news ticker> On second thoughts, maybe not…

I’d be interested in giving IPv6 a whirl, just for the hell of it, see how much of the world is IPv6. See if I can remember what the hell my local machine’s IP addresses are in IPv6. But I can’t. If I’m really lucky and I pray lots to every God known to man, maybe Orange will get IPv6 running this decade!

Which would mean it’s a useless item to you, even on a PC, this decade.

Consider the evangelising view
“If someone surfs onto your site and its only available in IPv4, but they are using IPv6, there has to be some translation, which puts your site at a disadvantage. If I’ve not made my site available in IPv6, I’m no longer in control over where that translation occurs.”
source

Or to look at it from the non-IPv6 evangelist angle:
If someone surfs onto your site and its only available in IPv6, but they are using IPv4, there has to be some translation, which puts your site at a disadvantage.
Which, since 90% of internet resources are IPv4, means you take a hit on the speed until the equation flips.

I really don’t think you guys understand. You seem to want to keep your heads buried in the sand.

10% this year, and a rate of increase of about 2.5 times per year for the last couple of years or more.

Tell me how a RISC OS application can access a site or resource that only has an IPv6 address.

Make your best estimate of when RISC OS users will begin to be inconvenienced, to a significant degree, by the inability to access IPv6-only sites/resources.

Work back from that date, by your best estimate of how long it will be to get a dual IPv6/IPv4 stack working and adequately tested.

That will give you a date by which we should start doing the work.

Or maybe that should be a date by which we should have started doing the work.

Tell me how a RISC OS application can access a site or resource that only has an IPv6 address

The same way it does now – through translation. You see, unless you subscribe to the idea that none of the sites out there are IPv6 only, there must be translation in place.

Work back from that date, by your best estimate of how long it will be to get a dual IPv6/IPv4 stack working and adequately tested

At present I’d start with a fully working IPv4 stack as my expectation.

I really don’t think you guys understand. You seem to want to keep your heads buried in the sand.

You do know what sort of stuff Steve does as his job don’t you?

As for me, I have no choice. My ISP has buried its head in the sand…

Tell me how a RISC OS application can access a site or resource that only has an IPv6 address.

Via translation. Did you know, Facebook uses IPv6 internally. Their IPv4 access is a gateway that translates to IPv6.
As I said before, there is a hell of a lot of stuff that is IPv4 and unlikely to be updated. Even when the new protocol becomes more common, older stuff will still be connected to the Internet. Still be in use. Still be expected to be used.

I’d start with a fully working IPv4 stack as my expectation.

Ouch! :-P

…sort of stuff Steve does as his job

As little as possible is my stock answer :)
Mind you right on cue my iPhone went “ding” and it looks like I need to look at something at work.

So you can talk to IPv6-only hosts on the internet? Otherwise how does your IPv4 packet specify which host to talk to? You can do tunnelling things over an IPv4 only LAN (or WAN), but you still need an IPv6 stack on the endpoints.

Resurrecting this by quoting just one of the pro arguments.

If anyone had any doubt that IPv4 for would be active on major WAN based systems for some time to come – from a conference/webinar today covering the not yet started replacement for the existing N3 (New NHS Net)

N3 systems will migrate to HSCN ¹ in the timescale “between April 2017 and 2020”
There is no IPv4 to IPv6 migration plan, IPv4 will be retained. Systems will migrate in the IPv4 address space.

Bear in mind that this is a plan to migrate from a BT delivered UK wide QoS enabled private network sitting in the BT Internet systems and it will migrate from one IPv4 setup to another IPv4 setup with a planned end date for the migration of 2020 and if the N3 setup is any guide the projected lifetime would be about 10 years.

So, I think BT (for one example) will retain IPv4 support for a fair few years.

RISC OS network support wise I think IPv6 support is a “might be nice” item rather than a criticality.

¹ Amazingly the HSCIC bods seem to have avoided the N4 label.

RISC OS network support wise I think IPv6 support is a “might be nice” item rather than a criticality.

Indeed. Here, the Orange Livebox mentions that it has an IPv4 resolver somewhere in the setup, but there is no mention of IPv6 nor is there any support for such. I just tried an IPv6 test from my Android 5 phone (the bit of kit most likely to cope with IPv6) and the test completely failed. So… remind me, wasn’t this supposed to roll out in 2013? :-P

As I previously mentioned, there is a lot of stuff around that may not cope so well with IPv6, and there’s a lot of stuff that is unlikely to ever see another firmware update.

Plus, I much prefer to hide my machines behind a NAT. While a decent firewall should block rubbish as well as NAT, I am concerned that everything having a publicly visible IP address will leak information and put you in the reliance of the capabilities of the firewall (and one’s ability to configure it).
I am 90.32.163.206 (http://heyrick.ddns.net is simpler!) and connecting in, certain ports are directed towards the Pi. Connecting out, every device will appear to the world as that IP address.
That’s all.
That’s all I want.