IPv6 support
Pages: 1 2
Chris Mahoney (1684) 2165 posts |
Complicating matters is the fact that different ISPs will do things differently. My ISP doesn’t even supply a router by default (you can buy one if you wish, but at a glance it doesn’t seem to support IPv6 either). My own router does support IPv6, but with no ISP support it’s not all that useful yet. Meanwhile, a competing local (NZ) ISP does offer IPv6 today, and apparently provides a unique address to each device. From the press release:
Presumably there is still some form of IPv4 fallback though! |
David Feugey (2125) 2709 posts |
Sorry. I mean, in France :) |
Steve Pampling (1551) 8172 posts |
Which I thought was where Rick was located, with zero IPv6 support… |
Theo Markettos (89) 919 posts |
To do that takes a particularly special flavour of braindeadness. I’m not saying some ISPs aren’t that dumb, but it seems like rather a lot of work for little gain. The more likely question is whether you get delegated a /64 or a /56. A /64 means you aren’t able to do any form of routing behind it and still use stateless address autoconfiguration (SLAAC). You can still do DHCPv6 but you lose the benefits of things ‘just working’. OTOH some people will want to lock down their networks and block Neighbour Discovery packets, in which case I think they’ll have to do DHCPv6. But life is a lot simpler if you can do SLAAC. So that might be the basic/premium split. My tunnel broker (Sixxs) gives out /64 by default but a /48 on request, for instance. (Special silliness is reserved for the VPS hosts that give out 16 random /128s. It’s not like addresses are in short supply, and you can’t even give me a /124?) |
Rick Murray (539) 13850 posts |
If only. Of course, you David, you are with Free. Perhaps the only ISP in the land that Has A Clue. As for Orange, they are apparently “doing tests” with IPv6. For the grockles, it’ll likely be a while yet. And I expect the first two tries to be horribly broken in all sorts of exciting ways. Theo:
The same sort of braindeadness that frequently has the ISP messing up its own site certificates? The same sort of braindeadness that force-upgrades a surely barely-tested firmware to all of the client’s ADSL routers? (and leaves it like that for nearly a year until a working version turns up)
Does that come with English subtitles? ;-) Seriously though. I have a setup. I have machines given “fixed” IP addresses by DHCP (except the Pi which uses static IP as it boots WAY faster than the router). Things have addresses, other things know those addresses. There is only one point of entry and one “world visible” device, that’s the router. Life is pleasant. If so, I’ll go memorise how many “0:”s are in 0:0:0:0:0:0:0:1. |
Theo Markettos (89) 919 posts |
You can, but things are a bit different in IPv6 land. In the IPv6 way of thinking, you have your 64-bit prefix assigned. That’s a /64. The next 64 bits are yours to decide. That’s assuming you only have one network – if you have more you may have many (contiguous) /64s. SLAAC is very simple. Listening for neighbour discovery packets will tell you what the prefix is (and nameservers, gateway, etc). In some circumstances you might not want your MAC address to be visible to outsiders, so the privacy extensions give your machine two addresses in the /64 – one derived from the MAC address and one that’s randomly selected and changes from time to time. Your outbound packets use that one, but you can still be reached using the static address derived from your MAC. A machine can have as many IPv6 addresses as you like, there’s no limit – different programs can listen on different addresses and you can firewall them differently if you like. Unlike in NAT, firewalling is not related to addressing. So it’s up to you what you choose to let through. The default for consumer routers is to allow outbound traffic and block inbound connections – not much different from most NAT setups but without the address remapping. Even if you allow inbound traffic, ‘port scans’ don’t work on IPv6 – the address space is too big. So only if someone has observed traffic from you can they tell that a machine exists.
None, that’s ::1 ;-) |
David Feugey (2125) 2709 posts |
Not zero. It’s optional for most ISP. And even if we don’t have IPv6, our DSL routers are ALL compatible with IPv6, as we all have sophisticated DSL boxes. There is almost no USB modem or dumb Ethernet modem here. And we all have free phone on DSL too :) |
David Feugey (2125) 2709 posts |
The one who slows down YouTube every night, who reboots DSL boxes (and so TV) at 9pm every evening or who blacklist old spammer’s IP, used today by legitimate servers? Free is a nightmare. But their boxes are compatible with IPv6, as the Livebox from Orange (even if Orange don’t use IPv6, but why would they want to do that?). |
Rick Murray (539) 13850 posts |
With Orange, I believe the Livebox Play is compatible with IPv6. The Livebox 2, not yet.
The latest firmware upgrades to the Livebox 2 have added so much stuff that it has broken Samba streaming. I have an un-upgraded box that I can use with the iPad to stream animé from a USB stick (so much less bother than messing around with iTunes – I just switch on the box and VLC streams over WiFi). The upgraded box struggles to manage to stream a mid bitrate 480P video that runs to 180MiB for a half hour. Call me cynical. |
Rick Murray (539) 13850 posts |
Is that Free or is that Youtube not coping?
Interesting way to ensure boxes stay reliable. ;-)
Are you sure that is Free? I’ve had trouble in the past thanks to the likes of Spamhaus blocking entire IP ranges from ISPs thanks to a spammer. |
Chris Mahoney (1684) 2165 posts |
I can’t imagine that Google/YouTube would be having throughput problems! |
Dave Higton (1515) 3534 posts |
I’ve been talking a bit more with our local IPv6 expert this lunchtime. In IPv6, it would be common for a device to have two addresses. One can be externally visible, the other can be a non-routable address. This solves the problem of the externally visible address(s) changing. Devices on the LAN can continue to communicate with no disturbance. It’s not even necessary for multiple externally visible addresses to have the same prefix. It has always been possible for IPv4 devices to have multiple addresses, but the facility has rarely been used. The case that still bothers me is what happens when an IPv4-only device, e.g. any RISC OS device, tries to contact an IPv6-only address, e.g. a web site that has an IPv6 address but cannot get an IPv4 address because there are no more available. The first problem occurs at name resolution. An IPv6 address is returned. What is any IPv4-only device to do with it? In order to solve the problem by shifting it onto someone else, we would have to have a protocol-aware router, translating the IPv6 address to a fictional IPv4 address and altering the content of the DNS packets. This is emphatically not what we have in today’s IPv4 world. NAT happens at IP layer, not at the higher layers. |
David Feugey (2125) 2709 posts |
It’s Free.
Tested on different DSL lines. Same problem. no problem with another ISP. Free confirmed that they blocked the URL (virtualacorn). Last time, they did block all SMTP servers on an hosting company, because one guy sent too much mail. Funny thing ; it was the mail server from Online… a subsidiary of Free. I have also problem with Freelists. Not because of spam (there is no spam on Freelists) but simply because the server send mail from people with other domains. A mail xyz@free.fr can be rejected too :) Now they begin, as other ISP, to whitelist mail servers. ISP, Microsoft and Google are accepted, all the other rejected. Really cool. |
Chris Evans (457) 1614 posts |
AIUI For IPv4 users to carry on accessing the internet fully, we only need web/email/ftp servers to be on IPv4. I wonder if routers could (if you are using them as your DNS) do a NAT like translation from IPv6 to IPv4? Please do point out any errors! |
Theo Markettos (89) 919 posts |
What you describe is roughly NAT46+DNS46 (IPv4 hosts, IPv6 servers), which is the opposite to the more popular NAT64+DNS64. I’m not sure if NAT46 has made it through IETF officially – I can’t find a ratified standard, but Cisco seem to implement it. However you want to keep the IPv6-only path NAT free, because putting NAT in the way makes things slower. Facebook is faster over IPv6, and they measure this generates them 3% more ad revenue. Time is money. The figure for number of servers is probably being held back by IP exhaustion – quite often there are lots of VMs or containers behind one public IPv4, because IPs are expensive and limited in supply. Each piece of ‘iron’ may be using hundreds of IPs, but they are all behind multiple layers of private IP addressing because there aren’t enough private IPv4s to have them uniquely addressed across a company, let alone public internet access. |
Dave Higton (1515) 3534 posts |
IPv6 celebrates its 20th birthday by reaching 10% deployment: IPv6 in the real world clearly has really gained traction and is rapidly gaining more traction. It’s closer than many of us would like to believe. |
Steve Pampling (1551) 8172 posts |
Remind us again why people with routers that don’t do IPv6, on either side, and have networks smaller than the internally offered /24 need to take the latency hit of IPv6 or IPv4/6 dual stack? I’ve got a network with 10-15,000 connected devices depending on day and time that’s all IPv4 and I’ve yet to find a good reason to move it to IPv6. The big increase quoted is down to the major internet providers switching their IPv6 capability on. Until the small client level providers supply IPv6 capable routers that increase will just be a hump in the slow rise graph. |
Rick Murray (539) 13850 posts |
10%? That’s like a Mac market share statistic… [http://www.w3schools.com/browsers/browsers_os.asp] 10% after only 20 years? I’d like it if my lifespan was 10% after 20 years.1 While IPv6 is something RISC OS will eventually need to deal with, there are many many devices that will remain IPv4 for their expected service life (think of all sorts of inexpensive IP cameras and the like), older/legacy/retro systems that only talk IPv4, not to mention a tonne of code that thinks an IP address is a dotted quad. My own server does, because, ta-dah, it is IPv4. I’d be interested in giving IPv6 a whirl, just for the hell of it, see how much of the world is IPv6. See if I can remember what the hell my local machine’s IP addresses are in IPv6. But I can’t. If I’m really lucky and I pray lots to every God known to man, maybe Orange will get IPv6 running this decade! 1 <glances at the news ticker> On second thoughts, maybe not… |
Steve Pampling (1551) 8172 posts |
Which would mean it’s a useless item to you, even on a PC, this decade. Consider the evangelising view Or to look at it from the non-IPv6 evangelist angle: |
Dave Higton (1515) 3534 posts |
I really don’t think you guys understand. You seem to want to keep your heads buried in the sand. 10% this year, and a rate of increase of about 2.5 times per year for the last couple of years or more. Tell me how a RISC OS application can access a site or resource that only has an IPv6 address. Make your best estimate of when RISC OS users will begin to be inconvenienced, to a significant degree, by the inability to access IPv6-only sites/resources. Work back from that date, by your best estimate of how long it will be to get a dual IPv6/IPv4 stack working and adequately tested. That will give you a date by which we should start doing the work. Or maybe that should be a date by which we should have started doing the work. |
Steve Pampling (1551) 8172 posts |
The same way it does now – through translation. You see, unless you subscribe to the idea that none of the sites out there are IPv6 only, there must be translation in place.
At present I’d start with a fully working IPv4 stack as my expectation. |
Rick Murray (539) 13850 posts |
You do know what sort of stuff Steve does as his job don’t you? As for me, I have no choice. My ISP has buried its head in the sand…
Via translation. Did you know, Facebook uses IPv6 internally. Their IPv4 access is a gateway that translates to IPv6.
Ouch! :-P |
Steve Pampling (1551) 8172 posts |
As little as possible is my stock answer :) |
Steve Pampling (1551) 8172 posts |
Resurrecting this by quoting just one of the pro arguments. If anyone had any doubt that IPv4 for would be active on major WAN based systems for some time to come – from a conference/webinar today covering the not yet started replacement for the existing N3 (New NHS Net) N3 systems will migrate to HSCN 1 in the timescale “between April 2017 and 2020” Bear in mind that this is a plan to migrate from a BT delivered UK wide QoS enabled private network sitting in the BT Internet systems and it will migrate from one IPv4 setup to another IPv4 setup with a planned end date for the migration of 2020 and if the N3 setup is any guide the projected lifetime would be about 10 years. So, I think BT (for one example) will retain IPv4 support for a fair few years. RISC OS network support wise I think IPv6 support is a “might be nice” item rather than a criticality. 1 Amazingly the HSCIC bods seem to have avoided the N4 label. |
Rick Murray (539) 13850 posts |
Indeed. Here, the Orange Livebox mentions that it has an IPv4 resolver somewhere in the setup, but there is no mention of IPv6 nor is there any support for such. I just tried an IPv6 test from my Android 5 phone (the bit of kit most likely to cope with IPv6) and the test completely failed. So… remind me, wasn’t this supposed to roll out in 2013? :-P As I previously mentioned, there is a lot of stuff around that may not cope so well with IPv6, and there’s a lot of stuff that is unlikely to ever see another firmware update. Plus, I much prefer to hide my machines behind a NAT. While a decent firewall should block rubbish as well as NAT, I am concerned that everything having a publicly visible IP address will leak information and put you in the reliance of the capabilities of the firewall (and one’s ability to configure it). |
Pages: 1 2