
Your computer might...
...but your router and ISP almost certainly doesn't.
On the 8 June, it’ll be World IPv6 Day – a coordinated effort by major services on the internet, including Google and Facebook, to provide their services using the new version of the Internet Protocol. It’s part of the plans to cope with internet addresses ‘running out'. But just what is IPv6 - and what does it mean for most …
I have been looking to do this for some time. Internally my machines run IPv6, my machines out in the Internet also do, my ISP will (it was a major part of the reason for me changing ISP), but I can't find a sensibly priced ADSL modem that will do it. The best suggestion that I have received is to put OpenWRT on a Buffalo router ... some maybe time when I have a day or so to spare.
Until the hardware manufacturers step up to the plate - this won't happen. This ought not be an option, it should be a standard part of every new modem. However that would probably add 30p to the price, so it won't happen until customers scream for it, which won't happen until there is lots of content only reachable by IPv6, which won't happen until there are lots of potential customers who are able to access it over IPv6, which won't happen until ....
ABORT [[ Infinite recursion detected ]]
indeed, i was so looking forward to virgin media starting their 50Mbit services back in the day, as all the docsis 3 cable models and related kit have to pass both generic ipv6 and multicast capability's to get certified....
imagine my disappointment when it became clear after asking them they would NOT activate these options on their network "because they could" and didn't see the need as they could save some cash that quarter by not retraining staff, and buying lesser end of life kit in parts of the internal network that would never use these options.
as it stands now i am still forced to use a 3rd party ipv6 with end to end multicast included as standard and for free from a ipv4to ipv6 vendor http://go6.net/4105/download.asp to save bandwidth with multicast streaming.
not the ideal way but currently the only viable way to use web side multicast streaming and bypass the antiquated restrictive practices of virgin media and the other main ISP's in the UK today.
Granted this is not the simple Plug and Pray IPv6 solution that will be required to get the huddled masses up to speed but it is not difficult for the tech savvy to get online with IPv6 and you *can* do it using your common-or-garden variety consumer "router" (or more accurately "NAT gateway") despite what you are told by many people who don't know what they are talking about.
All you need is a Linux box running as your router and to put your "router" into bridged mode (aka "modem mode" or "modem only mode"). Most of them support this mode. I use an elcheapo Netgear DG834 that I purchased about 8 years ago and it works fine.
Since the last IPv6 article on el'reg I have been experimenting to try and get my mad skillz up to speed. I blogged about how to do it here;
http://tuxnetworks.blogspot.com/2011/05/getting-up-to-speed-with-ipv6.html
I still have to write the last couple of articles about autoconfiguration and getting servers such as squid, apache, bind etc on to IPv6. (I've got it all working but haven't posted the howto's yet, stay tuned!)
Try it, it's not as hard as you might think. The hardest part is getting your head wrapped around subnetting. I still don't understand it very much but I reckon the best way to figure stuff out is to muddle your way to getting it working, use it as much as possible and eventually it will foment into some sort of understanding over time.
My computer supports it just fine, of course (well, all my computers). I haven't switched to IPv6 on my internal network out of laziness, but it'll happen sooner or later. My router supports IPv6 just fine, too - a WRT54GL, with Tomato firmware. Very nice, if a bit old.
At this point, I'm just waiting for my ISP to throw the switch. Any news on when AT&T DSL customers will see a changeover?
It's very lovely and I have tried to understand it, no I really have but face it, apart from the very sad and very serious IT geeks no other bugger gives a monkeys! Most people will only bother to implement when they really have to and have absolutely no choice at all.
I'm not trying to piss on anyone's parade, just facing up to the lazy reality of human nature!
You're unfortunately correct. BT can't be arsed to provide IPv6 for their leased line customers, meanwhile I've signed up to AAISP (already knew about them before this article) and get native IPv6 on my home ADSL connection.
Office - Cisco 3825 (c. £3000) - £1079 pcm - no IPv6
Home - Linksys WRT54g (6 years old, £10 ebay value) - £20 pcm - native IPv6
Something tells me BT have to pull the finger out, but guaranteed they won't bother until the last moment where they'll provide a shit service until they iron out the bugs, and charge their customers a premium to recoup they costs due to their short-term savings.
I've had to flash the WRT54g with OpenWRT, but it performs perfectly as a dual stack router. Unfortunately there don't appear to be any dual stack ADSL Wireless routers available anywhere, so it will be just us geeks for the next while.
I do take slight offence to the "very sad" part though, what's wrong with building up a decent working knowledge of technology that I *will* have to support in the future?
> Unfortunately there don't appear to be any dual stack ADSL Wireless routers available anywhere
you need to look a bit harder. the cisco 800 series will do this. though they're not cheap: 8-10 times the price of the crippleware dsl box you can get in asda. quite a few other vendors have betas of ipv6-capable firmware (of varying levels of usability). you can find a matrix of what's on offer here:
http://labs.ripe.net/Members/mirjam/ipv6-cpe-surveys
I've perused those matrices fairly well, It's fairly easy to find an IPv6 router, it's just difficult to find one that has a built in ADSL2+ modem too. The ones that did appear to tick all boxes were either out of my price range for a simple trial project, or appeared to be fairly buggy in reviews.
There's also the "IPv6 Ready Logo Program Approved List"
https://www.ipv6ready.org/db/index.php/public/search/?pc=2
ADSL vendors are often really bad with IPv6. I do not expect much native IPv6 support from any of them, so I have configured the ADSL modems to be a bridge. Another plain ethernet/wlan router is then used to do the L3 layers and abobe.
For the layer3 thingies, OpenWRT is an easy and free candidate to use for whole range for different hardware, and a real router/firewalls (I use Mikrotik units) are available for around 50 GBP (5 * 100 Mbps ethernet, IPv4/Ipv6, Ospfv3, etc). Gigabit version for about 90 GBP.
Some caveats still exists, I have seen quite many modem vendors who have their units as "bridge", but only bridge IPv4 traffic. Apparently people in their codeland have really hard time of understanding the difference between L2 and L3. One of the baddies are the latest Zyxel P660HN-series ADSL-modems no IPv6 passed in bridge mode. Telewell units work like a charm, i.e. like a real ADSL-bridge.
Indeed. My home networks are small and IPv4 works just fine, so I won't change to IPv6 until it comes as default with everything. Likewise my internet uplink depends on whatever my ISP uses so I don't worry about that either. My firewall doesn't care. It does NAT, too. I don't know what all the fuss about that is, either.
setting up a new Win7 64bit PC. Internet run like a fat lazy dog with the computer dropping the connect every few minutes.
A solution was found on the microsoft website. Disable IPv6. They even provided a handy script which would do the work for me.
The internet has improved now but still a long way from being fixed. IPv6 the cause I don't know?
discuss
I now have dual-stack working at home, courtesy of UKFSN and Entanet. All the Linux stuff just works, including my HTC phone, but my wife's W7 laptop didn't initially. A quick look with Wireshark on the network and ipconfig on the box told me that the box was using it's autoconfigured Teredo address, but for a native IPv6 connection rather than down the Teredo tunnel. Dunno if this is a bug, but the solution was to disable the Teredo interface. It all works fine & dandy now with its address autoconfigured in the usual non-standard M$ way. I could get it to use EUI-64 rather than the pseudo-random one, but I can't be arsed as it has caused no problems so far.
The last part *can be* the MAC, but it doesn't *have* to be the MAC. It can be anything you want, even randomly altered over time as described in rfc4941.
And I don't even "get" ipv6. Never understood why they couldn't make the existing IP address a subnet of a new, much larger address space.
> Never understood why they couldn't make the existing IP address a subnet of a new, much larger address space.
Short version: Because that would mean blowing out the IPv6 routing table with all the historical junk in the IPv4 routing table. this way we can hopefully end up with a lean, mean routing table for IPv6. (The long version of the answer is *really* long.)
Also, in fact, it wouldn't have simplified the transition that much. IPv4-only systems still wouldn't be able to understand IPv6 packets, so the problem of interworking between the two would still arise. Rather like 405-line and 625-line TV, in fact.
Privacy addressing is one solution to that; essentially, when you have so many addresses, it's possible to use a different one every day, or to have each application on a system use a different address.
Obviously, the prefix will still enable things to be narrowed down to a particular network, but that's really no different from how things work now.
Way to over-simplify. DNS does *not* work for me in a wide range of situations including VPN to office, RDP and SSH to servers, SQL client connection config, mapping network drives on small office network without internal DNS - that's just the times I've typed IP addresses today.
Will somebody please write or point me to a practical guide for small business IT to transition to ipV6 that tells me more than how to make a basic connection to the internet and actually gives me useful how-tos on dealing with common cases like those mentioned above? Please!
>> DNS does *not* work for me in a wide range of situations including VPN to office, RDP and SSH to servers, SQL client connection config, mapping network drives on small office network without internal DNS
That is not a fault of IPv4 (and it won't be the fault of IPv6 either). It's the fault of people who just don't give a s**t about setting anything up properly. As someone who likes thing to work properly (and yes, this means DNS is both there and working properly), I find it depressing the number of networks I have to work on where basic things like this are broken.
In a lot of ways, with IPv6 it should be a lot simpler setting up DNS. Part of your problem is that when using (say) a VPN, because of NAT* the address space is fragmented and it's hard to have DNS working right. Even so, it's not *that* hard to make it work with IPv4 if you actually care about it working.
With IPv6, each machine will have a globally unique address and so it should be easy to have DNS that includes everything. Even if the machine is only reachable via a VPN, it can still be in the DNS you are using when at the other end of that VPN. Thus if the VPN is down you can't reach the machine (as now), but when it's up, you can resolve it by name, and your VPN will happily route the traffic for you.
Plus bonus, the length of IPv6 addresses will give some incentive to make DNS work !
Most people will be using dual stack for a long time - IPv4 websites aren't going to go away for a long time. So if you have IPv4 installed for that, you may as well use it on your home network, either exclusively, or alongside IPv6.
It's perhaps worth playing with, if you want to gain more understanding, and practise typing those addresses, and we'll look in more detail at how you can go about doing that fairly soon.
But for casual use, not a massive case to be made for it right now, I'd say.
Worth remembering that you may have to address security in a different way, depending on how you do things. For example, my main network is firewalled via the router, but IPv6 connectivity is (currently) provided via a tunnel, so the router doesn't intercept anything coming in that way, as all the work's done by my OpenBSD box. That means that as well as fiddling around with IPv6 itself, I had to get my head around configuring the packet filter on OpenBSD to protect machines on the LAN via IPv6.
That won't be a problem when consumer routers appear, with built in IPv6 firewalls, but for now it's an extra consideration for anyone who wants to tinker.
So, from what I can gather, Windows 7 (and possibly earlier) is IPv6-ready, as is Mac OS X, Linux and derivatives (e.g. the DiskStation Manager OS on Synology's NAS boxes). Apparently, the BT Home Hub 3 (our home router) can also handle IPv6, though the feature is not turned on yet.
Obviously, that leaves the increasing number of home entertainment devices which are network-aware (e.g. Blu-ray players), network printers and so on. (Oh yes: anyone know whether iOS, Android and Symbian^3 are IPv6-ready? Should look that up...)
Even with pretty much all desktop/laptop OSes in recent years having IPv6 baked in, I think we'll need routers with "legacy" IPv4 support/translation for some time to come.
... one of the big obstacles to this is the availability of cheap customer equipment (CPE) that supports it. You can buy some expensive routers that will run IPv6, but according to the ISPs I've spoken with, there's not a massive amount of kit that's ready - though some seems to be almost there, give or take the occasional firmware update.
Hopefully as new models roll out over the next few months, there'll be more CPE that's capable, and then things will start to move, especially as some of those ISPs finally use up their remaining allocations of addresses.
BT's 21CN is IPv6 capable, and it can be made to work over the older parts of their infrastructure too, I gather.
"It includes many extra features, including processing speed-ups, and enhancements to security and to quality of service"
There's no difference in security. So what if IPSEC is "mandatory" in V6 implementations? It's no different to IPSEC on V4, and you still need to build a key infrastructure to deploy it. And given that the IPv6 headers are 20 bytes longer, but your MTU remains at 1500, you'll actually get *slower* data transfers. Perhaps only by a few percent in the best case, but it will definitely be slower, not faster.
"64 bits long – which is likely to be the typical allocation from an ISP. In other words, you’ll receive more addresses for your home network that then whole of the IPv4 internet."
Except that you can't subnet it, apart from on point-to-point links. And even if you could, you'd have to configure your computers manually, because DHCP6 doesn't let you give out the prefix length (or "subnet mask" in old money)
"they won’t run out"
But you can't subnet, which means each end user has to be given typically a /48. France Telecom already has a /19, and the first 3 bits are fixed. So FT has taken 1/65536 of the total available space before we even start.
"That will make it hard to use some games, as well as services like Skype or remote NAS access, and leave customers relying on the public address they receive via IPv6 for such applications"
Except that anyone who sits behind any kind of firewall (e.g. in a workplace or a school) won't be able to receive inbound connections anyway. Getting your firewall admin to allow inbound connections to address X:X:X:X:X:X:X:X on port Y isn't really much different to enabling port forwarding on port Y.
If you stick your computer on the Internet (V4 or V6) without a firewall, you're asking for your network to be broken into. Your V6 addresses will be harvested, like E-mail addresses are harvested by spammers today. You can have dynamic "privacy" V6 addresses, but they're no good for P2P applications either (except with dynamic DNS, and your dynamic DNS hostnames will be harvested too).
IPSEC does not require a key infrastructure to be useful. Opportunistic encryption doesn't prevent targetted attacks but it does prevent the kind of trawling carried out by Phorm or the NSA.
A /19 allocated for France Telecom's 14 million broadband customers means the current allocation policy can serve about 900 billion end users, each with enough address space to create more than 60,000 subnets. The addresses are not running out.
Firewall configuration should be simpler than NAT configuration because the same service running on several computers behind the firewall will be able to use the same port number.
I just had a look at my Virgin Media supplied cable router. It does not support IPv6. Looking at the logs there are 21 devices with DHCP served IPv4 addresses and a further 6 devices with static IPv4 addresses. At a guess I'd say about 75% of the devices are capable of IPv6 while the rest just aren't.
Before I start to look at IPv6 I will need a new router. Given the horror stories coming out about the new Virgin Media routers, I don't want to go down that route just yet. So there won't be any IPv6 here for quite some time.
Seriously. Get VM to give you a cable modem not a router, (a DOCSIS 3 modem to be precise) and then go and get your own router. There are a few routers with ethernet interfaces on the internet side that do IPv6. Of course, Virgin don't do IPv6 themselves, which makes this something of a theoretical exercise.
There is one major difference between opening port X for a given IPv6 address and forwarding port X for a NATed IPv4 address. You can only do the latter once, which means you are shit out of luck if two computers/devices on your network want to use the same port to receive inbound connections.
Not much of a problem for most programs, as they can switch ports, but want to play the same game on the internet with 2 people on a LAN? One of the people on the LAN must host, otherwise the other person can't join. Is the game using a peer to peer approach? Well, you just got screwed over because now it'll never work.
I think MS have specified IPv6 support as required in order for the manufacturer to use some sticker or something on your home router, but last I checked it hadn't had much of an effect.
For what it's worth, the best (in terms of value and functionality) IPv6 (and general DSL) service I've found so far is to use FTTC (aka BT Infinity) with your own router running something like OpenBSD and PPPoE to the BT-supplied VDSL2 modem.
PPPoE I hear you say? "But what about the low MTU?" Never fear - the BT-supplied router supports mini jumbo frames allowing your PPPoE tunnel to operate with a 1500 byte MTU and terminate your public IP addresses on your router.
Oh, and it supports IPv6 too.
AAISP is probably the most progressive with regards to IPv6 support, but it works for me with Entanet via UKFSN.
The only missing piece in the puzzle for me is a cheap low power box to use as a router which supports jumbo frames and can push ~40Mbit/s of traffic without breaking a sweat. The guru plug looks like it might just do it, but I'd like 3 or 4 ethernet interfaces preferably with VLAN support.
I'm still using a Soekris net4801 which doesn't do jumbo frames and is a bit underpowered and expensive.
http://aaisp.net.uk/kb-broadband-ipv6.html
http://noc.enta.net/ipv6-over-xdsl/
http://revk.www.me.uk/2011/01/pppoe-fttc.html
Also note there is a bug in BT's 20CN (not the correct term, really) network which affects IPv6 and which they will not fix:
http://aaisp.net.uk/news-ipv6.html
Slow is the way of the Internet, like jello on a fridge door. How old is CSS 2, and yet only recently has Microsoft managed to implement it? And that's just a single web browser! Or WPA - there are STILL devices out there being produced that only support WEP. Email has been completely unchanged for decades. FTP, HTTP, HTTPS... those have been around for ages, longer than even the Internet itself (most of it, anyway).
OK - I confess to posting as Anonymous Coward because I kinda feel like I *should* understand IPv6 (having been a geek since my first Vic20) but I don't get it.
For example - We all know that 192.168 and 10.0.0.0 etc are private IP address ranges for in-house usage. But what are their IPv6 equivalents? If I setup DHCP to issue v4 and v6 addresses, what would I set it up as with any confidence that I'm not going to inadvertently use the IPv6 address for the MDs favourite website.
There's loads of RFC talk and talk of more addresses etc (which I'm all for) - but for the first time in my life I'm actually wanting to find a "for Dummies" book, or preferably a free website, that tells me in simple speak what I should be using and how.
Only when it's understood in the same way that IPv4 is will it truly gain momentum and see a speedier roll-out.
According to Mr. Google, RFC4193 is the Ipv6 answer to RFC1918 (the venerable 10.x.x.x and 192.168.x.x and the harder to remember 172.16.0.0/12)
The short answer is: pick an address that starts with 'fd' and make the rest whatever you want.
The RFC jabbers on about making the global ID random (or globally unique). If you're setting up a private test range at home, this is probably no big deal. Globally unique does become important if you ever have to connect two private ranges. An example would be setting up a VPN between two sites that each use 192.168.0.0/24 behind a NAT router. Rare, but it happens.
(Not an IPv6 expert here by any means, so insert disclaimers to back up data before trying this, do not operate heavy machinery, etc...)
https://secure.wikimedia.org/wikipedia/en/wiki/Link-local_address
You'll have the link local addresses, which never go outside.
However, every machine that needs to connect to the outside world /also/ has a globally routable IP
Part of the reason for IPv6 is to get rid of NAT, as it breaks the end to end model. You just need to have a firewall in place to block new connections.
But does it mean you have to get rid of NAT regardless of whether it's original purpose is removed?
If mom and pop's router gets an IPv6 address and then holds them on an IPv4 LAN will that work? It would certainly make things easier for the vast majority that don't give a toss. I'm sure NAT has saved quite a few from internet nastiness.
> We all know that 192.168 and 10.0.0.0 etc are private IP address ranges for in-house usage. But what are their IPv6 equivalents?
There are no exact equivalents. You don't need them, because your ISP won't just give you one lousy address - you'll get a large block of addresses just for you, which you can use as you wish with no risk of collision with anyone else. And if you're paranoid about using global addresses in your living room, you can use something called a Unique Local Address which will never be routed outside your house. Next-gen ADSL or cable boxes really will have to handle these.
You're right about the dummies book... you can try
"IPv6 for Dummies, Part 1: It's Time!"
http://www.xtranormal.com/watch/7201125/
"IPv6 for Dummies, Part 2: Comparing IPv4 and IPv6"
http://www.xtranormal.com/watch/7210035/
Hi mate, VIC20 was also my first computer and I'm also posting AC to protect my geek cred ; )
Can somebody please post a link to a real how-to guide (no videos) that explains how to do common tasks in the ip6 world. Not just how to connect to the internet but also tasks like:
configure and connect to simple office VPN
manage small home or office network, including wired and wireless connections, multiple routers
set up dns (or however its done) to connect to systems that we currently connect to by ip address eg source control, databases, custom hardware
diagnose network problems (must not require wireshark)
configure firewall to replace previous NAT router's protection against non-requested traffic
configure common VOIP configs
connect to IP4 and IP6 web sites
connect to IP4 and IP6 systems that do not play well with DNS or where DNS is not available (eg RDP, legacy software, etc)
supporting old systems eg win2k, old printers, old hardware
basic security config
set up mailservers, including SPF etc for good deliverability
ensure good performance and reliability
I can do all of the above and more with my eyes closed in an IP4 world, but have no idea how to do in IP6. I'm not going to read the RFCs and work it out from scratch and I'm not going to do any of this until I am confident in advance that it won't cause major instabilities, bugs and general time wasting.
The beer is for whoever can find me a useful information resource.
Set it up on my XP box. Every fetch had a "freeze" of some 15-20 seconds, which became intolerable on sites that fetch content from multiple domains (multiply freeze time by number of domains...).
I know the answer. XP was looking for the AAAA and timing out, then looking for the AA. Why? Half-assed support in the router (Livebox) and pretty much zero support in the ISP (Orange France).
I don't see the point in wasting any more time with IPv6 until the ISP gets its act together, and given that the Livebox Mini (v1.2) manual says mass media devices and shared printers can be plugged into the USB port and this *still* doesn't work, I know I'll be an old wrinkly grey-haired cranky git before Orange get this one sorted!
.
There is, I should point out, a rather large bug (or bad wording) in the test page. I tried it on my Android phone via WiFi and it said "No IPv6 address detected" followed by "No problems are anticipated for you with this browser, at this location", followed by "You appear to be able to browse the IPv4 internet only..." No problems? Hmmm... [results using 3G comms were even worse]
I like the principle of NAT and the easy way it provides most of the technical illiterate people with a somehow decent security.
I really don't want a globally routable IP for every device in my home. I don't see the benefit in it - despite making it easier to track and trace my every movement.
My ISP (the largest one where I live) has fully implemented IPv6, and supplies a suitable router (Fritzbox 7340) and comprehensive, easy-to-follow instructions. It took me about ten minutes to set up.
The headlong rush into services started by Mrs Thatcher (showing my age!) was based on the argument "you have to buy in stuff and pay people to make products, but service revenue is money for nothing. So, let's have a service economy."
Therefore in the UK (where I have never had a broadband connection, btw) it seems that people who run ISP businesses think that the "SP" bit stands for "Rent Collector".
These people jump at the chance to implement consumer-friendly things like Phorm, packet inspection, bandwidth throttling, port blocking, etc ad nauseam; on the other hand IPv6 represents forward investment, training requirements, new routers and so on. In other words "stuff you have to buy".
At the end of the day, in the UK it's all about the money. It's only about the money. And when it's only about the money, then everything turns to shit.
We need IPv6. I have no objection to IPv6. World plus dog keeps raving about how critical it is for us to move to IPv6. I understand completely. Honest.
But there's a problem...
I CAN'T USE IPv6 because nobody provides the hardware and services for me to do so.
So I'm sick to death of people lecturing me about it. Don't lecture users, lecture the ISPs and router manufacturers. Until THEY start supporting IPv6, lecturing users about it is utterly pointless.