[Wiltshire] August meeting

matt caddy linux at rave.star.co.uk
Thu Jul 23 14:19:57 UTC 2009 

David Fletcher wrote:

> > Something I keep wondering about because it will be happening sometime in the 
> > future but I've no idea when, because nobody seems to be taking any interest 
> > in something so fundamental, is IPV6.
> >
> > If anybody has any expertise on the subject, it might be good to spend a 
> > little time telling the rest of us.
> >
> > Specifically:-
> >
> > As far as I know, even though IPV6 has been available on operating systems for 
> > quite a while, ISPs are showing no interest in implementing it on their 
> > broadband services. Why?
> >
> > Manufacturers of consumer internet routers do not appear to be implementing 
> > IPV6 on their products. Why?
> >
> >   
>   
Cost and demand. Those are the main issues.

To move to a fully ipv6 network requires a fairly hefty wedge of cash
and time. Many devices do not and will not support ipv6. The rest will
require firmware / software upgrades and there is a fairly large cost to
this - all the planning , testing and so fourth before actually rolling
it out.

With regard to demand,  the common home user most likely has never even
heard of ipv6, let alone understand the reasons for migrating to it (or
to a dual stack , NAT-PT type arrangement). Also its a bit of a catch 22
situation. No ipv6 consumer routers means no demand for ipv6 consumer
services which in turn means there is no motivation for providers to
spend cash and time getting their own houses in order. I work for a
business focused ISP and we have not had a single customer ask us about
ipv6 support as of yet.  :( 

> > When it eventually becomes possible to buy an IPV6 enabled consumer level 
> > router, or run a firmware update to obtain IPV6, and ISPs are providing the 
> > service, what impact will it have on the likes of us?
> >
> > We are all used to having NAT on our routers. I understand that it is there as 
> > a consequence of not having enough IPV4 addresses for every computer in the 
> > world. Given that it has the effect of hiding the real IP address of a 
> > computer, it seems to me to be a nice feature to have for security. Will it 
> > vanish along with IPV4?
> >   
>   
"Security" from NAT is a bit of a side effect rather than a goal. NAT
breaks lots of things and is generally a pain ! (Less so for consumers
of course). Security by obfuscation isnt ideal. Correctly configured
firewall is a much more sensible option.

There isnt really much in the way of NAT for IPV6, not in the same way
we use NAT currently. You have NAT-PT but this is really just a
translator enabling native ipv6 devices to speak to native ipv4 devices.
Given this, all your previously hidden machines will be available on the
net - so proper firewalling is more important.  This is going to catch a
lot of people out, the more widespread ipv6 becomes, the more open
devices will be available. The risks are not quite as bad has having all
your machines on globally routeable ipv4 addresses though. Given the
incredibly vast number of ips available with ipv6, its not practical for
hackers to scan blocks of ips as it is currently with ipv4, It just
takes far far far too long.


> > What will happen with private networks? Wikipedia states that IPV6 has a built 
> > in provision for these. Will they operate in a similar fashion with an IPV6 
> > version of NAT?
> >   
>   
IPv6 does indeed support private networks. IANA have assigned fc00::/7
for this purpose. Not sure the real use of a private ipv6 block however..

> > Will every Internet user be able to purchase a block of IPV6 addresses for 
> > personal use? In that case, does every computer become, effectively, directly 
> > connected to the Internet, and completely dependent for security on its own 
> > firewall? 
>   
Essentially yes. It seems the industry has decided that the minimum
sized block that will be allocated out to customers is a /48 (certainly
for business users, for home consumers, a /64 would be more likely).
This is 1,208,925,819,614,629,500,000,000 ip addresses.  Typicaly you
would then subnet this down to a /64 per network/vlan etc. There are
65535 /64 in a /48 and a /64 is 18,446,744,073,709,552,000 ip addresses.
Its just insane, but the need for NAT just vanishes.



> > In this case will the router be replaced by something more like an 
> > ethernet switch?
> >   
>   
Not for a long time  ;) 

> > And, just as an afterthought, what happened to IPV5?
> >   
>   
It never got anywhere near becoming a standardised and accepted
protocol. Google for Internet Stream Protocol, this would have become
IPv5 had it been widely adopted.


> > See you all at the next meeting.
> >
> > Dave
> >
> > _______________________________________________
> > Wiltshire mailing list
> > Wiltshire at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/wiltshire
> >
> >
> >   
>   



________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

More information about the Wiltshire mailing list