[mdlug] OT: the great IPv6 debate
Dan Pritts
danno at umich.edu
Thu Apr 22 13:45:32 EDT 2010
On Tue, Apr 20, 2010 at 05:12:20PM -0400, Jay Nugent wrote:
> > Bernstein points out that IPv6 was not designed to be an extension to
> > IPv4. My idea provides that extension, if my idea makes sense. I'm not
> > saying give out all of the class E addresses, but however many as makes
> > sense. Maybe just a total of what, 512? 1024? How many in all are there?
>
> Exactly, IPv6 is NOT an extension - was never meant to be. V6 does a
> lot more than just provide addresses.
> IPv6 is not just about more addresses,
Nah, it's pretty much just about more addresses. All the other stuff is
gravy.
> V6 has automatic neighbor discovery, some automatic
> configuration facilities, and various security features all built into it.
The neighbor discovery and autoconfiguration features are 95% solved
in ipv6, and about 95% solved in the standard ipv4 world (although
admittedly not as part of ipv4 per se). Different 5% missing in
each - address autoconfiguration missing in ipv4, all the stuff beyond
address configuration that dhcp gives you missing in ipv6. DHCPv6 is
fine but not all operating systems support it yet.
the security features that are "mandatory" in the specs (eg, IPSec) are often
(usually?) unimplemented in practice.
So yes, v6 is an improvement, but hardly worth a complete upgrade on
these bases (basises?)
v6 has problems still, too: Multihoming is still an unsolved problem
(at least, there is not a commonly agreed-upon solution).
Probably the biggest problem is that application software often
does not handle things gracefully when a supposedly dual-connected
site is v4-reachable but not v6-reachable.
Try an experiment; put a bad AAAA record in your DNS for a test web
server, try to connect using a browser on a v6-configured host.
(put in a good A record, too).
the browser will think the site is v6-connected, and will prefer that.
It'll time out on each and every http hit. At least, it did with
safari 3 and firefox 3, on xp and macos 10.5. I haven't tried with
safari 4 or firefox 3.5, or chrome. I can't remember what IE did.
I think but i'm not sure firefox on linux acted the same.
Camino worked "better" - no v6 support at all :)
> As far as NAT goes, IPv6 was *NOT* designed to support NAT as there was
> no need. You either run a clean box or you don't in V6.
NAT != firewall; you can still have a little firewall box in front of your
system without it doing NAT.
I certainly agree that NAT needs to go away.
danno
--
dan pritts
danno at umich.edu
734-929-9770
More information about the mdlug
mailing list