[mdlug] OT: the great IPv6 debate

Thu Apr 22 15:28:35 EDT 2010

On Thu, 2010-04-22 at 13:45 -0400, Dan Pritts wrote:
> On Tue, Apr 20, 2010 at 05:12:20PM -0400, Jay Nugent wrote:
> > > Bernstein points out that IPv6 was not designed to be an extension to
> > > IPv4. My idea provides that extension, if my idea makes sense. I'm not
> > > saying give out all of the class E addresses, but however many as makes
> > > sense. Maybe just a total of what, 512? 1024? How many in all are there?
> >    Exactly, IPv6 is NOT an extension - was never meant to be.  V6 does a
> > lot more than just provide addresses.  
> > IPv6 is not just about more addresses, 
> Nah, it's pretty much just about more addresses.  All the other stuff is
> gravy.

Nah, working multicast and mobile IP support are a big deal.

And I hardly call the radical reduction of CPU resources to perform
routing to be 'gravy' for backbone routers.  Think about it: IPv4
requires a CRC check at each hop,  do that on every packet in a ^&*^&*@
YouTube video stream for every &^&*# YouTube user at every hop and that
adds up to a lot of processing, ASIC or no ASIC.  Just dispensing with
that is a big deal.

> > V6 has automatic neighbor discovery, some automatic
> > configuration facilities, and various security features all built into it.
> The neighbor discovery and autoconfiguration features are 95% solved
> in ipv6, and about 95% solved in the standard ipv4 world (although
> admittedly not as part of ipv4 per se).  Different 5% missing in
> each - address autoconfiguration missing in ipv4, all the stuff beyond
> address configuration that dhcp gives you missing in ipv6.  DHCPv6 is
> fine but not all operating systems support it yet.

The issue of autoconfig of name resolution in IPv6 is a pretty stunning
oversight.

> the security features that are "mandatory" in the specs (eg, IPSec) are often 
> (usually?) unimplemented in practice.

True.  Don't get me started on IPSec. What a cluster *@&#*@.

> Probably the biggest problem is that application software often
> does not handle things gracefully when a supposedly dual-connected
> site is v4-reachable but not v6-reachable.
> Try an experiment; put a bad AAAA record in your DNS for a test web
> server, try to connect using a browser on a v6-configured host.
> (put in a good A record, too).

Eh.  Seriously, that is your complaint?  Fix your DNS.  I don't expect a
client application to compensate for incorrect information.

> the browser will think the site is v6-connected, and will prefer that.
> It'll time out on each and every http hit.  At least, it did with
> safari 3 and firefox 3, on xp and macos 10.5.  I haven't tried with
> safari 4 or firefox 3.5, or chrome.  I can't remember what IE did.  
> I think but i'm not sure firefox on linux acted the same.
> Camino worked "better" - no v6 support at all :)
> >    As far as NAT goes, IPv6 was *NOT* designed to support NAT as there was
> > no need.  You either run a clean box or you don't in V6.  
> NAT != firewall; you can still have a little firewall box in front of your
> system without it doing NAT.
> I certainly agree that NAT needs to go away.