[Previous entry: "Day One"] [Next entry: "An eHealth vignette"]
It's world IPv6 day!
Having spent the last few years making IPv6 work at UCC whenever it breaks and trying to extend its reach inside and outside our network, I am often surprised by how many bad ideas there are involved. Most of these, I suspect, are because IPv6 was designed in the 1990s and now we're trying to implement it in a vastly different networking world.
My favourite thing about every single IPv6 presentation ever is that they spend the first four slides telling us about how many more address 128 bits gives us than 32 bits and conveniently forget the bit where there are only 64 bits for actual networks, with the second 64 bits dedicated to the host address. As far as I can tell this is to avoid having to do stateful autoconfiguration (DHCP) and also prevent widespread port scanning.
It turns out, though, that stateless autoconfiguration is not hugely helpful; your statelessly-autoconfigured address always contains the same host part, so you end up with the same host address on any network you plug into, and now every website you visit can uniquely identify your computer. You can turn on IPv6 Privacy Extensions, but then we're right back at IPv4-style autoconfiguration with duplicate address detection and so on. Widespread portscanning has also gone out of fashion since IPv6 was designed, mostly thanks to NAT and the near-ubiquitous deployment of firewalling; attacks against network systems have just moved on.
The reason I don't like this is because it is such a huge waste of prefix space; there's a whole 64 bits dedicated to the host address on each network, despite the fact that the most common identifiers (Ethernet addresses) are only 48 bits. Every point-to-point link wastes 63 bits of the IPv6 address. And if we invent a medium in which you need even close to 64 bits in a single broadcast domain in the lifetime of IPv6 I will be stunned.
Of course all this pales in comparison with the glorious ideological decision to make it effectively impossible for a host with only an IPv4 address to communicate with a host with only an IPv6 address, but still, happy IPv6 day! I could also go on to complain about IPv6 forward and reverse DNS, the lack of useful IPv6 debugging tools and advice, or everything involved with net.ipv6.bindv6only but it's the future; let's just make it work.
3 comments
Margaret :: Thursday, June 9th
It looks like your first couple of paragraphs are getting clipped?
BTW, ProgSoc had a talk from a guy at IBM to talk about IPv6 last week. He said some very similar things, that it was designed so long ago that a lot of it is now questionable.
He *did* mention the hosts vs networks thing, though! He was terribly enthusiastic to teach IPv6 subnetting, rather more so than the audience were to listen to it. ;)
David Adam :: Thursday, June 9th
Whoops - pasted in an early draft. Fixed, thanks.
Good to hear that people are at least talking about IPv6. The technical people I know can largely be divided into "don't know" and "don't really care", which I guess is why we have these publicity exercises.
Grahame :: Friday, June 10th
I'm running IPv6 stateful autoconfiguration on my network at home because it just works. Unfortunately MacOS doesn't include a dhcpv6 implementation by default and I don't care enough to set up something to do it.
The generally hacked together tunnels&glue v6 internet isn't helpful, it needs to start being done properly. As things stand a machine that has got a v6 address from somewhere has much lower odds of actually getting connectivity on its v6 address than on its v4. So listing a AAAA record means you'll get random complaints about your site being 'down' when in reality it's just the poor user picked up a v6 address from somewhere.
At the moment there's pretty much nothing on the v6 internet you can't get with IPv4 and NAT, so there's no real reason to care.
Occasionally, issues with the comments system arise. If your comment is rejected for any reason, please feel free to e-mail David.
