IPv6 Finally gets off the ground
"On Thursday, 29 March 2007, a Cisco Systems router, flying in low Earth Orbit onboard the UK-DMC satellite built by Surrey Satellite Technology Ltd (SSTL), was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space." http://www.dmcii.com/news.htm Its good to know that IPv6 is finally being used along with encryption! Albeit in outer space, maybe one day we could all catch up with this "out of this world" technology that people could now claim is "light years" ahead of us. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey
J. Oquendo wrote:
"On Thursday, 29 March 2007, a Cisco Systems router, flying in low Earth Orbit onboard the UK-DMC satellite built by Surrey Satellite Technology Ltd (SSTL), was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
Its good to know that IPv6 is finally being used along with encryption! Albeit in outer space, maybe one day we could all catch up with this "out of this world" technology that people could now claim is "light years" ahead of us.
I'm looking forward to a future where pc104/isa bus based routers figure prominently in the ip core!
On Apr 9, 2007, at 12:04 AM, Joel Jaeggli wrote:
J. Oquendo wrote:
"On Thursday, 29 March 2007, a Cisco Systems router, flying in low Earth Orbit onboard the UK-DMC satellite built by Surrey Satellite Technology Ltd (SSTL), was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
Its good to know that IPv6 is finally being used along with encryption! Albeit in outer space, maybe one day we could all catch up with this "out of this world" technology that people could now claim is "light years" ahead of us.
I'm looking forward to a future where pc104/isa bus based routers figure prominently in the ip core!
Have recently checked the weight requirements for core routers? Seriously heavy lift capacity launch vehicles would be required... not to mention the drag encountered in LEO would likely also be considerable and not yield good uptime. Best regards, Christian
On 4/9/07, Christian Kuhtz <christian@kuhtz.com> wrote:
I'm looking forward to a future where pc104/isa bus based routers figure prominently in the ip core!
Have recently checked the weight requirements for core routers? Seriously heavy lift capacity launch vehicles would be required... not to mention the drag encountered in LEO would likely also be considerable and not yield good uptime.
I think "core" has a different meaning when the box doing the routing is in LEO or even geosync orbit. It's not going to be some behemoth pushing 10GigE, it's going to be a hardened box pushing packets to either the moon, mars, or in-transit craft via RF or laser (depending on bandwidth requirements). I would think weight would be on par with something such as the Hubble (perhaps even lighter). -brandon
On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo <sil@infiltrated.net> wrote a message of 24 lines which said:
was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
Any human on board? Because he would have been able to access useful content: http://www.ipv6experiment.com/ The great chicken or the egg dilemma. IPv6 has had operating system and router support for years. But, content providers don't want to deploy it because there aren't enough potential viewers to make it worth the effort. There are concerns about compatibility and breaking IPv4 accessibility just by turning IPv6 on. ISPs don't want to provide IPv6 to end users until there is a killer app on IPv6 that will create demand for end users to actually want IPv6. There hasn't been any reason for end users to want IPv6 - nobody's dumb enough to put desirable content on IPv6 that isn't accessible on IPv4. Until now. We're taking 10 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to "the goods".
HAHAHAHAHA I always knew that this stuff was the most prevalent and billable content on the web, but I never thought of using it as a motivating factor for chage! Good one! Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Stephane Bortzmeyer Sent: Tuesday, April 10, 2007 9:55 AM To: J. Oquendo Cc: nanog@merit.edu Subject: Re: IPv6 Finally gets off the ground On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo <sil@infiltrated.net> wrote a message of 24 lines which said:
was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
Any human on board? Because he would have been able to access useful content: http://www.ipv6experiment.com/ The great chicken or the egg dilemma. IPv6 has had operating system and router support for years. But, content providers don't want to deploy it because there aren't enough potential viewers to make it worth the effort. There are concerns about compatibility and breaking IPv4 accessibility just by turning IPv6 on. ISPs don't want to provide IPv6 to end users until there is a killer app on IPv6 that will create demand for end users to actually want IPv6. There hasn't been any reason for end users to want IPv6 - nobody's dumb enough to put desirable content on IPv6 that isn't accessible on IPv4. Until now. We're taking 10 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. No advertising, no subscriptions, no registration. If you access the site via IPv4, you get a primer on IPv6, instructions on how to set up IPv6 through your ISP, a list of ISPs that support IPv6 natively, and a discussion forum to share tips and troubleshooting. If you access the site via IPv6 you get instant access to "the goods".
On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote:
On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo <sil@infiltrated.net> wrote a message of 24 lines which said:
was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
...
We're taking 10 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. ...
*sigh* Off the ground, then into the gutter, eh? From the heights to the depths ... -- Joe Yao Analex Contractor
On Apr 10, 2007, at 11:13 AM, Joseph S D Yao wrote:
On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote:
On Sun, Apr 08, 2007 at 06:15:34PM -0500, J. Oquendo <sil@infiltrated.net> wrote a message of 24 lines which said:
was successfully configured by NASA Glenn Research Center to use IPsec and IPv6 technologies in space."
...
We're taking 10 gigabytes of the most popular "adult entertainment" videos from one of the largest subscription websites on the internet, and giving away access to anyone who can connect to it via IPv6. ...
*sigh* Off the ground, then into the gutter, eh? From the heights to the depths ...
First, I find it interesting that you are applying your personal morals to a technical discussion. Actually, I find it sad too. Second, who said v6 was "the heights"? Many people would argue this actually _lifts_ v6, not drags it down. (And most of those people would further argue v6 should have stayed down.) Third, where do you work? I work on the Internet. If you are opposed to pr0n, and you work on the Internet, you need to change jobs, FAST. Unless you enjoy self delusion. And don't even think about saying "not on MY network". I don't care if you work for a .gov, there is plenty of nekkid-flesh-bits flying on your network. To think otherwise only proves you are delusional or ignorant. The only good thing I can say about this proposal is that 10GB is not NEARLY enough to get your typical luser to think about changing their configuration. Therefore, it probably won't have an impact on v6 adoption. (That ghod.) -- TTFN, patrick
Patrick W. Gilmore wrote:
The only good thing I can say about this proposal is that 10GB is not NEARLY enough to get your typical luser to think about changing their configuration. Therefore, it probably won't have an impact on v6 adoption. (That ghod.)
Nor was it intended to. From what I understand it's an experiment on the usability of dual-stack servers at this point. Porn happens to be a test load. We (myself, previous and current employers) have been deploying dual stack servers (with published AAAA records) for all sorts of applications which may or may not give us some reasonable samples of client behavior (usenet news, ntp servers, open source ftp http mirrors). Experience would suggest that before content providers can build a business case for dual stack servers they need to confirm they're not going to loose eyeballs as a result.
--TTFN, patrick
On Apr 10, 2007, at 1:24 PM, Joseph S D Yao wrote:
On Tue, Apr 10, 2007 at 12:10:59PM -0400, Patrick W. Gilmore wrote: ...
Second, who said v6 was "the heights"? ...
My, aren't we serious? Too serious to realize that satellites are a little higher than I, at least, can reach.
Guess I missed that reference. Silly of me. Fine imagery. Just like the stuff you can get for free if you use a v6 stack.... :) As for being serious, I do believe you were the one who claimed v6 was going "into the gutter", and "the depth". Pot, kettle, black? Actually, you went beyond being serious by implying some type of moral superiority. Which is fine, you packets can be morally superior to mine.... -- TTFN, patrick
Yes. Silly of you. I think you may have missed more than the singular reference. This back and forth has little to do with morality and more to do with opinion. Yet it begs, how moral is an argument of 'my opinion is superior to your opinion'? Such a lashing of another's opinion under the pretense of removing someone from their lofty perch to restore equality is hardly equality at all. Everyone is entitled to their opinion. Though, I doubt Mr. Yao was expressing his so strongly. Gian Anthony Constantine On Apr 10, 2007, at 1:35 PM, Patrick W. Gilmore wrote:
On Apr 10, 2007, at 1:24 PM, Joseph S D Yao wrote:
On Tue, Apr 10, 2007 at 12:10:59PM -0400, Patrick W. Gilmore wrote: ...
Second, who said v6 was "the heights"? ...
My, aren't we serious? Too serious to realize that satellites are a little higher than I, at least, can reach.
Guess I missed that reference. Silly of me. Fine imagery. Just like the stuff you can get for free if you use a v6 stack.... :)
As for being serious, I do believe you were the one who claimed v6 was going "into the gutter", and "the depth". Pot, kettle, black? Actually, you went beyond being serious by implying some type of moral superiority.
Which is fine, you packets can be morally superior to mine....
-- TTFN, patrick
On Tue, Apr 10, 2007 at 03:54:39PM +0200, Stephane Bortzmeyer wrote:
IPv6 has had operating system and router support for years.
I'd have to object with such a blanket statement. I don't think you can say you support IPv6 (from an ISP's point of view) without DHCPv6, since I don't think anyone at a large ISP sized scale is going to leave address assignment up to RTADV. I'm aware that Vista added support for DHCPv6, and I have heard naught else (aside from the unixes). So, it's my opinion that IPv6 "may" only recently have started enjoying the level of operating system support required for actual ISP-scale use by one major vendor...and I don't know how commonly deployed Vista is yet. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On 10-apr-2007, at 18:12, David W. Hankins wrote:
IPv6 has had operating system and router support for years.
I'd have to object with such a blanket statement.
I have a Cisco 2500 with software from 1999 and a Windows XP box with software from 2001, both supporting IPv6, sitting here... I didn't get my first Mac until 2002, but that one supported IPv6 at that point, too.
I don't think you can say you support IPv6 (from an ISP's point of view) without DHCPv6, since I don't think anyone at a large ISP sized scale is going to leave address assignment up to RTADV.
There is a provisioning problem with IPv6, yes. For instance, you can't get an IPv6 address over PPP, like you can with IPv4. But I don't see how DHCPv6 solves that. I can see how _enterprises_ might like DHCPv6, because hosts coming up with the bottom 64 bits of the address is just way to anarchistic for them. But ISPs don't care. They'll just give out prefixes rather than individual addresses, so the router advertisements vs router advertisements + DHCPv6 question never comes up. (Yes, if you have DHCPv6 you still need RAs because DHCPv6 can't give you a default gateway.) And customers rarely connect their hosts directly to ISP-controlled boxes these days, there is usually some kind of home gateway involved.
On Thu, Apr 12, 2007 at 11:11:54AM +0200, Iljitsch van Beijnum wrote:
I have a Cisco 2500 with software from 1999 and a Windows XP box with software from 2001, both supporting IPv6, sitting here... I didn't get my first Mac until 2002, but that one supported IPv6 at that point, too.
It would be foolish to suggest that software implementing IPv6 has not existed for many years. It would also be foolish to use "support IPv6" as a blanket statement, when the features have not truly been usable by more than bearded geeks.
There is a provisioning problem with IPv6, yes.
Note that the word 'provisioning' is more than just 'addressing'. A given ISP may or may not directly communicate with end hosts using any form of DHCP, but the current broadband ISP models which are de rigeur would not be salient without DHCPv4 on the end hosts, even if that is only between the set top box and customer. So it might not be "their job", but it's still an important facet of the architecture. One could say that although a DHCP department doesn't exist within ISP's, there would have been a need for a staffed department in its absence. I remember the era when we used to deliver "install" floppies to our prospective customers. And I can tell you they weren't a very good idea. Web pages full of instructions, flyers with "simple to follow" steps, none of them really worked very well either. Even if our iconic mascots trying to make the instructions friendlier were awfully cute. What DHCP and PPP did do, was to remove all of that, and make ISP integration of customer premise something that could "just happen" without any handholding or bearded geekery. When you can plug your computer in, and automatically (with no clicking) get an IPv6 address, have something tell you where your DNS assist servers, configure web proxies, and solve your dynamic dns problems (as IPv4 set top boxes do today), then I would allow you the use of the words 'supports IPv6' rather than 'implements IPv6'. On the subject of DNS, I think you are going to find that, since IPv6 addresses do not pass the 'phone test', IPv6 customers will have a new emphasis on having their names in DNS. But these are forward looking statements, and it's equally possible that people will be moved instead to use presence networks. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On 13-apr-2007, at 21:48, David W. Hankins wrote:
A given ISP may or may not directly communicate with end hosts using any form of DHCP, but the current broadband ISP models which are de rigeur would not be salient without DHCPv4 on the end hosts, even if that is only between the set top box and customer.
Sure, but that's because with IPv4, there are only three flavors: - manual configuration - PPP - DHCP With IPv6, there's of course still manual configuration, but PPP is out because it can't negotiate IPv6 addresses. New in IPv6 is stateless autoconfiguration, which will give you addresses and default gateways, but (so far) not extra info such as DNS addresses. The situation for DHCP in IPv6 is very different from the one in IPv4: because DHCPv6 was late to the party (IIRC the final RFCs came out around 2003, decent implementations are still not abundant) and we have stateless autoconfig, the focus for DHCPv6 was to provide additional information (those !#$ DNS addresses) and a new trick: prefix delegation. This is a mechanism where routers can lease a prefix from a DHCP server, and then use that prefix in their router advertisements. This is a great tool for provisioning. The DHCPv6 servers and clients that I tested two years ago didn't even support address assignment to hosts. And note that even when hosts do, and a DHCPv6 server is available, these hosts must still listen for router advertisements because DHCPv6 doesn't provide a default gateway address, like DHCP for IPv4 does.
What DHCP and PPP did do, was to remove all of that, and make ISP integration of customer premise something that could "just happen" without any handholding or bearded geekery.
Fortunately, the IETF got things right the sixth time around (?) by adding the stateless autoconfig to IPv6, so these additional mechanisms aren't necessary.
When you can plug your computer in, and automatically (with no clicking) get an IPv6 address,
Like I said, this part has never been a problem with IPv6.
have something tell you where your DNS assist servers,
There will be a router advertisement option to learn DNS servers. Note though, that this is only an issue for hosts that are IPv6-only, which isn't exactly the typical use case today.
configure web proxies,
??
and solve your dynamic dns problems
Which dynamic DNS problems? It works just fine for me.
On the subject of DNS, I think you are going to find that, since IPv6 addresses do not pass the 'phone test', IPv6 customers will have a new emphasis on having their names in DNS.
And exactly how often do people type in the address of their own system...? A problem with the DNS and IPv6 is that unlike IPv4, you can't pre- populate the DNS so that each host has a valid DNS name as soon as it receives an address. Manual configuration is problematic for more than the obvious reasons: host may use temporary IPv6 addresses with random lower bits to avoid exposing their MAC address. The only reasonable way to solve this is with dynamic DNS updates. This would be bad except that customers will usually have their own prefix in IPv6 so this should be solvable security-wise.
On 15-Apr-2007, at 06:38, Iljitsch van Beijnum wrote:
With IPv6, there's of course still manual configuration, but PPP is out because it can't negotiate IPv6 addresses.
I've heard you say this a few times now, but I am also told by various people in various places that they have succeeded in getting IPv6 addresses assigned using PPPoE. Colour me confused. Does RFC 2472 have some practical limitations in the real world that I haven't noticed? Or is the problem a simple matter of implementation? Joe
On 15-apr-2007, at 21:35, Joe Abley wrote:
With IPv6, there's of course still manual configuration, but PPP is out because it can't negotiate IPv6 addresses.
I've heard you say this a few times now, but I am also told by various people in various places that they have succeeded in getting IPv6 addresses assigned using PPPoE. Colour me confused.
Does RFC 2472 have some practical limitations in the real world that I haven't noticed? Or is the problem a simple matter of implementation?
With IPv4, PPP IPCP will negotiate a whole bunch of stuff, including the addresses of both sides of the link. PPP IP6CP only negotiates a 32-bit unique token for each side which can then be used to create link local addresses. Two years ago, when I was writing my IPv6 book, I did some testing between an Cisco 2500 and a MacOS 10.4 system to see how IPv6 over PPP behaves, and the result was that it did work, but there was no address assignment from the router to the Mac, not through PPP, because it doesn't support it, and not through router advertisements, for reasons unknown. Probably someone decided that stateless autoconfig on a point to point link didn't make sense. (Note that the pppd in question is common to both the BSD family and Linux.) I have no idea what's different in the PPP over ethernet setup, but it could be many things, such as that the PPP implementations do support stateless autoconfig there, or that it's not actual IPv6 over PPP but rather IPv6 over IPv4 or over bridged ethernet.
On Sun, Apr 15, 2007, Iljitsch van Beijnum wrote:
With IPv4, PPP IPCP will negotiate a whole bunch of stuff, including the addresses of both sides of the link. PPP IP6CP only negotiates a 32-bit unique token for each side which can then be used to create link local addresses.
I'm pretty sure l2tpns has IPv6 support of some sort. I was planning on trialling it in exactly this setup - LNS services for L2TP-provided PPPoE ADSL. Has anyone here done this and enabled IPv6 negotiation? <off-topic> Has anyone sorted out the issues relating to end-point IPv6 security for home PCs now that NAT is removed? </off-topic> Adrian
On Sun, Apr 15, 2007 at 12:38:42PM +0200, Iljitsch van Beijnum wrote:
Sure, but that's because with IPv4, there are only three flavors:
- manual configuration - PPP - DHCP
Although nobody uses them: - BOOTP - RARP The distinction of DHCP, BOOTP, and RARP is important I think, and it would be good to remember the reasons for that progression, the lessons we learned on the way. If the progression from SLIP or HDLC to PPP also represents a progression in your view as it does in mine, then it is also important to remember. Both of these two progression trees represent the cumulative formulation of knowledge: Users are stupid. Automatic is not just best, it's the only way.
The DHCPv6 servers and clients that I tested two years ago didn't even support address assignment to hosts.
That sounds about right. The interesting events here have been this year or last.
What DHCP and PPP did do, was to remove all of that, and make ISP integration of customer premise something that could "just happen" without any handholding or bearded geekery.
Fortunately, the IETF got things right the sixth time around (?) by adding the stateless autoconfig to IPv6, so these additional mechanisms aren't necessary.
Forgive me for saying (I do not mean it rudely), that I think this one sentence measures best precisely how far you've missed my point by. It is not enough to observe that the end host has been given an IP address, a prefix is imagined as part of that, and a default gateway. RARP and ICMP router discovery taught us this. It is still not enough to, after several years of thinking this was enough, throw in domain-search and nameserver configuration state. BOOTP taught us this. The main point, is that if you leave "all other host configuration" details up to, well, the host itself, then in practice what you're really doing is leaving it up to the user. Ultimately, it is mandatory that the end-user make a choice in this model, if not about everything, then about "some things". This is intolerable in an ISP environment. Compare it to the current IPv4 network, and you see that no choice is mandatory. You just plug in and go. You might, optionally, over-ride any DHCP or PPP delivered knob, but it is easy to simply return the client to "get everything dynamically" and Just Work (tm).
And exactly how often do people type in the address of their own system...?
I'm thinking more of the 'gamer' demographic, wherein other people type in your IP address.
A problem with the DNS and IPv6 is that unlike IPv4, you can't pre- populate the DNS so that each host has a valid DNS name as soon as it receives an address. Manual configuration is problematic for more than the obvious reasons: host may use temporary IPv6 addresses with random lower bits to avoid exposing their MAC address. The only reasonable way to solve this is with dynamic DNS updates.
That's an excellent summary. Neither has RTADV supported dyanmic dns updates for years, nor is it likely to in the future. If it does, I would be surprised if it manages to work properly.
This would be bad except that customers will usually have their own prefix in IPv6 so this should be solvable security-wise.
It may not even involve DDNS, but rather be entirely internalized on the customer's home gateway. I think from everything I have just heard from you, that we could both agree: There have been IPv6 implementations "for years." There has not been IPv6 support until very recently, this year or last depending on how you count. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
In a message written on Mon, Apr 16, 2007 at 03:42:53PM -0700, David W. Hankins wrote:
Both of these two progression trees represent the cumulative formulation of knowledge: Users are stupid. Automatic is not just best, it's the only way. [snip] The main point, is that if you leave "all other host configuration" details up to, well, the host itself, then in practice what you're really doing is leaving it up to the user. Ultimately, it is mandatory that the end-user make a choice in this model, if not about everything, then about "some things".
This is intolerable in an ISP environment.
I agree 100% with your points, however I believe you have a minor marketing problem that might change how many people receive your comments. It's not that users are stupid, necessarily. They may be of course, but they are also lazy, impatient, and intolerant of things that do not work. As someone who can type "conf t" and use ed to configure their Unix box _I_ won't tolerate manually configuring my home laptop just so I can surf over to weather.com and find out if it's going to rain. While I may do all the testing and work-arounds to make it work for my job, I'll turn it off at home until it just works and is available via my standard provider. It's 2007, not 1987. If I can't take a brand new box out of the packing material, plug it into an ethernet port and have it just work then something is broken. The network, the OS, the protocol, take your pick, but it's broken and not deployable. [Note: How wise it is to put a brand new box on the net is a different question, the point is it should just work.] -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Tue, Apr 17, 2007 at 08:20:08PM -0400, Leo Bicknell wrote:
It's not that users are stupid, necessarily.
That was a bad choice of words on my part. I was aiming at describing the perception we often have, as we sit in our "back rooms" and hear the varied reports from our support departments of the frustrations our users confront. We're in complete agreement, I just didn't voice it properly. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
When you can plug your computer in, and automatically (with no clicking) get an IPv6 address,
Router Advertisements let you automatically configure as many IPv6 addresses as you feel like.
have something tell you where your DNS assist servers,
Microsoft had an old expired draft with some default anycast IPv6 nameserver addresses: fec0:0:0:ffff::1 fec0:0:0:ffff::2 fec0:0:0:ffff::3 -- http://tools.ietf.org/id/draft-ietf-ipv6-dns-discovery-04.txt While this was never accepted by the IETF, I believe windows machines still use these by default if they have no other name servers but do have IPv6 connectivity. This could be a fairly simple defacto standard if network operators start using it. This is an obvious weak link in the chain at this point tho.
configure web proxies,
once you have DNS you can use the WPAD proxy auto discovery thingamabob.
and solve your dynamic dns problems (as IPv4 set top boxes do today),
Updating your forward/reverse dns via DNS Update messages isn't that uncommon today. See: http://www.caida.org/publications/presentations/ietf0112/dns.damage.html where hosts are trying to update the root zone with their new names. So you can get from A to D without requiring DHCPv6.
On Mon, Apr 16, 2007, Perry Lorier wrote:
configure web proxies,
once you have DNS you can use the WPAD proxy auto discovery thingamabob.
.. and the microsoft extensions to support ipv6 in proxy autoconfiguration files: http://blogs.msdn.com/wndp/articles/IPV6_PAC_Extensions_v0_9.aspx http://blogs.msdn.com/wndp/archive/2006/07/18/IPV6-WPAD-for-WinHttp-and-WinI... Adrian
On Mon, Apr 16, 2007 at 01:59:36PM +1200, Perry Lorier wrote:
When you can plug your computer in, and automatically (with no clicking) get an IPv6 address,
Router Advertisements let you automatically configure as many IPv6 addresses as you feel like.
Remember that in XP, which Iljitsch recently cited to support his claim of "years of operating system support," you must click IPv6 into your configuration. It probably wants your XP install disc, or something like that. In my point of view, this does not cut the mustard for such words. Let's be clear: "There has been router and operating system support for years" is a statement which predicates that the World has no technical excuse for not running IPv6 globally edge-to-edge already. I think such a statement is fundamentally flawed.
This could be a fairly simple defacto standard if network operators start using it. This is an obvious weak link in the chain at this point tho.
Does this represent "years of router and operating system support?" My answer is "no."
once you have DNS you can use the WPAD proxy auto discovery thingamabob.
...if you also had your domain suffix (unless you are suggesting that there have been WPAD records at the root for "years"?). RTADV won't help you here (tho they keep talking about putting domain-search and nameservers in it), and neither will DHCPv6 as it turns out (it carries a domain-search list, but not "your domain suffix" which is more what WPAD should really want). This is not "years of operating system support." What has had "years of operating system support," is the unfortunate practice of acquiring option code 252 in DHCPv4.
and solve your dynamic dns problems (as IPv4 set top boxes do today),
Updating your forward/reverse dns via DNS Update messages isn't that uncommon today.
On Enterprise networks using GSS-TSIG, sure. On ISP networks, I think the only time end-hosts try to update their reverse DNS directly is when they're participating in a rather unfortunate, and unintentional, distributed DoS against the root servers. Which, oddly enough, you mention next. Actual reverse dns updates for end hosts (and not their NAT gateways) is relatively uncommon, owing to the fact that such end hosts generally are on RFC1918 addresses.
http://www.caida.org/publications/presentations/ietf0112/dns.damage.html
where hosts are trying to update the root zone with their new names.
I'm confused by what you're trying to argue. Are you suggesting that AS112 represents "years of operating system support for IPv6"?
So you can get from A to D without requiring DHCPv6.
...I hope you see that this is only so long as you require some clicking instead. This is all well and good for those of us who have sufficient growth (or equivalent feminine metaphor) on our chins, which we enjoy stroking thoughtfully while determining what all these "correct configurations" are. But I don't think "it works for bearded geeks" is setting the bar high enough when we use lofty words like "supported by routers and operating systems for years." -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
On 16-apr-2007, at 23:42, David W. Hankins wrote:
Router Advertisements let you automatically configure as many IPv6 addresses as you feel like.
Remember that in XP, which Iljitsch recently cited to support his claim of "years of operating system support," you must click IPv6 into your configuration. It probably wants your XP install disc, or something like that.
You have to enable IPv6. After that, stateless autoconfiguration takes care of your addresses and default gateway. No support for DNS lookups over IPv6, though, as far as I've been able to discern. But there are more operating systems than just Windows. Basic IPv6 support has been available in most of them since the early 2000s.
"There has been router and operating system support for years" is a statement which predicates that the World has no technical excuse for not running IPv6 globally edge-to-edge already.
That's an interesting way of putting it. I would concede that you can't reasonably run IPv6-only today, the DNS situation being an important reason for that. But if you want to run dual stack, and you're willing to get rid of some old stuff to accomplish that, you should be able to. I've been running IPv6 for years, literally longer than I can remember. In the beginning. I could only ping6 and traceroute6 from a FreeBSD box. These days, I ssh and ftp over IPv6, read and send email from/to my server over IPv6, I visit IPv6-enabled web pages and more, all with software that came with the system without specifically enabling anything. (On a Mac.) Some people even run IPv6 without realizing it. This is common at RIPE and IETF meetings and the like, where there is a conference network with one or more IPv6 routers. And the first home gateway that provides IPv6 connectivity out of the box has arrived in the form of the latest Apple Airport Express base station.
RTADV won't help you here (tho they keep talking about putting domain-search and nameservers in it), and neither will DHCPv6 as it turns out (it carries a domain-search list, but not "your domain suffix" which is more what WPAD should really want).
This is not "years of operating system support."
What has had "years of operating system support," is the unfortunate practice of acquiring option code 252 in DHCPv4.
Yes, despite the incredible level of IPv6 activity in the IETF some rather fundamental things never got the attention they needed. It reminds me of the situation with ISDN 11 years ago. Dial-up was pretty mature by then, and worked without much trouble. However, connecting to an ISP over ISDN was a nightmare of incompatible framings, hand-installing drivers and the like. However, the main issue was that there wasn't a generally accepted standard way of doing things. Once everyone settled on synchronous PPP and the drivers were tailored for that, it was smooth sailing. The same thing will happen for IPv6 DNS etc configuration once people realize that running dual stack isn't a long term solution.
participants (15)
-
Adrian Chadd -
Brandon Galbraith -
Christian Kuhtz -
David W. Hankins -
Gian Constantine -
Iljitsch van Beijnum -
J. Oquendo -
Joe Abley -
Joel Jaeggli -
Joseph S D Yao -
Leo Bicknell -
Patrick W. Gilmore -
Perry Lorier -
Scott Morris -
Stephane Bortzmeyer