Slashdot Log In
IPv6 Essentials
Posted by
samzenpus
on Mon Oct 02, 2006 03:05 PM
from the we-fear-change dept.
from the we-fear-change dept.
Carla Schroder writes "IPv6 is halfway here, so network administrators need to learn their way around it whether they want to or not. Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good. And, there is more to it than just increasing the pool of available addresses. IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses, such as built-in IPSec, simplified routing and administration, and scalability that IPv4 simply can't support. We're moving into gigabyte and multi-gigabyte backbones, and high-demand real-time services like voice-over-IP and streaming audio and video that require sophisticated QoS (quality of service) and bandwidth prioritization. IPv6 can handle these, IPv4 can't." Read on for the rest of Carla's review.
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
IPv6 is halfway here (Score:4, Funny)
Re: (Score:2)
QoS (Quality of Service or crap for customers?) (Score:4, Insightful)
Re: (Score:2, Funny)
Re: (Score:2, Interesting)
That being said, we were a local area ISP. Now for big providers, as long as you pay for it (and the service contract covers it), you should receive your bandwidth, IMHO; I do agree that they probably do the same thing in order to conserve b
Re: (Score:2)
Unfortuneately, once you have effective QoS with differentiated services that will mean
Re:QoS (Quality of Service or crap for customers?) (Score:5, Informative)
As a cable company, their traffic looks no different then Jo Shmoe next door torrenting the latest Back Door Betty DVD. So we CAN'T apply QOS to that traffic. We don't throttle it down OR up. We just let it go, and rely on the subscriber to know how to set up QOS on their equipment to maximize problems caused by their INTERNAL network.
However, VoIP services such as those offered by Time Warner, Comcast, and actual ISPs CAN be prioritized because the MTA in the customer's home gets it's own IP address, and we know all traffic from that block of addresses is VoIP, and thus gets priority!
Full Disclosure: Time Warner Cable Tier 3 Technician here.
Parent
Re: (Score:3, Interesting)
Just a question, since you're on the inside. How feasible would it be to allow the customer to specify, say, 1% to 5% of their total bandwidth as QoS packets by setting the QoS flags in the IP header? That way they could use any service they wanted, whet
Re: (Score:2, Informative)
Re: (Score:3, Informative)
There are already accepted standards for how to do flag packets has having higher priority. From the IP spec:
Type of Service
The type of service (TOS) is for internet service quality selection.
The type of service is specified along the abstract parameters
precedence, delay, throughput, and reliability. These abstract
parameters are to be mapped into the actual service parameters of
the particular networks the datagram traverses.
Precedence. An independent measure of the i
Re: (Score:3, Interesting)
By that same argument, I could tunnel WoW data instead of audio data from a VoIP IP number and do the same thing. Either you trust that the data you think should be high priority actually should be or you don't. You can't have it both ways.
In the end, you have to trust that the kernel in commercial OSes will set reasonable packet priorities for different types of traffic. While there might be occasional people who find ways to abuse this, the only alternative to this trust is to not do any QoS at all.
gigabyte and multi-gigabyte? (Score:2)
gigabytes and gigabit are two completely different things
Re: (Score:2)
Yes. That was the first thing I noticed in the summary.
Only things mising: blood, sweat, tears, and $$$$ (Score:3, Insightful)
And someday Britney will learn to sing and parent, and all rappers will go sign up as sunday-school superintendents.
In the meantime, the folks at the end of the ISP wires will have to spend kilo to megabucks on hardware and software upgrades, not to mention training themsleves, and training the users. Think of the millions of linksys home routers and wireless access points that will haev to be tossed out or reflashed! THink of all the books with xxx.xxx.xxx.xxx ip addresses that will be obsoleted! Lots of frustrated human-hours, even if the IP6 world will run as smoothly as the book suggests.
Re:Only things mising: blood, sweat, tears, and $$ (Score:3, Insightful)
I think it probably solves other weaknesses in IPv4 -- spoofing and some other cracker-ish issues that are difficult to mitigate against in IPv4.
I think, though, that it's a little like alternative fuels -- we know they're good for us, but nobody wants to bother with them until we have to.
Riiight... (Score:2, Funny)
Will it be here before or after viable fusion? What about DNF?
Am I just being overly simplistic... (Score:2)
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
I will say that V6 certainly seems to have its advantages, but I've tried (and failed) to learn its structure based on reading Lord only knows how many existing FAQs and white papers.
As far as the time frame goes: I'm s
Re: (Score:2)
Re: (Score:2)
eg. you have 1.2.3.4, use a NAT router, and 'ipv4++' you get 1.2.3.4.0.0
The advantage is nobody needs to learn a new addressing scheme, the routers don't need to be changed (you keep the packets compatible) so it's dirt cheap to implement.. That's the big problem with ipv6 - no sane transition plan.. everyone needs to upgrade their routers overnight and it just aint gonna happen (you cannot buy a consume
Re: (Score:2)
Re:Am I just being overly simplistic... (Score:5, Insightful)
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
As I understand it one of the main reasons IPV4 wasn't just extended in address space was because routing becomes too difficult with such a large address space, so you need to build routing into the protocol. There's also some very cool features of IPV6 like multi-casting that's been very poorly supported under IPV4. This would allow things like broadcasting internet based TV without multi-gigabyte connections.
When the day comes that said ISP calls me up to tell me "Hey, we're changing over to IPv6 at the end of the month (or year, or whatever), so you need to be ready for it," THEN I will start worrying about how to implement it.
That'll probbably never happen (or at least not for 20 years maybe). IPV4 isn't going away, what'll happen (someday) is your ISP will one day support IPV6 and you'll be able to get an IPV6 IP address. No one is going to call you up, you'll probbably have to call them up and ask if they're supporting it.
Until then, V4 and NAT are working perfectly well for me, thanks.
Well, I'm sure horse and buggy owners thought that horses were perfectly good transportation when the car first came out too. There weren't many paved roads, the things were expensive, and took special fuel to run them where horses just ran on oats. It's often hard to see the advantages of a new technology before it's hit the mainstream.
Parent
NAT is the IPv4 version of segmented memory (Score:5, Interesting)
Back in the day, the 8080 architecture had 16-bit addresses, which limited you to 64 KB of memory. The 8086 used segement registers to allow 16-bit registers to address up to 1 MB of memory. But data structures were still limited to 64 KB unless you were willing to slow down your access time by a factor of four or more, and sharing data between code running in different segments required even more jumping through hoops. NAT allows more devices than IPv4 can address to communicate with central servers that aren't running NAT, but setting up P2P between systems that are both using NAT is damn near impossible.
Good-bye, IPv4, and good riddance.
Re: (Score:2)
OTOH with network devices 99.99% of them simply do not need to be accessed remotely - NAT is fine for them, and presents zero issues.
IPV6 has NAT, btw. It's an essential part of network infrastructure and is not going away. It's required to hide the real addresses from the world
Re: (Score:2)
I somewhat disagree with this for reasons you will see in the future. *Current* use of network devices do not require remote access, so to a degree, you're pointing to the symptom to justify the cause. Examples include appliances with health checking connections to the service departments, a personal authentication server which maintains the private info you might like to sele
In other news... (Score:3, Funny)
Re:In other news... (Score:5, Funny)
What will happen first?
Parent
QoS not needed or wanted on the Internet (Score:4, Insightful)
The only place packet prioritization and traffic shaping should take place is on private networks, where QoS can be guaranteed. Services such as VOIP and IPTV would ideally be offered over these ISP local networks at an additional cost. This is not to say that VOIP over the Internet impossible, but it should not have an unfair advantage over other Internet traffic.
The only place where things break down is in the last mile, where ISPs are selling bandwidth that does not exist. In this case, something has to give, and so they must implement unfair prioritization schemes. The obvious solution is to honestly advertise minimum guaranteed rates instead. This makes it possible to prioritize a customers own traffic as the customer wishes without affecting others. (For example, if you want VOIP prioritized to the ISP local VOIP network.)
Of course, such a scheme would still allow different speed grades, and excess capacity to be utilized. It can not be emphasized enough though that prioritization has no place on the Internet itself.
Re: (Score:3, Informative)
This is grossly untrue. If I am downloading a DVD image, and using ssh at the same time, I want to tag the download packets as "low priority" and the ssh packets as "minimum latency". The internet routers can then queue packets according to my wishes, and my service is greatly improved.
Just because it's possible to abuse prioritisation does not mean that it has no valid applications.
ipV6 is not here (Score:2)
No increased address space on the net until the ro
Re: (Score:2)
The spam problem is probably solveable, but not with SMTP.
What is the "killer app" for IPv6? (Score:4, Insightful)
Until we have something that everyone wants and ONLY works with IPv6, we're not going to switch. That "thing" might be here today, but it seems we're all unaware what it is.
Sure, there may be things that are better, but I can do all of the things IPv6 can do with IPv4 and a slew of extra services that I'm already familar with (VLAN or service-based QoS, NAT, DNS, DHCP, etc).
I for one REALLY want IPv6 to get here, but the people who make my software and pay for my equipment won't change until they need to.
No thanks (Score:2, Interesting)
IPv6 is halfway here
In other words, it's not here. Just as always.
so network administrators need to learn their way around it whether they want to or not.
I'm a system and network admin and I haven't needed to learn my way "around" it. Unless by that you mean, to "turn it off whenever possible". Which I do. Just upgraded some FreeBSD machines and made sure all the IPv6 stuff wasn't built.
Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even
IPv4 isn't going anywhere (Score:2)
Re:IPv4 isn't going anywhere (Score:4, Insightful)
Parent
Re: (Score:2)
Address space is too wide (Score:3, Informative)
Why? Simply: MAC addresses are only 48-bit, or 64-bit if everyone were to switch over EUI-64 [ieee.org]. IPv6's 128-bit size is a lot larger. There are 281474976710656 MAC addresses, 18446744073709551616 EUI-64 addresses, and 3.4e38 IPv6 addresses.
So, IPv6 is approximately 1208925819614629174706176 times larger than the MAC address space.
If you need help visualing this, here are the address space sizes padded with 0s in a monospace font. A space has been added in the middle to prevent
Re: (Score:2, Troll)
See, there's this thing called The Internet, and Google, and AOL, and CNN are all on it. We all agree that that thing is called the Internet.
On IPV6, there's nobody.
IPV6 is just a misnomer. It should be called "Really big addresses" or something like that.
By c
Re: (Score:3, Funny)
Re:And... (Score:4, Informative)
Parent
Re: (Score:2)
Seriously though the amount of terms and knowledge lost in RFC's and ignored by the self appointed "gurus of the internet" is sad.
At least the IPv6 is ready for the day we run out of IPs which will be upon us sooner than some zealots say. But the simple fact is you never need to go to V6 unless you want an IP that's v6. The theory is v6 will still remain mostly v4 compliant. The infastructure is being update for the switch over and that's all that matters
Re: (Score:2)
Re: (Score:3, Insightful)
Tell them that they won't be able to access resource N (Slashdot, YouTube, whatever) unless they switch over.
How are you going to change all that software?
The software is mostly changed already. The majority of that is done below the level that your typical implementation requires it to be accomplished at. There are notable exceptions, but the parts that need changing are usually very small libraries at the bottom of the application.
Why would yo
Re: (Score:2)
I'm sorry, you weren't there. RFC 791 nor IEN 21 mention IPV4 or IPV3 respectively.
RFC 791 refers to a interface that was _also_ the on-wire format in many situations. The "Version 4" is about as version-foury as 802.11 is "version 11 of link protocol 802".
Nevertheless, DARPA's Internet program isn't what we're using. We're using The Internet, this thing that people promise is running out of addresses. Calling it an extension of TCP Version
Re: (Score:2)
ipv6 seems to be going backwards in fact, with the closure of the vast majority of tunnel brokers & no sign of any ISPs planning adoption (and many (most?) not supporting the anycast address any more). If it's halfway there it's facing in the wrong direct
Re: (Score:2)
Yuk. Security, transparent roaming, buzzwords. And QoS? That acronym always brings me out in a rash.
Simple fact is that no one cares that IPv6 is better, or that some people think it's better. My ISP isn't using it, neither is any other ISP I know and I know of no one who is using an IPv6 supporting device like an access point or something and I know of no
Re: (Score:2)
Yes. ISP's are looking at this. In fact, there's a conference this weekend that's all about how to create a migration strategy to IPv6.
And yes, I'm going. I've already got my IPv6 Essentails book, and my laptop is a nice dual-boot linux and winxp. I'll be able set up IPv6 in about 5 minutes, and run a test node happily.
And when I get back to work, I'm planning on setting up a nice test lab with a handful of routers and a couple of linux servers, just so the rest of the engineers and planners can
Re:You are completely retarded. (Score:4, Insightful)
IPv6 is more secure because communications within a subnet use a special address coding that (a) can never leave the subnet (b) can never be introduced from outside the subnet, and (c) can be positively identified as coming from inside the subnet. IPv6 has other security features, but this one all by itself blocks a couple of categories of intrusion technique.
QoS has a single field in IPv4 that has no implementation attached to it, and is thus implemented as an afterthought in a collection of vendor-specific ways. Saying it has QoS is kind of like saying that your house comes with a jacuzzi because there's a place out back where you can put one and plug it in. IPv6, on the other hand, has a full standard implementation associated with it.
Um, IPv6 IS at the network level. Duh. Are you talking at the hardware link layer? That's only supposed to connect one device to the next, not keep track of network topology. Roaming isn't tunneling either - the old address actually replies to a packet letting it know where it should send the information to, thus making the switchover quick, transparent, and very, very lightweight.
IPv6 autoconfiguration is STATELESS. It doesn't require a server to figure out what addresses it has available, which ones it's handed out already, which ones have expired, etc, etc. DHCP is nice, but it requires maintenance. You can tell me how easy DHCP is to configure all day long, but it'll always be tougher than none at all.
Parent
Re: (Score:2)
Re: (Score:3)
Actually... (Score:3, Informative)
Actually, your MAC address, which is a globally unique identifier, forms half of your IPV6 address [wikipedia.org] unless you do something unusual to avoid that. So it is a very valid privacy concern.
The AOL search data episode showed how easy it is to unmask anonymity when all you have is a bunch of URLs coming from the same unique anonymous identifier. IPV6 increases the risk of this kind of aggregation of supposedly anonymous activity.
When IPV6 is here, C