Slashdot over IPv6 248
fuzzel writes "Even though Slashdot has run a number of articles about IPv6 (1|2|3) it apparently isn't reachable over IPv6 directly.
But for the people that do already have IPv6 they can use http://slashdot.org.sixxs.org and they will be automaticaly gatewayed. This trick works for most sites by simply appending .sixxs.org to the domain part of a url, eg http://www.google.com.sixxs.org, the gateway will the rewrite url's to have it appended automatically so that everything goes over IPv6. Full information is available on http://ipv6gate.sixxs.net. Oh and yes if you don't have IPv6, those domains under sixxs.org won't work :)"
Slashdotting... (Score:3, Informative)
Multicast? (Score:1, Informative)
How about a nice, standard way of foing multicasting within the IP-stack? Sounds good to me!
oh... And the internet is running short of adresses. That might turn into a problem ofcourse :)
Re:I'll guess I'll admit it.. (Score:5, Informative)
Re:I'll guess I'll admit it.. (Score:5, Informative)
IPv6...
-
-
-
-
-
-
-
-
-
See also:
IPv6: The Promise, The Problems, The Protocol [extremetech.com]
RDC 2373 [rfc-editor.org]
Re:I'll guess I'll admit it.. (Score:2, Informative)
For one thing I've understood that IPv6 will make routing possible without keeping track crazy amounts of addresses in huge routing tables. IPv& addresses are hierachical, and in a simplified sense work something like this:
country.state.city.area.house.etc.etc...
NOTE: this is not the actual layout... I don't remember the details. But the point is a backbone router only needs to look at the start of the address, and then send the packet "in the right direction" so to speak. The same thing applies longer down the chain.
Would someone who is more enlightened care to explain this in an official manner?
Re:Damn. (Score:5, Informative)
Use a tunnel broker. It lets you tunnel ipv6 connections over ipv4 to another endpoint. Two of the most popular are Freenet6 [freenet6.net] and Hurricane Electric [he.net]. Hurricane Electric requires a static ipv4 IP, but Freenet6 works with dynamic IPs.
Tunnel Brokers (Score:5, Informative)
These work by creating a ipv6 GIF tunnel over ipv4, to a server which has either further tunnels to the 6bone or native connectivity. Once you have this setup (and its preety easy to do on Linux, Windows, and very easy to do on the BSDs) then any ipv6 traffic can be routed automatically. This way you dopnt need to use a gateway, and you can use pretty much any app over ipv6, including ftp, ssh, www, email etc.
Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker, who gives you a
Re:IPv6 today? (Score:5, Informative)
Re:I'll guess I'll admit it.. (Score:5, Informative)
The only solution available to provide Internet access to the hosts on the LAN was to use a private non routable subnet and to masquerade it behind the edge router. NAT also allowed some of these hosts to expose services to the outside world. But this solution has a major drawback : it breaks end to end connectivity and thus complicates the offering of many services that the Internet was meant for. Used like that, NAT is an evil kludge.
IPv6 provides a way out. There certainly are many other advantages in the use of IPv6, but end to end connectivity for the masses is what could have the deepest impact. Think about is : when every single workstation has a routable IPv6 address, everyone will have the potential to serve. This is is what the Internet was meant to be, and actually was in the early days.
Re:IPv6 - Chicken and egg ? - no! (Score:5, Informative)
US Alternative Tunnel Broker (Score:5, Informative)
>who gives you a
Great! And for those of us in the States (especially California), Hurricane Electric offers a free tunnel broker [tunnelbroker.net] with these characteristics that I would recommend [slashdot.org].I have been using it for more than 6 months, and find it quite stable. You do lose your /64 if HE can't ping you for 24 hours, but a new one is only a mouse click away. And what kind of geek would leave their computer inaccessible for that long anyway? ;). Initial activation does take a day or so.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner [insecure.org]
Ipv6 is great (Score:5, Informative)
Re:I'll guess I'll admit it.. (Score:5, Informative)
Actually, this is done with IPv4 now as well. Originally, IPv4 was split into Class A,B, and C networks. Class A networks were larger blocks of addresses than Class B and C. Class A networks were allocated pretty quickly. So all there are left are Class C network blocks.
If an organization gets a Class C network block, they have to use stuff like NAT and subnetting to uniquley identify each machine in there network and make routing manageable.
These Class C network blocks are dished out geographically now. But the Class A network blocks that were dished out earlier are not being utilized well, because organizations don't have enough machines to fill them out.
That's a pretty shitty explanation. Partly because I forget the number of bits in an IPv4 address that identifies the network and the number that identifies a host. So I can't come up with a good example. But my IPv4 address looks like so: 142.179.xxx.xxx (I'm not gonna give you my exact address)
And my subnet mask: 255.255.248.0
So my (Class C) network is (probably) identified by the first 21 bits. (If my conversion is correct).
Re:Tunnel Brokers (Score:2, Informative)
Re:IPv6 today? (Score:4, Informative)
An IPv6 address is 128 bits long. Of these 128 bits, 64 bits are reserved for the host part. Usually it's a somewhat mangled version of your ethernet MAC address (a router will broadcast a prefix, and client machines will simply append the mangled version of their MAC to the prefix -- this is called autoconfiguration).
This means you need a /64 subnet on each segment.
Usually providers will assign you a /48 addressspace, giving you roughly enough space for 65000 subnets.
Of course these addresses are routable: you don't need NAT and your machines are reachable from the internet.
Re:'Have' IPv6??? (Score:5, Informative)
OS and applications. Many operating systems already do support IPv6, as do many applications (Mozilla does, at least, as does many IRC clients because there's distinct benefits.)
Router/ISP level support is Nice To Have, but there are tunneling servers [freenet6.net] that enable IPv4 sites to talk IPv6.
As far as setup woes go, my setup was as easy as 'apt-get install freenet6' =)
Re:'Have' IPv6??? (Score:2, Informative)
You could also tunnel IPv6 over IPv4, so two ends could communicate using IPv6 in a v4 network.
Or, you could use a gateway, like sixxs.org. There is some info in the link [sixxs.net] supplied in the article, but if you want the big stuff, please RTFRFC [rfc-editor.org] 2460!
HTH!
Re:Stupid question... (Score:2, Informative)
IPv6 Quick links.. (Score:1, Informative)
http://www.ipv6.org/ [ipv6.org]
IPv6 for Windows:
http://www.microsoft.com/ipv6 [microsoft.com]
http://research.microsoft.com/msripv6/ [microsoft.com]
IPv6 for Linux:
http://www.bieringer.de/linux/IPv6/ [bieringer.de]
IPv6 for Mac:
http://lists.apple.com/mailman/listinfo/ipv6 [apple.com]
IPv6 for Java:
http://java.sun.com/j2se/1.4/docs/guide/net/ipv6_
Re:IPv6 today? (Score:2, Informative)
2. What if you want to run a service on the same port on multiple machines. With NAT you can only forward a port to a single machine. With fully routable, there are no problems.
3. What if you NAT an office and some idiot is poking around other peoples networks. With NAT, all you know is that the connection came from your office. With fully routable IPs you may be able to tell whos machine was the culprit.
These are just three. There are many more...
MacOS X and IPv6 and other OSs (Score:5, Informative)
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MUL
inet6 fe80::230:65ff:fed6:b164%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:30:64:d6:b2:64
media: autoselect (100baseTX <full-duplex>) status: active
From what I can tell MS-Windows is still a little behind, as can be seen from this page [microsoft.com]. As for other OSs I am not aware of their support status. If you do know, a reply to this post would be handy to most.
Re:Why the Weird Gateway? (Score:2, Informative)
I think it is still considered "beta" so-to-speak.
Re:IPv6 Quick links.. (Score:4, Informative)
Stop the madness! (Score:5, Informative)
For starters, classful routing on the Internet has gone the way of the Dinosaurs, and good riddance. CIDR saw to that (Classless Inter-Domain Routing), and when BGPv4 became the standard, all was right in the world (Because it implemented CIDR, by carrying Netmask along with the route entries).
In casual conversation today, we still use terms like Class B, or Class C address space, but they don't refer to the actual Classful network boundaries of yore. Today, when someone refers to a Class C address space, they simply mean a 24-bit address space. Likewise, a Class B means a 16-bit (/16) address space.
You say your netmask is 255.255.248.0. This represents a larger address space than a Class C, which has a mask of 255.255.255.0 (or /24).
Your address space is the aggregate of 8 Class C networks. Your network is configured to utilize the first and second octets, and the first 5 bits of the third octet as the network address, leaving the remaining 3 bits of the third octet, and the entire fourth octet as the host address.
That represents a network segment consisting of up to 2048 hosts (Ok... 2046 since you toss the first and last as the network address and the broadcast address.).
In short, your network engineering staff ought to be shot, because damn, that's a really big subnet. There's just no good reason to have that many hosts on a segment.
It's possible that you guys don't have anywhere near that many hosts, but if you do, without even looking, I can tell you that your network is a bit of a show. I hope you have your highly-loaded servers on their own segment, because the number of broadcasts must be tremendous. Even in a switched environment, those broadcasts must be propegated everywhere, and every machine in the network has to stop briefly to examine each and every one.
Your organization should look at some Layer-3 segmentation...
Re:I'll guess I'll admit it.. (Score:1, Informative)
Remember, --state ESTABLISHED,RELATED means that you're protected by exactly the same connection tracking code as you are with NAT. And, by eliminating NAT, you're no longer breaking the end-to-end nature of IP.
Sorry to tell ya : NAT is virtually DEAD ... (Score:1, Informative)
Having no NAt under IPv6 does not prevent you from having a Firewall. But because there is no more trouble with not routable services, DMZ address plan, etc
IPv6 do sign the end of the NAT. And no, this is no good reason a NAT should be kept on a LAN if you can go IPv6. NAT was just build to solve several IPv4 issue regard adress plan and IP shortages
Re:Tunnel Brokers (Score:3, Informative)
thats 18,446,744,073,709,551,616 distinct ips
Great. Every goddamn atom in your computer has its own bloody IP address. Tell me again why this is important?
It means that every subnetwork in your site can have the same size network. By convention, end customers ("subscribers" is the ipv6 term) are assigned a
To put it in more familiar IPv4 terms, imagine if there were so many IP addresses available that even the smallest sites could be given a class B. Now instead of having to subnet your network into efficiently sized CIDR blocks (eg, the lab upstairs gets 10.123.5.224/28, the billing dept gets 10.123.5.128/27, tech supports dept gets 10.123.5.32/29), you can just say everyone gets a class C (eg, the lab upstairs gets 10.123.5.x, the billing dept gets 10.123.6.x, tech supports dept gets 10.123.7.x). Much easier for humans to work with that way.
To put in in IPv6 terms again, every site gets assigned a
There's also the autoconfiguration thing (host addresses can be assigned based on their NIC hardware addresses, since the IPv6 subnet space is bigger than ethernet address space)...
Re: Tunnel Brokers (Score:3, Informative)
Re:I'll guess I'll admit it.. (Score:1, Informative)
Not completely, as NAT also removes information about the NATted network. How many hosts are there? Which of the hosts behind the firewall is this?
NAT is also partly a privacy tool, which (at least) gives the feeling of better security. Not just filter our the packets that don't seem related to an established connection, but also filter out all information that the receiver does not absolutely need.