[Info-vax] implementing IPv6 on the internet

[Dirk Munk]

John E. Malmberg wrote:
> On 9/20/2016 4:47 AM, Dirk Munk wrote:
>> This contribution is not about VMS, it is about IPv6 and the way it is
>> introduced.
>
> <snip>
>
>> That IPv4 address usually will also have some cryptic DNS name attached
>> to it, but since the address will be dynamic, the DNS name will also be
>> dynamic. To overcome this problem, you may register your router with a
>> DNS name of your liking at a dynamic DNS organisation like Dyndns. Your
>> router will take care that its WAN address is kept up to date at that
>> organization. However that DNS name is always an alias. Reversed name
>> lookup (address > DNS name) will never show the DNS name you choose, it
>> will always show the cryptic DNS name of your ISP.  After all he DNS
>> server of your ISP is the authoritative name server for that address
>> space, not the name server of your dynamic DNS organization.
>>
>> If you want to reach a device on your LAN from the internet, you address
>> a certain port number on the WAN address of your router, and by means of
>> port forwarding it will be translated to an IP address and port number
>> on your LAN. You will all be familiar with this concept.
>
> And every residential ISP I have had in the last 20 years in the U.S.
> has a Terms Of Service (TOS) absolutely prohibiting this type of access.
>
> And of those residential ISPs that also offer commercial service, the
> main difference in the TOS is that they allocate more e-mail addresses
> for a higher fee.  All public servers must either be rented from the ISP
> or another external service.
>
> Maybe it is different in your part of the world.
>
> A lot of people in the U.S. ignore the TOS and use the dyndns servers,
> which risks their ISP disconnecting them.  And in many parts of the U.S.
> there is only one broadband ISP available.
>
> That is pretty much the case for anyone that is not in a major city.
>
>> With IPv6 things are very different. First of all there are three kind
>> of IPv6 addresses (actually there are more). The first is the Link Local
>> address, it is present on very IPv6 enabled interface, whether or not
>> there is an actual IPv6 network present. It starts with fe80:: , and
>> these are non-routable addresses. Then we have the global IPv6 address,
>> it often starts with something like 2001::  . And then we have the
>> Unique Local Addresses (ULA), they can be seen as the IPv6 equivalent of
>> IPv4 private addresses. They start with something like fd00:: .
>>
>> Every device on your LAN will get at least one global IPv6 address. That
>> address will be used on the internet. If you want to reach that device
>> from the internet, you will have to use that IPv6 address, not the IPv6
>> address of the WAN port of your router.  It should also have a DNS name.
>> In fact it is good practice that every IP address on the internet has a
>> DNS name. That means every global IPv6 address (all IPv6 capable devices
>> on your LAN) should be registered with a DNS name at some DNS server.
>>
>> Which DNS server should that be? Very simple, the DNS server of your
>> ISP. It is the authoritative name server for that address space. Every
>> consumer should get his own (sub)domain there, and your router will be
>> responsible for adding the addresses and DNS names, that is the general
>> idea. You don’t want address spoofing etc, so it has to be done in a
>> very secure way.
>
> <snip>
>
> Again, since most of the the U.S. residential ISPs do not want to allow
> such access, it is unlikely that they are going to allow DNS
> registration of my local IP addresses.
>
>> The ideas are there, but nothing has been defined in RFC’s yet. You
>> can not buy any router that can do this, no ISP is prepared for this
>> massive task. And yet we are implementing IPv6 with consumers right
>> now, wonderful isn’t it?
>
> So for me and probably the majority of residential / small business
> users in the U.S., this feature of IP V6 will never be able to be used
> regardless of what ends up in the RFCs.
>
> The U.S. ISPs are not only not preparing for this, they are opposed to
> allowing that type of access, and they have put this in writing of the
> ToS document that most people do not read.
>
> These are the same ISPs that used to have a TOS that prohibited home
> routers for a long time unless you rented it from them.

Yes, it is very, very different over here. Any consumer can set up a 
server, no problem. If you are self employed, and you have your own 
little company, you can get a slightly different contract with better 
speeds and better service. It's not very expensive. Larger companies, 
schools, student homes etc. can get even faster fibre connections.

The ISP doesn't provide servers, if you want something like that, then 
there are enough other companies where you can rent server capacity. My 
ISP will only give you up to 5 email addresses and an internet connection.

We had the router problem too. However there is a EU directive that 
tells governments to set up legislation that will allow consumers to use 
their own equipment. The interface in your home is the passive 
cable/fibre connection of your ISP's network. It also applies to TV 
settop boxes etc. The ISP has to publish all details of their network 
connections, so that manufacturers can build proper consumer equipment.

Now keep in mind that access from the internet to your LAN is not 
limited to web servers etc. There can be TV cameras on your LAN allowing 
you to check what is going on at home. You may want to switch on the 
heating system or the air conditioning half an hour before you arrive 
home, You may have a NAS on your LAN, and you may want to safe or 
retrieve documents from it over the internet. And so on.

All these things require a proper network setup, and alas with IPv6 the 
IETF completely forgot to draft the proper RFC's.

>
> To change this would probably require either federal regulation or a
> strong threat of federal regulation.  And based on the past history of
> that, it looks like the residential ISPs currently have the upper hand
> in the lobbying, so even that is unlikely.
>
> Current practice of the IofT is for the device to contact a server in
> the cloud at a known name.
>
> Regards,
> -John
> wb8tyw at qsl.net_work
>