[Info-vax] implementing IPv6 on the internet
Dirk Munk
munk at home.nl
Sun Sep 25 04:22:59 EDT 2016
Chris wrote:
> On 09/24/16 20:42, Dirk Munk wrote:
>
>>
>> Yes, they will coexist for some time. However, no one wants to maintain
>> a dual stack network for any longer then necessary, and no one wants to
>> build applications that support two stacks for any longer then necessary.
>>
>> So it's my guess many companies will go for the Facebook approach, IPv6
>> only on the internal network, only dual stack systems for the internet
>> facing systems.
>>
>
> Much of the last few posts is hypothetical anyway. V6 is needed
> for the future. However, the idea of a unique address for every
> device connected to the internet does look quite restrictive in
> terms of subnetting and fine grained control of addressing within
> an organisation.
No it does not, on the contrary. I'll try to explain this once more.
- A standard IPv6 subnet to connect devices to, is a /64 subnet. It has
a 64 bit addresses space. The whole IPv4 internet has a 32 bit address
space (4 billion addresses), so one simple IPv6 subnet has 4 billion x 4
billion possible addresses.
- Normally every *consumer* will get a /56 address space, so every
*consumer* can build 256 subnets.
- Small businesses should be able to get a /48 address space, that is
enough for 65536 subnets. Some ISP's also hand out /48 address space to
consumers, based on older standards.
> At present, I can define a mix of fixed or dhcp
> addresses
The standard way of assigning IPv6 addresses is by using SLAAC (by which
a device constructs its own IPv6 address) or DHCPv6. Normally you do not
give a system a fixed address by configuring it on the device itself.
That is considered bad practice with IPv6. Don't forget that DHCP has an
enormous list of options that you can use to configure the IP stacks.
Think of DNS servers, default gateways, NTP servers, SNMP servers, WINS
servers, default printers, and so on.
> or define subnets in a short space of time and it's rock
> solid reliable.
- So it is with IPv6
> Nat and port forwarding are very fine grained and
> allow isolation of subnet address groups and forwarded ports, which
> is very good for security.
- With IPv6 you can regulate access by using the actual global IPv6
address of a device, plus the port numbers. If you have two web servers
on you LAN they both can be accessed over port 80 from the internet, no
need to use another port number on the WAN port of the router because
port 80 has already been taken. Very clear and straightforward, no need
for translations, and just as secure.
>
> For V6, there is also the problem of installed base of V4 kit and
> existing topology at subnet level, which will be very expensive to
> upgrade and to retrain staff to manage.
- IPv4 only kit isn't the most modern stuff. It will have to be replaced
any way over the coming years. Of course staff has to learn, learning
new things is essential if a company wants to stay competitive.
> It's not a zero cost game,
> which is why overall adoption has been very low.
- No, it is rare because these days most managers think in three month
periods, they have no long term vision.
> While it may be
> common in the rarified atmosphere of tech companies, it's still
> pretty rare elsewhere afaics. Offering no particular advantage over
> V4 for many applications, it's easy to see why that is the case.
> Thus, V4 and 6 will coexist for the forseeable future.
>
- That is exactly the limited view that is causing so much economic
damage. The internet should have been 90% IPv6 by now, it isn't.
Companies needing a lot of internet addresses can only use IPv6, many
customers can not reach those companies. That is very bad for economies
like China and India, and thus for the world economy!!
- There was an Australian web hosting company with many organizations
behind one IPv4 address. One of those organizations was fraudulent, so
its IPv4 address was blocked, also blocking all other organizations.
> As for all the talk about NAT and port forwarding being full of
> problems and difficult to set up, just shows the lack of knowledge
> in that area. It's been a run of mill standard technique for a
> decade or more, that any it pro worthy of the name should be
> familiar with...
>
- I really don't care about IPv4 and NAT, except for historical reasons.
NAT has nothing to offer me that IPv6 can't do in a more modern and
straightforward way.
> Regards,
>
> Chris
More information about the Info-vax
mailing list