|
|
Subscribe / Log in / New account

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Linux.com has a tutorial on how to participate in the IPv6 trial being run by Comcast, a major US ISP. "In phase one of their trials they are relying on the tunneling mechanisms 6to4 and more recently 6RD (Rapid Deployment). Comcast has 'open sourced' its solution based on OpenWRT if you happen to have a router supported by OpenWRT. I do not, so like any self-respecting Linux geek, I set out to do it with a Linux box. I found the documentation for doing so difficult to find."

to post comments

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 18:44 UTC (Wed) by daniel (guest, #3181) [Link] (39 responses)

Waiting with breathless anticipation to see who is satisfied/unsatisfied by the experience. Ought to be a great clue whether the IPv6 parrot is just pining or actually dead.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 19:44 UTC (Wed) by ballombe (subscriber, #9523) [Link] (4 responses)

You do not have to wait. A major French ISP have provided IPV6 support for two years at least and it did not feel the need to do a trial. DHCP just give you both an IPV4 and an IPV6 address.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 20:35 UTC (Wed) by mbizon (subscriber, #37138) [Link] (2 responses)

Actually, we (I work for this ISP) use standard ICMPv6 router advertisements for IPv6.

DNS on IPv6 (was: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com))

Posted Oct 20, 2010 22:20 UTC (Wed) by cesarb (subscriber, #6266) [Link] (1 responses)

Out of curiosity, what do you use for the recursive DNS? RDNSS on the RA? DHCPv6? Or just let people use the IPv4 DNS server from DHCPv4?

DNS on IPv6 (was: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com))

Posted Oct 20, 2010 22:27 UTC (Wed) by mbizon (subscriber, #37138) [Link]

Both RDNSS and DNS from DHCPv4 are usable.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 23:41 UTC (Fri) by sybille (guest, #47093) [Link]

FWIW, I've been using the ipv6 service from what I presume is the French ISP in question since it was available, with no issues. DHCP gives ipv4 and ipv6 addresses, as noted. No additional configuration has been required, unless I've forgotten something I did initially. The Ubuntu frontend to iptables, ufw, works fine as well, as do the various network tools I've needed (ping6, tracepath6, etc.)

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 21:05 UTC (Wed) by lutchann (subscriber, #8872) [Link] (32 responses)

IPv6 dead? I think not--we're out of IPv4 addresses and There Is No Plan B.

Comcast's 6rd trial stuff works fine, although your experience will depend on where you're located. Right now they only have 6rd relays in Denver and Philadelphia so all your IPv6 traffic will get hauled back to one of those sites before it hits Comcast's IPv6 backbone. The added latency to the relay combined with the fact that they only assign /64 prefixes to 6rd sites means that most users with an IPv6 need are probably better off with a Hurricane Electric tunnel for the time being.

That said, I've been using Comcast's 6rd relay for a while and it's been solid. I'm sure they're currently seeing very little traffic from most users, but that should change once they start serving AAAA for Google services.

The real show will start once they roll out native IPv6 service on DOCSIS. IPv6-over-IPv4 tunnels are old news.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 22:20 UTC (Wed) by zlynx (guest, #2285) [Link] (3 responses)

I fail to see the point in complaining about "only" getting a /64.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 22:40 UTC (Wed) by lutchann (subscriber, #8872) [Link] (2 responses)

Due to certain design features of IPv6, a /64 is the shortest prefix that can be assigned to a broadcast link. If you need more than one link in your home or business, you need your ISP to delegate you a prefix shorter than /64.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 5:50 UTC (Thu) by jengelh (guest, #33263) [Link] (1 responses)

For stateless autoconfiguration using NDP I can see why one would need a /64, but are there other reasons besides it?

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 13:07 UTC (Thu) by lutchann (subscriber, #8872) [Link]

Yeah, SLAAC is broken for sure, and some DHCPv6 implementations refuse to run with any link prefix other than /64. If you do manual address configuration, it'll probably be fine.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 2:40 UTC (Thu) by neilbrown (subscriber, #359) [Link] (27 responses)

> IPv6 dead? I think not--we're out of IPv4 addresses and There Is No Plan B.

Surely it says something very sad about IPv6 that the only reason it is still alive is that there is no plan-B.

And you can bet there is a plan B. I'm sure the major telcos have carrier-grade NAT ready to roll out just as soon as they cannot get new
IPv4 addresses any more. It would be commercially foolish not to.

Sure, NAT is not a 100% solution, but it is good enough for web browsing and email, which is what an awful lot of IPv4 addresses are for. VOIP works fine as long as you use your ISP's voip service... Makes it even more commercially sensible.

Prediction: IPv4 addresses will become a tradeable commodity before IPv6 replaces much of the installed IPv4 base. Then we would find out what they are really worth! What would you pay per-month for an IPv4 address?

(I actually *like* the fact that my home network is behind a NAT and can only be reached through my VPN).

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 3:03 UTC (Thu) by foom (subscriber, #14868) [Link] (1 responses)

> (I actually *like* the fact that my home network is behind a NAT and can only be reached through my VPN).

I'd bet what you really *like* is that it's behind a central firewall. That your firewall also does NAT is a bit unfortunate, as it just makes it more difficult to poke any desired holes in it. There's no security benefit in NAT.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 12:34 UTC (Thu) by drag (guest, #31333) [Link]

Yes.

All the security benefits you can get through NAT can just as easily be gotten without NAT. Just put a firewall on your network gateway and that is it. If you want it to behave similar to NAT then just set it up so that the only connections allowed to reach your hosts are ones initiated by your hosts. (of course most NAT firewalls are more complicated then that a bit because of the need to have some higher-then-level-3 awareness to deal with some of the multitude of protocols that don't work well with NAT, but I hope that I got the idea across)

Plus if anybody remotely cares about having a future open internet is going to have to be behind the push for IPv6. The reason is that ISPs are now starting to be forced to use multiple levels of NAT to provide network services for their customers due to the lack of IPv4 address space. This eliminates the ability for people to communicate in a peer to peer fashion, independent of third party centrally hosted services.

Sticking to IPv4 and relying on NAT will really turn the internet into a service-only network similar to television broadcasting or traditional telecommunications networks.

This is something that really cannot be allowed to happen.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 9:03 UTC (Thu) by tialaramex (subscriber, #21167) [Link] (9 responses)

“Prediction: IPv4 addresses will become a tradeable commodity before IPv6 replaces much of the installed IPv4 base. Then we would find out what they are really worth! What would you pay per-month for an IPv4 address?”

This element of the transition is sometimes called "regime change" because it involves a change in the RIR allocation regime. You are correct, in a limited sense, that you will be able to arrange to transfer addresses. RIRs will (for a fee) arrange to update the allocation records once exhaustion occurs. Obviously you would have to negotiate (perhaps in an open market, perhaps behind closed doors) for the other party to be willing to transfer their existing allocation.

However that will only be for large aggregatable blocks (maybe a /24 but quite likely larger) because otherwise they aren't routeable. Unlike IPv6, which has already been deployed on a wide scale in production, this "market of IP addresses" is untested. If your business depends on it then you are in a rather uncomfortable position, such a market may never actually emerge in production scale, or the price may be far higher than you anticipated (consider, the legal overhead alone of agreeing such a deal could make a /24 cost many thousands of dollars, while your competitors have obtained all their addresses for free)

It doesn't say anything sad about IPv6. Businessmen would like things to continue as they are, long after that ceases to make sense. That's a commercial reality whether you're installing asbestos home insulation, delivering goods by horse and cart or selling worthless securities. No conceivable protocol to fix the address exhaustion problem (nor "tweak" to the existing IPv4) could have done better than IPv6 has in this environment.

Everybody who actually cares already migrated to dual-stack. Whole businesses, entire systems. But they represent a tiny, informed, minority. Some people's experience will be that their ISP mysteriously goes out of business after introducing new "better" service (the carrier grade NAT you're so enthusiastic about) and losing all its well informed customers to an ISP still actually providing Internet service. Most countries now have at least one home ISP that already provides native IPv6 (a step up from what Comcast are currently doing) and those companies know they're well placed to eat the other guys' breakfast.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 21:04 UTC (Thu) by raven667 (subscriber, #5198) [Link] (8 responses)

You're hoping that the client-only Internet doesn't come to pass where the most common type if "Internet" access is http only behind a carrier nat. It might be that even small business will het client-only Internet service with included cloud hosted apps as the default. The only way to get service like one has now with routable addresses would be to get an OC3 trenched to your home or equivalent medium to large business service.

At least it could work out that way, that's not an unreasonable prediction

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 21:43 UTC (Thu) by dlang (guest, #313) [Link] (7 responses)

leaving out your scare words aobut needing an OC3 trenched to your house, the rest of what you are talking about really is reasonable.

for myself, I want static IPs, no filters, etc. I willingly pay more to an ISP that provides this cleanly to me than I would pay for equivalent bandwidth from one that doesn't.

with the number of small/home businesses around, you aren't going to see this sort of home 'business' service start requiring any special line types, they will have different costs, just like they do today.

there are a lot of people who really do want 'outbound-only Internet'. I have relatives that I would be happy to see with this sort of line.

for these people things like DHCP, NAT, firewalling, spam filtering, content filtering, etc are all good things (or at least no pain for the user) for the ISP to provide.

these people would also be happy with IPv6 addresses that got NATed/proxied to IPv4 addresses by the ISP before they hit the 'real' Internet.

there are two things that these people may want that will take more work from the ISP

1. bittorrent downloads

2. online gaming (although most of this is already tolerant of such networks)

If the IPv6 people were not so utterly opposed to NAT, they would have a way for someone to use IPv6 locally and NAT out through a IPV6 -> IPv4 gateway to the IPv4 Internet. If this was available, you would see it start getting used by the ISPs at the edges of the network, and over time the NAT devices would move closer to the center.

But the IPv6 people are so anti-NAT that they won't even consider something like this, their 'transition plan' boils down to 'this is such neat technology that everyone will switch, even if it breaks everything they already have'

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 22:17 UTC (Thu) by lutchann (subscriber, #8872) [Link] (5 responses)

there are a lot of people who really do want 'outbound-only Internet'. [...] these people would also be happy with IPv6 addresses that got NATed/proxied to IPv4 addresses by the ISP before they hit the 'real' Internet.

No, they wouldn't be happy. They want to keep using their Windows 98 laptop with their ancient home router, neither of which will ever have IPv6 support.

If the IPv6 people were not so utterly opposed to NAT, they would have a way for someone to use IPv6 locally and NAT out through a IPV6 -> IPv4 gateway to the IPv4 Internet.

NAT64 is about to be standardized by the IETF, and a number of providers, especially mobile phone companies, have already committed to using it. It doesn't really help ISPs whose customers want to continue using IPv4-only devices, though.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 23:35 UTC (Thu) by dlang (guest, #313) [Link] (4 responses)

they could continue to use their Win95 machine, but they would need to upgrade their router (the router would need to do IPv4 -> IPv6 NAT

I'm glad to see the NAT64 proposal, it's long overdue.

the silly thing about all of this is that IPv6 allocated a tiny slice of it's address space to include all the IPv4 addresses. This is a very straightforward mapping of conventional NAT processes, it's too bad that it's taking this long to get approved.

do you know if there is any software implementing this yet?

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 0:43 UTC (Fri) by lutchann (subscriber, #8872) [Link] (3 responses)

There's this:

http://ecdysis.viagenie.ca/

It looks a little rough around the edges though.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 0:59 UTC (Fri) by dlang (guest, #313) [Link] (2 responses)

I'm also concerned that what they are working with is so old

bind 9.6-p1 when the current is 9.7.2-p2, fedora 10-12 (14 will be current in a couple of days, at which point 12 hits EOL)

all of this stuff is at least a year old at this point. I would have hoped that this sort of functionality would be getting upstream at this point.

the IETF draft document is set to expire in Jan 2011, so if it's going to become a standard instead of just fading away it's rapidly running out of time.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 1:23 UTC (Fri) by lutchann (subscriber, #8872) [Link] (1 responses)

It's not meant to be production-quality software. Real deployments use proprietary implementations like the A10 Networks stuff. I haven't really seen anybody want to run NAT64 outside the carrier world.

The NAT64 draft cleared last call in August and is in the RFC Editor queue waiting on some related drafts to be done before it's published as an RFC.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 5:07 UTC (Fri) by dlang (guest, #313) [Link]

with something like like this I would expect that a lot of people would want to use it in small settings, simply for the bragging rights :-)

if something like this were to be added upstream (into linux, BSD, and the two nameserveer packages) you would see this capibility in everything in a relativly short time. It would be trivial to add it to most small routers for example.

If they really are taking the attitude that only large ISPs would care about this and they will buy specialized equipment from Cisco to do this, then they are really missing the boat.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 26, 2010 8:03 UTC (Tue) by marcH (subscriber, #57642) [Link]

> there are two things that these people may want that will take more work from the ISP

... for now.

> 1. bittorrent downloads
> 2. online gaming (although most of this is already tolerant of such networks)

+ VoIP, + any present and future peer to peer application (aka: the "real" internet).

NAT is not an option

Posted Oct 21, 2010 9:03 UTC (Thu) by job (guest, #670) [Link]

That most applications are web and email are to be expected since NAT boxes are so prevalent. Many other applications look like HTTP traffic for this very reason.

NAT has held back service development in the network for at least a decade. That's why VoIP isn't more common than it is and why we're stuck with things like Skype which won't develop further. That's why real time gaming is limited to geeks who forward their TCP ports.

Carriers need v6 too, to keep the service innovation alive in the network, not limited to stateless HTTP. They just hope the cost of transitioning will go down if they wait. Carrier grade NAT is not really an option in the bigger picture.

Things get complicated because some people confuse their NAT and their stateful firewalling. It is the latter you really want to make sure you can only reach your network via VPN. (Please remember that IPsec for IPv4 is really a backport of what originated as IPv6 technology.) In fact, security will improve when you get rid of NAT since you don't have to use port forwarding (which especially with UPnP is not a good idea security wise).

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 16:20 UTC (Thu) by lutchann (subscriber, #8872) [Link] (10 responses)

> And you can bet there is a plan B. I'm sure the major telcos have carrier-grade NAT ready to roll out just as soon as they cannot get new IPv4 addresses any more. It would be commercially foolish not to.

Of course NAT44 will be part of the IPv6 transition, but even with NAT you still need IP addresses to number all your hosts, including your infrastructure. What happens when an organization (like, say, Comcast) runs out of RFC 1918 addresses? Should they install internal NATs so they can reuse 10.x.x.x/8 and friends in different parts of their network? Most companies have realized that transitioning to IPv6 is better than dealing with that kind of mess indefinitely.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 1:26 UTC (Fri) by neilbrown (subscriber, #359) [Link] (9 responses)

I'm not against IPv6 as such. It is probably over-engineered and generally suffers from "design by committee" but you have to live with that these days - it is the price for getting standards.

So comcast are welcome to use IPv6 internally, or 10.xxx address with NAT if needed, or even use world-routeable IPv4 addresses if they can afford them (if there was a market for them so a price could be determined).

These are all options with different costs and different benefits. Each business or individual should be free to choose as they like, pay the appropriate cost, and get the relevant benefit.

What I object to is "don't use NAT", "IPv6 is the only way to go", "There is no plan B".

Freedom is a fairly core tenet of our community. We should encourage the freedom to use whatever technology seems to fit. In the context of that freedom, a good option will win.

Ironically, I think that there would be more freedom if public IPv4 addresses cost a small amount of money - some sort of 'resource rent'. That is by far the fairest way to share out a scarce resource. That would give people a easily understood incentive to find ways to avoid the need for public IPv4 addresses.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 5:08 UTC (Fri) by dlang (guest, #313) [Link] (7 responses)

I fully expect to see IP addresses being traded and sold, the only question is how much will people have to try and disguise that that is what's happening to keep ARIN from throwing a fit.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 15:36 UTC (Fri) by tialaramex (subscriber, #21167) [Link] (6 responses)

They won't have to disguise it at all. With the termination of the IPv4 allocation function ARIN's role changes with it continuing to administrate the IPv4 registry but now tracking transfers not allocations. But it won't make enough difference to care about.

ARIN is a creature of its member organisations as are RIPE and the other RIRs.

This also somewhat answers neilbrown's point. RIRs are basically associations (the exact legal mechanics vary by jurisdiction) and their LIR members pay fees. I don't know what the fee schedule looks like for ARIN, but in RIPE the fees are partly proportional (not linearly) to allocation size. This is also reflected in the organisation's structures.

Now, an LIR may be an ISP passing those fees on indirectly to customers, or it may itself be an association, or a government body, or any other manner of entity which needs large address allocations. And the LIR's customers or members, or whatever, may not ever receive a bill saying "4 IP addresses $3.86 per year" but the cost of running the registry function is already being recovered, just not necessarily as a line item that's visible to you in your current position. There is no justification for recovering more than the cost, nor any mechanism to spend money raised in this way, whether somehow on IPv6 or on a giant model of the Starship Enterprise.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 18:04 UTC (Fri) by dlang (guest, #313) [Link] (5 responses)

I don't expect that the cost of IPv4 IP addresses will be paied to a LIR, I expect it to be paid to companies who have large IPv4 allocations, but who can reorginize their network to use fewer IPv4 addresses (probably by using NAT of some sort), who then sell their larger allocation to the highest bidder.

the issue is that until all the websites move onto IPv6 addresses, people trying to access them will need to seem like they have an IPv4 address. This can be done by either assigning them an IPv4 address (in which case, why do you need IPv6?), or by something like NAT64.

no company is going to setup a IPv6-only service until all the clients they want to serve have IPv6 addresses, no clients really care about having IPv6 addresses until there is something that they need to access on IPv6 that they can't access on IPv4.

This is a classic chicken and egg problem.

ISPs could eventually break this deadlock if they use something like NAT64 to give their users IPv6 addresses only and still let them access IPv4 resrouces.

but the question remains, why would they do this instead of just using the RFC IPv4 addresses and IPv4 NAT to access the Internet? what's in it for the ISP to use something new and experimental rather than something old and well understood?

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 19:30 UTC (Fri) by lutchann (subscriber, #8872) [Link] (4 responses)

> but the question remains, why would they do this instead of just using the RFC IPv4 addresses and IPv4 NAT to access the Internet?

Because they already need far more addresses than what's available in the 1918 address space. It's not like large ISPs could just crack open 10.x.x.x/8 and never worry about address exhaustion again. In reality, virtually every provider has been using 1918 space for their infrastructure for years. Comcast exhausted the 1918 space in 2005.

Take a look at this presentation, which is actually from 2006 and outdated:

http://www.ripe.net/ripe/meetings/ripe-54/presentations/I...

Comcast expects to need 100 MILLION addresses FOR SET-TOP BOXES ALONE. There are only 17.9 million addresses in the entire RFC1918 space, assuming 100% usage, which is far from achievable in reality. And this doesn't even count VoIP or actual Internet access for customer PCs. They'd have to reuse 1918 space dozens of times and place NATs all over their network internally.

Ask the mobile phone companies how much fun it is to put this many devices behind NATs and try to manage them all. Verizon Wireless has more than 40 instances of 10.x.x.x/8 on their network, despite the fact that they've got more global IPv4 address space than any other mobile carrier. Traffic from millions of customers has to be hauled back to a few centralized NATs, who have to statefully translate millions of simultaneous sessions. That's a lot of long-distance transit and processing power that will be eliminated as the Internet transitions to IPv6.

You call IPv6 "new and experimental" but I think there is a lot more uncertainty and expense in deploying NAT at the scale that would be required to extend the lifetime of IPv4 for even ten more years.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 19:34 UTC (Fri) by dlang (guest, #313) [Link] (3 responses)

it's not IPv6 that I'm saying is new and experimental, it's NAT64 which would allow IPv6-only systems to talk to IPv4 hosts.

just deploying IPv6 in addition to IPv4 doesn't do anyone any good, and until websites all move to IPv6 the ISPs can't eliminate IPv4 compatibility.

so the ISPs are going to have to NAT anyway. it makes more sense for them to NAT near the clients rather than to backhaul all the traffic to a handful of core NAT devices, and if they are doing NAT in multiple places anyway, what is the advantage of doing NAT from IPv6 sources vs IPv4 sources? (other than the "the internet will be IPv6 eventually anyway, so you should accept the pain and be the first on the block to go IPv6" argument)

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 20:32 UTC (Fri) by lutchann (subscriber, #8872) [Link] (2 responses)

Again, it's all about having enough addresses. For ISPs to continue providing native IPv4 service to customers (where "native" might mean 1918 addresses and provider-side NAT44) they'll need to maintain an IPv4 infrastructure, which, again, they don't have enough addresses for without using overlapping 1918 blocks and internal NAT. If customers are IPv6-only, the ISP's infrastructure can be IPv6-only.

As you point out, some customers may occasionally require access to IPv4-only services on the legacy Internet, at least for the first year or so.</sarcasm> There are three ways this could be handled. First, the ISP could provide native dual-stack service to customers using 1918 addresses and NAT44 for IPv4, but obviously, if they were able to do this, they wouldn't bother rolling out IPv6 in the first place.

The second option would be NAT64, which I agree is new and experimental, although T-Mobile has tested it extensively and says it works surprisingly well. The main problem is that all devices at the customer site must be able to operate IPv6-only, so Aunt Tilly with her Windows 98 laptop isn't going to be happy. In addition, many applications (especially games) don't have IPv6 support even when running on an IPv6-capable OS. So NAT64 isn't really viable for most residential customers.

The most promising option is DS-Lite, which provides NAT'd IPv4 service via an IPv4-in-IPv6 tunnel. One endpoint of the tunnel is the home router or cable modem and the other endpoint is a NAT44 in the provider's network. This allows the provider's core network to be IPv6 only, but customer devices will have both IPv4 and IPv6 service. NAT sessions in the CGN are indexed by both the source IPv4 address and the IPv6 tunnel endpoint, so if two customer sites use the same IPv4 address range, there's no problem.

DS-Lite neatly solves a lot of problems: legacy IPv4 devices and applications at the customer site will still work, providers only need to run one protocol on their core network, global IPv4 addresses can be utilized efficiently, and there is only one NAT in the path because there is no longer a need to NAT at the customer site. DS-Lite relies on two well-tested technologies, IP-in-IP tunnelling and NAT44.

A number of ISPs have indicated they'll probably be deploying DS-Lite, including Comcast.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 21:00 UTC (Fri) by dlang (guest, #313) [Link] (1 responses)

is there something similar to NAT64 that could be run on the home routers that would let people run IPv4 internally, NAT to IPv6 on the router, and then NAT64 back to IPv4 later?

I cringe at even typing this, but it may be better than having to tunnel everything to specific endpoints. If enough ISPs were to go this route, they could start peering to each other with IPv6 and the traffic would just get converted to IPv4 as it goes to the servers.

I don't think that the DS-Lite approach will have the results you are expecting, because customers will still be running NAT on their devices.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 23, 2010 14:51 UTC (Sat) by lutchann (subscriber, #8872) [Link]

> is there something similar to NAT64 that could be run on the home routers that would let people run IPv4 internally, NAT to IPv6 on the router, and then NAT64 back to IPv4 later?

That's called NAT464 and it's been discussed off and on as a possible transition tool, but I haven't seen a lot of support for it as DS-Lite is generally agreed to be the most robust approach. You'll probably see NAT464 in mobile phone networks to avoid the tunnelling overhead of DS-Lite.

> I cringe at even typing this, but it may be better than having to tunnel everything to specific endpoints. If enough ISPs were to go this route, they could start peering to each other with IPv6 and the traffic would just get converted to IPv4 as it goes to the servers.

Not sure I follow...if an IPv6-enabled host on one network wants to communicate with an IPv6-enabled host on another network, there will be no translators in the path. It will all be native IPv6. DS-Lite only tunnels and translates traffic headed for an IPv4-only destination.

> I don't think that the DS-Lite approach will have the results you are expecting, because customers will still be running NAT on their devices.

Regardless of the transition mechanism used, we have to expect that some people will just connect their old IPv4 NAT box to their shiny new v4/v6 box running DS-Lite or NAT464 or whatever. With DS-Lite, you'd then have double-NAT, and with NAT464, you'd then have triple NAT. It should generally work, it's just silly and adds one more point of failure.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 16:08 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

"That would give people a easily understood incentive to find ways to avoid the need for public IPv4 addresses."

Assuming your emphasis here is on "public" rather than the obsolete IPv4 that's a perverse incentive, as if you were to deliberately penalise people for living close to the place where they work...

The "private" ranges like 10/8 are seen as a failure. Nothing quite like them is planned to exist in IPv6. The reason is very simple: networks get connected. It's lesson #1 of the Internet. Company X (using 10/8 addresses for its "internal corporate network" and Company Y (ditto) merge. Then the poor sysadmins spend the next six months reconfiguring everything from Cisco routers at Springfield corporate HQ to some Netgear switch in a cupboard in Whocares, Japan to get the two networks to connect safely.

So, globally unique (but not necessarily globally routeable) addresses are the future. You don't have to connect networks together today, but in case you decide to do so tomorrow we'll number everything uniquely now so that at least it will interoperate. IPv6 reserves space (the benefit of having sufficient space to allocate) for two likely mechanisms for allocating such addresses, one which appeals to businessmen and one which appeals to statisticians.

The statisticians get randomly generated addresses. These cost nothing, but there is an infinitesimal chance the other guy's network used the same address for a printer that you're using for the boss's laptop. Business people get an entity which sells or rents blocks of unique addresses for private use. Needless to say the statistical approach actually exists, and the other one is tied up in arguments from different people who all fancy a license to print money.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 18:41 UTC (Thu) by daniel (guest, #3181) [Link] (2 responses)

Hi Neil,

I wonder if the time is right for someone to demonstrate an extended IPv4 stack that skips some of the transitional issues of IPv6 and modestly fails to fancy itself so innately pure and beautiful as to compel all ordinary internet denizens to sail away with it, leaving the bulk of the .com domain stranded on the IPv4 island?

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 20:53 UTC (Thu) by raven667 (subscriber, #5198) [Link] (1 responses)

IPv6 is the minimal amount of transition cost that is going to exist.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 22, 2010 10:39 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

You won't convince them of this. It's like the Unicode transition. For years after it was a done deal there were still people turning up saying "This is too complicated, I don't understand it, therefore obviously something much simpler would be better, let's start tomorrow".

Even today I come across software which doesn't want to actually do Unicode, developers convinced that if they just wait a little while longer it'll turn out that there every other writing system is just Latin but with different squiggles after all...

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 27, 2010 10:09 UTC (Wed) by tpeland (guest, #70850) [Link]

I took care of a ipv6 only computer class starting 2 and a half years ago. There was a www-proxy that could resolve both ipv4 and ipv6 addresses. Only cases where users did notice the missing ipv4 support was with remote ftp-servers. You need the correct protocol when you send new files to them. Reading files from ftp-servers can be easily done with web browser and a proxy.

Network disks, printers and most of the software has been usable with ipv6 for a long time. With software you still need to select versions that have ipv6 support. However each software type already has some versions that have ipv6 support.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 19:55 UTC (Wed) by JoeF (guest, #4486) [Link] (2 responses)

If you have a decent DSL modem, tunneling, going through Hurricane Electric's IPv6 tunnelbroker, works just fine. http://tunnelbroker.net/
HE even provides you with the commands to enable the tunnel on your machine.
I use that for some time now on my network.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 20:09 UTC (Wed) by Lennie (subscriber, #49641) [Link]

If you need a tunnel to work behind a NAT-device, you can also use: http://www.sixxs.net/

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 25, 2010 5:42 UTC (Mon) by Cato (guest, #7643) [Link]

It seems that Hurricane Electric is the way to go for many people world-wide, because Hurricane has deployed a robust 6to4 tunnel server infrastructure in data centres around the world. See http://www.theregister.co.uk/2009/09/10/ipv6_traffic_surge/ - Hurricane is credited with part of a big traffic surge in IPv6 in mid 2009, by improving the quality of IPv6 connectivity quite dramatically.

OpenWRT also seems like a good option for many people as it supports a lot of different hardware, and it has some optional config GUIs these days. Unfortunately, Tomato firmware (which has nice QoS support) doesn't yet do IPv6. DD-WRT supports IPv6 but its freeness is questionable (http://en.wikipedia.org/wiki/DD-WRT#Controversy) and I had major problems with some versions even with IPv4.

Web hosting also needs to go IPv6 of course - takeup is not that wide, but http://www.fix6.net/ipv6-webhosting/ has a list.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 20:19 UTC (Wed) by jwb (guest, #15467) [Link] (3 responses)

This was a helpful article, but the "with Ubuntu 10.10" part appears to be irrelevant. The author didn't integrate his changes via /etc/network/ as far as I can tell, and left a number of questions open. What is this router advertisement daemon? It doesn't seem to be a replacement for DHCPv6, it seems like something more along the lines of zeroconf. How does it work and what are the dangers?

Aside from distro integration, can I have a purely ipv6 LAN and still use PXE? If not, what are the benefits and drawbacks of running v6 and v4 on the LAN at once?

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 20:48 UTC (Wed) by CrackerJackMack (guest, #66114) [Link] (2 responses)

Aside from distro integration, can I have a purely ipv6 LAN and still use PXE? If not, what are the benefits and drawbacks of running v6 and v4 on the LAN at once?

The PXE specification uses only IPv4. You will need to look at and work on gPXE (etherboot.org) to even think about getting PXE over IPv6 working. I believe there was a GSoC project for it. There is not a disadvantage to running dual stack just for PXE booting. But use gPXE anyway so you can avoid TFTP after the initial load.

Router advertisments are no good for PXE booting as you can't pass options through it (it's ICMPv6) and is not a replacement for DHCPv6. The concept was based on zeroconf, but it actually works (minus DNS, though there is work going on for that).

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 21:12 UTC (Wed) by jwb (guest, #15467) [Link] (1 responses)

It does not seem to be practical to run pure v6 on the LAN anyway. I just checked my switch and it supports management only via v4, and I'm sure there are many other embedded things without v6 stacks.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 22:35 UTC (Wed) by lutchann (subscriber, #8872) [Link]

Things are getting there. A lot of what's driving IPv6 adoption at the moment is very large enterprises needing to address all their manageable devices and not having enough 1918 addresses to do so without the yuckiness of internal NAT and overlapping address space. Apparently Dell's iDRAC systems have had IPv6 support for more than a year now:

http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/06/mor...

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 20, 2010 23:42 UTC (Wed) by drag (guest, #31333) [Link]

huh. I just switched to Comcast and I just blew away my Debian install of many years to replace it with the (very excellent) Ubuntu 10.10.

Sounds like a fun thing to try.

Prefix changes will be problematic

Posted Oct 20, 2010 23:46 UTC (Wed) by hpa (guest, #48575) [Link] (1 responses)

The solution as posted will fail the moment you have an IPv4 change on your upstream interface (remember that Comcast's IPv4 addresses are dynamic.) You need to bounce the IPv6 tunnel every time you get a new upstream address, and as such it needs to be invoked from DHCP (dhclient supports hanging scripts off events, so that's fine.) You *also* need the same scripts to update your firewall if you have any IPv6-prefix-sensitive rules, as well as update your internal DNS and DHCPv6 configurations (if you run either.)

Prefix changes, incidentally, are also expected to happen on a regular basis on the native IPv6 Internet, so expect the same kind of problems there.

Also, Comcast's 6rd configuration only hand out /64 prefixes, which means you either don't get to use RA (in which case you *have* to use DHCPv6 to propagate prefix changes to your network) or you can't subnet your network. 6to4 doesn't have that problem, but might not be reachable from the entire IPv6 Internet.

Prefix changes will be problematic

Posted Oct 21, 2010 13:08 UTC (Thu) by gdt (subscriber, #6284) [Link]

The assumption of ISPs is that home users will not wish to subnet their networks, and so a /64 is fine.

Even within that assumption there is some room for hobbyists. If you want to run a webserver, then consider that there are many address ranges within an EUI-64 subnet that will never be autoconfed.

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 13:02 UTC (Thu) by gdt (subscriber, #6284) [Link]

linux.conf.au will again have native IPv6 on the conference network and attendees are encouraged to use the opportunity to improve their knowledge and squash bugs.

script for connecting 6to4

Posted Oct 23, 2010 8:29 UTC (Sat) by bpearlmutter (subscriber, #14693) [Link]

If you want to easily connect your linux box via 6to4, and don't want to have to do any configuration or monkeying about, try this script: git://github.com/barak/auto6to4.git
(I wrote it because I was sick of having to do all kinds of address conversion and poking about just to connect a machine to IPv6 via 6to4.)


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds