On 04.03.2009, at 16:05, Beat Rubischon wrote:
Hello!
Quite interesting discussion you have!
Am 26.02.09 11:17 schrieb "Andy Davidson" unter andy@nosignal.org:
- There seems to be no consensus about how to serve end user
addressing for ipv6
I see some open points which must be addressed in advance before IPv6 could be delivered to anyone - not only to geeks like me.
Think about Cable. It's easy there - you have a modem with one or more Ethernet ports. Some RA announcements for the customers /64 and everyone is happy. Think about the advantage of "two computers when using IPv4 and an infinite amount of computers when using IPv6 for only 29.95 per month". What a motivation for the customer to use it ;-) Of course all the "Router / Blackbox Firewall" users are lost.
Basically every customer gets a /64 on the ethernet. Thats the idea.
ADSL is a bit more problematic. Standard ppp handles just the link layer addresses. Who should get the /64? The ppp endpoint itself or the network behind?
The end user cares about what's on his Ethernet, not if PPP, ATM, HDLC or whatever is used on the wire. Basically the ADSL router has to get ONE IPv6 for the broadband side (through autoconfiguration as normally in IPv6) and be a router in the most traditional straightforward sense. NAT boxes in my view are not real routers even though a lot of vendors call them router. They are some kind of level 4 proxy "crap" someone has invented to get around IP adress usage limitations. They break in many ways if you want to do many things. Using properly routed IPv6 solves all those nice "bogous" workarounds.
Apple for example goes the simple way and passes all the configuration to the user.
Which configuration are you referring to? MacOS X clients do simply take router anoucement and autoconfigures everything. I have not seen any Apple ADSL router yet so I'm not sure what you mean by above statement.
ppp devices won't accept RA announcements. How does Windows behave? I don't now.
Where you see PPP? Ethernet is what end users will see. Or do you consider IPv6 for Dialup 56kbps modems? I'm sure PPP LCP could negotiate an IPv6 in that case for those who really want to use that.
Next point: DNS. DHCPv6 is IMHO only supported by some Linux distros. Apple once again uses the DNS configured by IPv4 DHCP or manually configured ones.
Well here you have to distinguish. Using a IPv6 DNS server answering on IPv6 addresses or querying IPv6 information on a IPv4 server. Currently, we will have a dual standard world for a while. so having IPv4 server responding with IPv4/Ipv6 information is what we are going to see for a long long while. Nobody says you should NOT have IPv4. Just not only. I see the future as IPv4->NAT->limited, IPv6->Native.
Windows has some site wide addresses out of a deprecated space predefined (fec0:0:0:ffff::1~3). The approach to pack DNS IPs into RA is yet too young and not standardized or even implemented.
So we have still a lot of work in front of us.
Not really. You can reach any IPv4 DNS from IPv6. So DHCP v4 can announce the DNS Server and the rest is simple magic. Of course there is always room for improvement.
Even more work will come for small and medium business networks. Today there is a NAT gatway in front of the network and tunneling VPN for the remote workers or office interconnect. There is usually an internal DNS (Windows AD) carrying the local addresses. Everyone knows the basics and how to set up such environemnts.
... and everyone gets puzzled once NAT doesn't work. Try to use it for VoIP or just try to do MSN / ICQ filetransfers and in 90% of the cases you have issues. And if you want to use advanced layer 4 protocols such as SCTP on NAT, you will see that 99.9% of the NAT devices don't know how to handle anything besides TCP, UDP and maybe ICMP.
What about the future? Route IPv6 directly to the clients? What about remote workers? Delegate the reverse and forward lookup to the internal DNS?
VPN will still stay. its purpose is still the same. IPv4 or IPv6 doesnt change anything there. But you COULD use IPv6 and IPSEC directly and skip the tunneling part as IPSEC support is mandatory in IPv6. So if you access office from home, you get a secure tunnel while you access the internet, you get direct connection.
Of course all those questions are answered when you operate an open network. Like universities or ISPs usually do. Or when you run an independend company network only connected by proxies. But for other usage, like SOHO users, there are still open points.
For SOHO its solveable. The worst I can currently think of is that someone would have to enter a IPv6 DNS server by hand. Compared to what you have to enter into a current DSL modem, this is a snap. If the DNS issue is solved, its at the end of the day pure plug and play instead of plug and pray...