Slashdot Log In
IPv6 Essentials
Posted by
samzenpus
on Mon Oct 02, 2006 03:05 PM
from the we-fear-change dept.
from the we-fear-change dept.
Carla Schroder writes "IPv6 is halfway here, so network administrators need to learn their way around it whether they want to or not. Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good. And, there is more to it than just increasing the pool of available addresses. IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses, such as built-in IPSec, simplified routing and administration, and scalability that IPv4 simply can't support. We're moving into gigabyte and multi-gigabyte backbones, and high-demand real-time services like voice-over-IP and streaming audio and video that require sophisticated QoS (quality of service) and bandwidth prioritization. IPv6 can handle these, IPv4 can't." Read on for the rest of Carla's review.
| IPv6 Essentials, 2nd Edition | |
| author | Silvia Hagen |
| pages | 436 |
| publisher | O'Reilly Media, Inc. |
| rating | 10 |
| reviewer | Carla Schroder |
| ISBN | 0-596-10058-2 |
| summary | practical, in-depth guide to implementing and administering IPv6 |
IPv6 Essentials, 2nd edition, by Silvia Hagen, released in May 2006, is a well-written, clear, up-to-date guide to understanding IPv6 in-depth. This is a real accomplishment, because computer networking protocols are completely abstract, and translating all of these abstractions into understandable language is a noteworthy feat. The book explains how it all works to a very practical depth, so that the reader will be well-prepared to begin implementation.
What it does not cover is the specifics of configuring network devices, such as routers, switches, and interface cards, and this is not a flaw, because those things are platform- and vendor-dependent. Having a solid understanding of the protocol itself is more important, and something that is sadly lacking even in today's IPv4 world. The Internet would be a better place if more network admins would take the time to learn IP fundamentals.
Ms. Hagen does a nice job of covering the following topics: Strengths and advantages, such as auto-configuration, and good-bye to NAT, The structure of the protocol itself, including header format, Improved security, Real genuine QoS, Simplified routing, Co-existence with IPv4, Painless mobile networking, and Addressing. Addressing is one of the scariest parts. When you're used to slinging around something like 192.168.1.100 with ease, coming eye-to-eye with something like this, 3ffe:ffff:1001:0000:2300:6eff:fe04:d9ff, is a bit disconcerting.
But fear not, for Ms. Hagen dissects IPv6 addresses clearly and in detail, showing that they have a logical, consistent, understandable structure. For example, the first quad (3ffe) tells you that this is a 6bone.net address, so it is already obsolete because the 6bone closed down in June 2006. Other prefixes tell you if it is a private address, link-local, site-local, and so on. The book lays this all out in tables, and explains what each one is for.
How would you like to retire your DHCP servers permanently? No problem. IPv6 auto-configures hosts all by itself, or you may exercise as much control as you like. Ms. Hagen explains the various options- link-local, site-local, stateful, stateless, neighbor discovery, and so forth, and what you can do with them. For example, with IPv6 you can whip up an ad-hoc LAN with hardly any effort, and without needing special servers or client software.
Security is built-in to IPv6, instead of bolted-on as it is for IPv4. However, IPSec (IP Security) is still largely untested and unproven on a number of levels, so the book discusses both the pros and cons.
The book covers the problems, hassles, and compromises that come with using NAT (network address translation). We're used to it now, but sometime down the road we're going to look back and think "Wow, that was one big fat pain. Good thing it's gone."
The chapter on Mobile IPv6 is almost worth the price of the book by itself. IPv6 supports both wired and wireless mobile users in an elegant, hassle-free way. Say good-bye to setting up multiple profiles, or hassling with scripts. Roaming users can keep the same IP as they travel — across different networks, wired to wireless- anywhere they go. This little bit of magic occurs because IPv6 assigns them multiple IPs. One is the home address, which is permanent. A second address is the care-of address, which changes as the user moves around. Of course there is a lot more to it that just having multiple addresses, and like everything else in this book, Ms. Hagen explains how it works clearly and understandably.
The book is abundantly illustrated in the usual quality O'Reilly fashion, and the illustrations are invaluable for understanding the material.
We're at the stage where IPv6 support is pretty much universal- you can count on both network hardware and software supporting it. So the network administrator only needs to focus on learning the ins and outs of implementation. I recommend IPv6 Essentials as an essential reference, and a great starting point for mastering IPv6.
You can purchase IPv6 Essentials, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
IPv6 is halfway here (Score:4, Funny)
(http://www.data-net.com/)
QoS (Quality of Service or crap for customers?) (Score:4, Insightful)
(http://www.shezphoto.com/)
Re:QoS (Quality of Service or crap for customers?) (Score:5, Informative)
(http://www.screevo.com/ | Last Journal: Saturday December 09 2006, @12:26AM)
As a cable company, their traffic looks no different then Jo Shmoe next door torrenting the latest Back Door Betty DVD. So we CAN'T apply QOS to that traffic. We don't throttle it down OR up. We just let it go, and rely on the subscriber to know how to set up QOS on their equipment to maximize problems caused by their INTERNAL network.
However, VoIP services such as those offered by Time Warner, Comcast, and actual ISPs CAN be prioritized because the MTA in the customer's home gets it's own IP address, and we know all traffic from that block of addresses is VoIP, and thus gets priority!
Full Disclosure: Time Warner Cable Tier 3 Technician here.
gigabyte and multi-gigabyte? (Score:2)
(http://www.gekidoslair.com/)
gigabytes and gigabit are two completely different things
[Shivers]"Real genuine QoS" [/Shivers] (O/T) (Score:1, Offtopic)
(http://tinyurl.com/6q4x4)
I guess it's another word that has lost it's intended meaning.
thank you m$.
Only things mising: blood, sweat, tears, and $$$$ (Score:3, Insightful)
And someday Britney will learn to sing and parent, and all rappers will go sign up as sunday-school superintendents.
In the meantime, the folks at the end of the ISP wires will have to spend kilo to megabucks on hardware and software upgrades, not to mention training themsleves, and training the users. Think of the millions of linksys home routers and wireless access points that will haev to be tossed out or reflashed! THink of all the books with xxx.xxx.xxx.xxx ip addresses that will be obsoleted! Lots of frustrated human-hours, even if the IP6 world will run as smoothly as the book suggests.
so uh (Score:1)
(http://www.moreinput.org/)
Riiight... (Score:2, Funny)
(Last Journal: Saturday October 27, @04:36PM)
Will it be here before or after viable fusion? What about DNF?
Am I just being overly simplistic... (Score:2)
(http://www.bluefeathertech.com/ | Last Journal: Friday November 04 2005, @11:51AM)
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
I will say that V6 certainly seems to have its advantages, but I've tried (and failed) to learn its structure based on reading Lord only knows how many existing FAQs and white papers.
As far as the time frame goes: I'm self-hosted, meaning my ISP gives me a data pipe and six static addresses, and I do the rest (including DNS). When the day comes that said ISP calls me up to tell me "Hey, we're changing over to IPv6 at the end of the month (or year, or whatever), so you need to be ready for it," THEN I will start worrying about how to implement it.
Until then, V4 and NAT are working perfectly well for me, thanks.
Keep the peace(es).
Re:Am I just being overly simplistic... (Score:5, Insightful)
Example: 192.168.1.2.3
Or is the goal to try and push IPv6 simply because it's "better?"
As I understand it one of the main reasons IPV4 wasn't just extended in address space was because routing becomes too difficult with such a large address space, so you need to build routing into the protocol. There's also some very cool features of IPV6 like multi-casting that's been very poorly supported under IPV4. This would allow things like broadcasting internet based TV without multi-gigabyte connections.
When the day comes that said ISP calls me up to tell me "Hey, we're changing over to IPv6 at the end of the month (or year, or whatever), so you need to be ready for it," THEN I will start worrying about how to implement it.
That'll probbably never happen (or at least not for 20 years maybe). IPV4 isn't going away, what'll happen (someday) is your ISP will one day support IPV6 and you'll be able to get an IPV6 IP address. No one is going to call you up, you'll probbably have to call them up and ask if they're supporting it.
Until then, V4 and NAT are working perfectly well for me, thanks.
Well, I'm sure horse and buggy owners thought that horses were perfectly good transportation when the car first came out too. There weren't many paved roads, the things were expensive, and took special fuel to run them where horses just ran on oats. It's often hard to see the advantages of a new technology before it's hit the mainstream.
NAT is the IPv4 version of segmented memory (Score:5, Interesting)
(http://samwyse.suprglu.com/ | Last Journal: Wednesday December 06 2006, @11:22PM)
Back in the day, the 8080 architecture had 16-bit addresses, which limited you to 64 KB of memory. The 8086 used segement registers to allow 16-bit registers to address up to 1 MB of memory. But data structures were still limited to 64 KB unless you were willing to slow down your access time by a factor of four or more, and sharing data between code running in different segments required even more jumping through hoops. NAT allows more devices than IPv4 can address to communicate with central servers that aren't running NAT, but setting up P2P between systems that are both using NAT is damn near impossible.
Good-bye, IPv4, and good riddance.
In other news... (Score:3, Funny)
Re:In other news... (Score:5, Funny)
What will happen first?
QoS not needed or wanted on the Internet (Score:4, Insightful)
The only place packet prioritization and traffic shaping should take place is on private networks, where QoS can be guaranteed. Services such as VOIP and IPTV would ideally be offered over these ISP local networks at an additional cost. This is not to say that VOIP over the Internet impossible, but it should not have an unfair advantage over other Internet traffic.
The only place where things break down is in the last mile, where ISPs are selling bandwidth that does not exist. In this case, something has to give, and so they must implement unfair prioritization schemes. The obvious solution is to honestly advertise minimum guaranteed rates instead. This makes it possible to prioritize a customers own traffic as the customer wishes without affecting others. (For example, if you want VOIP prioritized to the ISP local VOIP network.)
Of course, such a scheme would still allow different speed grades, and excess capacity to be utilized. It can not be emphasized enough though that prioritization has no place on the Internet itself.
At what cost? (Score:1, Troll)
(http://nothingtoseehere.us/)
Why do I need IPSec on my home network? So I can give my embedded systems that extra encryption overhead? No thanks.
ipV6 is not here (Score:2)
(Last Journal: Wednesday November 05 2003, @03:12AM)
No increased address space on the net until the rogue activity is controlled!!
What is the "killer app" for IPv6? (Score:4, Insightful)
Until we have something that everyone wants and ONLY works with IPv6, we're not going to switch. That "thing" might be here today, but it seems we're all unaware what it is.
Sure, there may be things that are better, but I can do all of the things IPv6 can do with IPv4 and a slew of extra services that I'm already familar with (VLAN or service-based QoS, NAT, DNS, DHCP, etc).
I for one REALLY want IPv6 to get here, but the people who make my software and pay for my equipment won't change until they need to.
No thanks (Score:2, Interesting)
IPv6 is halfway here
In other words, it's not here. Just as always.
so network administrators need to learn their way around it whether they want to or not.
I'm a system and network admin and I haven't needed to learn my way "around" it. Unless by that you mean, to "turn it off whenever possible". Which I do. Just upgraded some FreeBSD machines and made sure all the IPv6 stuff wasn't built.
Adoption has been slower in the United States because we possess the lion's share of IPv4 addresses, but even so, someday IPv4 is going away for good.
No, adoption is slower because IT SOLVES NO PROBLEM. Do you know how many customers we've had ask about IPv6? Exactly one. Because he read a post on slashdot like this one and wanted to know "if it was something he needed to know about". Guess what answer he got?
IPv6 has enough improvements over IPv4 to make it worth the change even if we weren't running out of IPV4 addresses
No, there is only one reason to switch to IPv6: if the sites you want to reach aren't on IPv4 any more. I assume since you are posting to slashdot (IPv4) you agree with me. (By "switch" I mean STOP using IPv4 completely. Otherwise you haven't "switched").
I'm going to treat IPv6 the same way I always have: as a sort of intellectual curiosity, and not something that affects my day-to-day internet use or professional responsibilities.
IPv4 isn't going anywhere (Score:2)
Re:IPv4 isn't going anywhere (Score:4, Insightful)
(http://robots.org.uk/)
Obsolete (Score:1)
(http://en.wikipedia.org/wiki/)
ha (Score:1)
(http://spacechannel.tv/ | Last Journal: Tuesday February 21 2006, @02:41PM)
Yes, and the US will adopt metric any day now too.
ipv6.manybytesago.com (Score:1)
(http://www.wolfsheep.com/)
Does IPv6 == telecom monopoly still? (Score:2)
(http://www.solluna.org/~bookwyrm/)
(This seemed problematic for a while due to the hierarchial nature of the IPv6 address space forcing a tree-like structure into the routing and preventing the possiblities of having links between branches.)
FUD Alert !! (Score:1)
1) "We're running out of IPv4 address space!"
- People, even if every possible human house hold item requires an IP in the next 5 years, NAT in IPv4 will handle this just fine. Same goes for corporations. We've been running out of IP space for 10+ years now... but have we ran out? Nope, tonnes & tonnes left!
2) "IPV6 supports IPSEC natively"
- Yeah, so what? We've had IPSEC VPNs on IPv4 for like a decade now.
3) "IPV6 supports QoS!'
- Ummm... VoIP & video w/QoS has been working just fine since at least 2002 with IPv4. TOS & DSCP Ethernet header options have been around for ages before then.
4) "But IPV6 supports GPRS for modern mobile networks"
- Newsflash: Most mobile networks are still running IPv4 just fine and will continue to do so.
5) "But the US DOD is migrating to IPv6 now!"
- Yeah, maybe it's because they need to implement security through obscurity... seeing as barely anyone understands IPv6"
6) "What about most of Korea being on IPv6?"
- What about it? North America 'started' the Internet, so we have more IPv4 public address space than late adopters like South Korea.
7) "IPv6 does Multicasting natively"
- Er... Have you actually looked at how complex Multicasting is in a private network? Now imagine trying to implement that on the Internet with 128 bit HEX addresses that come with our lovely IPv6. Plus like everything else, Multicasting is working just fine with IPv4.
People, a migration to IPv6 for most Enterprises is a hella complex & expensive nightmare. Until there's actual BUSINESS needs to do so, it's really just make(alot_of)-work projects. So far every conceivable advatange of IPv6 has been resolved by 3rd party IPv4 protocols (i.e. DHCP, IPSEC, QoS, etc); plus there's analytical studies out there that claim migration to IPv6 may have a significance performance impact on your expensive WAN links due to packet header sizes being dramatically bigger. Some estimate as much as 50% WAN link speed increase requirements for the same amount of payload (considering 64 byte average payload per packet).
Wake me up when we ACTUALLY run out of IPv4 address space...
Adeptus
No NAT? (Score:1)
Address space is too wide (Score:3, Informative)
(http://powerlord.livejournal.com/)
Why? Simply: MAC addresses are only 48-bit, or 64-bit if everyone were to switch over EUI-64 [ieee.org]. IPv6's 128-bit size is a lot larger. There are 281474976710656 MAC addresses, 18446744073709551616 EUI-64 addresses, and 3.4e38 IPv6 addresses.
So, IPv6 is approximately 1208925819614629174706176 times larger than the MAC address space.
If you need help visualing this, here are the address space sizes padded with 0s in a monospace font. A space has been added in the middle to prevent
Slashdot, please see my sig. (Score:2)
(http://calum.org/)
Bloody luddites running this site.
There'll be a market for converter boxes. (Score:1)
There'll be a similar scenario when digital TV (ATSC) replaces analogue (NTSC) TV. For a few years, there'll be converter boxes that'll let your old-fashioned NTSC TV set show digital channels... albeit at a lower resolution.
When IPV6 becomes necessary (one of these days), there'll be a market for a multi-port router box that lets you plug ethernet from 4 IPV4 machines into the back, and does IPV6 on the internet-facing side. This will allow home users to continue using their current hardware and software. And they will continue to enjoy the security benefits of NAT. As time goes on and older hardware wears out, hardware and software will come in that is IPV6-capable. The transition will be smooth and one day people will remember IPV4 as a historical curiosity, just like some of us oldsters remember Gopher.
Having said that, I will still use a NAT-ing router (even if it's IPV6-to-IPV6), so that the Russian mob won't be pounding away on my machine 24x7.
The IPv6 Mess (Score:1)
(http://csl.sublevel3.org/)
IPv6 Drivers (Score:1)
(http://www.apposite.com/)
But it isn't necessarily that way for everyone. China and many developing nations don't have enough IP space. IPv4 configuration IS unnecessarily hard- why can't I just physically plug two machines together and have them work? Security is fiddly to configure. NAT adds an additional layer of complexity to everything (e.g. UPnP in home routers, magic VoIP tunneling stuff, peer to peer protocols) and adds a layer of accidental security at best. Of course there are solutions which work around all these problems but if we were starting with a clean slate and a choice between IPv4 and IPv6 the choice would be clear.
So for everyone who has good working IPv4 networks: great. For many others, IPv6 will be (or become) a good alternative. It can come in to play piece by piece- home networks all running IPv6 because noone configured IPv4 services and the ISP supported IPv6 so everything just worked (which could be a reason for ISPs to use IPv6: simpler service configuration). Carriers that use an IPv6 address space on mobile devices because the roaming support makes things easier- leading to large, although disjoint, networks of IPv6 devices. Countries (like China) who use IPv6 internally because, frankly, IPv4 address space issues mean they have to NAT everything out of the country anyway and they get to be on the leading edge of technology development selling back to places like the U.S. rather than buying.
IPv6 doesn't have to happen soon. It just needs to have stable network stacks in lots of places (which is what is happening with Windows, Linux, MacOS as well as Cisco, Nortel and so on) and it can become a natural alternative in a range of situations. The interconnection between IPv4 and IPv6 networks is ugly but is do-able and no worse than the current horror that is NAT.
I don't see the IPv6 transition happening in a wide spread manner any time soon. But I do think it will happen.
QoS is nothing to do with IPv6 (Score:2)
This is a bit like IPSec, which works fine on IPv4 even though it was designed alongside IPv6 (maybe that's why it was initially so NAT-hostile...)
The only unique IPv6 feature for QoS is the flow label, which is intended for easy classification of 'flows' such as a session on a specific source & destination port combination - however, this is really only useful with RSVP QoS, which doesn't scale well and requires application changes, and has therefore never taken off. (I worked on QoS technology and policy management for quite a while from the late 90s.)
The hard part of delivering QoS is the political/commercial agreement, and after that, agreeing on what the QoS levels should be. Telcos already run IP networks for use by business IP VPNs (MPLS not IPSec) this way, so they have a lot of experience.
IPv6 is a great technology but its main benefits are around router and host autoconfiguration, and never having to worry about IP address scarcity again.
IPv6 and Transition Techniques (Score:1)
(http://www.magres.net/)
First the EU wants this.... (Score:2)
Adding Value to the Internet... (Score:2)
The internet, an agreement between parties to speak a common language when communicating, has immense value because it leaves the prioritization and customization of services to the retailers (i.e. enduser ISP's, content providers, distributors, etc.) which facilitates choice through diversity/competition and therefore quality and optimal pricing.
Trying to make the internet do some things better than others, as World of Ends so eloquently puts it, obviously comes at the cost of doing some things worse than others.
Re:And... (Score:2, Troll)
(http://nimh.org/)
See, there's this thing called The Internet, and Google, and AOL, and CNN are all on it. We all agree that that thing is called the Internet.
On IPV6, there's nobody.
IPV6 is just a misnomer. It should be called "Really big addresses" or something like that.
By calling it IPV6 they've managed to convince a large number of people that it's somehow better than what we've presently got. It's not. The Internet is useful because of who is on it and who uses it, not because of how many addresses it has (or doesn't have)- after all, we could use IPX- which has more addresses than IPV4 and just come up with a new routing scheme and it'd still be just as complicated to deploy.
No, see, there _was_ no IPV4 before IPV6 come out, and that should be your first clue that we're doomed.
The designers and advocates of IPV6 really need to just pull their collective heads from their collective asses and answer the one question people like me have been asking from the beginning:
You say we're 75% out of addresses? Okay, how are you going to convince 3 billion people that they need to stop using the Internet and start using your new toy?
Stop insulting our intelligence and show us a single roadmap that fixes this problem you describe. Stop making crap up, and trying to convince us that more radical steps are necessary than actually are. Just Stop.
Re:And... (Score:4, Informative)
(http://www.pobox.com/~mph)
Re:You are completely retarded. (Score:4, Insightful)
(http://www.mythologicalbeast.org/ | Last Journal: Monday September 08 2003, @01:27PM)
IPv6 is more secure because communications within a subnet use a special address coding that (a) can never leave the subnet (b) can never be introduced from outside the subnet, and (c) can be positively identified as coming from inside the subnet. IPv6 has other security features, but this one all by itself blocks a couple of categories of intrusion technique.
QoS has a single field in IPv4 that has no implementation attached to it, and is thus implemented as an afterthought in a collection of vendor-specific ways. Saying it has QoS is kind of like saying that your house comes with a jacuzzi because there's a place out back where you can put one and plug it in. IPv6, on the other hand, has a full standard implementation associated with it.
Um, IPv6 IS at the network level. Duh. Are you talking at the hardware link layer? That's only supposed to connect one device to the next, not keep track of network topology. Roaming isn't tunneling either - the old address actually replies to a packet letting it know where it should send the information to, thus making the switchover quick, transparent, and very, very lightweight.
IPv6 autoconfiguration is STATELESS. It doesn't require a server to figure out what addresses it has available, which ones it's handed out already, which ones have expired, etc, etc. DHCP is nice, but it requires maintenance. You can tell me how easy DHCP is to configure all day long, but it'll always be tougher than none at all.
Re:"IPv4 is going away for good" (Score:1)
(http://l0b0.net/)
Re:And... (Score:3)
(Last Journal: Tuesday April 22 2003, @12:52AM)
Re:IPv6 is not here (Score:2)
(http://sheelab.homecreatures.com/)
Do you know that you can change your MAC address when you want it? You could use the same mechanism to your advantage instead, changing it constantly and make it look as if there was an entire server room on that connection.
Sorry to break it for you, but your opinion doesn't matter a damn. What matters is: Do the government and big companies want it? If so, they'll drag the rest of people with them. If the government requires it, ISPs will provide it. If companies implement it, then their sysadmins will go setup their and their friends' home networks with it.
Actually... (Score:3, Informative)
Actually, your MAC address, which is a globally unique identifier, forms half of your IPV6 address [wikipedia.org] unless you do something unusual to avoid that. So it is a very valid privacy concern.
The AOL search data episode showed how easy it is to unmask anonymity when all you have is a bunch of URLs coming from the same unique anonymous identifier. IPV6 increases the risk of this kind of aggregation of supposedly anonymous activity.
When IPV6 is here, Choicepoint will probably pay for your MAC address. And everyone else will pay Choicepoint to know who the "anonymous" person is visiting their website.
As a bonus, NSA will find it easier to know exactly who is using the free public wifi at the library.