Who's IPv6'd their network then?

bigredshark

bigredshark

bigredshark

Man of Honour
Joined
30 Jun 2005
Posts
9,515
Location
London Town!
I'm curious, seeing as I'm approaching final sign off on our IPv6 deployment - who's got IPv6 at home either from their ISP, a 6to4 gateway or a tunnelbroker?

We'll be providing ipv6 space with all our services as standard in around 6 months time so I'm curious to see how many people is this fairly techy forum actually have ipv6 access?
 
I thought about asking Be* when I was with them just to see what its like / bragging rights to mates etc.

Then I realised I'd have to speak to tech support staff and it just wasn't worth it as I had no real need for it.
 
*waves*. Via Sixxs.net

Reasonably easy to set up, and get DNS entries put in for my domain. My mailserver is IPV6 accessible (mailbot.growse.com) over IPV6, but the DNS server hosting growse.com isn't yet.

*edit* just found http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-port-scanner.php - need to test my ipv6 ACL on the 877. Confusingly, you add an ipv6 access-list with the ip command, not ipv6, and you need to put it on the main ATM interface, not the Tunnel. Strangeness.
 
Last edited:
I used to have some scary number of public IPv6 addresses from A&A....
1,208,925,819,614,629,174,706,176!!!

I setup about 6 of them through my Cisco 1841 :-/
 
I was part of the entanet IPv6 trial. I bought a speedtouch546 to act as a bridge then I was going to use my WRT54G for the IPv6. Unfortunately I couldn't get IPv6 support working in DD-WRT and Openwrt was lost on me at the time.

Moved home since then and subsequently dropped out the trial.
 
I was going to say Enta were/are supporting IPv6 but given they seem to struggle run an IPv4 properly of late...
 
Not sure what the fuss is about, will use it when necessity dictates I should or for testing/learning. Not before.

Nothing to brag about or see what's different :D Going to be a largely transparent change for 99% of users.
 
Last edited:
That's the reasoning behind most ppl. Thais why were at the point where we're "oh crap, we run out of adresses in a coule months, we should have done this ages ago" :p
 
Sin_Chase said:
Not sure what the fuss is about, will use it when necessity dictates I should or for testing/learning. Not before.

Nothing to brag about or see what's different :D Going to be a largely transparent change for 99% of users.
Click to expand...

Actually it isn't - NAT dies with IPv6, which means people need to get there heads round that (I have an army of sysadmins who can't yet seem to comprehend the idea of not using NAT) and people need to take firewalling seriously.
 
bigredshark said:
Actually it isn't - NAT dies with IPv6, which means people need to get there heads round that (I have an army of sysadmins who can't yet seem to comprehend the idea of not using NAT) and people need to take firewalling seriously.
Click to expand...

This can only be a good thing.

Alas, I can't see my organisation using IPv6 for a looong long time yet. Which is a shame, because we had a merger recently and the two large RFC1918 addressed internal networks can't route to each other, because they overlap. Cue hideous mess of static NATs put in where boxes need to talk between these networks.

Isn't there NAT capability built into IPv6 as well? *shudders*
 
growse said:
This can only be a good thing.

Alas, I can't see my organisation using IPv6 for a looong long time yet. Which is a shame, because we had a merger recently and the two large RFC1918 addressed internal networks can't route to each other, because they overlap. Cue hideous mess of static NATs put in where boxes need to talk between these networks.

Isn't there NAT capability built into IPv6 as well? *shudders*
Click to expand...

It's a fantastic thing, NAT deserves to die, it's a horrible thing born out of necessity and should be killed and it's body burned at the earliest opportunity.

The problem is, all the people who don't understand networking will have to learn not to use NAT, which I suspect will be a struggle. They will also have to actually learn something about firewalling, as will home users, which I suspect will be painful and we'll see a lot more compromised machines in the medium term.

Although in theory you could do NAT, there's a much weaker concept of private address ranges in IPv6 so I don't see the feature set being implemented much...
 
bigredshark said:
The problem is, all the people who don't understand networking will have to learn not to use NAT, which I suspect will be a struggle. They will also have to actually learn something about firewalling, as will home users, which I suspect will be painful and we'll see a lot more compromised machines in the medium term.
Click to expand...

I'm not sure - for the home user, all that will happen is that routers will ship with firewalls enabled. I think the number of users who require firewall ports open inbound to their home is similar to the number of users who require NAT port forwarding.

People throw a lot of rubbish around how they 'dont't want everything on their network to be publicly routable'. Routability is meaningless if you've got sensible network controls in place controlling traffic flow.
 
If you think people will take the time to learn and forward correctly you're having a laugh. Upnp, flawed (horribly) though it is, was created out of the recognition that the average, non-technical home user, is lazy.

We're in the minority, most people don't want more firewalls or buttons to press, they want to plug it and and it just works. As long as people want to be lazy there will be compromised machines, the more complex something become the less likely the user is going to make the effort :p
 
Azuse05 said:
If you think people will take the time to learn and forward correctly you're having a laugh. Upnp, flawed (horribly) though it is, was created out of the recognition that the average, non-technical home user, is lazy.

We're in the minority, most people don't want more firewalls or buttons to press, they want to plug it and and it just works. As long as people want to be lazy there will be compromised machines, the more complex something become the less likely the user is going to make the effort :p
Click to expand...

I think you've completely missed the point that ipv6, by eliminating NAT, makes uPNP redundant too. Every IP on your network is publicaly and easily accessible from the internet now, unless you firewall it...

Despite is massive underlying complexity, ipv6 is much easier for the home user, correctly deployed it's far more plug and play than what we have...
 
growse said:
I'm not sure - for the home user, all that will happen is that routers will ship with firewalls enabled. I think the number of users who require firewall ports open inbound to their home is similar to the number of users who require NAT port forwarding.

People throw a lot of rubbish around how they 'dont't want everything on their network to be publicly routable'. Routability is meaningless if you've got sensible network controls in place controlling traffic flow.
Click to expand...

Quite...but remember one of things about ipv6 is that it'll mean (indirectly and long term) far more home devices become accessible. If you'll pardon me bringing up the fabled ip enabled fridge, it's no use if you can't access it from your mobile to see what you've got for dinner. That'll require punching a hole in the firewall for access...

I don't know what the long term will be myself, personally from the ISP point of view my design philosophy for IPv6 is to stop shipping routers and give people bridging devices that the ISP manages en mass and the customer can't touch (a la cable modems).

But yes, the 'I don't want my network to be publically routable' line is strictly for idiots.
 
bigredshark said:
Quite...but remember one of things about ipv6 is that it'll mean (indirectly and long term) far more home devices become accessible. If you'll pardon me bringing up the fabled ip enabled fridge, it's no use if you can't access it from your mobile to see what you've got for dinner. That'll require punching a hole in the firewall for access...

I don't know what the long term will be myself, personally from the ISP point of view my design philosophy for IPv6 is to stop shipping routers and give people bridging devices that the ISP manages en mass and the customer can't touch (a la cable modems).

But yes, the 'I don't want my network to be publically routable' line is strictly for idiots.
Click to expand...

Hmmm, we're straying into theoretical future use cases for the home network. I'm not sure any run-of-the-mill broadband user accesses their home network from their mobile, so regardless of IPv4 or IPv6, this is going to have to be a nice experience if it's desirable, be that port forwarding (eugh) or opening a firewall port.

As for the ISP managed device, I can see how that may be desirable from an ISP point of view, and I can also see how some users would find that *very* undesirable (me).
 
Have I? The majority of security issue arise from user laziness. It may be far more accessible than upnp but it also means the user has to make the effort the do the fire-walling, and do it correctly meaning they have to actually understand what they're doing (problem 2).

I'm looking forward to v6, but you should never underestimate the effect of the lazy or ignorant user.
 
Azuse05 said:
Have I? The majority of security issue arise from user laziness. It may be far more accessible than upnp but it also means the user has to make the effort the do the fire-walling, and do it correctly meaning they have to actually understand what they're doing (problem 2).

I'm looking forward to v6, but you should never underestimate the effect of the lazy or ignorant user.
Click to expand...

I would imagine most routers would be solved with a firewall that blocks all incoming connections by default.
 
You must log in or register to reply here.
Back
Top Bottom