On Sun, 2010-12-05 at 14:13 +0100, RedShift wrote:
On 12/05/10 12:50, Rudi Ahlers wrote:
Seeing as IPV4 is near it's end of life (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Day...), I'm curios as who know whether everyone is ready for the changeover to IPV6? Is anyone using it in production already, and what are your experiences with it?
Haven't switched yet, I have IPv6 at home using sixxs. IMO the slow adoption is caused by the complexity IPv6 brings. They should have just modified IP to use 128 bits addresses and leave the rest as is.
Disagree, IPv4 at this point is a whole heap of hacks. IPv6 throws out lots of crap and provides for much better performance [routing IPv6 requires much less horsepower than routing IPv4].
For example, what is the use of a link scoped IPv6 address? Why would you want to assign an IP address to yourself that's of no use at all?
It is incredibly useful. There is a lot of traffic that is only relevant to the local-link. Now two computers on the same wire can communicate automatically - true zero-configuration. IPv6 uses link-local for neighbor discovery. Remember IPV6 does not use ARP.
I can't even figure out what address ranges are reserved for private use, is there even such a concept in IPv6?
None, and no. There is no exact equivalent - thank goodness. Everyone using 192.168.1.x and NAT is a real pain.
I know that IPv6 is supposed to allow every address to be publicly route-able but having your computers in private ranges and use NAT has big advantages towards security.
NO NO NO NO NO NO NO and NO! (*@!^&*@$ &@*^*&$@ &*@^*&@ How many times does this have to be explained??? NAT *IS* *NOT* a @*(&^*(^@(*@ security tool. It isn't. Stop saying it is. You use *firewalls* for security. Just block ingress traffic and you are just as well off as you are on NAT - and odds are in your NAT configure you are doing that already. All you do is eliminate the hacks, performance penalty, and interoperability problems created by NAT. NAT is a *problem*, not a solution for anything other than a deficient network protocol.
And what about this arbitrarily chosen /64 subnet? So we're returning back to classfull routing?
Yes, thank goodness. No more ridiculously tedious netmasks.
Stateless auto-configuration is a useless feature, just like APIPA. I much prefer DHCP and thankfully it still exists for v6.
Correct, nothing is lost, things are gained. All to the good.