Today I received an allocation of IP6 addresses for some servers. I can 'play' with the last 2 of the 8 IP6 address segments.
I always thought, mistakenly, IP6 was 6 segments, because it was IP6. IP4 had 4 segments. However IP6 is actually IP version 6 and it has 8 segments. The other interesting discovers are:
:: means one or more 0 segments, example :: can mean 0:0:0: or just 0:0: or even 0:0:0:0:
and, a real smile making favourite, is IP6 breaks Micro$oft's set-up. Micro$oft can not handle actual IP6 addresses because : is forbidden by Micro$oft in its 'Uniform Naming Convention (UNC) path names'. Naturally Micro%oft has invented a 'work around' solution.
http://en.wikipedia.org/wiki/IPv6_address#Literal_IPv6_addresses_in_UNC_path...
Because : is sometimes used in an address to indicate the start of a port number, example http://www.anyonejunk.com:1234, the IP6 address can be enclosed within [ ] with the port number remaining outside the square brackets.
How will IP6 affect the software in Centos and what gradual changes should one make on the transition to a major Internet change with the ending of NAT for IP4 addresses and a more secure (IPsec) end to end transmission protocol?
On 02/26/11 12:12 PM, Always Learning wrote:
Because : is sometimes used in an address to indicate the start of a port number, examplehttp://www.anyonejunk.com:1234, the IP6 address can be enclosed within [ ] with the port number remaining outside the square brackets.
Thats, MUST be enclosed within []... without those [ ], how would you resolve
http://21DA:00D3::00FF:FE28:8080
is that... http://%5B21DA:00D3:0000:0000:0000:00FF:FE28:8080] or http://%5B21DA:00D3:0000:0000:0000:0000:00FF:FE28%5D:8080
? Both of those are valid IPv6 addresses
if anything, I'd put the blame on this squarely on the committee that decided to use : as the IPv6 seperator when it was already in wide use as the URL port separator.
Am 26.02.2011 um 21:24 schrieb John R Pierce:
On 02/26/11 12:12 PM, Always Learning wrote:
Because : is sometimes used in an address to indicate the start of a port number, examplehttp://www.anyonejunk.com:1234, the IP6 address can be enclosed within [ ] with the port number remaining outside the square brackets.
Thats, MUST be enclosed within []... without those [ ], how would you resolve
http://21DA:00D3::00FF:FE28:8080is that... http://%5B21DA:00D3:0000:0000:0000:00FF:FE28:8080] or http://%5B21DA:00D3:0000:0000:0000:0000:00FF:FE28%5D:8080
? Both of those are valid IPv6 addresses
if anything, I'd put the blame on this squarely on the committee that decided to use : as the IPv6 seperator when it was already in wide use as the URL port separator.
With IPV6, you don't need to run it on a different port. Just bind it to a different IP in the same prefix ;-) So, that port-8080 stuff will be gone pretty soon. In a year or two. Cough-cough.
On Sat, 2011-02-26 at 21:33 +0100, Rainer Duffner wrote:
With IPV6, you don't need to run it on a different port. Just bind it to a different IP in the same prefix ;-) So, that port-8080 stuff will be gone pretty soon.
Very interesting point.
In a year or two. Cough-cough.
That long?
With best regards,
Paul. England, EU.
On 02/26/11 12:33 PM, Rainer Duffner wrote:
With IPV6, you don't need to run it on a different port. Just bind it to a different IP in the same prefix ;-) So, that port-8080 stuff will be gone pretty soon. In a year or two. Cough-cough.
when I first saw the spec for IPv6 I mistakenly thought they'd done away with ports entirely, and that you'd just use an IP range for a server for different services... but that would be a mess for DNS, having to use a different hostname for ssh rather than http etc, a physical host would likely use a subdomain in that scheme (ssh.myhost.mydomain.com vs http.myhost.mydomain.com etc etc)
On Sat, 2011-02-26 at 12:41 -0800, John R Pierce wrote:
On 02/26/11 12:33 PM, Rainer Duffner wrote:
With IPV6, you don't need to run it on a different port. Just bind it to a different IP in the same prefix ;-) So, that port-8080 stuff will be gone pretty soon. In a year or two. Cough-cough.
when I first saw the spec for IPv6 I mistakenly thought they'd done away with ports entirely, and that you'd just use an IP range for a server for different services... but that would be a mess for DNS, having to use a different hostname for ssh rather than http etc, a physical host would likely use a subdomain in that scheme (ssh.myhost.mydomain.com vs http.myhost.mydomain.com etc etc)
When using a non-standard port on IP4, the hacker is not being pointed directly at a specific door with a live application behind it. Additionally if HTTP is operating on the same IP address, the hacker might think that is the only application at the address. With a unique IP6 address a hacker can be sure something is definitely there.
Creating lots of dummy IP6 addresses to confuse hackers is not an ideal solution.
On Sat, 2011-02-26 at 12:24 -0800, John R Pierce wrote:
On 02/26/11 12:12 PM, Always Learning wrote:
Because : is sometimes used in an address to indicate the start of a port number, example http://www.anyonejunk.com:1234, the IP6 address can be enclosed within [ ] with the port number remaining outside the square brackets.
Thats, MUST be enclosed within []... without those [ ], how would you resolve
http://21DA:00D3::00FF:FE28:8080is that... http://%5B21DA:00D3:0000:0000:0000:00FF:FE28:8080] or http://%5B21DA:00D3:0000:0000:0000:0000:00FF:FE28%5D:8080
? Both of those are valid IPv6 addresses
if anything, I'd put the blame on this squarely on the committee that decided to use : as the IPv6 seperator when it was already in wide use as the URL port separator.
What separator would you have chosen?
\ (used by M$) / (used for directories etc.) : (used for port number) . (used by IP4) ; (widely used as a terminator) # ? = ? - ? _ ? ! ? " ? < (used in HTML and email addresses)
(used in HTML and email addresses)
, ? ^ ? % ? $ ? ~ ?
What would anyone have chosen ?
With best regards,
Paul. England, EU.
centos-bounces@centos.org wrote:
On Sat, 2011-02-26 at 12:24 -0800, John R Pierce wrote:
http://21DA:00D3::00FF:FE28:8080is that... http://%5B21DA:00D3:0000:0000:0000:00FF:FE28:8080] or http://%5B21DA:00D3:0000:0000:0000:0000:00FF:FE28%5D:8080
What separator would you have chosen?
What would anyone have chosen ?
.
4 hex digits vs. 1-3 decimal digits provides adequate disambiguation.
//me ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated**
On Tue, 2011-03-01 at 14:20 -0500, Brunner, Brian T. wrote:
centos-bounces@centos.org wrote:
On Sat, 2011-02-26 at 12:24 -0800, John R Pierce wrote:
http://21DA:00D3::00FF:FE28:8080is that... http://%5B21DA:00D3:0000:0000:0000:00FF:FE28:8080] or http://%5B21DA:00D3:0000:0000:0000:0000:00FF:FE28%5D:8080
What separator would you have chosen?
What would anyone have chosen ?
4 hex digits vs. 1-3 decimal digits provides adequate disambiguation.
1:2:3:4 or 1.2.3.4 ? Each segment of the former is a valid 'decimal' number and also a valid 'hexadecimal' number. Each segment of the later is a valid decimal number.
Still does not answer the question I posed of what separator would anyone have used for IP6 addresses.
On 03/01/11 11:51 AM, Always Learning wrote:
4 hex digits vs. 1-3 decimal digits provides adequate disambiguation.
1:2:3:4 or 1.2.3.4 ? Each segment of the former is a valid 'decimal' number and also a valid 'hexadecimal' number. Each segment of the later is a valid decimal number.
except thats not a valid ipv6 address, it has too few components.
1:2::3:4 would be (implying 1:2:0:0:0:0:3:4). if you used '.' as your seperator, 1.2..3.4 would be too, and its distinguishable from ipv4 due to the ..
On 01/03/11 21:02, John R Pierce wrote:
On 03/01/11 11:51 AM, Always Learning wrote:
4 hex digits vs. 1-3 decimal digits provides adequate disambiguation.
1:2:3:4 or 1.2.3.4 ? Each segment of the former is a valid 'decimal' number and also a valid 'hexadecimal' number. Each segment of the later is a valid decimal number.
except thats not a valid ipv6 address, it has too few components.
1:2::3:4 would be (implying 1:2:0:0:0:0:3:4). if you used '.' as your seperator, 1.2..3.4 would be too, and its distinguishable from ipv4 due to the ..
Until you then need to support this syntax: 2001::10.2.2.191
'.' might be a good separator, but for the vast variety of writing addresses which IPv6 supports ... and that it is a different protocol from IPv4, I'm glad the separator is different. ':' might not be ideal, but I find it a lot better than a lot of other alternatives.
Anyway, the standard is settled, and it has been available for over 15 years ... it's too late to change it in IPv6.
kind regards,
David Sommerseth.
-
Always Learning -
Brunner, Brian T. -
David Sommerseth -
John R Pierce -
Rainer Duffner