[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Mon Dec 6 13:37:18 UTC 2010
Adam Tauno Williams <awilliam at whitemice.org>

On Sun, 2010-12-05 at 14:13 +0100, RedShift wrote: 
> On 12/05/10 12:50, Rudi Ahlers wrote:
> > Seeing as IPV4 is near it's end of life
> > (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm),
> > I'm curios as who know whether everyone is ready for the changeover to
> > IPV6?
> > Is anyone using it in production already, and what are your experiences with it?
> Haven't switched yet, I have IPv6 at home using sixxs.
> IMO the slow adoption is caused by the complexity IPv6 brings. They
> should have just modified IP to use 128 bits addresses and leave the
> rest as is. 

Disagree, IPv4 at this point is a whole heap of hacks.  IPv6 throws out
lots of crap and provides for much better performance [routing IPv6
requires much less horsepower than routing IPv4].

> For example, what is the use of a link scoped IPv6 address? Why would
> you want to assign an IP address to yourself that's of no use at all?

It is incredibly useful.  There is a lot of traffic that is only
relevant to the local-link.  Now two computers on the same wire can
communicate automatically - true zero-configuration.  IPv6 uses
link-local for neighbor discovery.  Remember IPV6 does not use ARP.

> I can't even figure out what address ranges are reserved for private
> use, is there even such a concept in IPv6? 

None, and no.  There is no exact equivalent - thank goodness.  Everyone
using 192.168.1.x and NAT is a real pain.

> I know that IPv6 is supposed to allow every address to be publicly
> route-able but having your computers in private ranges and use NAT has
> big advantages towards security.

NO NO NO NO NO NO NO and NO!  (*@!^&*@$ &@*^*&$@  &*@^*&@  How many
times does this have to be explained???  NAT *IS* *NOT* a @*(&^*(^@(*@
security tool.  It isn't.  Stop saying it is.  You use *firewalls* for
security.  Just block ingress traffic and you are just as well off as
you are on NAT - and odds are in your NAT configure you are doing that
already.  All you do is eliminate the hacks, performance penalty, and
interoperability problems created by NAT.  NAT is a *problem*, not a
solution for anything other than a deficient network protocol.

> And what about this arbitrarily chosen /64 subnet? So we're returning
> back to classfull routing?

Yes, thank goodness.  No more ridiculously tedious netmasks.

> Stateless auto-configuration is a useless feature, just like APIPA. I
> much prefer DHCP and thankfully it still exists for v6.

Correct, nothing is lost, things are gained.  All to the good.