IPv6 and Vista

[virtualrain]

I see that IPv6 is integrated into Vista. Is there any benefit to using an IPv6 router for a home network of Vista PC's and using 6to4 over the WAN?

I'm considering this router...http://www.buffalotech.com/products...finiti-dual-band-gigabit-router-access-point/

 

[Xipher]

I don't think any sort of benefit exists, at least not yet. I don't think their is any thing accessible in the IPv6 space that isn't accessible from he IPv4 space yet.

 

[zacdl]

In a home network- there is zero benifit.

The primary purpose of IPv6 is to create more hosts to use on the Internet- as we are running out. There isn't much use for home users.

The primary thing stopping IPv6 from taking off, is lack of support from the ISPs. Once they transfer over- the rest of the world will as well. It is just until they do- there isn't much point to switching yet.

No real advantage. The only thing it will benifit is the growing number of servers on the web. Home users won't get any advantages.

 

[00ber_m00]

IPv6 has much more a larger set of IP addresses. The security benefits alone are tremendous.

 

[MorfiusX]

The primary purpose of IPv6 is to create more hosts to use on the Internet- as we are running out.

I keep hearing analysts say things like this, bu I keep have to ask "Where is the proof?" I have yet to read or encounter an issue where the number of available addresses has become a problem. There is a reason NAT exists...

 

[00ber_m00]

My previous post should have said that IPv6 is more than just a larger IP address space. But you haven't heard about IPv4 addresses being a problem yet because they won't run out until 2012 (current estimate by IANA and ICANN).


And like I said. There is more to IPv6 than just more ip addresses. A lot more.

 

[Xipher]

I keep hearing analysts say things like this, bu I keep have to ask "Where is the proof?" I have yet to read or encounter an issue where the number of available addresses has become a problem. There is a reason NAT exists...

NAT has helped prolong the use of IPv4, how ever it does break certian applications such as VOIP. You also can't host more then 1 SSL website on the same IP with out using different ports. Basicly we are using up the address space, and will run out eventually with people wanting more, when that time comes the move to IPv6 is going to be pushed a lot harder.

 

[virtualrain]

My previous post should have said that IPv6 is more than just a larger IP address space. But you haven't heard about IPv4 addresses being a problem yet because they won't run out until 2012 (current estimate by IANA and ICANN).


And like I said. There is more to IPv6 than just more ip addresses. A lot more.

What are the benefits, if any, on a home network?

 

[crash848]

What are the benefits, if any, on a home network?

Geek bragging rights.

You will still be using a NAT device to go out to the internet (I assume). This will keep you mostly secure on the big bad intarweb, due to the nature of the devices. On a home network, you usually don't have to worry about a person coming into your network with a rogue machine and doing nasty things, so the security features will be moot. Most home networks aren't exactly saturated with traffic either, so you won't need LAN based QoS enhancements that IPv6 adds either.

So the only benefit I can see with running IPv6 is geek bragging rights, and if you work as a network engineer/administrator you will have that much more experience than the guy sitting across from your cube at work. IPv6 isn't exactly the highest priority on 95% of the worlds networks as of right now, so not a lot of people know how to use it (including me, for the most part!).

And as a previous poster said about NAT - it is just a band aid to slow the bleeding. Same with CIDR, that was created to break down "classed" IP ranges into smaller bites (sic) to be assigned.

 

[zacdl]

Geek bragging rights

Yea... pretty much. Although I don't even think it is bragging rights... it's just Geek.

IPv6 doesn't really give you much more security than IPv4.
There are slight improvements, and the simple fact it is hexadecimal and longer makes them harder to spoof.

As mentioned- NAT is a band-aid. It isn't solving our problems. It is just temporarily slowing them down.
Growth rate on the Internet is 100% (doubles each year). At this rate of growth, again, as mentioned, we will be out of IPv4 addresses in 5 years.

As crash said, we *might* be using a NAT system in the future, perhaps not. The reason I say "perhaps not" is the number of IP addresses you will gain with IPv6 is HUGE.
To put these in numbers, IPv4 supports 2^32 addresses (4.3 Billion). IPv6 supports 2^128 addresses. A TON more. There are 6.5 Billion people on this earth, IPv6 would give each person 5x10^28 addresses each. As Wikipedia states, that is about 7 IP addresses for every atom in every person's body. Or, eleven octillion times the current number of addresses on earth, for each person.

This is why I said "perhaps not". With the vast amounts of IPv6 addresses availible, the need for NAT devices is just about null.

 

[ThreeDee]

in the future, do you think IPv6 modems/routers will nat to IPv4 behind themselves for home/business networks sharing a connection..? ... or will it nat to IPv6 addresses with specific addressing like 192.168.x.x etc ..?


[F]old|[H]ard

 

[Xipher]

in the future, do you think IPv6 modems/routers will nat to IPv4 behind themselves for home/business networks sharing a connection..? ... or will it nat to IPv6 addresses with specific addressing like 192.168.x.x etc ..?

I'm guessing they won't NAT at all. NAT was primarily designed to help with the address space exhaustion. If you really want to NAT you can though, and the IPv6 space does have a section you can use that is reserved for private addressing.

 

[ThreeDee]

I'm guessing they won't NAT at all. NAT was primarily designed to help with the address space exhaustion. If you really want to NAT you can though, and the IPv6 space does have a section you can use that is reserved for private addressing.

so , will we get a block of 10 or so ip addresses or something with our high speed interenet accounts then or something and then just assign a "real" ip address to every computer on our respective networks?

me = linux/network/CS:S noob that likes to learn.....


[F]old|[H]ard

 

[Xipher]

most likely they won't worry about limiting IP addresses since the ISPs will be getting /32 allotments (that's about 79228162514264337593543950336 addresses total not subtracting out the overhead)

That information is based on http://www.arin.net/registration/guidelines/ipv6_initial_alloc.html

General IPv6 Allocation:
Generally, the minimum allocation size for IPv6 address space is /32. IPv6 address space is issued based on current need.

 

[mikeblas]

IPv6 has much more a larger set of IP addresses. The security benefits alone are tremendous.

How does having more addresses make IP more secure?

most likely they won't worry about limiting IP addresses since the ISPs will be getting /32 allotments (that's about 79228162514264337593543950336 addresses total not subtracting out the overhead)

How did you get to 2**96 from a 32-bit allotment?

 

[xphil3]

How does having more addresses make IP more secure?

How did you get to 2**96 from a 32-bit allotment?

Mikeblas,

00ber_m00 was refering to IPv6 as a whole, clearly you are like the rest of the "uninformed public" and seem to think that the only thing IPv6 addresses is the depletion of the IPv4 address space. Silly billy

Ill just throw out a few (from the top of my head) of the security enhancements that IPv6 will have. Header and payload authentication, this pretty much speaks for itself in what it can prevent against. One other massive security enhancement is IPsec, which is mandatory when using IPv6, this one again speaks for itself. The one last enhancement that I can think of right now is that fragmentation is handled at the user end, not at the network element(as it is with IPv4), stopping almost all of the traditional DoS attacks.

 

[Xipher]

How does having more addresses make IP more secure?

How did you get to 2**96 from a 32-bit allotment?

You get alloted a /32, 128-32=96, meaning 2^92
IPv6 uses 128 bit addresses, and just like IPv4 the /(bit number) is how many bits are in the network mask. For example AT&T has 12.0.0.0/8 alloted to them, that means they have 24 bits for the host ID to use (2^24 addresses).

 

[mikeblas]

clearly you are like the rest of the "uninformed public"

Obviously, you have no idea who you're talking to. Further, you didn't read the quote that I made: it's the fellow that I'm quoting who asserts that having more addresses makes IPv6 more secure.

You get alloted a /32, 128-32=96, meaning 2^92
IPv6 uses 128 bit addresses, and just like IPv4 the /(bit number) is how many bits are in the network mask. For example AT&T has 12.0.0.0/8 alloted to them, that means they have 24 bits for the host ID to use (2^24 addresses).

Oh, I see. Thank you for your helpful answer!

 

[00ber_m00]

Obviously, you have no idea who you're talking to. Further, you didn't read the quote that I made: it's the fellow that I'm quoting who asserts that having more addresses makes IPv6 more secure.

You are mistaken. The fellow you quoted made no implication that the larger IP address space had anything to do with the security enhancements. xphil3 was dead on with his post.

 

[mikeblas]

You are mistaken. The fellow you quoted made no implication that the larger IP address space had anything to do with the security enhancements. xphil3 was dead on with his post.

IPv6 has much more a larger set of IP addresses. The security benefits alone are tremendous.

It's hard to feel like I've misread this paragraph. Since the second sentence has no direct object, it's natural to assume you're referring to the previous statement, not IPv6 as a whole.

If you' are referring to IPv6 as a whole, then my question is answered.

 

[00ber_m00]

I don't think we're on the same wavelength. Perhaps you missed the post I made immediately after the one you are quoting that explains my post is supposed to say IPv6 has much more than a larger set of IP addresses.

 

[Xipher]

You are mistaken. The fellow you quoted made no implication that the larger IP address space had anything to do with the security enhancements. xphil3 was dead on with his post.

The security enhancements are already here, IPSec has been around for a while. While the IPv6 specs do make it more of a requirement, that doesn't mean it will be used, it's still a freaking pain to configure and doesn't work automatically. IPv6 didn't change IPSec, just said the stack needs to support it. In the end it didn't change any thing. Requiring implementation, doesn't require it's use.

 

[mikeblas]

Plus, it takes a lot of processing to encrypt/decrypt before sending. Are there any gigabit cards with hardware IPSEC yet?

I don't think we're on the same wavelength.

Me, neither.

 

[xphil3]

The security enhancements are already here, IPSec has been around for a while. While the IPv6 specs do make it more of a requirement, that doesn't mean it will be used, it's still a freaking pain to configure and doesn't work automatically. IPv6 didn't change IPSec, just said the stack needs to support it. In the end it didn't change any thing. Requiring implementation, doesn't require it's use.

Xipher, while you are definitely right about IPsec being available in IPv4, you haven't really read much into IPv6's implementation, have you?

By making this feature mandatory they have enhanced user to user security, something that IPsec w/ IPv4 cannot do because of NAT and its pesky IP header rewriting. Since NAT will no longer be used with IPv6, full user to user IPsec tunnels can be made. The obvious problem with IPsec and IPv4 is that you usually need to create the tunnels with a networking or security device and therefore entrust everything behind that device, this was a problem that IPv6 addresses, and hence IPsec being mandatory.

Honestly though, if you ask me.... NAT devices will still be used from the edge in.

 

[Xipher]

I know full well what they have been doing, I have been keeping my self informed for quite some time. The point is it's not mandatory for use, only implementation. Just because you say some one has to implement something doesn't mean it will ever be used. To the best of my knowledge they didn't change the IPsec implementation at all with IPv6, so getting AH or ESP setup still requires some work on the part of those that want to use it. I'm not saying that it won't be useful but also as Mikeblas pointed out, encryption requires overhead, and unless you have a hardware crypto accelerator you will take a performance hit.

Simply put, they just require IPsec, they didn't actually change it or make it any easier to use.

Plus, it takes a lot of processing to encrypt/decrypt before sending. Are there any gigabit cards with hardware IPSEC yet?

I don't know of any NICs with included hardware acceleration for cryptography, but I do know of some stand alone cards available from soekris. How ever I don't think their is any Windows support for those and it can't reach gigabit throughput yet, only about a quarter. They are working on an updated one that should just about double the throughput, but that isn't available just yet.