Let's Talk IPV6

Just to add my 2 cents to a rather good discussion.

I have found that sometimes IPV6 is a good way to get around issues with servers and router not playing nice and loosing track of each other. But most often its IPV6 that is getting in the way causing DNS issues with clients trying to authenticate tot eh server on the network.
And I do have a beef with the adressing being basically random characters that make no sense. I'm withteh OP here in adding an extra octet or two would have been a FAR better solution.
 
Just to add my 2 cents to a rather good discussion.

I have found that sometimes IPV6 is a good way to get around issues with servers and router not playing nice and loosing track of each other. But most often its IPV6 that is getting in the way causing DNS issues with clients trying to authenticate tot eh server on the network.
And I do have a beef with the adressing being basically random characters that make no sense. I'm withteh OP here in adding an extra octet or two would have been a FAR better solution.


Yeah those IPV6 addresses just roll off the tongue don't they. I can see that causing some major hassles and errors going forward. People struggle enough with a 10 digit WAP key...
 
Yeah those IPV6 addresses just roll off the tongue don't they. I can see that causing some major hassles and errors going forward. People struggle enough with a 10 digit WAP key...

All the fans of IPV6 say we should be using DNS anyway.

When was the last time any of you used DNS at home???

I think it is kind of nuts.

They really should have just added another 8bit octet to IPV4 and called it a day. That would have provided about a trillion addresses, which is more than enough and would still have been easily human readable.
 
All the fans of IPV6 say we should be using DNS anyway.

When was the last time any of you used DNS at home???

Pretty much anyone running a consumer router from the last 15+ years. Virtually all of them will update their DNS records when the DHCP server hands out an address and the host responds with a hostname. If you've configured your own DNS/DHCP services and this isn't happening, then your setup is incomplete.

There is, admittedly, currently a shortcoming regarding IPv6 here, as this mechanism doesn't come into play when SLAAC is used (the most common setup for home IIRC). So yeah, for now, it's still dual-stack with IPv4. Not so much an issue in the enterprise or anywhere else you can get a fixed IPv6 subnet allocation and use DHCP6 instead. (Importantly, this would be an issue regardless of the size of the address pool chosen for IPv6, as it relates to other choices made (right or wrong) to simplify/improve the protocol.)

They really should have just added another 8bit octet to IPV4 and called it a day. That would have provided about a trillion addresses, which is more than enough and would still have been easily human readable.

And given the exponential growth of IP-capable devices, in 20-30 years we'd just be right back where we are with IPv4 now, and needing to come up with yet another new protocol. Better to do a properly-sized address space now and go through the pain only once.
 
Pretty much anyone running a consumer router from the last 15+ years. Virtually all of them will update their DNS records when the DHCP server hands out an address and the host responds with a hostname. If you've configured your own DNS/DHCP services and this isn't happening, then your setup is incomplete.

There is, admittedly, currently a shortcoming regarding IPv6 here, as this mechanism doesn't come into play when SLAAC is used (the most common setup for home IIRC). So yeah, for now, it's still dual-stack with IPv4. Not so much an issue in the enterprise or anywhere else you can get a fixed IPv6 subnet allocation and use DHCP6 instead. (Importantly, this would be an issue regardless of the size of the address pool chosen for IPv6, as it relates to other choices made (right or wrong) to simplify/improve the protocol.)



And given the exponential growth of IP-capable devices, in 20-30 years we'd just be right back where we are with IPv4 now, and needing to come up with yet another new protocol. Better to do a properly-sized address space now and go through the pain only once.

I disagree with the latter part.

There is no need for more than a trillion IP addresses for the rest of all human history.

Even if we hit 20 billion people on earth (in which case we will have bigger problems than worrying about IP address space) that's over 50 addresses per person.

And there is absolutely no reason they all need to be 1:1 addressable. NAT works very well. I'd argue human readability is much much more important than getting rid of NAT.

What we really want to avoid is double NAT:ing. That is awful, and needs to die, but single NAT is fine and perfectly acceptable.

We don't need enough IP addresses for every atom on earth to have it's own...
 
Last edited:
NAT does not work very well and is a pain. It's a bandaid fix to overcome IPv4's lack of address space. It has many limitations that we've already covered over and over. Human readability is also of no concern since that's the point of DNS. Do you navigate your car by GPS coordinates or addresses?

We've also already covered that link-local IPv6 addresses can be shorter than IPv4 (since you seem to be stuck on remembering those by heart), so you can't claim that as an advantage either.

It's quite apparent that you will not be persuaded by those that deal with this on a daily basis for a living and are far more versed on the matter. It seems to me that you came here for confirmation of your beliefs and have elected to disregard anything to the contrary.
 
There is no need for more than a trillion IP addresses for the rest of all human history.

Even if we hit 20 billion people on earth (in which case we will have bigger problems than worrying about IP address space) that's over 50 addresses per person.

Not enough.

Think of all the devices you have at home right now with IP connectivity. Consider that many of these can connect in multiple ways to multiple networks (e.g., ethernet, WiFi, cellular, etc.). Now, think of all the devices that currently don't have any kind of connectivity that eventually will in the near future as they're upgraded/replaced (vehicles, appliances, cameras, sensors, etc.). Now onto your work, where the devices you use there will require additional addresses.

There's network infrastructure. Addresses for routers, switches, etc. at every location. Many more at the ISPs to tie everything together into the Internet. Many thousands of server farms each hosting hundreds to many tens of thousands of servers running at least an order of magnitude more of virtual hosts/containers.

Then there's telecoms, public utilities, transportation, oil/gas infrastructure, all sorts of things one might not think of moving to use IP networks as the backbone of their sensor/communications/reporting networks.

I could go on and on.

And remember, not every address is assignable.

Your fifty addresses runs out very fast.

And there is absolutely no reason they all need to be 1:1 addressable. NAT works very well. I'd argue human readability is much much more important than getting rid of NAT.

What we really want to avoid is double NAT:ing. That is awful, and needs to die, but single NAT is fine and perfectly acceptable.

Ugh, again with NAT. This has been covered by myself and others upthread. NAT is an ugly hack that was necessitated by the inadequate supply of available addresses. When the opportunity arose to eliminate it, everyone jumped at the chance. The only reason it seems reasonable now is that we've had 20+ years to work around most of the issues that shouldn't exist in the first place.

Which sounds better:
a) A router requiring additional RAM and CPU/ASIC in order to handle ever-increasing port-mapping tables, tracking application protocols in use to make sure they're handled properly, and having to rewrite an IP packet every time one crosses the router. Then there's the latency introduced by all this.
b) Just give everything a unique address. Let the much simpler stateful firewall do its job.

Also, the large address/subnet allocations allowed by IPv6 allows for such benefits as privacy extensions. Something that'd never be possible with IPv4 or even an additional octet tacked on to the address.

And the best way to avoid double-NATing is to not have any NAT to begin with. If your ISP is running NAT to support all its customers because it's unable to obtain a sufficient allocation (as is often the case now and probably wouldn't change with such a relatively small increase of a single octet), then it might be unavoidable.

"Human-readable" addresses is irrelevant. The majority of people don't give a damn (or need to) about the IP address. If you're constantly accessing systems by IP address (v4 or v6) instead of DNS hostname (even easier to remember/type) you're doing it wrong. And IPv6 addresses aren't that bad. Sometimes longer that IPv4, sometimes shorter, and formatted in a way to make them easily read.
 
Last edited:
I disagree with the latter part.

There is no need for more than a trillion IP addresses for the rest of all human history.

Even if we hit 20 billion people on earth (in which case we will have bigger problems than worrying about IP address space) that's over 50 addresses per person.

And there is absolutely no reason they all need to be 1:1 addressable. NAT works very well. I'd argue human readability is much much more important than getting rid of NAT.

What we really want to avoid is double NAT:ing. That is awful, and needs to die, but single NAT is fine and perfectly acceptable.

We don't need enough IP addresses for every atom on earth to have it's own...

Yeah someone made a bad call with IPv6 IMO.
 
As far as I can see IPv6 is what we're stuck with and will only become more prevalent with the unavoidable rise in Carrier Grade NAT for IPv4. But, even then, the average user will be blissfully ignorant of CGN, slowing IPv6 adoption from what it should be.

My main gripe with IPv6 in the home is because of SLAAC vs DHCPv6. Basically, Google digging their heels in with Android. There are a number of other complications, but what about the internet isn't?
 
My main gripe with IPv6 in the home is because of SLAAC vs DHCPv6. Basically, Google digging their heels in with Android.

Do you have a link or any more information about this I can search based on? I am curious and want to read up.
 
Not enough.

Think of all the devices you have at home right now with IP connectivity. Consider that many of these can connect in multiple ways to multiple networks (e.g., ethernet, WiFi, cellular, etc.). Now, think of all the devices that currently don't have any kind of connectivity that eventually will in the near future as they're upgraded/replaced (vehicles, appliances, cameras, sensors, etc.). Now onto your work, where the devices you use there will require additional addresses.

There's network infrastructure. Addresses for routers, switches, etc. at every location. Many more at the ISPs to tie everything together into the Internet. Many thousands of server farms each hosting hundreds to many tens of thousands of servers running at least an order of magnitude more of virtual hosts/containers.

Then there's telecoms, public utilities, transportation, oil/gas infrastructure, all sorts of things one might not think of moving to use IP networks as the backbone of their sensor/communications/reporting networks.

I could go on and on.

And remember, not every address is assignable.

Your fifty addresses runs out very fast.



Ugh, again with NAT. This has been covered by myself and others upthread. NAT is an ugly hack that was necessitated by the inadequate supply of available addresses. When the opportunity arose to eliminate it, everyone jumped at the chance. The only reason it seems reasonable now is that we've had 20+ years to work around most of the issues that shouldn't exist in the first place.

Which sounds better:
a) A router requiring additional RAM and CPU/ASIC in order to handle ever-increasing port-mapping tables, tracking application protocols in use to make sure they're handled properly, and having to rewrite an IP packet every time one crosses the router. Then there's the latency introduced by all this.
b) Just give everything a unique address. Let the much simpler stateful firewall do its job.

Also, the large address/subnet allocations allowed by IPv6 allows for such benefits as privacy extensions. Something that'd never be possible with IPv4 or even an additional octet tacked on to the address.

And the best way to avoid double-NATing is to not have any NAT to begin with. If your ISP is running NAT to support all its customers because it's unable to obtain a sufficient allocation (as is often the case now and probably wouldn't change with such a relatively small increase of a single octet), then it might be unavoidable.

"Human-readable" addresses is irrelevant. The majority of people don't give a damn (or need to) about the IP address. If you're constantly accessing systems by IP address (v4 or v6) instead of DNS hostname (even easier to remember/type) you're doing it wrong. And IPv6 addresses aren't that bad. Sometimes longer that IPv4, sometimes shorter, and formatted in a way to make them easily read.

Meh.

Single NAT works fine. No issues what so ever. The entire Internet as we know it is working just fine using it.

Double NAT is a problem, but single NAT? I think some people just like to complain.

Here are all the IP addresses a person needs. One IP for their house, one for their mobile phone. Maybe two more, one for a laptop with an LTE if you need that sort of thing, and maybe one for a car. That's it.

Eliminating NAT causes more problems than it solves.

And no, DNS has no place on a small local network. Maybe if you have a massive corporate network, but on a small local network it is just dumb needless added complexity.
 
Eliminating NAT causes more problems than it solves.

Okay I had sworn of this ridiculous thread but this is too much .... Exactly what problem does eliminating NAT, let's be clear you mean PAT, cause? Also, just to eliminate what I suspect your reply will be. Security through obscurity is not an acceptable answer as it is not security.
 
Meh.

Single NAT works fine. No issues what so ever. The entire Internet as we know it is working just fine using it.

Double NAT is a problem, but single NAT? I think some people just like to complain.

Here are all the IP addresses a person needs. One IP for their house, one for their mobile phone. Maybe two more, one for a laptop with an LTE if you need that sort of thing, and maybe one for a car. That's it.

Eliminating NAT causes more problems than it solves.

And no, DNS has no place on a small local network. Maybe if you have a massive corporate network, but on a small local network it is just dumb needless added complexity.

You aren't a sys/network admin are you. You are also very short sighted. Why does NAT exist in the first place? IPV4 was short sighted and assumptive on being enough address space for the future. You speak of a person as an entire internet entity, and that is ridiculously wrong. I forsee an era of every lamp post, stop light or street sign on the highway getting an IP address so the lights can be remote managed individually for various reasons or talk to the cars driving on the road. Assumptions like your is the same as the IPV4 founders not foreseeing cell phones, smart appliances and home network streaming. You sound like those people who ask "why do you need more than 1 email?"

Clarify your post so you don't look dumb - without DNS at all you better know each websites IP address. Now I assume you meant small networks don't need local DNS servers for the local LAN. Where true for most home users behind a NAT firewall connected to DNS providing ISP modems. I use DNS on my DJ audio rigs to control my different audio processors and playlists remotely from tablets and phones. We live in an era where I can use the internet to remote control my DJ rig from the other side of the city. Why, oh yeah, DNS. All of my networks both small for customers or global for my primary job use local DNS servers. I want to control how my networks run, any good sys/network admin should do the same. Also "small local networks" as you say for businesses often run Microsoft domains, so yeah, DNS kinda needed for that. "DNS has no place..." is an assinine statement.
 
I'm with Nicklebon, was reading this and kept to myself, but I want to throw this out there. If you want "privacy" an application level firewall (that also provides dhcp) using ipv6 will provide you what you need ('need', not 'want'). A cable modem, which I think is prbably 95% plus of home networks, is not a router. Then again, I'm a big fan of the right box for the right job, a 'swiss-army' network device (router/wap/firewall) is a poor solution. Granted, a link-local ip is needed for ipv6 to work the way the rfc was designed (a mistake, imho), but you don't have to use the link-local for anything but network discovery. Use your own non-routable subnet and set up rules on your firewall. If you want to set up your own home (or sme) network you will have to go all the way down the rabbit hole and learn how ipv6 works and how to make it work for you, it's a paradigm shift from the good old days, but that's how things are not, evolve or die, I guess.
 
Meh.

Single NAT works fine. No issues what so ever. The entire Internet as we know it is working just fine using it.

Double NAT is a problem, but single NAT? I think some people just like to complain.

Here are all the IP addresses a person needs. One IP for their house, one for their mobile phone. Maybe two more, one for a laptop with an LTE if you need that sort of thing, and maybe one for a car. That's it.

Eliminating NAT causes more problems than it solves.

And no, DNS has no place on a small local network. Maybe if you have a massive corporate network, but on a small local network it is just dumb needless added complexity.
What do you do when you have three kids who want to host different sessions of the same game to play online with their friends, and the p2p netcode in the game is fixed to use port 3774?
 
that was a painful read......get a 28k modem, let your pages load like they used to in the 90s, and then you won't have the time to gripe about how 'stupid' things have become....because you'll still be trying to load your home page
 
What do you do when you have three kids who want to host different sessions of the same game to play online with their friends, and the p2p netcode in the game is fixed to use port 3774?
Tell them to go outside and play? (y)
 
This thread right here is why large IT companies like Google prefer younger people, more willing to change with technology as it grows, not saying there aren't older IT people that are willing to keep up with the changes, it's just that so many people get stuck in the past, and want that, when it's not realistic and/or feasible.
 
This thread right here is why large IT companies like Google prefer younger people, more willing to change with technology as it grows, not saying there aren't older IT people that are willing to keep up with the changes, it's just that so many people get stuck in the past, and want that, when it's not realistic and/or feasible.

FMD! stereotype much? I'd put good odds on me the oldest person in this thread. :)
 
This thread right here is why large IT companies like Google prefer younger people, more willing to change with technology as it grows, not saying there aren't older IT people that are willing to keep up with the changes, it's just that so many people get stuck in the past, and want that, when it's not realistic and/or feasible.
FMD! stereotype much? I'd put good odds on me the oldest person in this thread. :)
 
You aren't a sys/network admin are you. You are also very short sighted. Why does NAT exist in the first place? IPV4 was short sighted and assumptive on being enough address space for the future. You speak of a person as an entire internet entity, and that is ridiculously wrong. I forsee an era of every lamp post, stop light or street sign on the highway getting an IP address so the lights can be remote managed individually for various reasons or talk to the cars driving on the road. Assumptions like your is the same as the IPV4 founders not foreseeing cell phones, smart appliances and home network streaming. You sound like those people who ask "why do you need more than 1 email?"

Clarify your post so you don't look dumb - without DNS at all you better know each websites IP address. Now I assume you meant small networks don't need local DNS servers for the local LAN. Where true for most home users behind a NAT firewall connected to DNS providing ISP modems. I use DNS on my DJ audio rigs to control my different audio processors and playlists remotely from tablets and phones. We live in an era where I can use the internet to remote control my DJ rig from the other side of the city. Why, oh yeah, DNS. All of my networks both small for customers or global for my primary job use local DNS servers. I want to control how my networks run, any good sys/network admin should do the same. Also "small local networks" as you say for businesses often run Microsoft domains, so yeah, DNS kinda needed for that. "DNS has no place..." is an assinine statement.

Some sanity. I’m not sure if some realize what/all that dns does.
 
How about letting me decide how to handle parenting my kids and their friends and just sticking to the topic at hand?
Wow .. kind of a dink irl? .. or just here? ...anyhooo .. back to the topic on hand o_O
 
Yeah, I'd take that bet. I worked rtty gear in my Navy days, but then, I also worked on PRC-25's.
LOL :) okay ....

Odds are pretty low for pre JFK being active on here but ....

Born pre or post JFK assassination?
If pre you win.
If post pre or post Apollo 11?
If post you lose.
If pre we are going to call us twins and leave it at that. :)
 
Fair enough, you don't need to get off my lawn. But, I do remember the tv announcement of JFK dying, traumatic. I also remember my cousin, who worked for NASA at the time, pointing out sputnik to me.
 
LOL :) okay ....

Odds are pretty low for pre JFK being active on here but ....

Born pre or post JFK assassination?
If pre you win.
If post pre or post Apollo 11?
If post you lose.
If pre we are going to call us twins and leave it at that. :)

Born pre-JFK assassination.
Was also major driver for IPv6 consumer introduction at a large wireless company.
Sometimes the old guys are drivers for change - we are not all stuck living in the past ;)
 
This thread right here is why large IT companies like Google prefer younger people, more willing to change with technology as it grows, not saying there aren't older IT people that are willing to keep up with the changes, it's just that so many people get stuck in the past, and want that, when it's not realistic and/or feasible.

So many assumptions here.

1.) I don't work in IT and never have. This is a hobby for me.

2.) I prefer IPV4 and no DNS for my home network.

3.) I agree that IPV6 has many benefits. I just don't like the implementation.

4.) If I did work in IT I'd execute on whatever made most sense for the organization, regardless of my personal preferences on my home network. When you get paid to do a job, you do that job for whomever is paying you, not for yourself, so your personal preferences don't really matter.

In general though, enthusiastically accepting any change is no better than outright rejecting every change.

I enthusiastically accept the changes that make my life easier, and outright reject the ones that make my life harder. As should everyone.
 
Last edited:
All of that is neither here nor there though.

I understand that eventually IPV6 Will be forced on me, and when that happens I'll have to reconfigure my entire network with multiple servers and VLAN's, and that will be a major pain in the ass.

Because I haven't had the time to read up on everything yet, for the sake of the devil you know being better than the one you don't, I have disabled IPV6 in the interfaces on my router, put a top firewall rule blocking anything IPV6 from coming in or out (redundant, but...) and disabled IPV6 on all the clients and servers on my network that I am able. I have also as much as I am able tried to block all of the IPV6 over IPV4 tunneling methods (ISATAP, 6to4, default 6in4, 6rd, default teredo, etc.) because I don't want anything bypassing my security that way, but this is easier said than done, with so many protocols and workarounds available. I'm blocking all of this until I have the time to figure this whole IPV6 thing out, so nothing bypasses my security in the mean time.

I'm used to being able to freely pick the IP address of my choosing from the greater 10.0.0.0 24 bit range, splitting it into specific 8bit subnets for each VLAN. I have a 10.0.1.0/24 net, a 10.0.2.0/24 net and so on.

Within those nets I have selected custom IP addresses that make sense to me for what I have the server or client doing. Only thing I have on DHCP are wifi clients. Everything else is static and manually chosen by me.

I have most of my network memorized. No need for overcomplicating things by adding DNS.

Right now I have no idea how I am going to handle this when it goes IPV6. The totally private networks I can just keep on IPV4, who cares. Everything else is likely going to need to change, and is going to be a major pain in the ass, likely resulting in downtime.

Granted, just because an IPV6 address becomes available from my ISP doesn't mean I instantly need to change everything, but at some point my servers and clients won't be able to reach certain services unless I do.

I also route all of my WAN traffic (except for a few whitelisted things) through an OpenVPN provider for privacy.

It is entirely unclear how this will work with IPV6, and if it will require using NAT66. Sorry IETF, I know you want everything directly addressable, but short of the VPN provider providing each host only my local network with its own exit IPV6 address I have no idea how that will happen.

Now, I understand IPV6 has lots of benefits, but for me, in my setup, it's really just a daunting challenge which is going to create a ton of work and having to reconfigure everything. This is not helped by the fact that IPV6 addresses still look like complete gibberish to me.

I'm an engineer, and I don't have to use hexadecimal anything in any other facet of my life. Add to that the weird rules associated with colon abbreviations, it's like having to learn a whole new language.

Now, if doing so actually improved my network and made things perform better, or smoother, I'd embrace it enthusiastically (and I probably already would have switched, if able), but in my situation it's just a whole lot of work in order to keep things working the same, and that kind of pisses me off.
 
Last edited:
  • Like
Reactions: Meeho
like this
Right now I have no idea how I am going to handle this when it goes IPV6. The total private networks I can just keep on IPV4, who cares. Everything else is likely going to need to change, and is going to be a major pain in the ass, likely resulting in downtime.
This is mostly why I'm following; as much as I understand the basics of IPv6, I have yet to attempt to put any of it into practice. The surrounding theory is great, but until I start working through it, it just seems overcomplicated. Or at least, I make it seem overcomplicated because I'm grafting all of my security concerns and the official workaround from IPv4 onto it without any real confidence that those are answered let alone satisfied.

I also don't really know where to start. We don't use IPv6 for anything at work, and similarly, I have my DHCP reservation list mostly memorized at home.
 
This is mostly why I'm following; as much as I understand the basics of IPv6, I have yet to attempt to put any of it into practice. The surrounding theory is great, but until I start working through it, it just seems overcomplicated. Or at least, I make it seem overcomplicated because I'm grafting all of my security concerns and the official workaround from IPv4 onto it without any real confidence that those are answered let alone satisfied.

I also don't really know where to start. We don't use IPv6 for anything at work, and similarly, I have my DHCP reservation list mostly memorized at home.


So, in my limited understanding, for a basic network SLAAC replaces DHCP, and I presume that through it you can assign static IP's just like you can with DHCP.

The difference is that since these are no longer private IP's you can't just pick and choose them as you see fit. They have to be from the address range that was assigned to you.

Apparently each interface also gets multiple IP addresses, ones that you assign to them which are public, and ones algorithmically generated from the mac address which are private. I'm guessing if you have private things on your network which don't need to access the outside world, you could just not set one at all and use the MAC based ones.

And because these new IPV6 addresses are a pain to remember, you are probably going to want to run some sort of private DNS server to keep track of them. For me that likely means enabling Avahi on pfSense, something I've never bothered doing before.

This is what I'm envisioning it being at least. But I'm sure I'll run into issues when actually trying to do it.

The biggest challenge for me is remapping all the systems that are pointing at eachother using static IPV4 addresses correctly, so things still work when they come back up with IPV6.

Would be really funny if you could set their hiostnames to their old IPV4 addresses and use them via multicast DNS :p
 
If I was in a similar situ, I'd probably set up a duplicate service for anything serving over IPv4, then work on transitioning anything which communicates with that service, one at a time.

If you can't do the services first, then set up the clients in a vm, then backup, transition the service and copy over the configuration for the clients.

Before that, though, I'd write down my IP pools. x.x.10.z would translate to a::a:10:z, etc. Hex is easy: instead of 0-9 you have 0-f, and for the sake of simplicity you can ignore a-f if you don't have a dumb program iterating through IPs sequentially (which you shouldn't, anyway). Once they're written down you'll be able to reference them easily while you're setting everything up, but you should be able to memorize them pretty quickly.
 
For me that likely means enabling Avahi on pfSense, something I've never bothered doing before.

Looks like this was wrong. I found a checkbox in the DNS Resolver service in pfSense titled "Register DHCP leases in the DNS Resolver" which might do the trick. I never bothered looking into it before because it is so easy to remember private IPV4 addresses...

This might name everything hostname.domain

My domain has always been set to the default "localdomain".

I don't even know what the implications are of changing it, or if I can choose freely. Would probably be convenient to keep it short to enable quicker typing of it...
 
Back
Top