Yup.
I first got interested in v6 when I discovered it running on my home
network without my having set it up ever... so you might be running at
least some v6 without knowing it. (Especially if you have an Apple Time
Capsule on your network.) That was both scary and interesting at the
same time, so that's why I decided to dive into it.
So yeah, you don't switch from v4 to v6, you run both concurrently. For
the most part, it just works, once your router and ISP support it, and
router support is the big stumbling block these days -- ISPs are
starting to get on board at last. Most operating systems have supported
it for aaaaages. Bluegrass.net has v6 on their network, so LVL1 could
probably get a /48 or /56 block. Over here in Lexington, QX.net does
too. Collexion doesn't yet have a v6 block, partly because we haven't
asked, and partly because our good router died (grumbleasusgrumble). :p
The security side of it is a bit more complicated, mostly because NAT
goes away and you have to be sure you've still got a stateful firewall
in its place... and that you're blocking/allowing the same ports on v6
that you are on v4... Spoofing attacks are a bit different because
address assignment and layer 2 stuff is a bit different (ARP vs ND, DHCP
vs SLAAC)... But a lot of stuff is the same... TCP and UDP are
identical so everything you know about those still applies...
A lot of major websites (Google, Facebook, etc) added the DNS records
for v6 back on June 6. We (Fark) did the same about a year earlier.
Not much broke. :)
I did a talk on this at Notacon earlier this year -- though I could have
done a better job with it, it was my first talk about anything ever and
I was nervous as hell. There are people that'll be at Derbycon in 2
weeks that know the security side of it way better than me. But we've
been running it for about 2-3 years so I've got a pretty good handle on it.
ARIN is already tightening the screws on allocations, btw. I know a
company in Lexington that already can't get the v4 space they want from
ARIN.
Will trade v6 knowledge for DNSSEC help (it works about 95%) and help w/
why both Shruthi-1 synth CPU boards I built blew up, whether I either
shorted something out or blew something up with the wrong power supply,
or if my soldering is just consistently that bad...
On 9/16/12 3:25 PM, Barton Chittenden wrote:
> On September 14, RIPE NCC, the European regional internet registry,
> started allocating IP addresses from its last /8 address block. This
> is the beginning of the end of the allocation of the IPv4 address
> space (i.e. addresses of the form xxx.xxx.xxx.xxx) as we know it.
> Allocation of IPv4 addresses in Europe is now strictly rationed.
> ARIN (American Registry of Internet Numbers) will be down to its last
> /8 by this time next year.
> The long term solution to this problem is to start using IPv6
> addresses, which are essentially unlimited (The address space is so
> large that you could assign about a thousand times the current
> internet address space to each cell of every one of the 7 billion
> people on earth).
> The problem of switching to IPv6 is a chicken-and-egg problem:
> internet users won't switch to IPv6 addresses because there are very
> few sites that they can connect to which use IPv6, and no content
> providers use IPv6 addresses because no-one visits via IPv6. Most ISPs
> don't provide IPv6 addresses (or if they do, no-one realizes that they
> do).
> There are some short-term solutions, but they destroy the
> point-to-point nature of the internet which can cause problems.
> I have a decent handle on what's happening and why, but I have zero
> experience with setting up a network using IPv6... in many ways, it
> should be transparent (as IPv4 is... you connect your computer to a
> router via cat5 cable or wireless, and you're connected). Obviously,
> it's not /quite/ that easy, if it was, we would all be using IPv6 and
> we wouldn't be worrying about running out of address space.
> I was wondering if some of the local network gurus could give a talk
> about this:
> * A primer on IP addresses in general
> * What physical steps do I need to take to set up an IPv6 network?
> (e.g. a LAN).
> * Are there any issues involved with running both IPv4 and IPv6 on
> the same network?
> * How do I connect to the internet via IPv6?
> * Will my ISP provide IPv6 addresses?
> * Are there security issues involved with using IPv6, and if so, how
> do I fix these?
> * ...
> Any takers? I would be willing to do the presentation, but, as I said,
> I have /zero/ practical experience, and I think that the topic
> deserves more than hand-waving.
> --Barton
