On 04.03.2009, at 16:05, Beat Rubischon wrote:
Hello!
Quite interesting discussion you have!
Am 26.02.09 11:17 schrieb "Andy Davidson" unter <[email protected]>:
- There seems to be no consensus about how to serve end user
addressing for ipv6
I see some open points which must be addressed in advance before
IPv6 could
be delivered to anyone - not only to geeks like me.
Think about Cable. It's easy there - you have a modem with one or more
Ethernet ports. Some RA announcements for the customers /64 and
everyone is
happy. Think about the advantage of "two computers when using IPv4
and an
infinite amount of computers when using IPv6 for only 29.95 per
month". What
a motivation for the customer to use it ;-) Of course all the
"Router /
Blackbox Firewall" users are lost.
Basically every customer gets a /64 on the ethernet. Thats the idea.
ADSL is a bit more problematic. Standard ppp handles just the link
layer
addresses. Who should get the /64? The ppp endpoint itself or the
network
behind?
The end user cares about what's on his Ethernet, not if PPP, ATM, HDLC
or whatever is used on the wire. Basically the ADSL router has to get
ONE IPv6 for the broadband side (through autoconfiguration as normally
in IPv6) and be a router in the most traditional straightforward
sense. NAT boxes in my view are not real routers even though a lot of
vendors call them router. They are some kind of level 4 proxy "crap"
someone has invented to get around IP adress usage limitations. They
break in many ways if you want to do many things. Using properly
routed IPv6 solves all those nice "bogous" workarounds.
Apple for example goes the simple way and passes all the
configuration to the user.
Which configuration are you referring to? MacOS X clients do simply
take router anoucement and autoconfigures everything. I have not seen
any Apple ADSL router yet so I'm not sure what you mean by above
statement.
ppp devices won't accept RA announcements. How
does Windows behave? I don't now.
Where you see PPP? Ethernet is what end users will see. Or do you
consider IPv6 for Dialup 56kbps modems? I'm sure PPP LCP could
negotiate an IPv6 in that case for those who really want to use that.
Next point: DNS. DHCPv6 is IMHO only supported by some Linux
distros. Apple
once again uses the DNS configured by IPv4 DHCP or manually
configured ones.
Well here you have to distinguish. Using a IPv6 DNS server answering
on IPv6 addresses or querying IPv6 information on a IPv4 server.
Currently, we will have a dual standard world for a while. so having
IPv4 server responding with IPv4/Ipv6 information is what we are going
to see for a long long while. Nobody says you should NOT have IPv4.
Just not only. I see the future as IPv4->NAT->limited, IPv6->Native.
Windows has some site wide addresses out of a deprecated space
predefined
(fec0:0:0:ffff::1~3). The approach to pack DNS IPs into RA is yet
too young
and not standardized or even implemented.
So we have still a lot of work in front of us.
Not really. You can reach any IPv4 DNS from IPv6. So DHCP v4 can
announce the DNS Server and the rest is simple magic.
Of course there is always room for improvement.
Even more work will come for small and medium business networks.
Today there
is a NAT gatway in front of the network and tunneling VPN for the
remote
workers or office interconnect. There is usually an internal DNS
(Windows
AD) carrying the local addresses. Everyone knows the basics and how
to set
up such environemnts.
... and everyone gets puzzled once NAT doesn't work. Try to use it for
VoIP or just try to do MSN / ICQ filetransfers and in 90% of the cases
you have issues. And if you want to use advanced layer 4 protocols
such as SCTP on NAT, you will see that 99.9% of the NAT devices don't
know how to handle anything besides TCP, UDP and maybe ICMP.
What about the future? Route IPv6 directly to the clients? What
about remote workers? Delegate the reverse and forward lookup
to the internal DNS?
VPN will still stay. its purpose is still the same. IPv4 or IPv6
doesnt change anything there. But you COULD use IPv6 and IPSEC
directly and skip the tunneling part as IPSEC support is mandatory in
IPv6. So if you access office from home, you get a secure tunnel while
you access the internet, you get direct connection.
Of course all those questions are answered when you operate an open
network.
Like universities or ISPs usually do. Or when you run an independend
company
network only connected by proxies. But for other usage, like SOHO
users,
there are still open points.
For SOHO its solveable. The worst I can currently think of is that
someone would have to enter a IPv6 DNS server by hand.
Compared to what you have to enter into a current DSL modem, this is a
snap.
If the DNS issue is solved, its at the end of the day pure plug and
play instead of plug and pray...
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
