Cable upgrade

Discussion in 'Broadband' started by Optimist, Jul 14, 2015.

  1. Optimist

    Optimist Guest

    I've just upgraded my VM cable setup from a modem to a Superhub (VMDG485). The installation went
    smoothly and my speed is now lightning fast (DOCSIS-3).

    My only beef is that "Page not found" errors are becoming more common and it is quite clear that
    some of these due to the inability to connect to IPV6-only sites (there is a useful tool at
    https://www.mythic-beasts.com/ipv6/health-check? )

    When IPV6 is eventually enabled, I wonder whether the device will be upgraded remotely by a firmware
    update or will it have to be replaced?
     
    Optimist, Jul 14, 2015
    #1
    1. Advertisements

  2. When IPV6 is eventually enabled, I wonder whether the device will
    One would hope it's a remote update, but who knows.

    Meanwhile, just get yourself a free IPv6 tunnel from:
    https://www.sixxs.net/

    Needs some VPN software installing on your PC, but then IPv6 just works.

    Angus
     
    Angus Robertson - Magenta Systems Ltd, Jul 14, 2015
    #2
    1. Advertisements

  3. Optimist

    Optimist Guest

    Thanks for the heads up.
     
    Optimist, Jul 14, 2015
    #3
  4. Optimist

    Andy Burns Guest

    what sites (other that test sites) are going IPv6 only? Sounds like
    commercial suicide at the moment ...
     
    Andy Burns, Jul 14, 2015
    #4
  5. Optimist

    Optimist Guest

    A few days ago mailinator.com was inaccessible on IPV4, though it still had IPV6 connectivity
    according to Mythic Beasts. However after a few days it is back up, so it was probably a glitch.

    But surely as the IPV6 address shortage gets worse, there are bound to be sites created which will
    not be accessible by IPV4 at all.
     
    Optimist, Jul 14, 2015
    #5
  6. Optimist

    Graham. Guest

    Typo?
     
    Graham., Jul 15, 2015
    #6
  7. Optimist

    Optimist Guest

    Yes, of course, thanks - should have said

    But surely as the IPV4 address shortage gets worse, there are bound to be sites created which will
    not be accessible by IPV4 at all.
     
    Optimist, Jul 15, 2015
    #7
  8. Optimist

    Andy Burns Guest

    glitches apart ....
    We'll be dead by then!
    We might be dead by then too (IKWYM) but yes, it gets worse, you can run
    a zillion web sites behind one IP address, as long as they're http.

    For https the "death" of older browsers due to the "death" of older OSes
    might just about be making SNI feasible - of course that means
    corralling web sites to large farms, rather than running your own server.
     
    Andy Burns, Jul 15, 2015
    #8
  9. But surely as the IPV4 address shortage gets worse, there are bound
    Web sites can easily share IPv4 addresses, been happening for 20 years
    already, although secure web sites prefer unique IPs to support old
    browsers.

    The IP shortage is caused by too many new devices needing IP address,
    phones, tablets and appliances. And many of those are using NAT already.

    Angus
     
    Angus Robertson - Magenta Systems Ltd, Jul 15, 2015
    #9
  10. Is a future where every individual device on the planet can be
    uniquely identified by its own IPV6 address really something we should
    look forward to?

    Can IPV6 work with DHCP and NAT too, and if so, is this the way it
    will be implemented, or will "the authorities" insist that we all have
    our own unchanging identifications?

    Rod.
     
    Roderick Stewart, Jul 15, 2015
    #10
  11. Optimist

    Andy Burns Guest

    IPv6 is a reason for NAT to die, to die a horrid death, then get
    repeatedly jumped up and down on, then set on fire for good measure.
     
    Andy Burns, Jul 15, 2015
    #11
  12. Good, as long as lease times are nice and short by default, and static
    addresses are not handed out unless specifically requested, and
    certainly not burned into the hardware like MAC addresses.
    I don't see how NAT can die till the last IPV4 device has been
    switched off for the last time. There would clearly be no reason to
    convert one IPV6 address to another because there will be plenty to go
    round, but there will have to be conversion between IPV6 and IPV4 for
    legacy equipment for quite some time.

    Rod.
     
    Roderick Stewart, Jul 15, 2015
    #12
  13. IPv6 is a reason for NAT to die, to die a horrid death, then get
    Not necessarily, NAT can be a good thing from a security and privacy
    viewpoint, making it harder to access individual devices from the internet
    and making them harder to individually identify.

    Giving each device a unique IPv6 address makes them uniquely identifiable,
    without resorting to cookies and such nasties.

    NAT does make some protocols harder, like VoIP and FTP, but we've managed
    that issue for a long time.

    So firewalls will be very important for IPv6 and few routers currently
    support IPv6 firewalls. Even those that do can be painful to configure,
    I've got IPv6 allocations for both my sites, but have been unable to
    configure my Sonicwalls to use them.

    Angus
     
    Angus Robertson - Magenta Systems Ltd, Jul 15, 2015
    #13
  14. Optimist

    Phil W Lee Guest

    Although NAT does offer a reasonable minimal level of security
    (depending partly on the gateway device, of course), even for the
    technically inept.
    Many (including me) think that's a Good Thing (why on earth would
    anyone want all their private devices to be visible from outside their
    own network?)
    Many (also including me) think that IPv6 would have been entirely
    unnecessary if the huge allocations of IPv4 addresses given to large
    corporations in the early days had been reclaimed.
    And finally, Many, (including me) believe that having such long
    addresses as in IPv6 is pointless - simply adding a single additional
    field to IPv4 to make a "dotted quin" instead of a "dotted quad" would
    have been quite sufficient for the foreseeable future, offering 256
    times the number of addresses of IPv4 with fairly simple backwards
    compatibility (any address shorter than 40 bits is assumed to have
    leading zeros, for example).

    IPv6 seems to be a job security program for IT security professionals.
     
    Phil W Lee, Jul 15, 2015
    #14
  15. Optimist

    Paul Cummins Guest

    measure.

    I don't see how NAT can die till the last IPV4 device has been
    switched off for the last time.[/QUOTE]

    IP6 or no IP6, I will still be using a form of NAT well into the 2020's

    There are good security reasons to do so.
     
    Paul Cummins, Jul 15, 2015
    #15
  16. Optimist

    Stephen Guest

    IPv6 "end to end addressing is part of the IPv6 religion.

    That doesnt mean it is a universally good idea, or that it will get
    used everywhere.
    - hosting, private networks et al actually like unrouteable addresses
    for stuff that needs to be isolated
    - and it adds another layer of defense - if you manage to "leak"
    traffic to the Internet, the traffic paths are not generally useable
    from arbitary places.
    - carrier backbones, MPLS core networks et al often run IS-IS routing
    between core elements - because the underlying protocol is OSI, and
    there isnt much of that on the general Internet.......

    NAT IPv4 to IPv4 is likely to survive for the next 10, 20 etc years -
    anyone who doesnt expect those levels of inertia hasnt tried to get
    customers to migrate networks.......

    And during the IPv4 and IPv6 co-existance will be joined by widespread
    4 to 6 mapping (which is just another flavour of NAT).

    6 to 6 NAT is just 1 more variation from the bits we have to have
    anyway, so not much chance it wont be used.
    Stephen Hope
    Replace xyz with ntl to reply
     
    Stephen, Jul 15, 2015
    #16
  17. NAT blocks inbound connections by default. The default configuration on
    most IPv6 consumer routers blocks all inbound connections too. It's not
    hard, it's just a slightly different firewall rule.
    They have been (mostly). Even big corporations only had a /8, which is 24
    million addresses - or a single city. There just aren't enough of them.

    Theo
    (who is currently paying more for IPv4 addresses than the servers that run
    behind them)
     
    Theo Markettos, Jul 15, 2015
    #17
  18. You don't need DHCP - most consumer OSes initiate connections using privacy
    extensions which mean they regularly change the outbound address, so you
    can't correlate outbound connections with a particular device (or leak the
    MAC address). Machines have typically multiple addresses assigned so you
    can connect inbound to a machine on a known fixed address but outbound
    connections come from varying ones.

    Since the local network address space is 64 bit, it isn't feasible to scan
    or guess addresses as you can in IPv4.
    Yes, but that NAT (NAT64) is off the critical path once major sites start
    transitioning. So, unlike carrier-grade NAT, you can mostly avoid problems
    by switching to IPv6-IPv6 without NAT. That also means your inbound IPv6
    routes are unsullied by NAT.

    You can also avoid the local NAT using DNS64. If you have local IPv6 only,
    it fudges the DNS server to return an AAAA record of an IPv6/IPv4 gateway
    when the endpoint only has IPv4 A records. That means the NAT64 can live
    close to the endpoint rather than on your network (eg the ISP of legacy
    equipment can implement it) which means the Internet route is pure IPv6.

    Theo
     
    Theo Markettos, Jul 15, 2015
    #18
  19. All of that can happen with IPv6 too - it just works in a different way.
    With IPv6 there is no longer a 1:1 mapping from devices to addresses, so
    it's no problem to hide if you want to, but not hide if you want to be
    accessible. Though if only one device is behind a /64 network prefix then
    it's no better than IPv4.
    'Managed' = 'horribly hacked around'. Skype is a nasty solution to lack of
    endpoint to endpoint VOIP connections when both peers are behind NAT, for
    instance.
    All those routers already have firewalls - they're how NAT is implemented.
    If they run Linux (or FreeBSD or VxWorks or Technicolor Homeware or...) they
    already support IPv6. What aren't so good are GUIs for configuring the
    firewalls, but this is slowly improving.

    Theo
     
    Theo Markettos, Jul 15, 2015
    #19
  20. Optimist

    Optimist Guest

    Time to switch over the new standard and be done with it, methinks.

    As an aside, I learnt the other day that core routers use ternary content addressable memory, to
    take values 1, 0, or indifferent. Does that mean they are called tits rather than bits?
     
    Optimist, Jul 16, 2015
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.