| [IPv6] Benefits of IPv6 I have been following some of the threads about IPv6 and don't really understand the benefits other than what I have read that with IPv4 you can have a max of 4.2 billion IP address as with IPv6 you can have 340 trillion trillion trillion address.
After reading some of the comments, there must be more to it than just more addresses.
Both my modem and router are IPv6 capable, but will there be any benefit as far as speed and reliability on the internet once IPv6 is rolled out to everyone?
Thanks
Wayne |
|
KevTechPremium
join:2002-08-22
Seattle, WA | Plain answer is the world is running out of IPv4 addresses.
I don't know if there will be any benefits but I do know that, even though it was not meant to be a security feature, we will lose NAT with IPv6.
Will that make people more vulnerable?
Maybe but maybe not as there are so many more addresses. |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| said by KevTech:Plain answer is the world is running out of IPv4 addresses.
I don't know if there will be any benefits but I do know that, even though it was not meant to be a security feature, we will lose NAT with IPv6.
Will that make people more vulnerable?
Maybe but maybe not as there are so many more addresses.
Losing NAT does not mean that you can not use an IPv6 compatible SPI firewall. That firewall can either be a software firewall on the PC (or other device), or it can be in a network wide firewall appliance. For example, it can be built-in to an IPv6 compatible router, just as is commonly done in higher end IPv4 routers. I suspect that including an SPI firewall will in the near future be just as common in even sub $20 no-name routers as NAT is now. Actually some el-cheapo routers do this already. It doesn't really cost anything to implement, except a bit more RAM, and the primary reason that it is not already a standard feature on every residential/soho router is because with NAT already being present (and necessary for most residential/SMB ISP accounts), it really was not needed by most users.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
KevTechPremium
join:2002-08-22
Seattle, WA | I already know all of this. |
|
 whfsdudePremium
join:2003-04-05
Washington, DC
·T-Mobile US
| reply to Wayne99021
Almost everything has been implemented in some for in IPv6.
The big advantage is the large number of addresses. If IPv6 doesn't take off, ISPs will have to start implementing NAT444 (carrier grade NAT).
Say goodbye to having an open port. You will have issues with abuse because you will sharing an address with hundreds of other users. Port exhaustion will also be a huge problem.
And of course, you introduce a single point of failure into the network which will sure as hell get DDoSed once and awhile. |
|
| reply to KevTech
said by KevTech:I already know all of this.
Oh, well in that case we should probably just shut all of this down. Since you already know this, and it couldn't possibly be helpful to anyone else, I don't really see any point in leaving it up. |
|
| reply to KevTech
said by KevTech:I don't know if there will be any benefits but I do know that, even though it was not meant to be a security feature, we will lose NAT with IPv6.
With IPv6 you get IPv6 Privacy Extensions. When enabled (on by default in Windows) the host changes it's IPv6 address at a regular interval. This helps to alievate hacking and user tracking.
As was already mentioned, there are Stateful IPv6 Firewalls. Be careful though, some "home router" manufacturers advertise that they have IPv6 firewalls, when in reality it's just a packet filter.
Comcast has some good writings about the pitfalls of Carrier NAT. Great to see they are doing it the right way from the very start! |
|
|
|
| reply to KevTech
Losing NAT? I'm still confused about the whole thing. I get the basically unlimited addresses with ipv6, but how will it effect home networks? I have 3 desktops and 2 laptops in my household. Will they all get their own personal ipv6 address? (and will it be public?) Not 1 public, and 5 private as with ipv4? Will you have to pay for each address? If not, would you just get 1 ipv6? Not sure how it all will play out...Will my home ipv6 capable router provide the necessary addresses for my home LAN? Very confused... |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by anony mous :Losing NAT? I'm still confused about the whole thing. I get the basically unlimited addresses with ipv6, but how will it effect home networks? I have 3 desktops and 2 laptops in my household. Will they all get their own personal ipv6 address? (and will it be public?) Not 1 public, and 5 private as with ipv4? Will you have to pay for each address? If not, would you just get 1 ipv6? Not sure how it all will play out...Will my home ipv6 capable router provide the necessary addresses for my home LAN? Very confused...
Comcast's initial IPv6 deployment is only for users with a single PC connected to a standard (IPv6 compatible) cable modem. Those connections get a "/l28" IPv6 address (one device only). I don't think that Comcast has yet decided what to do about the cable gateway routers that they supply, much less how to handle customer owned routers. I suspect that initially, only Comcast supplied cable gateway routers will get a "/64" or "/48" multi IPv6 address assignment.
Here is a link that might help to explain the IPv4 vs IPv6 addressing »www.ripe.net/internet-coordinati···dressing
As for price increases for "/64" or "/48" assignments, only Comcast management knows the answer to that.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by NetFixer:Comcast's initial IPv6 deployment is only for users with a single PC connected to a standard (IPv6 compatible) cable modem. Those connections get a "/l28" IPv6 address (one device only). I don't think that Comcast has yet decided what to do about the cable gateway routers that they supply, much less how to handle customer owned routers.
Actually it's my understanding that they will be using DHCPv6-PD. So the /128 rollout is really just the first step.
Each customer will get a /127 point-to-point link and then DHCPv6-PD will pass the router a routed block.
Hence why they're supporting just one PC first is because they haven't started doing DHCPv6-PD |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by whfsdude:said by NetFixer:Comcast's initial IPv6 deployment is only for users with a single PC connected to a standard (IPv6 compatible) cable modem. Those connections get a "/l28" IPv6 address (one device only). I don't think that Comcast has yet decided what to do about the cable gateway routers that they supply, much less how to handle customer owned routers.
Actually it's my understanding that they will be using DHCPv6-PD. So the /128 rollout is really just the first step...
I thought that was what I said  :
Comcast's initial IPv6 deployment...
said by The American Heritage® Dictionary :
initial
initial (î-nîsh´el) adjective
1. Of, relating to, or occurring at the beginning; first: took the initial step toward reconciliation.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
whfsdudePremium
join:2003-04-05
Washington, DC | reply to Wayne99021
I was more clarifying that the single address will still be in place for when routers are added. You'll just likely get a /64 routed to that address.
Rather than having to use proxy-ND. |
|
 camperPremium
join:2010-03-21
Bethel, CT
·Comcast
| reply to NetFixer
said by NetFixer:...As for price increases for "/64" or "/48" assignments, only Comcast management knows the answer to that.
I'd be willing to predict that there will be a price increase.
Comcast has never seen an excuse for a price increase that it didn't like.  |
|
Reviews:
·Comcast
| It will depend on if the routing feature for cable modems requires new cable modem hardware - if it does, that price will almost certainly get passed along to customers.
However, cable modems (except for really old ones) aren't the biggest problem with IPv6; the two biggest issues are older routers (some are actually IPv6-hostile; UNfortunately, Comcast actually has a few of these, like the NETGEAR WNR3500 in 1VCNAS trim) and gaming consoles with IPv6-hostile firmware. While I don't own a console, I do, unfortunately, have a WNR3500-1VCNAS that I will certainly have to replace.
There are three routers (all from NETGEAR) that are good candidates (amazingly, all are, in fact, overkill - they have features that I can't - and won't - ever use).
1. WNDR3700 (closeout) - Dual-band, gigabit, and the lowest-priced of the three - it's also Netgear's second-least-expensive IPv6-ready router (only the WNR3500L/3500V2, where available, is cheaper).
2. WNDR4000 - The successor to the WNDR3700. In addition to N300+300, it also supports N450+N300; otherwise, it's the same feature set (down to the USB port for storage or printing) as the WNDR3700.
3. WNDR4500 - The new flagship of the NETGEAR "prosumer" line. It adds N450+N450 and a second USB port to the WNDR4000 (along with $40 to the price at BB).
The WNDR3700 also offers the option of third-party firmware (both v1 and v2 are supported by DD-WRT/OpenWRT/X-WRT) in addition to the OOTB support with current factory firmware. |
|
 owlynPremium,MVM
join:2004-06-05
Newtown, PA | The Netgear WNDR3400 is now IPV6 compatible (recent firmware update). It is basically the same router as the WNDR3700, but without gigabit support. |
|
Reviews:
·Comcast
| reply to voiptalk
said by voiptalk:said by KevTech:I don't know if there will be any benefits but I do know that, even though it was not meant to be a security feature, we will lose NAT with IPv6.
As was already mentioned, there are Stateful IPv6 Firewalls. Be careful though, some "home router" manufacturers advertise that they have IPv6 firewalls, when in reality it's just a packet filter. How do we know what brands and models have the IPv6 firewall and what brands and models have the packet filter instead? |
|
4 edits | It appears that stateful IPv6 firewalls for residential gateways are appearing under the term "IPv6 Simple Security". This has appeared in the most recent D-Link products, not sure about others.
IPv6 Simple Security: »tools.ietf.org/html/rfc6092
Other that that, be looking for specific terminology that it is a stateful firewall.
---
FWIW, I really like the Mikrotik routers. It's not an "Average Joe" platform, but has everything you need at a very low price point.
I have the RB750GL and RB250GS. »routerboard.com/
Mikrotik manual and capabilities: »wiki.mikrotik.com/wiki/Manual:TOC
Management Interface Overview: »wiki.mikrotik.com/wiki/Manual:Winbox |
|
Reviews:
·Comcast
| reply to camper
It costs Comcast no more to issue a /64 than a /48 - if anything, the headaches *increase* when fine-graining it down to a /48. (That isn't theory - Hurricane Electric has retained their /64 blocks for free via their tunnelbroker.net portal; SixxS has done the same.) Never mind that even a /48 couldn't be exhausted if every appliance in Bill and Melinda's mansion had their own IP. |
|
camperPremium
join:2010-03-21
Bethel, CT | It is less a matter of "costing more" and more a matter of "what the market will allow Comcast to charge".
If Comcast thinks they can get away with higher charges, then Comcast will raise the price. It is as simple as that. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by camper:It is less a matter of "costing more" and more a matter of "what the market will allow Comcast to charge". With the lack of NAT, the market won't tolerate being charged extra for a /64. |
|
