IPv6 comes up as a conversation point now and again. I got asked my thoughts about it again today and decided to post something I’ve previously written which roughly summarizes what I think. There’s not exactly an alternative to IPv6 at the moment and the IPv4 address space is constrained. We need more addresses. The following missive is about what we get with those addresses.
IPv6 proponents like to talk about backwards compatibility. It’s easiest if you just forget about that and assume pretty much every piece of software on every client and server (and in infrastructure device in between!) needs fixed to know about IPv6. And needs to also maintain all its IPv4 bits too for “backward compatibility” until everything you want to use is IPv6 capable. So…
A different traceroute. A different ping. A totally different network discovery mechanism. You’ll have something arp-like instead of arp and forget DHCP. You now have stateless autoconfig.
You’ll have IPv6 routing table entries and need some way of setting/updating/propagating them (ie: why UL asked if we were doing BGP or what). In the short term if they’re broadcasting that they route some super set of our IPv6 space, then having them static route /126′s to their customers is probably easiest.
You’ll have different DNS. Eg:
$ dig -6 google.com
dig: can't find IPv6 networking
Oops. No IPv6 stack loaded. Ooops no IPv6 address. Oops no IPv6 routes. Anyway, once you get there, good luck finding many names with IPv6 addresses.
Oh and don’t forget you’ll need an IPv6 firewall. An IPv6 aware NIDS. IPv6 rules for same. All your data visualization and filtering tools will need to know about dotted quads and colon hexes.
And to make it blatantly clear…every application that opens a socket will need updated to be IPv6 aware, ie man:
AF_INET6 [] (7) linux ipv6 protocol implementation
Synopsis
#include <sys/socket.h>
#include <netinet/in.h>
tcp6_socket = socket(PF_INET6, SOCK_STREAM, 0);
raw6_socket = socket(PF_INET6, SOCK_RAW, protocol);
udp6_socket = socket(PF_INET6, SOCK_DGRAM, protocol);
The protocol aims to have a mostly similar API, buy you can’t get around the fact that a program has to be either AF_INET or AF_INET6 or both and know how/when to choose between the two.
But then you also need to update config files and your invocations. Did you put ipv4 addresses in scripts cause you didn’t want to have tohave a DNS lookup latency or assume DNS was working…you get tochange all of them to ipv6. Is your apache listening on:
<VirtualHost 209.237.247.201:80>
Make sure it’s also listening on the ipv6 address.
Now a lot of programs have been updated, like the dig example above. But some have been forked. And every Unix has done something different with all of this. So we get to learn a whole bunch of new, non-standard command line command names and command arguments. Ie: does one “ping -6″ or “ping6″ or something else. Is ping6 even installed if it’s not “ping -6″?
One of the most fun parts will be typing in addresses like 3ffe:1900:4545:3:200:f8ff:fe21:67cf. I can’t wait til mom calls cause the home router’s not working right. “Do you have an IP? What is it…I need to know if your machine just assigned itself a default one or got one from the router so you’ll have to read it to me so I can tell…OK that looks good…can you open up a terminal and ping 2001:db8:1f70::999:de8:7648:6e8? What about pinging 4FDE:0000:0000:0002:0022:F376:FF3B:AB3F? Hello? Mom?”
Suffice it to say I’ve been indoctrinated by those who aren’t drinking the ipv6 kool-aide. But we’re almost guaranteed to be stuck with it and all its complexities…so what can you do? Get ready….we’re all about to be colon hexed.
