Diggin' technology every day

August 21, 2013

More IPv6 funnies…

Filed under: Networking,Random Thought — Tags: — Nate @ 5:56 pm

Random, off topic, boring post but I felt compelled to write it after reading a fairly absurd comment on slashdot from another hard core IPv6 fan.

Internet hippies at it again!

I put the original comments in italics, and the non italic stuff is the IPv6 person responding. I mean honestly I can’t help but laugh.

I was a part of the internet when it started and was the wild wild west.  Everyone had nearly unlimited ip addresses and NOBODY used them for several reasons. First nobody put everything on the internet.

That was then. Now is now. The billion people on Facebook, Twitter, Flickr don’t put anything online? Sure, it’s all crap, but it sure is not nothing.

It’s just Dumb to put workstations on the internet… Sally in accounting does not need a public IP and all it does is make her computer easier to target and attack. Hiding behind that router on a separate private network is far more secure. Plus it is easier to defend a single point of entry than it is to defend a address space from the world.

Bullsh*t. If in IPv4 your internal network would be, you can define an IPv6 range for that as well, e.g. 2001:db8:1234:10::/72. And then you put in your firewall:

2001:db8:1234:10::/72 Inbound: DENY ALL

Done. Hard? No. Harder than IPv4? No. Easier? Yes. Sally needs direct connection to Tom in the other branch (for file transfer, video conference, etc):

2001:db8:1234:10::5411/128 Inbound: ALLOW ALL FROM 2001:db8:1234:11::703/128

Good luck telling your IPv4 CGN ISP you need a port forwarded.

Second I have yet to have someone give me a real need for having everything on the internet with a direct address. you have zero need to have your toaster accessible from the internet.

Oh yeah? Sally might need that 30 GB Powerpoint presentation of her coworker in the other branch. Or that 100 MB customer database. Well, you know, this []. How much easier would that be with a very simple app that even you could hack together that sends a file from one IP address to the other. Simple and fast, with IPv6. Try it with IPv4.

It’s amazing to me how folks like this think that everything should just be directly connected to the internet. Apparently this IPv6 person hasn’t heard of a file server before, or a site to site VPN. Even with direct accessibility I would want to enforce VPN between the sites, if nothing else to not have to worry that any communications would not be encrypted (or in some cases WAN optimized). Same goes for remote workers – if your at a remote location and wanting to talk to a computer on the corporate LAN or data center – get on VPN. I don’t care if you have a direct route to it or not (in fact I would ensure you did not so you have no choice).

The problems this person cites have been solved for over a decade.

I’m sorry but anyone that argues that 2001:db8:1234:10::5411/128 is simpler than is simpler is just …not all there.

The solutions perhaps may not be as clean as something more native, though the thought of someone wanting to move 30GB of data over anyone’s internet connection at the office would be a very bad thing to do without arranging something with IT first (do it off hours, throttle it, something).

The point is the solutions exist, and they work. Fact remains that if you go native IPv6 your going to have MUCH MORE PAIN than any of the hacks that you may have to do with IPv4 today. IPv6 fans fail to acknowledge that up front. They attack IPv4/NAT/etc and just want the world to turn the switch off of IPv4 and flip everyone over.

I have said for years I don’t look forward to IPv6 myself (mainly for the numbering scheme, it sucks hard). If the time comes where I need IPv6 for myself or the organization I work for there are other means to get it (e.g. NAT – at the load balancer level in my case) that will work for years to come (until perhaps there is some sort of mission critical mass of outbound IPv6 connectivity that I need – I don’t see that in the next 5-8 years – beyond that who knows maybe I won’t be doing networking anymore so won’t care).

I’m sure people like me are the kind of folks IPv6 people hate. I don’t blame ’em I suppose.

There is nothing – absolutely nothing that bugs me about IPv4 today. Not a damn thing hinders me or the organizations I have worked for. At one point SSL virtual hosting was an issue, but even that is solved with SNI (which I just started using fairly recently actually).

The only possibility of having an issue I think is perhaps if my organization merged with another and there was some overlapping IP space. Haven’t personally encountered that problem though in a very long time (9 years – and even then we just setup a bunch of 1:1 NATs I think – I wasn’t the network engineer at the time so wasn’t my problem).

I remember one company I worked for 13 years ago – they registered their own /24 network back in the early 90s, because the people at the time believed they had to in order to run an internal network. The IP space never got used (to my knowledge) and it was just lingering around – the contact info was out of date and we didn’t have any access to it (not that we needed it, was more a funny story to tell).

When I set this server up at Hurricane Electric, one of the things they asked me was if I wanted IPv6 connectivity, since they do it natively I believe (one of the biggest IPv6 providers out there I think globally ?). I thought about it for a few seconds and declined, don’t need it.

IPv6 fans need to come up with better justification for the world to switch other than “the internet is peer to peer and everyone needs a unique address” (because that reason doesn’t cut it for folks like me, and given the world’s glacial pace of migration I think my view is the norm rather than the exception). I’ve never really cared about peer to peer anything. The internet in general has been client-server and will likely remain so for some time (especially given the average gap between download and upload bandwidth on your typical broadband connection)

Given I have a server with ~3.6TB of usable space on a 100Mbps unlimited bandwidth connection less than 25 milliseconds from my home I’d trade download bandwidth for upload bandwidth in a HEARTBEAT – I’d love to be able to get something like 25/25Mbps unfortunately the best upload i can get is 5Mbps – while I can get 150Mbps down — my current plan is more like 2Mbps up and 16Mbps down. results for this server. I had to try several different test servers before I found one that was fast enough to handle me. results for this server. I had to try several different test servers before I found one that was fast enough to handle me.

ANYWAY…….. I had a good laugh at least.

Back to your regularly scheduled programming..

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress