I love a good April Fool's joke. You almost had me there, though. Killing off IPv4 indeed.
If this was an April fools joke I was totally fooled :) I know nothing about networks really so a pretty graph had me hook, line and sinker!
(Hopefully someone who matters will see this, eventually.)
Please just STOP these April Fools stories, lame or not.
With the other site's US focus, one can hardly complain. But if Soylent would rather not have the same US-centric focus, then maybe Soylent should understand that not every country make a big deal out of April Fools' day.
It is downright annoying to have the news site you frequent to become totally worthless for a whole day every year due to it being totally filled with fake news that pretend to be funny.
Instead of trying to see which ones are fake and which ones are real, I just skip the site for one day every year. If Soylent follows this tradition, then I just also skip Soylent for the same day.
Actually, I was involved with this bloody procedure, IPv4 was not happy, at all. It was quite bloody, but we got it done.
PS: It's true, I swear.
"Look at them, bloody IPv4 users, filling up the bloody address space with bloody devices they can't afford to bloody connect.""But what are we, dear?""IPv6, and fiercely proud of it!"
It would be easier if you just gave in and started making a big deal about April Fool's day yourself. Start spreading the tradition in your country! It's fun and harmless and an opportunity for people to test their humour and wit.
We're all gonna make is bro.
We're actually serious; we threw out the IPv4 addressing when it got to the point we had to run NAT to get offsite backup to work. We tested IPv6 addressing in DBIx::Password for dev to make sure nothing blew, and then flipped production last week. We had a SLIGHT hiccup as MySQL doesn't listen to IPv6 port out of the box, but after I fixed the config, we've had no problems, and we're removing the IPv4 internal IPs from the nodes one by one.
(we've already purged them from the internal li694-22 zone)
The April Fools' stories on Slashdot were always my most-loathed part of the site (at least there, all Apr-1 stories were bullshit and I could shut off the site for a day). But you've compounded the problem by posting both real and fake stories on Apr-1, so it takes debugging time to separate out which is which.
Please just dump the Apr-1 fake stories tradition.
There have been two stories that have obviously been false. There's one more in the hopper to end the BaconMuffins despite (I hate dangling plot threads) and then back to business as usual.
So low Type I Error, but thus high Type II Error, and therefore even more wasted time through the day.
Plus it's just stupid in the first place. Dump it, please.
Or at least make it a community vote/poll: yes or no.
I kind of liked the idea of a "slow roll". Normal day of news stories. Then one story starts of plausible but ends with an obviously comedic reveal (like what looks like a story about someone being bullied ends up with them being sent to their aunt and uncle in Bell Air). That way there is a tiny bit of April Fools (and only in one place)
This is amazing! It's like...ERR MEH GERD, 6 Tubes!!!
I don't get IPv6. Really, I don't. I understand that we are running out of IPv4 address, but the argument I always see is that we can now connect every device to the internet, like fridges that can reorder products for us, etc.
That's great and everything, but why the hell would I want my fridge to have a world accessible IP address.? If for some silly reason I wanted my fridge internet enabled, I would NAT it behind a firewall.
Does anyone actually have a compelling reason to use IPv6 anywhere.? Certainly not at in my home network/lab.The only reason I can think of is mobile phones. Get rid of the IMEI numbers (which can be duplicated) and use an fixed IPv6 address instead.
Try to NAT a thousand items behind your firewall and get back to me.
You're at home.Some sites have way more machines in it.
My computer. g/f's computer. 2 laptops. PDA. Fridge. Microwave. Hifi. Telly. Sauna stove controller. ...
Um, do you have an internet-enabled microwave and fridge or are you just looking into the future? We're a 2-person household. The DNS configuration file of my home server has 31 devices listed. If I remove old (non-used) devices and double-counted ethernet/wifi, I still have 17 devices. And I'm not counting a block of addresses reserved for VPN: 1 desktop, 2 laptops, 2 tablets, 3 Android media players, audio system, cable decoder/DVR, 2 smartphones, e-reader, modem/router, wifi access point, home server, printer, Wii.
Within a couple of years, I can well imagine network access for IP cameras, home automation (temperature, window shutters, lighting). I still wonder why I would want to have a network-enabled fridge or microwave oven, though.
You have a networked microwave but you still use a PDA? *snort snort* What does it run, NetBIOS? *snort pushes glasses back up*
What, no toaster? :P
The moment we realized if we wanted to interconnect our off-site backup and our backend would require NAT was the moment IPv4 came up on the chopping block and I made a plan to migrate.
Companies like Google want IPv6 so every individual (and device) has its own unique IP address. With NAT gone, it will be much easier for them to identify and track your every move.
That would be right apart from the Privacy Extensions which nearly every OS is using.http://en.wikipedia.org/wiki/IPv6#Privacy [wikipedia.org]
You automatically get a new outgoing IPv6 address every x minutes while still being reachable by the main address. In fact, privacy extensions hange the outgoing address a lot more than the DHCP IPv4 address your provider doles out to you. I know my IPv4 address is stable as long as I don't disconnect my modem.
The problem is the engineers are talking about an ISO layer 2 addressing scheme, and the marketing droids are talking about their usual random BS at ISO layer one zillion that has nothing to do with it, other than maybe they can sell something useless by product tieing to something useful.
It would be like discussing CIDR addressing math for ipv4 at a meeting and then some droid busting in, and in Disney Goofy character voice saying "hay guise, lets sell this as enabling itunes yuck yuck". Unfortunately that is literally how working as an engineer/dev is, although they never tell you that in school, other than maybe you read Dilbert cartoons and laugh because you think its exaggeration (LOL).
ipv6 has nothing technological to do with fridges or whatever marketing pipe dreams.
Also you wouldn't NAT your ipv6 fridge behind a firewall, you'd just use a stateful FW acting as a "network diode". Playing games with the address buys you precisely nothing. You already have a stateful FW in your NAT box so its not exactly new tech either. I'm sure the marketing people will be of great assistance in trying to redefine existing terms to confuse people and increase sales, so we probably will see firewalls at best buy claiming ipv6 NAT but delivering a stateful firewall and not doing NAT at all.
"Does anyone actually have a compelling reason to use IPv6 anywhere.?"
Check the stats for unallocated ipv4 addressing space and be unhappy. Oh, you'll be using ipv6 soon enough because you're not going to be using ipv4, that's for sure.
Of course the PHB solution is instead of ipv4 addrs being 0-255.0-255.0-255.0-255 why not switch to 0-999.0-999.0-999.0-999 and those folks are an absolute joy to deal with I assure you.
There are some reasonable things you can do with IPv6, world-accessible kitchen appliances.
Imagine your fridge had a camera feed. You could see what you needed to get when picking up groceries. If it also had a vision algorithm (+/- a scale on each level), it could tell you the milk's almost done or that the fruits are going bad (based on color and type of fruit). Or, most important, it can tell you that the fridge door isn't quite closed.
Your toaster oven (or regular oven) could tell you that it's left on for an excessive period of time.
Your alarm system could notify you when the kids get home.
Your thermostat and alarm system could work in conjunction to turn down the AC/Heater when it knows no one is in the house. The temperature would go back to comfortable when your car or cell phone gets within 5 miles of the house.
Whether these things are important to you is another matter.
Imagine your fridge had a camera feed. You could see what you needed to get when picking up groceries.
Imagine your fridge had a camera feed. You could see what you needed to get when picking up groceries.
Hmm, let's see. I'm out of milk. I am however not out of Goatse, so don't buy any more of that. I might, however, want to get a new stack of updates for my fridge.
Oh look, the latest firmware for my fridge is two years old - same as the fridge - and rather than fix the bugs, they just want me to buy a new fridge.
I read your post and thought of this story [wikipedia.org] right away. Kind of makes your vision a little scary and prophetic.
The whole internet of things idea is just salespeople talking. Unfortunately, managers listen more to salespeople than to engineers, so it may still hold true.
IPv6 is no related to the internet of things. We need IPv6 to have ip addresses enough that everybody can have a PC. And a tablet. And a phone. And right now, there's only about enough for half the people on the planet to get ONE ip address, and that's if every subnet is filled perfectly.
However, because the people behind IPv6 wanted to be absolutely sure never to run out again (even after we colonize Mars), they made IPv6 large enough that even if the "internet of things" morons get what they want, IP addresses is not going to be our problem. Keeping all those "things" updated and secure is.
There is a difference between world-routable and world-accessible. IPv6 is world-routable. The network firewall would decide if a device is world-accessible.
This, this, a thousand times this. You haven't experienced the joys of networking when all you need is a firewall and NOT NAT. We could even run IPsec over IPv6 and it would work for most people without hours of pain.
This, this, a billion times this.
We're past a thousand users on the Internet now. :)
Yes, but turning every layman into a network administrator is pure comedy gold waiting to happen.
Why would that be an issue. The Ap/router will just come with a default configuration that does the right thing for nearly everyone and home users won't understand it, just like with IPv4 and NAT, only it won't overload the tiny embedded processor as easily.
If for some silly reason I wanted my fridge internet enabled, I would NAT it behind a firewall.
If you have a properly configured firewall, what benefit is NAT getting you? Most people who are saying this are saying, "I don't need a firewall because I have NAT". Security is a side-effect of NAT, not its purpose.
Does anyone actually have a compelling reason to use IPv6 anywhere.?
Have you ever had to statically map a port on a firewall? Enabled uPNP on a router? Why just this weekend I was trying to VoIP chat with a friend on Retroshare and we spent nearly an hour getting this straightened out. That all goes away with IPv6 (not that my local ISP's even offer it...).
NATs are not security features. Even if your fridge had a global IP it could, and should, be behind a firewall.
Finally, it's not really about fridges and washing machines, it's about... well, whatever we come up with next that would be handy to have it's own IP address. It's future proof, and that's the point.
Does anyone actually have a compelling reason to use IPv6 anywhere.?Certainly not at in my home network/lab. The only reason I can thinkof is mobile phones. Get rid of the IMEI numbers (which can beduplicated) and use an fixed IPv6 address instead.
The simple answer:
End-to-End connections, i.e., the real Internet (get-off-my-lawn).
The more ranty answer: End to end is basically it. Yes, there arelots of ways to hack around not being on the Internet: NAT, dynamicIPs, paying an obscene amount to your ISPs for an actual IP address(really?, Really!?), etc. But frankly, that's crap. A defaultInternet connection should be just that.
By themselves, there are more cellphones on the planet than IPv4addresses. The internet needs a bigger number space for addresses andfor good or bad, IPv6 is it.
The whole fridge thing is just a red herring.
I find it handy that in the IPv6 world, my ISP must give me a subnet rather than just a single IP address. I can access anything at home I need to over IPv6 from anywhere. Meanwhile, NAT is resource intensive for a firewall. It's much better to avoid packet re-writing and just filter.
But much of the benefit is for larger organizations and for the future. We really are running out of v4 addresses even while some of them are being clawed back. NAT presents it's own problems, including the already mentioned resource drain on a firewall. The same hardware filtering v6 rather than NATing v4 can handle many more machines. If you as the admin of such a place (for example, a large office) get an abuse report, instead of just your external IP address and a time that may or may not be accurate, you get an IPv6 address that uniquely identifies the probably infected PC.
When I stand up a VM at work that doesn't need to be accessible by the public, I can just skip IPv4 and use it's autoconfig v6 address. No need to be concerned with depleting the much smaller pool of available public v4 addresses.
Perhaps I will write an article about our backend and the magical things that happen there :-).
Please do.. it's always fun to read about how (relatively) big sites operate.
PS - love the new button CSS ('Read More', 'Preview', etc.)
Agreed, it's a very accessible way to handle buttons.
Ditto, I think that small change has caused me to like the red a little bit more.
if you actually offered IPv6 to start with.
I understand it's not a top priority.As a site for geeks you might consider it.
Its actually been on the TODO list from day one. The problem is that Slash creates IPID instead of storing raw IP addresses. This has some glitches when it gets an IPv6 address vs. IPv4; its at the point the site no longer explodes in flames, but we don't get a valid SUBID, which causes issues with cookies. This code probably needs a rework to be fully IPv6 complaint.
That being said, it has no problems talking to the database over IPv6.
I can believe you don't have any problems talking to the database over IPv6.Linode VMs are now native IPv6 enabled and it works good.Before that time we had to use a 6in4 broker to get IPv6 working on a Linode VM.
This may be a good place to refer to the nice people at HE [he.net](not affliated in any way) for people that want to learn about and do more with IPv6.
The free hands-on certification [he.net] is excellent and fun to do.If your provider lacks native IPv6 support, their free tunnelbroker [tunnelbroker.net] is a good help.The 6in4 tunnel adds latency but it's good enough to get started with.
Actually, when we yanked out the old A records, the only thing that didn't quite work was MySQL as it doesn't listen on IPv6 by default. That required one line in its config file:
bind-address = ::
Which set it to bind IPv6 only. I wanted to post the netstat output, but it seems it has too many colons and the lameass filter won't let it through.
As a discerning netophile, I can tell you all that since SN switched to IPv6, my experience on the site has felt much crisper, with improved colour separation and much warmer text overtones.
Feels faster too.
Welcome to the future. We have flying cars too.
"Unless you're over 60, you weren't promised flying cars. You were promised an oppressive cyberpunk dystopia. Here you go."
-Some people who stole this quote and put it on the internet
"With one exception, all of our services communicate with each other on IPv6."
Well, don't leave us in suspense... As a guy who's had a tunnel at home of one sort or another for WAY more than a decade, the only thing that immediately comes to mind is non-cutting edge version of AFS. Which I'm guessing you're not using. So...
Hopefully not some "duh" kind of thing like you've got quagga software routing with ospfd which is inherently ipv4 only, if you wanted ipv6 you'd run ospf6d, that kind of "duh". Which as a side issue as an ex network guy it was hilarious how you could have dual stack with independent routing protocols with independent tables, and if you called those two protocols RIP and BGP no one would bat an eye but it confuses the hell out of people if both the protocols are called OSPF its just the ipv4 doesn't in any way cooperate with the ipv6 version of the same protocol. Good times, good times...
Funny you should bring up OpenAFS, as we were considered it as a method to deploy slash to the web frontends (basically have one box be an OAFS master, and the webheads replicate locally so we can update once and deploy everywhere). The main reason we dumped IPv4 is we got into the rather silly situation of having to run NAT/VPN on our staff box so we could suck up backups easily (due to our firewall setup, you can only get into our internal cluster through one point).
While OAFS is shiny, its a fucking PITA to setup, and I've got concerns about its fragility (we've got kerberos, but if our internal BIND takes a crap, kerberos stops working which breaks OAFS). We're probably going to go NFSv4 with replica to make this work, or cobble something our of rsync. Worse case scenario, we'll update nodes one by one (backwards compatibility on DB schemas makes this relatively easy).
I ran through the list of services we run, and decided to go full monty on this, and make IPv4 a legacy technology. Here's specifically what we're running with IPv6 only
I'm probably forgetting a couple of things, but these were the major ones. Aside from our mystery service (which we'll announce later today), and Apache 1.3, our migration was seemless, and we can now have our clouds interconnect and not need to NAT.
"While OAFS is shiny, its a fucking PITA to setup"
Oh its not that bad. Google spinlocksolutions and AFS. Obviously start following the tutorial with LDAP, then kerberos, then afs... The tutorials are extremely long because of endless screencaps and tests/experiments, the actual work required is pretty minimal. My puppetmaster has a couple files, maybe a screen of manifest instructions, that's about it. It really does make life easy in the long run.
"but if our internal BIND takes a crap, kerberos stops working which breaks OAFS"
That is true, I did end up with a ridiculous amount of replication. Multiple LDAP servers, multiple BIND, etc. If you're in physical world this is cheap/free, but I can totally see in virtual/cloudy world where each virtual machine costs $$$$ and every bit/cycle is accounted for, this is a bit of a scaling/financial issue. Every 24x7 machine I have is a primary for exactly one thing also a secondary for as many other things as I can set up.
The biggest annoyance I have with AFS at home is the eternal battle between cron and AFS (really, kerberos) ... they just don't conceptually get along very well.
Mystery service that doesn't like NAT... let me guess it involves SIP protocol? SIP doesn't like NAT very much. OR let me guess, minecraft.soylentnews.org?
I'll take your word for it. We're still undecided on the filesystem issue, but it looks like IPv6 support still hasn't landed in OAFS, and I rather not reintroduce IPv4 back into our BIND instance. We're going to glue the sysops heads together somepoint this month and discuss it more indepth.
As for cron and kerberos, keytabs are a wonderful thing; we use kerberosized SSH for our cron services so we don't have to deal with SSH authorized_keys madness (we have a backported OpenSSH on the server which can pop a key from LDAP which we use for staff gaining access to the network and for the SSH proxy), but kerberos allows us to have one central list of authentication. We've got master/slave KDCs setup, and BIND is replicated, though we haven't tested failover (yet). LDAP isn't, mostly because slapd is a fucking pig to setup (they threw out a perfectly sane config file for putting everything in LDAP and then poorly documented it to boot!), but all the services are using local accounts so the site itself will stay up if LDAP takes a shit on us.
As for our IPv4 only service, you'll have to wait and see. Trust me, I think you'll approve of this (and I plan to write patches to bring it to IPv6 sooner or later)
...and get the front end also with AAAA records. I've had an IPv6 address at home and at work for years now. Services to allow teenagers to share selfies (Facebook) have a working IPv6 front end, it's silly that a *tech* site does not! (And that goes for slashdot too. Years of writing articles about IPv6 and they still don't support it either).
As mentioned before, Slash takes issue with IPv6, we're looking to fix that. And with 'we' I mean, NCommander and others.
We're publishing one on dev right now, and I'm going to go through the DNS and make sure we have them on all other services aside from production
From dig: ;; ANSWER SECTION:dev.soylentnews.org. 300 IN AAAA 2600:3c00::f03c:91ff:fe6e:d0a3
I hope to have IPv6 up by the end of the month; I've got a good idea on how to fix the problems with slash when it receives a 128-bit address.
What made you think of doing this, what are the advantages, is this common in other setups?
Linode does not charge for IPv6 traffic inside of their network. So it made sense to put all of the back end traffic on IPv6 and save our network quota for use on the front end.
Its not a common setup to say the least, and sanity was questioned on it. One of our sysops guys was on VAC while we did this, and when he came back the response was basically "WTF?". The problem is our offsite backup is in a data center in France, and with the old IPv4 setup, we were looking at the possiblity of having to run a VPN and NAT. We could get around it by creative firewalling, and stupid DNS tricks, but I was sick of dealing with those from a previous job. Furthermore, I'd like for us to have mirrors in multiple data centers across the world, and IPv6 addressing means that no matter where a node is, it can always access another node with a consistently known IP address, and rdns/dns *just work*. No stupid hacks, no insane IPtables routes. It Just Works.
It might be kinda extreme, but it puts us very much ahead of the curve on such things, and our network is extremely nice to work with due to the way its setup as an end result (I've had a couple minds blown on how we do single signon/LDAP SSH/etc.).
Dammit, can we not think about those minds that were trained for years, nay decades to think in 4 octets and just numbers. The horror, the heart wrenching terror I felt when I first witnessed an IPv6 number. It struck to the core. Letters and numbers, mixed together, 6 sets, not four.
...damn you...damn you all to hell.
You can go IPv6 when you rip this IPv4 number, 192.168.1.78, from my cold lifeless fingers. Now I am suppose to be 1fe.67a.e45.dd1.176, NEVER! As if I can remember that mess. I'm here to tell you, once we go IPv6, it will be the day computers take over the world for only they will truly *know* each other. Now where's my damn lawn again?
We upgraded your lawn while you were ranting. You can find it at ::1
That was just cruel. Delishly, baconly cruel. Well played, and now time to learn once again (reaches for TCP/IP Networking for Dummy, version 6)
Actually, this might be a good topic for us to go in-depth about
Oops, didn't mean to submit. I meant to write, go in-depth in an original post, vs. us just agitating news ...
Ncommander, please write a blog post on how you went about implementing the IPv6 features for SN so that other folks could be inspired to implement it for their own websites/LANs.
I have a hard time deciding whether or not this is an April Fools joke or not. Considering the fact that most people still do not have IPv6 because of US ISPs' rapid innovation, it's probably a joke, but I would actually appreciate if it wasn't. We really need a push to cut off IPv4 so people start forcing their ISP to actually do shit. I understand IPv4 works fine with NAT finagling, but the expanded address space is just icing on the fact that ISPs' will be forced to do some much needed upgrading.
Often websites that are experimenting with IPv6 will have an address like ipv6.soylent.org that is reachable only by IPv6. Do we have one setup yet?
No, and the design of slash makes it extremely tricky to have a subdomain point to the main site and make it work because of the use of absolute addresses *everywhere*. The dev site has IPv6 records and we're using that to experiment with. Once we have the known IPv6 bugs extinguished, we'll publish AAAA records on the main site.
(yes, I know I'm horribly late...sue me!)