Stories
Slash Boxes
Comments

SoylentNews is people

posted by NCommander on Tuesday April 01 2014, @12:00PM   Printer-friendly
from the there-was-much-rejoicing dept.
As part of wanting to be part of a brighter and sunny future, we've decided to disconnect IPv4 on our backend, and go single-stack IPv6. Right now, reading to this post, you're connected to our database through shiny 128-bit IP addressing that is working hard to process your posts. For those of you still in the past, we'll continue to publish A records which will allow a fleeting glimpse of a future without NAT.Believe it or not, we're actually serious on this one.

Linode IPv6 graph

We're not publishing AAAA records on production just yet as Slash has a few minor glitches when it gets an IPv6 address (they don't turn into IPIDs correctly), though we are publishing an AAAA record on dev. With one exception, all of our services communicate with each other on IPv6.

Perhaps I will write an article about our backend and the magical things that happen there :-).
 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by WizardFusion on Tuesday April 01 2014, @12:31PM

    by WizardFusion (498) Subscriber Badge on Tuesday April 01 2014, @12:31PM (#24072) Journal

    I don't get IPv6. Really, I don't. I understand that we are running out of IPv4 address, but the argument I always see is that we can now connect every device to the internet, like fridges that can reorder products for us, etc.

    That's great and everything, but why the hell would I want my fridge to have a world accessible IP address.? If for some silly reason I wanted my fridge internet enabled, I would NAT it behind a firewall.

    Does anyone actually have a compelling reason to use IPv6 anywhere.? Certainly not at in my home network/lab.
    The only reason I can think of is mobile phones. Get rid of the IMEI numbers (which can be duplicated) and use an fixed IPv6 address instead.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1) by Nesh on Tuesday April 01 2014, @12:43PM

    by Nesh (269) on Tuesday April 01 2014, @12:43PM (#24084)

    Try to NAT a thousand items behind your firewall and get back to me.

    • (Score: 2) by FatPhil on Tuesday April 01 2014, @01:02PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday April 01 2014, @01:02PM (#24110) Homepage
      My computer. g/f's computer. 2 laptops. PDA. Fridge. Microwave. Hifi. Telly. Sauna stove controller. ...

      Wait a sec - where did this "1000" number come from? From Strawmanland, apparently.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
      • (Score: 1) by Nesh on Tuesday April 01 2014, @01:22PM

        by Nesh (269) on Tuesday April 01 2014, @01:22PM (#24130)

        You're at home.
        Some sites have way more machines in it.

      • (Score: 2) by hankwang on Tuesday April 01 2014, @02:28PM

        by hankwang (100) on Tuesday April 01 2014, @02:28PM (#24190) Homepage

        My computer. g/f's computer. 2 laptops. PDA. Fridge. Microwave. Hifi. Telly. Sauna stove controller. ...

        Um, do you have an internet-enabled microwave and fridge or are you just looking into the future? We're a 2-person household. The DNS configuration file of my home server has 31 devices listed. If I remove old (non-used) devices and double-counted ethernet/wifi, I still have 17 devices. And I'm not counting a block of addresses reserved for VPN: 1 desktop, 2 laptops, 2 tablets, 3 Android media players, audio system, cable decoder/DVR, 2 smartphones, e-reader, modem/router, wifi access point, home server, printer, Wii.

        Within a couple of years, I can well imagine network access for IP cameras, home automation (temperature, window shutters, lighting). I still wonder why I would want to have a network-enabled fridge or microwave oven, though.

      • (Score: 2) by skullz on Tuesday April 01 2014, @03:21PM

        by skullz (2532) on Tuesday April 01 2014, @03:21PM (#24238)

        You have a networked microwave but you still use a PDA? *snort snort* What does it run, NetBIOS? *snort pushes glasses back up*

      • (Score: 1) by VanessaE on Tuesday April 01 2014, @10:59PM

        by VanessaE (3396) <vanessa.e.dannenberg@gmail.com> on Tuesday April 01 2014, @10:59PM (#24518) Journal

        What, no toaster? :P

    • (Score: 2) by NCommander on Tuesday April 01 2014, @01:42PM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Tuesday April 01 2014, @01:42PM (#24138) Homepage Journal

      The moment we realized if we wanted to interconnect our off-site backup and our backend would require NAT was the moment IPv4 came up on the chopping block and I made a plan to migrate.

      --
      Still always moving
  • (Score: 0) by Anonymous Coward on Tuesday April 01 2014, @12:47PM

    by Anonymous Coward on Tuesday April 01 2014, @12:47PM (#24090)

    Companies like Google want IPv6 so every individual (and device) has its own unique IP address. With NAT gone, it will be much easier for them to identify and track your every move.

    • (Score: 1) by Nesh on Tuesday April 01 2014, @12:53PM

      by Nesh (269) on Tuesday April 01 2014, @12:53PM (#24098)

      That would be right apart from the Privacy Extensions which nearly every OS is using.
      http://en.wikipedia.org/wiki/IPv6#Privacy [wikipedia.org]

      You automatically get a new outgoing IPv6 address every x minutes while still being reachable by the main address. In fact, privacy extensions hange the outgoing address a lot more than the DHCP IPv4 address your provider doles out to you. I know my IPv4 address is stable as long as I don't disconnect my modem.

  • (Score: 2) by VLM on Tuesday April 01 2014, @12:48PM

    by VLM (445) Subscriber Badge on Tuesday April 01 2014, @12:48PM (#24092)

    The problem is the engineers are talking about an ISO layer 2 addressing scheme, and the marketing droids are talking about their usual random BS at ISO layer one zillion that has nothing to do with it, other than maybe they can sell something useless by product tieing to something useful.

    It would be like discussing CIDR addressing math for ipv4 at a meeting and then some droid busting in, and in Disney Goofy character voice saying "hay guise, lets sell this as enabling itunes yuck yuck". Unfortunately that is literally how working as an engineer/dev is, although they never tell you that in school, other than maybe you read Dilbert cartoons and laugh because you think its exaggeration (LOL).

    ipv6 has nothing technological to do with fridges or whatever marketing pipe dreams.

    Also you wouldn't NAT your ipv6 fridge behind a firewall, you'd just use a stateful FW acting as a "network diode". Playing games with the address buys you precisely nothing. You already have a stateful FW in your NAT box so its not exactly new tech either. I'm sure the marketing people will be of great assistance in trying to redefine existing terms to confuse people and increase sales, so we probably will see firewalls at best buy claiming ipv6 NAT but delivering a stateful firewall and not doing NAT at all.

    "Does anyone actually have a compelling reason to use IPv6 anywhere.?"

    Check the stats for unallocated ipv4 addressing space and be unhappy. Oh, you'll be using ipv6 soon enough because you're not going to be using ipv4, that's for sure.

    Of course the PHB solution is instead of ipv4 addrs being 0-255.0-255.0-255.0-255 why not switch to 0-999.0-999.0-999.0-999 and those folks are an absolute joy to deal with I assure you.

  • (Score: 3, Insightful) by mmcmonster on Tuesday April 01 2014, @12:52PM

    by mmcmonster (401) on Tuesday April 01 2014, @12:52PM (#24097)

    There are some reasonable things you can do with IPv6, world-accessible kitchen appliances.

    Imagine your fridge had a camera feed. You could see what you needed to get when picking up groceries. If it also had a vision algorithm (+/- a scale on each level), it could tell you the milk's almost done or that the fruits are going bad (based on color and type of fruit). Or, most important, it can tell you that the fridge door isn't quite closed.

    Your toaster oven (or regular oven) could tell you that it's left on for an excessive period of time.

    Your alarm system could notify you when the kids get home.

    Your thermostat and alarm system could work in conjunction to turn down the AC/Heater when it knows no one is in the house. The temperature would go back to comfortable when your car or cell phone gets within 5 miles of the house.

    Whether these things are important to you is another matter.

    • (Score: 0) by Anonymous Coward on Tuesday April 01 2014, @01:15PM

      by Anonymous Coward on Tuesday April 01 2014, @01:15PM (#24119)

      Imagine your fridge had a camera feed. You could see what you needed to get when picking up groceries.

      Hmm, let's see. I'm out of milk. I am however not out of Goatse, so don't buy any more of that. I might, however, want to get a new stack of updates for my fridge.

      Oh look, the latest firmware for my fridge is two years old - same as the fridge - and rather than fix the bugs, they just want me to buy a new fridge.

    • (Score: 2) by bucc5062 on Tuesday April 01 2014, @02:32PM

      by bucc5062 (699) on Tuesday April 01 2014, @02:32PM (#24195)

      I read your post and thought of this story [wikipedia.org] right away. Kind of makes your vision a little scary and prophetic.

      --
      The more things change, the more they look the same
  • (Score: 0) by Anonymous Coward on Tuesday April 01 2014, @01:08PM

    by Anonymous Coward on Tuesday April 01 2014, @01:08PM (#24113)

    The whole internet of things idea is just salespeople talking. Unfortunately, managers listen more to salespeople than to engineers, so it may still hold true.

    IPv6 is no related to the internet of things. We need IPv6 to have ip addresses enough that everybody can have a PC. And a tablet. And a phone. And right now, there's only about enough for half the people on the planet to get ONE ip address, and that's if every subnet is filled perfectly.

    However, because the people behind IPv6 wanted to be absolutely sure never to run out again (even after we colonize Mars), they made IPv6 large enough that even if the "internet of things" morons get what they want, IP addresses is not going to be our problem. Keeping all those "things" updated and secure is.

  • (Score: 5, Insightful) by githaron on Tuesday April 01 2014, @01:26PM

    by githaron (581) on Tuesday April 01 2014, @01:26PM (#24132)

    There is a difference between world-routable and world-accessible. IPv6 is world-routable. The network firewall would decide if a device is world-accessible.

    • (Score: 2) by NCommander on Tuesday April 01 2014, @01:44PM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Tuesday April 01 2014, @01:44PM (#24140) Homepage Journal

      This, this, a thousand times this. You haven't experienced the joys of networking when all you need is a firewall and NOT NAT. We could even run IPsec over IPv6 and it would work for most people without hours of pain.

      --
      Still always moving
      • (Score: 1) by bill_mcgonigle on Tuesday April 01 2014, @01:53PM

        by bill_mcgonigle (1105) on Tuesday April 01 2014, @01:53PM (#24148)

        This, this, a billion times this.

        We're past a thousand users on the Internet now. :)

    • (Score: 1) by monster on Tuesday April 01 2014, @01:55PM

      by monster (1260) on Tuesday April 01 2014, @01:55PM (#24151) Journal

      Yes, but turning every layman into a network administrator is pure comedy gold waiting to happen.

      • (Score: 2, Informative) by urza9814 on Tuesday April 01 2014, @06:58PM

        by urza9814 (3954) on Tuesday April 01 2014, @06:58PM (#24408) Journal
        That's the situation we *already have*, IPv6 is going to make it *better*, not worse. You *already* need to be a freakin' network administrator to properly set up a NAT. What protects you isn't the NAT, it's the firewall, and that will still be included in the router. But you'll be able to actually turn it off where and when needed now, which will be nice. (And no, DMZ doesn't count, because it's one system at a time)
      • (Score: 2) by sjames on Tuesday April 01 2014, @09:09PM

        by sjames (2882) on Tuesday April 01 2014, @09:09PM (#24466) Journal

        Why would that be an issue. The Ap/router will just come with a default configuration that does the right thing for nearly everyone and home users won't understand it, just like with IPv4 and NAT, only it won't overload the tiny embedded processor as easily.

  • (Score: 1) by bill_mcgonigle on Tuesday April 01 2014, @01:50PM

    by bill_mcgonigle (1105) on Tuesday April 01 2014, @01:50PM (#24146)

    If for some silly reason I wanted my fridge internet enabled, I would NAT it behind a firewall.

    If you have a properly configured firewall, what benefit is NAT getting you? Most people who are saying this are saying, "I don't need a firewall because I have NAT". Security is a side-effect of NAT, not its purpose.

    Does anyone actually have a compelling reason to use IPv6 anywhere.?

    Have you ever had to statically map a port on a firewall? Enabled uPNP on a router? Why just this weekend I was trying to VoIP chat with a friend on Retroshare and we spent nearly an hour getting this straightened out. That all goes away with IPv6 (not that my local ISP's even offer it...).

  • (Score: 1) by MozeeToby on Tuesday April 01 2014, @02:54PM

    by MozeeToby (1118) on Tuesday April 01 2014, @02:54PM (#24217)

    NATs are not security features. Even if your fridge had a global IP it could, and should, be behind a firewall.

    Finally, it's not really about fridges and washing machines, it's about... well, whatever we come up with next that would be handy to have it's own IP address. It's future proof, and that's the point.

  • (Score: 1) by Mike on Tuesday April 01 2014, @06:19PM

    by Mike (823) on Tuesday April 01 2014, @06:19PM (#24380)

    Does anyone actually have a compelling reason to use IPv6 anywhere.?
    Certainly not at in my home network/lab. The only reason I can think
    of is mobile phones. Get rid of the IMEI numbers (which can be
    duplicated) and use an fixed IPv6 address instead.

    The simple answer:

    End-to-End connections, i.e., the real Internet (get-off-my-lawn).

    The more ranty answer: End to end is basically it. Yes, there are
    lots of ways to hack around not being on the Internet: NAT, dynamic
    IPs, paying an obscene amount to your ISPs for an actual IP address
    (really?, Really!?), etc. But frankly, that's crap. A default
    Internet connection should be just that.

    By themselves, there are more cellphones on the planet than IPv4
    addresses. The internet needs a bigger number space for addresses and
    for good or bad, IPv6 is it.

  • (Score: 2) by sjames on Tuesday April 01 2014, @08:21PM

    by sjames (2882) on Tuesday April 01 2014, @08:21PM (#24449) Journal

    The whole fridge thing is just a red herring.

    I find it handy that in the IPv6 world, my ISP must give me a subnet rather than just a single IP address. I can access anything at home I need to over IPv6 from anywhere. Meanwhile, NAT is resource intensive for a firewall. It's much better to avoid packet re-writing and just filter.

    But much of the benefit is for larger organizations and for the future. We really are running out of v4 addresses even while some of them are being clawed back. NAT presents it's own problems, including the already mentioned resource drain on a firewall. The same hardware filtering v6 rather than NATing v4 can handle many more machines. If you as the admin of such a place (for example, a large office) get an abuse report, instead of just your external IP address and a time that may or may not be accurate, you get an IPv6 address that uniquely identifies the probably infected PC.

    When I stand up a VM at work that doesn't need to be accessible by the public, I can just skip IPv4 and use it's autoconfig v6 address. No need to be concerned with depleting the much smaller pool of available public v4 addresses.