Subj : IPv4 thinking in the IPv6 age
To   : Bj”rn Felten
From : Michiel van der Vlist
Date : Fri Jun 24 2011 15:48:41

Hello Bj”rn,

On Thursday June 23 2011 12:43, you wrote to me:

 BF>    Don't take it so serious, I just wanted you to know that I managed
 BF> network systems even before Windows for workgroups arrived, with it's
 BF> very experimental TCP/IP gizmo's.

So did I. Perhaps even earlier. I once was the network adminstrator for a Novell Netware LAN. I got the job for being the first to finish reading the "red book". ;-) As you probably know Novell Netware is based on IPX. at first running on DOS. Over Coax.

Before that I sniffed some X25.

 MvdV>> I see the same in the transition to IPv6.

 BF>    This is where *I* see exactly the same happening once again. "Why
 BF> should we install this TCP/IP gizmo's, our NetBIOS LAN works perfectly
 BF> OK."

The answer to that "why" is simple: Like IPX, NetBUI does not scale well.

Note that IPX used an autoconfiguration mechanisme very similar to the stateless autoconfiguration in Iv6. In fact that part of IPv6 was inpired by IPX.

 BF>    OK, I earned a lot of money just by converting my client's computer
 BF> systems from NetBEUI to TCP/IP, but I'm far to old to go the same path
 BF> once again with the IPv4 to IPv6 transition.

Oh c'mon! I am two years older than you and I am not too old yet. I am too old to run the Marathon, I am too old to go on a binge all night and am too old to engage in a threesome. Plus that in a week, I will be too old to work as an employee.

I am too old for many things. But I am not too old to shed "IPv4 think" and make the transition to IPv6 in a proper way.

 MvdV>> With stateless autoconfiguration you don't give them (the
 MvdV>> addresses) out. The systems configure themselves.

 BF>    That's just it. They *do not* auto-configure themselves,

But they do...

 BF> they configure themselves according to a scheme that I have no control
 BF> over.

Why do you want to "control" it?

 BF>    Sure enough all the connected computers get their IPv6 addresses
 BF> automatically, but who keeps track of this?

The machines themselves keep track of it. They know their own Ipv6 address and they find the others by neighbour discovery.

 BF> How do I, the network administrator, control what systems get what
 BF> addresses,

You don't. Not unless you specifically configure your LAN to manually assign addresses. How does that differ from DHCP in IPv4. You do not "control" who gets what address unless you specifically specifically who gets what.

Again; why do you want to "control" it?

 BF> and how do I tell the outside world what address they will get when
 BF> they e.g. try to query http:felten.yi.org:8000 via IPv6?

Argggh! That's IPv4 think. I can think of two reasons for using a non standard port number for a server:

1) You want to hide the server for people with bad intentions.

2) The port number is already in use by another server that shares the same IP number.

Neither of these apply with IPv6. If you want to hide the server for hackers, simply do not publish its IP number. Let the hacker try to find it among the 2^64 possible addresses..

In Ipv6 servers do not share addresses. They all have a unique global address. So why use a different port?

Distinguishing servers by port number is IPv4 NAT think. Forget it.

 MvdV>> If there is a router that sends out router advertisements

 BF>    Of course. But how does this router know what actual server should
 BF> respond to a http, ftp, news, DNS, binkp, or whatever request?

The router does not have to know. The router just forwards the packets to the proper IPv6 address.

 BF> Surely it should be the network administrator that should set the
 BF> proper map up, not some "auto" function?

The network automatically maps the IP addresses to MAC adresses.

IN IPv6 you do not use NAPT, so there is no "port to address" map.

 MvdV>> a unique global address will also be configured when a system is
 MvdV>> hooked up to the LAN.

 BF> I must admit I'm probably far too old to understand all this new
 BF> stuff.

It is not all that hard. Actually, once you have cleared your head of some "wrong" ideas that came with IPv4 NAT, IPv6 is a lot simpler than having to deal with IPv4 NAT and port forwarding.

 BF> Surely I cannot just set up a Radio Station (like my
 BF> http://felten.yi.org:8000) and then assume that it will automatically
 BF> get a proper IPv6 address?

Forget about ports. Think addresses. Your Radio station server get an IP address. The outside world must use that address to access it. To publish the address you create an AAAA record for radio.felten.se.

You create another one for www.felten.se. And another one for ftp.felten.se. and so on...

You only have to do that once, as IPv6 addresses are static.

 MvdV>> http://tinyurl.com/8xzgl9

 BF>    Sigh! Another two hour read. Just what I needed now that we in
 BF> Sweden are about to celebrate our true National Holiday -- Midsummer!

Well, there is no hurry. Enjoy the holiday and come back when the pipes are flushed again. ;-)

 BF>    No, I mean that almost the entire Control Panel is disabled. Quite
 BF> common here -- it prevents the users from changing their employer
 BF> supplied computer.

Oh... And when servicing those machines, you not not demand that you be given the password to unlock it? How can you properly service them without fukl access?

Ah, well never mind, it has nothing to do with IPv6.


Cheers, Michiel

--- GoldED+/W32-MINGW 1.1.5-b20070503
 * Origin: 2001:470:1f15:1117::1 (2:280/5555)

.