Ubuntu Desktop IPv4 and IPv6 question

[Karl Auer]

On Tue, 2008-08-05 at 15:52 -0700, Anthony Watters wrote:
> IPv4 and IPv6 are catered for). However, routers, other than Cisco,
> don't yet support IPv6 as far as I can tell.

There are lots of IPv6-capable routers, but very little small stuff like
the little router/modems people use now to terminate their ADSL and
cable links. That has yet to come.

Billion allegedly has IPv6-capable kit, but it's not on any product you
can actually buy. The D-Link DIR-655, DIR-855 and the DGL-4500 all
allegedly have IPv6, but it's not actually mentioned in the spec
sheets :-) And of course you do need an ISP prepared to route IPv6
directly up the ADSL or cable link - there is currently no-one in
Australia doing that.

> Presumably one wouldn't want both IPv4 and IPv6 going over the
> Internet from the Ubuntu Desktop box at the same time.

Au contraire! You certainly do. The point being that at the moment, most
of the world is only accessible via IPv4. Unless you have some kind of
NAT-PT or other system for translating, you need to be dual stack.
Dual-stack is also the preferred transition solution.

>  Also, it would seem that if one wants to use IPv6 with an ISP that
> one would have to rip out the IPv4 based router and connect the Ubuntu
> Desktop box directly to the cable modem?

Yes. Put the CPE into bridge mode and run an IPv6-capable router behind
it talking ethernet. The "IPv6-capable router" can be your desktop box
if you like. There are various DIY options like DD-WRT and OpenWRT that
will turn an existing bit of CPE into a much more powerful router than
its manufacturer intended, and those are probably better options if you
can't spring the many hundreds of dollars currently needed for a
commercial IPv6-capable router.

Or use a tunnel, another very popular and easy transition method. In
fact, there is tunnel software available for OpenWRT.

> With IPv6 I wouldn't particularly want to use DHCP. Is there a way in
> Ubuntu Desktop of setting a fixed, i.e. static, IP address, e.g.
> equivalent of something akin to 192.168.0.3 but in IPv6, assuming that
> I can find a router that will support IPv6 and so do the NAT thing?

If you go and get a tunnel from my company, IPv6Now, you can have a
singleton *static* address for free: www.ipv6now.com.au. You end up with
a single, globally routable IPv6 address on your tunnel-connected
desktop. Your tunnel connected desktop becomes a dual-stack,
IPv6-connected router. And we do all the DNS stuff for you, so you have
a DNS name as well.

If you go for a prefix as well, all the machines in your LAN can get
IPv6 addresses. Will do so, in fact, without you raising a finger :-)

If you don't mind your address changing or (for Australians anyway) the
delays as your packets cross the oceans you can also get such a thing
from the various free tunnel brokers like freenet.

>  Or will router manufacturers go to the wall with the rise of IPv6
> because people will have to connect all their computers directly to
> the Internet in an IPv6 enabled world?

Well, the computers are "directly" connected in terms of addressing, but
you still need some device to terminate the ADSL or cable connection,
and it would make sense if that terminating point was also doing actual
routing for you - delivering the prefix from your ISP to the machines in
your network etc. There will be plenty to do for the router
manufacturers!

We've been hunched over under IPv4/NAT for so long that we've forgotten
that direct connectivity and end-to-end addressing is how the Internet
is supposed to work, and that NAT is not actually a law of the
Universe :-)

For example, with a tunnel you can have a website on your laptop that is
accessible by name wherever your laptop happens to be from time to time.
When the tunnel is up, your website is visible.

> Finally, I gather that one of the selling points of IPv6 is better
> security than IPv4 due to built-in encryption? Does anyone have to do
> anything to enable that and are their performance implications?

That's tougher than it sounds. IPv6 has mandatory *support* for IPSec,
but it's not mandatory to *use* it. The issue is secure key exchange,
and there is no general system in place for that. For talking to
specific hosts that you have a pre-existing relationship with and where
you can sort out the keys, IPSec is great and relatively
straightforward. For talking to a random website, not so useful. Yet!

Performance depends, as with most crypto, on the power of the two
machines that are communicating. In general, over a home ADSL or
cablelink, the crypto will make very little (if any) perceptible
difference.

Regards, K.

PS: Our website www.ipv6now.com.au has several FAQs and HowTos on it.
They are generally useful, not just for our products.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at  : random.sks.keyserver.penguin.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080807/565f3f6c/attachment.sig>