IPv6 deployment is in a chicken and egg situation. On the one hand, there is no willingness from ISPs and commodity DNS router manufacturers to include IPv6 support in their infrastructure or equipment because “there is no demand”. On the other hand, there is no demand because the average Joe Blow could not care less if he accesses a web site under IPv4 or IPv6. It should just work. The equipment and infrastructure should adapt transparently.

One of these days, when there will be IPv6-only web sites, Joe Blow will call his ISP to complain he cannot access them. This may happen sooner that you think. The North American Internet Registry (ARIN) has issued an advisory to alert the community that it will no more be in a position to allocate IPv4 addresses in the near future and strongly advises companies and ISPs to look at IPv6 instead.

What we users can do is to stop waiting for the industry to get its act together and work around its limitations.

Most consumer OSes these days support IPv6, either natively like MacOSX, Linux or Windows Vista or as an add-on, like Windows XP. If you have the traditional setup with a computer connected to the Internet through a DSL router, the latter is being assigned a dynamic IP address. Your computer in turn is being assigned an IP address by the router, typically out of a private address space (per RFC 1918).

What we need now is a way to tunnel trough the hostile IPv4 environment to connect to an IPv6 Internet. The specifications are defined in RFC 4380 and nicknamed Teredo. There is an implementation for Unix-like operating systems called Miredo. And for those of you who are uncomfortable editing Makefiles and compiling source code, the good news is that there are pre-packaged versions for MacOSX and Ubuntu Feisty (just type “apt-get install miredo”. You should have the universe repository active).

I tested both and they work out of the box. I am actually editing this post through an IPv6 tunnel over a straight IPv4 ADSL connection. Pretty amazing.

I did not test the MS Windows implementation. However, since Microsoft wrote the specs, I suppose it should be quite easy to set up there, too. Some tips are available at the IPv6 Task Force web site and Microsoft‘s own site.

What does that bring to you ? Well, first you will be considered a certified geek by your neighbourhood. More seriously, not much right now. What I notice is actually that my connection is slowing down. This may be due to the fact that tunnelling a protocol through another one is never efficient. Also, the peering agreements between backbone operators are not as optimal as they are in the IPv4 world. But at least, I am ready for the future.

I was reading this article this morning on IPv6 vulnerabilities and specifically the IPv6′s type 0 routing headers. The recommendation is to disable the routing of these headers, as they have no practical purpose anyway.

After doing some Googling, I read that this kind of header was disabled by default in Linux kernels starting with version 2.6.20.9. This server is running version 2.6.9-42. The workaround here is to filter out those packets at the firewall level. Fine, except for the fact that ip6tables on RHEL4 and CentOS4 does not include the plugin to filter out the routing headers. Hence, you need to recompile the iptables package with the ip6rt module enabled. That’s just a small Makefile editing.

To make life easier for you, here are my RPM and SRPM:

iptables-ipv6-1.2.11-3.1.isoc.i386.rpm
iptables-1.2.11-3.1.isoc.src.rpm

Once installed, do not forget to add the following lines at the top of the /etc/sysconfig/ip6tables file, near the top and before allowing anything else :

-A INPUT    -m rt --rt-type 0 -j DROP
-A FORWARD  -m rt --rt-type 0 -j DROP
-A OUTPUT   -m rt --rt-type 0 -j DROP

Of course, if you are not running IPv6 at all, this is not an issue for you. And if you are using another distribution, your mileage may vary, as they say.

The American Chamber of Commerce of Luxembourg is organizing an event tonight at the RTL TV studios called “IT, Society, and Culture”.

I will be presenting some reflections on how we went from a top-down approach of the Internet to a bottom-up proces and what the challenges are. My presentation is here in PDF format.

The main idea behind the presentation is that we have not yet reached the bottom-up phase, despite all the talk about blogs, YouTube, etc. The fact remains that the hoster of the blog or video sharing platform is still in a position to take down you web site. There is still someone, somewhere who can silence you. It is only when your platform will be under your total control that we will be able to the the user is the Internet, as Time Magazine puts it.

However, before we can reach that stage there are still some technical challenges we need to solve. If you wish to host your blog on your home computer, you need an easy to understand operating system and web server. It’s coming. You also need bandwidth. Asymetrical DSL won’t cut it. What you need is fiber to the home, with 100 Mbits both ways. You also need a fixed IP address. With current IPv4 addresses becoming scarce, IPv6 seems like the answer.

There are societal challenges, too. With IP everywhere and always on, we risk an Orwellian society where every one of your moves can be monitored. Will the average Internet user use the increased bandwidth to contribute something useful for the society, or post gore videos of men being hanged ?

This announcement by ICANN to Allocate IPv6 Blocks to the Five RIRs is an important one in several aspects.

First, it marks the real start of IPv6 deployment for the masses. Although this blog has been lucky enough to be hosted on the Restena academic network (linked to Europe’s GEANT2), and therefore was offered an IPv6 range, it is still difficult to convince many of the smaller hosters (and some big ones, too) to routinely offer IPv6 connectivity to their customers.

Your average broadband ISP is not offering IPv6 either. You cannot really blame them, since it is hard to find a DSL router supporting IPv6, unless you want to flash an unsupported firmware. In conclusion, having address space is not enough, we need the pipes and the devices that can use them.

What is also important in the ICANN announcement is that it states all RIRs have received the same amount of address space. This clearly reflects the fact that the Internet is no more US and European centric. Indeed, some regions lika Asia have a real need for more address space, due to their economic development. This is also the place where the deployment of IPv6 has been taking place for a while already.

As an aside, I got this news item thanks to Thomas Roessler’s alternative ICANN RSS feed at http://does-not-exist.org/rss/icann.rss. As mentioned by Bret Fausett, ICANN’s own RSS news feed has not been updated since June 2006.

I just got this link from Jordi Palet Martinez.

ISOC and The IPv6 Portal organize a half day IPv6 workshop in Istanbul, next Friday 28th, after the RIPE meeting.

The target audience is engineers, ICT managers, software developers and public sector. It is expected that the participants have some IPv4 knowledge in order to take bigger advantage of the workshop.

The goal of the workshop will be to introduce IPv6 from a theoretical point of view, and make some hands-on practices with Windows XP. Information about other operating systems will be also provided. The workshop will also give some basic ideas about how to enable IPv6 in ISP and enterprise networks. As a practical exercise, the participants will be able to present their own network cases and work on possible transition paths for those cases. It is expected that the participants bring their own laptops with XP SP2 to take further advantage of the hands-on part.

Read more…

According to this article on E-week, Microsoft has patented an auto configuration technology for the IP stacks in Windows machine. This was apparently inspired by the autoconfig feature of IPv6, which is described in RFC 2462 . However, Microsoft failed to mention this prior art in its patent claim.

As usual, should we say, the USPTO did a bad job at researching prior art, although the RFCs are publicly posted on the Internet. 2 minutes of googling would have produced evidence. So, if one needs an additional reason for NOT patenting sofware, we can invoke the fact that patent offices (and this includes the EPO) do a bad job at searching for prior art, even when obvious references exist on the Internet.

If Microsoft has its way to have the USPTO moving to a “first-to-file” system, as opposed to a “first-to-invent” system, no engineer if an IETF meeting will ever want to suggest anything, lest some competitor will walk out of the room to quickly file a patent. This could bring the entire IETF process to a halt. As the article describes it: “The IETF has a rule that states that such engineers sit on working groups solely on the basis of personal interest in the technology, a stance that many find naively ignores the fact that employers exert influence on their engineer employees”. Obviously yes. Whatever you do, you look at who’s signing your paycheck.