cancel
Showing results for 
Search instead for 
Did you mean: 

UK among nations that have done least

jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

UK among nations that have done least

http://www.bbc.co.uk/news/technology-20646710
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
111 REPLIES 111
SimonHobson
Rising Star
Posts: 190
Thanks: 41
Registered: ‎30-07-2007

Re: UK among nations that have done least

Are we surprised ?
Err, not in the least  Roll_eyes
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: UK among nations that have done least

Well I'm glad as I not planning to spend any money on new hardware for the next 5 years at least.
MauriceC
Resting Legend
Posts: 4,085
Thanks: 929
Fixes: 17
Registered: ‎10-04-2007

Re: UK among nations that have done least

Quote from: itsme
Well I'm glad as I not planning to spend any money on new hardware for the next 5 years at least.

You shouldn't need to unless you need to use some functionality specific to IPv6.  The built in compatibility for IPv4 has been well tested worldwide now.  What really does need to happen is for the 'backbone' suppliers and ISP's to invest in the upgraded infrastructure so that business an 'Joe Public' can select an appropriate time to make their own move.  Currently we are in a Mexican stand-off  where most ISP's claim no business case as a rational reason?  True to some extent, but it could come and 'bite them in the bum' as both a technical challenge and equipment availability should it become higher profile as a requirement.
Most of the International backbone is already IPv6 (I've not checked details for a while)  so why the delay downstream?
M

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

SimonHobson
Rising Star
Posts: 190
Thanks: 41
Registered: ‎30-07-2007

Re: UK among nations that have done least

Quote from: MauriceC
... where most ISP's claim no business case as a rational reason?

Well yes, most users - and I really do mean most - don't know what IPv6 is, and don't know why they should want it. Most of my colleagues at work (and I work in an IT services company !) dread it's coming as they are "comfortable" with typing IPv4 addresses to access stuff.
I'm keen to crack on, but also more than a bit "apprehensive" as most of our IP related processes just won't scale. What works (address assignment, monitoring, traffic control & logging, etc) for a /24 network (254 addresses) just won't scale to a /64 with 65534 addresses Shocked
Quote
 ...  so why the delay downstream?

A clue in the chorus to this classic

The larger ISPs (who serve the bulk of users) have engaged in a race to the bottom price wise, so they have no money left for maintaining what they have, let alone investing in upgrades. The core equipment may already be IPv6 capable (possibly with the addition of licences), but before that can be turned on and fed down to end users there is a whole other layer that users should not normally get to know about (it's invisible unless it goes wrong) - all that management layer that takes care of everything (creating new users, billing them, configuring their equipment when it connects, etc, etc).
That, in part, will have been behind the IPv6 trial Plusnet did - to get a feel for how end user kit would work and so on. I'm sure that they have people beavering away behind the scenes working on new systems.
MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: UK among nations that have done least

Quote from: SimonHobson
I'm keen to crack on, but also more than a bit "apprehensive" as most of our IP related processes just won't scale. What works (address assignment, monitoring, traffic control & logging, etc) for a /24 network (254 addresses) just won't scale to a /64 with 65534 addresses Shocked

Don't know how to break this to you Simon, but it might be worse than you thought! A /64 has 2^64 addresses in it - that's 18,446,744,073,709,551,616!  Smiley
It is an interesting point you raise though... It's one thing updating hardware to support IPv6 but there's also the management-related aspects too which need consideration. For example, an Excel spreadsheet may more than suffice for the allocation management of a small IPv4 address range but trying to carry that across to do the same with IPv6 is going to need a rethink.
Edit: Whoa... This thread is 10 months old - sorry about digging that up. Hopefully it's still relevent though.
SimonHobson
Rising Star
Posts: 190
Thanks: 41
Registered: ‎30-07-2007

Re: UK among nations that have done least

Quote from: MJN
Don't know how to break this to you Simon, but it might be worse than you thought! A /64 has 2^64 addresses in it - that's 18,446,744,073,709,551,616!  Smiley

I must have been half asleep when I wrote that Embarrassed
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

Quote from: MJN
It is an interesting point you raise though... It's one thing updating hardware to support IPv6 but there's also the management-related aspects too which need consideration. For example, an Excel spreadsheet may more than suffice for the allocation management of a small IPv4 address range but trying to carry that across to do the same with IPv6 is going to need a rethink.

yeah even a standard SQL data base wont do it unless an extended database licence is acquired by the company planning to run it.....in fact i'm not even sure that will be able to perform the task unless its on some seriously high end server, what with it needing to have multi access capabilities and to potentially search every entry for every client at the same time without any of them noticing the time lag, hell even the slipstream nix version of old couldn't handle more than 50 clients on a 2 million entry database doing a search, of course they could distribute the data base overlays to every client to reduce the load and increase responsiveness for up to 1000 simultaneous users but even that's pushing things (not to mention giving the keys to the kingdom to the natives)
a lot of the associated problems with ipv6 will need to be solved as well, its not like there is NAT to help with LAN isolations for non enterprise setups
just because your paranoid doesn't mean they aren't out to get you
Krazeh
Grafter
Posts: 88
Registered: ‎06-02-2013

Re: UK among nations that have done least

Quote from: nanotm
a lot of the associated problems with ipv6 will need to be solved as well, its not like there is NAT to help with LAN isolations for non enterprise setups

No, but there are firewalls.
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

indeed there are, real verifiable ones that don't require static holes Smiley
seriously though its about a lot more than a firewall, so much trouble for anyone that's not going to be running there own BGP (router or server based), which means there's still a giant sized problem to be figured out before it can be given true implementation.
if they stuck to providing 6 over 4 though that part of the problem is mitigated, but then your not getting any benefit from 6 /
some serious work needed before it can be rolled out as a true connection offering, its not like everyone is a geek who understands or has the money to setup a home gateway server in order to provide isolation for there equipment, and lets face it without isp's giving away routers that cost more than £30 three unlikely to be able to supply anything capable of doing the job either, and the answer so far seems to be "its ok our routing table wont list all the things you want to keep private .....how do they know if I want access to my NAS box when i'm away from home but don't want it accessible to anyone else in the world .....
so many problems but so far no tangible proof of how I can do both be secure but still create an unsolicited login from any computer in the world given the right credentials without needing some login sever over ipv6  ........ yet its possible to do just that currently...so its really not much of a push for the average consumer to want to jump at a headache like that when things work fine right now....
just because your paranoid doesn't mean they aren't out to get you
Krazeh
Grafter
Posts: 88
Registered: ‎06-02-2013

Re: UK among nations that have done least

Quote from: nanotm
indeed there are, real verifiable ones that don't require static holes Smiley

This makes no sense. If you want to allow traffic through firewall to a certain machine then you will add a rule allowing traffic on a specific port, intended for a specific IP address, to pass through. Consumer level firewalls, such as those found in the sort of routers provided by ISPs, allow this functionality. It is a perfectly normal way for a firewall to operate.
Quote from: nanotm
seriously though its about a lot more than a firewall, so much trouble for anyone that's not going to be running there own BGP (router or server based), which means there's still a giant sized problem to be figured out before it can be given true implementation.

Again, makes no sense. Routing for IPv6, from the perspective of a home user, is broadly the same as IPv4. All the home router needs to know is where to send traffic it receives that is intended for the internet, in just the same way as it needs to know that for IPv4. And like IPv4 it will simply be the gateway at the ISP. BGP becomes a consideration once the traffic is at the ISP but it's not a 'giant sized problem'; working out how to route traffic is not something holding up a roll out of IPv6.
Quote from: nanotm
if they stuck to providing 6 over 4 though that part of the problem is mitigated, but then your not getting any benefit from 6 /

I don't think you really understand what 6 over 4 is or how it operates.
Quote from: nanotm
some serious work needed before it can be rolled out as a true connection offering, its not like everyone is a geek who understands or has the money to setup a home gateway server in order to provide isolation for there equipment, and lets face it without isp's giving away routers that cost more than £30 three unlikely to be able to supply anything capable of doing the job either, and the answer so far seems to be "its ok our routing table wont list all the things you want to keep private .....how do they know if I want access to my NAS box when i'm away from home but don't want it accessible to anyone else in the world .....

The TG582N already supplied by Plus.Net, and several other consumer grade routers already on the market, are perfectly capable of routing IPv6 traffic and providing a SPI firewall that protects your
LAN while allowing you to allow traffic through to specific machines. And routing tables have nothing to do with the ability for you to access a NAS box while away from home while preventing anyone else from doing so. Routing tables simply provide routers with details of which interface to send out traffic they receive. Access to machines on a LAN from a remote location is down to firewall rules.
Quote from: nanotm
so many problems but so far no tangible proof of how I can do both be secure but still create an unsolicited login from any computer in the world given the right credentials without needing some login sever over ipv6  ........ yet its possible to do just that currently...so its really not much of a push for the average consumer to want to jump at a headache like that when things work fine right now....

You would do it in exactly the same way as you do currently, with the slight exception that you won't need to use NAT in conjunction with firewall rules. You'll just use firewall rules to allow specific traffic through to the machine you want to allow access to.
Please, go away and do some real reading into the topics you're trying to discuss. It's admirable that you're trying to become involved but your posts continue to display a fundamental lack of knowledge/misunderstanding of the topics involved. And I'm not sure it's something that can be resolved by simply responding to posts you make. You need to look at more comprehensive material than can be placed in a forum posts.
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

how does that work then, I mean sure I can setup static (always open) rules to allow traffic through the firewall at the router but that requires disabling the SPI entirely, meaning my router is just a glorified switch, at least with ipv4 it has nat which blocks curious passers by (but nothing actively seeking access)
without a gateway server or gateway router you cant isolate devices from gaining internet connection if they are capable of it whilst retaining full lan functionality, you also cant go over the isp's nominal 8 device limit provided under there RiR, meaning lots of folks wont be able to use there gear under an ipv6 only connection in the same way they currently do.
6 over 4 is a way of creating a vpn which used to be called a pass-through connection from one device to another ignoring and refusing to interact with anything else along the route which aside from utilising the shared ipv4 address at the user end(s) provides ipv6 connection without the downsides of needing to interact with a whole bunch of servers
the primary difference between ipv4 and ipv6 is under ipv4 every router shares a single address to all connected equipment, under ipv6 every device (including the router) gets its own ip address, which completely changes the management and access of the devices, in terms of the router this means they will need to be completely overhauled, currently ipv6 connectivity on things like the tg582n is provided at the system operating level, this is the primary reason why such devices require the firewall to be switched off when allowing traffic forwarding over ports (which are providing ipv6  connectivity) maybe there will be a way in the future for them to provide an complete firmware rewrite that removes ipv4 connectivity but until then there will be no real firewall options, everything thus far is based on nat traversal settings and there is no way of limiting a device from obtaining ipv6 connectivity (a key problem if you look into the idea of running a dual stack system as part of the transition strategy)
routing tables are the only way of implementing firewall rules under ipv6 if you don't have control over both you have zero control over your connection's security, that means your running a gateway product (currently those things start at the so-ho end with a price point of £150 for a very incapable device) and your immediately in the fall back position of relying on software firewalls on devices, that of course isn't the dns lookup tables which are public access records which is where the problems stem from given the strange way all the companies preferred to run down the cg-nat route 15 years ago instead of evolving and utilising the ipv6 options (its been around and in commercial trials for various things since 1994, and getting commercially used since 1998 in various secure networks, widely available internet has only bee available in the uk since 1996 and the ipv4 address crunch was identified in 1997, bt's answer was to slow down the roll out of internet connectivity.....)
just because your paranoid doesn't mean they aren't out to get you
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: UK among nations that have done least

Quote from: nanotm
how does that work then, I mean sure I can setup static (always open) rules to allow traffic through the firewall at the router but that requires disabling the SPI entirely,

I'll stop you there as this seems to be the stumbling block...  What makes you think that opening up nominated ports to nominated addresses on the secure side of the firewall means that the entire firewall has to be turned off?
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

the manual of the router stating that it does,
how to port forward "do xyz", *please note this disabled the spi firewall and changes NAT to open or loose*
its a really good indicator of there being a problem with using dmz or port forwarding rules
just because your paranoid doesn't mean they aren't out to get you
Krazeh
Grafter
Posts: 88
Registered: ‎06-02-2013

Re: UK among nations that have done least

Quote from: nanotm
you also cant go over the isp's nominal 8 device limit provided under there RiR, meaning lots of folks wont be able to use there gear under an ipv6 only connection in the same way they currently do.

What?? This makes no sense.
Quote from: nanotm
the primary difference between ipv4 and ipv6 is under ipv4 every router shares a single address to all connected equipment, under ipv6 every device (including the router) gets its own ip address, which completely changes the management and access of the devices, in terms of the router this means they will need to be completely overhauled, currently ipv6 connectivity on things like the tg582n is provided at the system operating level, this is the primary reason why such devices require the firewall to be switched off when allowing traffic forwarding over ports (which are providing ipv6  connectivity) maybe there will be a way in the future for them to provide an complete firmware rewrite that removes ipv4 connectivity but until then there will be no real firewall options, everything thus far is based on nat traversal settings and there is no way of limiting a device from obtaining ipv6 connectivity

Under IPv4 most connected equipment on a home LAN shares a single address due to the fact that there simply isn't enough IP addresses to go around. If there was then NAT would probably never have come around, or certainly not be used to the extent it is. It would be far better for anything that needs to access the internet to have it's own public address. As for the TG582N what do you mean IPv6 connectivity is provided at the system operating level? It doesn't require the firewall to be switched off when port forwarding while using IPv6 and it doesn't need IPv4 connectivity removing. It operates in dual stack configuration and allows the use of NAT and firewall for IPv4 traffic and firewall for IPv6 traffic.
Quote from: nanotm
routing tables are the only way of implementing firewall rules under ipv6 if you don't have control over both you have zero control over your connection's security, that means your running a gateway product (currently those things start at the so-ho end with a price point of £150 for a very incapable device) and your immediately in the fall back position of relying on software firewalls on devices, that of course isn't the dns lookup tables which are public access records which is where the problems stem from given the strange way all the companies preferred to run down the cg-nat route 15 years ago instead of evolving and utilising the ipv6 options

Routing tables have nothing to do with firewall rules. They're completely separate things which perform entirely different functions. And what has DNS got to do with anything? Or CG-NAT for that matter?
Quote from: nanotm
the manual of the router stating that it does,

Which router is this?