[veesix]

Feature Request : IPv6 support
MSN has now integrated the experience MS has acquired with 3degrees.
It's now time to see one of the greatest P2P software start to have built-in support for IPv6.

For those who haven't noticed, with XP SP2, type "ipv6 install" at a command prompt, and then "ipconfig" to see your v6 addresses...

Cheers

[qm2003]

I don't see that one coming, up until a majority of isp's and internet backbone carriers actually use ipv6 capable hardware.

Maybe sometime beyond 2010 ...

[buzz]

Furthermore its not only the client, that has to be changed, but even the whole protocol. At the moment everything is defined for 32Bit IPv4 addresses an would need to be changed to 128Bit IPv6...

This post has been edited by buzz: 19 October 2005 - 01:53 PM

[qm2003]

Not to mention all those crappy routers and modems out there ...

99% of them would have to be replaced as well.

[leuk_he]

I request this for consideration also..... i included some documentation.

http://forum.emule-p...c=62806&hl=ipv6

it also help a little bit for the nat problems.

[buzz]

Why should it help with the nat problems?

Just because it's possible to assign a specific address to every computer, that doesn't mean that NAT won't be used anymore...

Me myself will still setup a NAT network for my internet connection. It's the best way to keep yourself protected from script kiddies (i know that's not a real problem) and blaster like viruses (but this one counts alot)....

[leuk_he]

buzz, on Oct 21 2005, 10:12 AM, said:

Why should it help with the nat problems?

Just because it's possible to assign a specific address to every computer, that doesn't mean that NAT won't be used anymore...

Me myself will still setup a NAT network for my internet connection. It's the best way to keep yourself protected from script kiddies (i know that's not a real problem) and blaster like viruses (but this one counts alot)....

We had this discussion in the previous topic as well: But let met help:

NAT is often there because you only get 1 ip address from your isp. With ipv6 you should gat MANY ip adresses.
You should even get so many adresses that the balster virusses don;t have a change because the ipv6 address space is so big it is uneffective to scan all ipv6 adresses like an ipv4 worm can do.

For protection you use a firewall, not a nat device.

The real winner would be ipv6 multicast, (a kind of lancast, but working behind you own subnet), but for that you need to udp, so i really is close to lancast.

[buzz]

leuk_he, on Oct 21 2005, 08:51 AM, said:

buzz, on Oct 21 2005, 10:12 AM, said:

Why should it help with the nat problems?

Just because it's possible to assign a specific address to every computer, that doesn't mean that NAT won't be used anymore...

Me myself will still setup a NAT network for my internet connection. It's the best way to keep yourself protected from script kiddies (i know that's not a real problem) and blaster like viruses (but this one counts alot)....

NAT is often there because you only get 1 ip address from your isp. With ipv6 you should gat MANY ip adresses.

I already knew that, and i think that should be visible from my first sentence.

Quote

You should even get so many adresses that the balster virusses don;t have a change because the ipv6 address space is so big it is uneffective to scan all ipv6 adresses like an ipv4 worm can do.

That's like saying "We don't need keys anymore. Just paint doors on the walls all over the place. this way no one wil find the right one..."

Although that's a big address space, That doesn't provide any security. I'm sure most of the addresses aren't assigned to any ISP or are marked for restriced/special purpose.
With 10'000s of computers (in case of blaster maybe even more) scanning the known (!) addresses. You can be shure that they will find you.

Quote

For protection you use a firewall, not a nat device.

NAT is one step in network security. It hides your internal network structure.

Quote

The real winner would be ipv6 multicast, (a kind of lancast, but working behind you own subnet), but for that you need to udp, so i really is close to lancast.

Multicast is already possible with IPv4. But most ISP deactivated this feature due to its bandwith requirements. Do you think with IPv6 they'll magically change they policies?

[leuk_he]

Quote

I already knew that, and i think that should be visible from my first sentence. 

Quote

You should even get so many adresses that the balster virusses don;t have a change because the ipv6 address space is so big it is uneffective to scan all ipv6 adresses like an ipv4 worm can do.

That's like saying "We don't need keys anymore. Just paint doors on the walls all over the place. this way no one wil find the right one..."

Yep, security by obscurity. It is not the final solution, but it does help. Just as it does help to run your services at non-default ports. (how many webservers running at port 8843 are attacked by code red?)

You might have a perfect NAT, but if you port forwart port 80 to you unpatched web server you are screwed anyway. ipv6 does not help you here either, but it makes the worm makers world much more complicated.

Quote

Multicast is already possible with IPv4. But most ISP deactivated this feature due to its bandwith requirements. Do you think with IPv6 they'll magically change they policies?

well ipv6 multicast is a different thing. my isp supports ipv6 and i know multicast is enabled. If the applications (emule!) are build that they expect multicast customer will ask for it, just as people want a (semi) fixed ip and don't accept a ICMP 1918 addres (192.* ) ip address fro their isp if they have any choice.

Don't compare ipv4 multicast with ipv6 multicast, ipv6 multicast is a differnet thing and much better thought over. descripbing as "group address"might be more correct in this disccusion.

This post has been edited by leuk_he: 21 October 2005 - 09:49 AM

[buzz]

Quote

You might have a perfect NAT, but if you port forwart port 80 to you unpatched web server you are screwed anyway. ipv6 does not help you here either, but it makes the worm makers world much more complicated.

That's not the problem i'm refering to. If someone sets up a service on purpose, he has to take care to keep it updated and secure.

The big problem is the standard users connecting their home PCs directly to the net.
Connect an unpatched Windows XP to the net over an unprotected line (no firewal/router). It takes less! than 60 seconds until you're infected by more than one trojan/virus! And if you tell me to patch it first, how should i get the updates if i can't donwload them? And no, most people don't have a friend/neighbour which has the latest updates on CD...
A lot of people don't even care about updating their system. At least that gets better with autoupdate activated by default.

Quote

well ipv6 multicast is a different thing. my isp supports ipv6 and i know multicast is enabled. If the applications (emule!) are build that they expect multicast customer will ask for it, just as people want a (semi) fixed ip and don't accept a ICMP 1918 addres (192.* ) ip address fro their isp if they have any choice.

At the moment there are so few IPv6 customers that it doesn't hurt to activate multicast. But wait until the majority has switched over. And when the first filesharing-tool supports multicast, they'll for sure get big headaches...

Most people don't care whether they get a RFC 1918 or fixed address. They just wan't to connect to the internet.

Quote

Don't compare ipv4 multicast with ipv6 multicast, ipv6 multicast is a differnet thing and much better thought over. descripbing as "group address"might be more correct in this disccusion.

The biggest drawback for ISPs ist still the same: multicast allows a client to multiply its traffic.


I don't think it's impossible to get multicast in future offers. But i don't think its enabled by default. More likely an additional option you'll have to pay for.