Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Linux Foundation Says All Major Distros Are IPv6 Compliant

Posted by Soulskill on Sun Nov 30, 2008 10:35 AM
from the getting-things-done dept.
Software Networking Linux News
ruphus13 points out news from the Linux Foundation, which announced that all major Linux distributions meet certification requirements for the US Department of Defense's IPv6 mandates. The announcement credits work done by the IPv6 Workgroup, whose members include IBM, HP, Nokia-Siemens, Novell and Red Hat. Quoting: "Linux has had relatively robust IPv6 support since 2005, but further work was needed for the open source platform to achieve full compliance with DoD standards. The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."
+ -
story

Related Stories

Firehose:Linux Foundation: All Major distros IPv6 Compliant by ruphus13 (890164)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Linux Foundation Says All Major Distros Are IPv6 Compliant 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Embedded Linux does ipv6 too (Score:5, Insightful)

    by dattaway (3088) * on Sunday November 30 2008, @10:37AM (#25933045) Homepage

    Many embedded linux devices are IPV6 compliant. Even my AXIS webcam can talk ipv6.

    Unfortunately, my ISP, RoadRunner is stuck in dark ages.

      • Re:Embedded Linux does ipv6 too (Score:5, Funny)

        by PolygamousRanchKid (1290638) on Sunday November 30 2008, @11:03AM (#25933215)

        With the US auto industry going down the shitter, some /8s could be reassigned real soon.

        Viva IPv4!

        You mean, they are going to be ".gov" domains, real soon, at your expense.

      • Re:Embedded Linux does ipv6 too (Score:4, Informative)

        by ArbitraryConstant (763964) on Sunday November 30 2008, @11:59AM (#25933541) Homepage

        We're going through a /8 about every month. Even if several of these are freed up it doesn't push the exhaustion date back very far.

          • Re:Embedded Linux does ipv6 too (Score:5, Informative)

            by ArbitraryConstant (763964) on Sunday November 30 2008, @02:45PM (#25934877) Homepage

            > What happens if NAT is used all over the place? You could imagine a bunch of
            > subnets that use one address to the outside world but have hundreds or
            > thousands of machines internally.

            It *is* used all over the place. It's even used on an ISP-wide scale (expect that to become more common in the west). NAT delayed IP address exhaustion for a few years, a few years ago. The current rate of IP usage is what's happening *with* widespread use of NAT.

            > There's a lot to be said for NAT from a security point of view too. Since you
            > need to open up holes manually for incoming services, incoming connections
            > for anything else will be blocked which makes it impossible for people to
            > exploit most security flaws on the machines behind the router.

            You can get all of that from a stateful firewall that blocks inbound connections by default.

            > Reading between the lines it seems like IPv6 was a revolutionary solution to
            > running out of address space. NAT was an evolutionary one. As usual the
            > market has picked the evolutionary solution and more purist types are whining
            > about it.

            NAT isn't a solution at all, it's a way to delay the inevitable. It has successfully done that, into approximately 2011-2012. What it doesn't do is change the fundamental problem, it's not possible to use it *enough* to hold off exhaustion indefinitely.

            Breaking end-to-end connectivity isn't the primary concern. This has already largely happened with NAT, and will continue to happen to a certain extent with IPv6 because we'll be using stateful firewalls. We can deal with this for most home users.

            The problem is that NAT still consumes IPs, and other hosts like servers really do need to be reachable. The market prefers NAT now because exhaustion hasn't happened yet, and as the last few months have demonstrated, the market is remarkably good at ignoring problems for as long as possible.

            Purist types *are* whining about it. But pragmatic types like me are also concerned that people like you seem to think NAT is something we can use later as a solution, when we've already been using it for years as a way to buy time.

            • Re:Embedded Linux does ipv6 too (Score:4, Funny)

              by fireman sam (662213) on Sunday November 30 2008, @05:53PM (#25936719) Homepage Journal

              Yes, your toaster does need its own IP as part of its TRM (toast rights management). "Smart" toasters are subsidized by bread manufacturers, and as such require you (the user) to only install certified bread into the device. TRM was designed so the bread manufacturers can be assured that their (subsidized) product (the smart toaster) is being used in the legal manner.

              Note that GNU/Bread will not operate in TRM enabled toasters as this reduces the proffitability (sp?) of smart toasters.

        • Re:Embedded Linux does ipv6 too (Score:4, Interesting)

          by j h woodyatt (13108) on Sunday November 30 2008, @03:38PM (#25935509) Journal

          "The right way would have been to extend the address space while still obeying to the KISS principle."

          The IETF has considered so many proposals along this line that it just produces eye-rolls from the greybeards now. They don't work any better than IPv4 w/ NAPT extensions, they still don't preserve backward compatibility with IPv4, and they don't solve the problems that IPv6 does.

          If you think you're smarter than everybody who's tried to do this before, then write up an Internet Draft. What's stopping you?

        • Re:Embedded Linux does ipv6 too (Score:4, Insightful)

          by klapaucjusz (1167407) on Sunday November 30 2008, @03:58PM (#25935677) Homepage

          Would you stop giving the damn ISP's more reasons to slack off on implementing IPv6!!!

          When their customers do their own tunnelling, ISPs loose the ability to perform their own traffic engineering, and loose money.

          Once they see that they are loosing money because people are implementing their own tunnelling, ISPs will rush to implement native IPv6, in a form that they can control.

  • How about a report on ISPs? (Score:5, Interesting)

    by Midnight Thunder (17205) on Sunday November 30 2008, @11:37AM (#25933389) Homepage Journal

    Now that I know Linux joins the ranks of IPv6 compliant OSs, I just need an ISP that supports IPv6. The problem is, in North America at least, is that there are still few to no ISPs providing IPv6 addresses. Instead I have to resort to tunnel providers (some listed here [wikipedia.org]). What we need is a list of major internet service providers in North America and an indication of their IPv6 readiness and what they excuse is for not starting the migration.

    In order to get ISPs moving we could each mail the one we use and ask them when the plan to offer IPv6 addresses.

    Some 'cool stuff' using IPv6: https://www.sixxs.net/misc/coolstuff/ [sixxs.net]

    • Re:Catching up on the competition (Score:5, Informative)

      by UnknowingFool (672806) on Sunday November 30 2008, @11:19AM (#25933287)
      Well Apple and MS has had some IPv6 support for a while but they are shades to the amount of support. I believe that IPv6 has been available in Linux before MS or Apple (since 1996). However it was deemed "experimental" until 2005 even though it worked well enough for most people and distros. MS has had limited IPv6 starting with Win2K and has had some IPv6 support with XP in 2002. As for DoD compliance, only Vista with SP1 is partially compliant [disa.mil] and OS X does not to appear to have been tested.

      • Re:Catching up on the competition (Score:5, Informative)

        by TheRaven64 (641858) on Sunday November 30 2008, @11:41AM (#25933421) Homepage Journal
        Apple didn't spend much at all. They use the KAME stack, which was developed by a consortium of Japanese companies for BSD-family systems. It was started in 1998 and achieved full compliance in 2006. Apple just pulled in the code and merged it. Since it already ran on BSD/OS, FreeBSD, NetBSD, OpenBSD and DragonflyBSD, this was not a huge undertaking.

    • Maybe (Score:4, Insightful)

      by Midnight Thunder (17205) on Sunday November 30 2008, @12:20PM (#25933681) Homepage Journal

      In reality IPv6 is about infrastructure, so if it is all done right then your average Joe shouldn't see much of an impact. In most cases the average user leaves their setting in automatic mode, so as long as the OS and corresponding application are already IPv6 aware then they won't notice until they need to use a numerical address. If they have a home router, then they may find that they need to buy a new one as the manufacturer is only releasing IPv6 aware firmware for routers manufactured after a certain date.

      There are still plenty of issues before everything is working right on both the client and server front. Issues still in place:
        - network hardware not IPv6 compliant (the only compliant home router for the moment is the Apple Airport)
        - network administrators oblivious to IPv6
        - ISPs not preparing for IPv6
        - libraries for popular computer programming languages not IPv6 ready. Take Perl libwww for example.
        - people saying that no one else is doing anything, so they won't do anything either - the classic sheep mentality

      I would like to see stuff like Zeroconf (aka Bonjour, Avahi) become common place on all OSs (this include Windows), or at least if these routers could add the names of computers in their DHCP table (including themselves) in their DNS directory, so typing in numerical IP addresses should not be necessary.

      • I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).

        See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic! My laptop, not knowing that, though, will try to route IPv6 traffic through them nevertheless, which just makes every IPv6 site (including my own) stop working. Viva Vista!

        Does anyone know why Vista does this, and whether it's possible to prevent or work around it somehow?

        • Re:so i see talk of ipv6 more and more.... (Score:4, Insightful)

          by sjames (1099) on Sunday November 30 2008, @02:26PM (#25934695) Homepage

          NAT for firewalling is really an abuse of the protocol. Instead, dump it and use IPv6, then have the router filter the packets. That way, instead of having to rewrite the packets, the router just has to make a drop or forward decision.

          If you make DROP the default decision and then add specific ALLOW rules, you'll get the same semantics as NAT with a lower load on the router

          AN added benefit (FOR NOW anyway) is that most ssh dictionary attacks are against IPv4 addresses. If your internal machines can only be reached through v6, you won't have to worry about those.

          Even if the crackers update to use v6, they won't be nearly as successful since they would first have to guess which dozen or so v6 addresses out of the possible billions on your 6to4 prefix actually have something listening. Sending out a few billion probe packets wouldn't really be a good option for them, especially when someone might have a honeypot assigned hundreds of IPs (making it by far the most likely machine to be attacked).

      • Re:You'll see IPv6 . . . (Score:4, Interesting)

        by treuf (99331) <treuf@users.sourc e f o r g e.net> on Sunday November 30 2008, @11:40AM (#25933417) Homepage

        A major French ISP - Free (second largest ISP after Orange) - is offering IPv6 to anyone asking for it (it's an option in their control pannel, disabled by default).
        It would be interesting to see how much peoples activated that option :)

        Another smaller one here have been offering IPv6 since ages (can't remember its name though)

        A major mass-hosting facility - OVH (doing buiness in France and doing massive deployment currently in europe) is providing IPv6 to all its servers (hosted or housed).

        They are both new-commers (compared to the country operator / old hosting facilities) - which may explain such massive deployment (they have only new hardware everywhere)

      • Re:You'll see IPv6 . . . (Score:4, Interesting)

        by Tony Hoyle (11698) * <tmh@nodomain.org> on Sunday November 30 2008, @02:05PM (#25934501) Homepage

        Everything that is worth buying has been IPv6 compliant for years.

        Hmm..

        iphone - nope.
        xbox 360 - nope.
        PS3 - nope.

        That's 3 things worth buying that definately aren't.. and I'm not even including home routers on that list which are a glaring example of 'not ipv6 compliant'.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.