Forgot your password?
typodupeerror
Networking Software Linux News

Linux Foundation Says All Major Distros Are IPv6 Compliant 241

Posted by Soulskill
from the getting-things-done dept.
ruphus13 points out news from the Linux Foundation, which announced that all major Linux distributions meet certification requirements for the US Department of Defense's IPv6 mandates. The announcement credits work done by the IPv6 Workgroup, whose members include IBM, HP, Nokia-Siemens, Novell and Red Hat. Quoting: "Linux has had relatively robust IPv6 support since 2005, but further work was needed for the open source platform to achieve full compliance with DoD standards. The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."
This discussion has been archived. No new comments can be posted.

Linux Foundation Says All Major Distros Are IPv6 Compliant

Comments Filter:
  • by dattaway (3088) * on Sunday November 30, 2008 @10:37AM (#25933045) Homepage Journal

    Many embedded linux devices are IPV6 compliant. Even my AXIS webcam can talk ipv6.

    Unfortunately, my ISP, RoadRunner is stuck in dark ages.

    • by Corrado (64013)

      I lease a T1 from Speakeasy and while I'm generally satisfied with the service they still don't offer IPv6.

      On a T1?!

      Talk about dark ages. :(

      • by Tony Hoyle (11698) *

        The T1 itself is pretty dark ages, after all that's only 1.5Mbps... slower than most home connections.

    • "Unfortunately, my ISP, RoadRunner is stuck in dark ages."

      It's a bummer when your toilet can't get it's own IP address.

      • by peragrin (659227)

        No but I am using 6 computers plus VOIP phone service and things would be a lot better if they did. I could eliminate the second switch inside my home.

        as it is now I have 6 different hops(4 local) my computer has to take before I even get to the gateway, and DNS servers.

      • by Teun (17872) on Sunday November 30, 2008 @01:08PM (#25934009) Homepage
        Why the whole toilet?

        The large AND small flush want their own, just like the lid and seat!

        Don't get me started about the light switch, extraction fan and deodorant dispenser...

      • by legirons (809082)

        "Unfortunately, my ISP, RoadRunner is stuck in dark ages."

        It's a bummer when your toilet can't get it's own IP address.

        Or be sold to the Pentagon..

    • Unfortunately, my ISP [...] is stuck in dark ages.

      You don't need assistance from your ISP to get IPv6 connectivity. You can use a number of IPv6 transition mechanisms [wikipedia.org], such as 6to4, Teredo, or configured tunnelling, to reach the IPv6 Internet wherever you are.

      If you happen to be using Linux, I wrote a quick HOWTO about getting IPv6 connectivity without your ISP being involved [jussieu.fr].

      • Would you stop giving the damn ISP's more reasons to slack off on implementing IPv6!!!

        ISP's need to upgrade, that's a fact. If people start tunneling IPv6, he ISP's are going to say "Hey, they've already got it, why the hell should we spend money to do it properly?"

        • by klapaucjusz (1167407) on Sunday November 30, 2008 @03:58PM (#25935677) Homepage

          Would you stop giving the damn ISP's more reasons to slack off on implementing IPv6!!!

          When their customers do their own tunnelling, ISPs loose the ability to perform their own traffic engineering, and loose money.

          Once they see that they are loosing money because people are implementing their own tunnelling, ISPs will rush to implement native IPv6, in a form that they can control.

  • is it something i as an end user of some linux distro or other ipv6 supporting OS can make use of, some option i can toggle in some options somewhere to improve something, or is it all just something in the backbone for admins and people with servers to worry about? i want to know what ipv6 means to your average jo
    • . . . when you see IPv6.

      Until your ISP starts offering it, don't worry about it.

      Everything that is worth buying has been IPv6 compliant for years.

      The only thing that is missing for IPv6, is well, how about an IPv6 net, to the end user.

      • by treuf (99331) <treuf@NOsPaM.users.sourceforge.net> on Sunday November 30, 2008 @11:40AM (#25933417) Homepage

        A major French ISP - Free (second largest ISP after Orange) - is offering IPv6 to anyone asking for it (it's an option in their control pannel, disabled by default).
        It would be interesting to see how much peoples activated that option :)

        Another smaller one here have been offering IPv6 since ages (can't remember its name though)

        A major mass-hosting facility - OVH (doing buiness in France and doing massive deployment currently in europe) is providing IPv6 to all its servers (hosted or housed).

        They are both new-commers (compared to the country operator / old hosting facilities) - which may explain such massive deployment (they have only new hardware everywhere)

      • Re: (Score:3, Informative)

        by jonbryce (703250)

        Except for routers. I've not seen an IPv6 compliant router yet. I'm sure they must exist, but you don't see them in the likes of PC World.

        But, until ISPs start offering IPv6, an IPv6 ready router isn't going to be much of a selling point.

        • by dattaway (3088) *

          I've not seen an IPv6 compliant router yet.

          You should install ddwrt or openwrt on your router. Much more than ipv6, you'll have a great router.

          • Re: (Score:3, Informative)

            by HomerJ (11142)

            Not since v24SP1

            There's a different version of ddwrt that does support IPv6 that is all but hidden on their site. But the standard dd-wrt doesn't do IPv6 anymore.

        • by Tony Hoyle (11698) *

          Cisco 800 series, if you don't mind learning IOS (cisco SDM is not ipv6 compliant yet so you can't set it up with the GUI).

          The apple Wifi routers - time machine, etc. are compliant but alas they don't offer one with a DSL port.

          Plus you can do a homebrew linux solution with certain routers.. that's not really end user friendly though.

          It's a pretty sad situation... router manufacturers won't do ipv6 until there's demand from ISPs, ISPs won't do it until there's demand from users, and users won't demand it unt

      • by Teun (17872)
        Except there are still no good IPv6 capable load balancers, that'll stop most serious ISP's.
        • by kasperd (592156)

          Except there are still no good IPv6 capable load balancers, that'll stop most serious ISP's.

          Honestly I don't know what load balancers we use for our IPv6 servers, but they seem to be working fine. However that shouldn't stop your ISP. They don't have to have IPv6 load balancers to enable IPv6 for their customers, all they need is the routers. Sure they usually do run a few servers, but that is only supposed to be a minor part of their business. They can just make the host names only resolve to IPv4 addresse

      • by Tony Hoyle (11698) * <tmh@nodomain.org> on Sunday November 30, 2008 @02:05PM (#25934501) Homepage

        Everything that is worth buying has been IPv6 compliant for years.

        Hmm..

        iphone - nope.
        xbox 360 - nope.
        PS3 - nope.

        That's 3 things worth buying that definately aren't.. and I'm not even including home routers on that list which are a glaring example of 'not ipv6 compliant'.

    • Re: (Score:3, Insightful)

      by Morth (322218)

      The advantage is you get rid of your NAT. You can for example use it to access your computer remotly with ssh or file sharing, or get IP telephone provided separately from your ISP.

      You can turn on 6to4 in your OS, it will give your whole home network global IPv6 addresses with your IPv4 connected computer as router. Some OSes might require further configuration.

      Around here (Sweden) many ISPs actually have a local 6to4 router so the speed is the same, but in some locations you will get a longer route if you

      • by Dolda2000 (759023) <fredrik@dolda2000 . c om> on Sunday November 30, 2008 @11:38AM (#25933393) Homepage

        I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).

        See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic! My laptop, not knowing that, though, will try to route IPv6 traffic through them nevertheless, which just makes every IPv6 site (including my own) stop working. Viva Vista!

        Does anyone know why Vista does this, and whether it's possible to prevent or work around it somehow?

        • Re: (Score:3, Interesting)

          by kasperd (592156)

          Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic!

          That is an interesting case. I wish I could point out what you should be doing differently, but it isn't obvious to me. When you have a public IPv4 address, you could run your own 6to4 gateway. But of course if you have a network with public IPv4 addresses to multiple machines, you us

          • by sjames (1099)

            It may be necessary to filter out the route announcements from Vista in iptables. Vista REALLY shouldn't be sending router announcements unless it has been specifically configured to be a router (but, being a MS product, sensibility and spec compliance are too much to ask for).

        • Does anyone know why Vista does this, and whether it's possible to prevent or work around it somehow?

          No idea, why Vista does it, nor why anybody sane would use Vista.

          As far as preventing it, or working around it: I carry a baseball bat just for that purpose... A smashed Vista laptop won't annonce any 6to4 net!

        • I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).

          See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they

      • I don't want to get of NAT. Instead of having to firewall each device, I have a single point (the router).

        NAT makes it easy.

        • by sjames (1099) on Sunday November 30, 2008 @02:26PM (#25934695) Homepage

          NAT for firewalling is really an abuse of the protocol. Instead, dump it and use IPv6, then have the router filter the packets. That way, instead of having to rewrite the packets, the router just has to make a drop or forward decision.

          If you make DROP the default decision and then add specific ALLOW rules, you'll get the same semantics as NAT with a lower load on the router

          AN added benefit (FOR NOW anyway) is that most ssh dictionary attacks are against IPv4 addresses. If your internal machines can only be reached through v6, you won't have to worry about those.

          Even if the crackers update to use v6, they won't be nearly as successful since they would first have to guess which dozen or so v6 addresses out of the possible billions on your 6to4 prefix actually have something listening. Sending out a few billion probe packets wouldn't really be a good option for them, especially when someone might have a honeypot assigned hundreds of IPs (making it by far the most likely machine to be attacked).

      • by jstott (212041)

        The advantage is you get rid of your NAT. You can for example use it to access your computer remotly with ssh or file sharing, or get IP telephone provided separately from your ISP.

        It's a bit tougher when your NAT and your cable modem are the same physical device (thanks Bell Canada!).

        -JS

    • Maybe (Score:4, Insightful)

      by Midnight Thunder (17205) on Sunday November 30, 2008 @12:20PM (#25933681) Homepage Journal

      In reality IPv6 is about infrastructure, so if it is all done right then your average Joe shouldn't see much of an impact. In most cases the average user leaves their setting in automatic mode, so as long as the OS and corresponding application are already IPv6 aware then they won't notice until they need to use a numerical address. If they have a home router, then they may find that they need to buy a new one as the manufacturer is only releasing IPv6 aware firmware for routers manufactured after a certain date.

      There are still plenty of issues before everything is working right on both the client and server front. Issues still in place:
        - network hardware not IPv6 compliant (the only compliant home router for the moment is the Apple Airport)
        - network administrators oblivious to IPv6
        - ISPs not preparing for IPv6
        - libraries for popular computer programming languages not IPv6 ready. Take Perl libwww for example.
        - people saying that no one else is doing anything, so they won't do anything either - the classic sheep mentality

      I would like to see stuff like Zeroconf (aka Bonjour, Avahi) become common place on all OSs (this include Windows), or at least if these routers could add the names of computers in their DHCP table (including themselves) in their DNS directory, so typing in numerical IP addresses should not be necessary.

  • The BSDs had full support for IPv6 long before M$
    • Re: (Score:3, Interesting)

      by mwoliver (688853)

      Yup. In fact, back in the day, the IPv6 support in FreeBSD was the determining factor in my choice to run FreeBSD rather than any then-current distribution of GNU/Linux. Being focused on networking, I didn't have a dog in the OS race, I just needed IPv6 support, and FreeBSD won hands-down. I have enjoyed the blessings of FreeBSD ever since. Even so many years later, IPv6 support on my DD-WRT (Linux) access point is quite non-intuitive and hackish.

      Big shout-out to the fine KAME team, especially the late

    • The BSDs had full support for IPv6 long before M$

      A fair comment, but one (like countless others) that glosses over what "full support" means, and in what context. FreeBSD, for example, most definitely supports IP6, but their jail implementation doesn't. Then there's all those programs or utilities that have just recently had IP6 support added, and those that haven't yet.

      But then, who's bothering to take note when few care one way or the other?

  • by apathy maybe (922212) on Sunday November 30, 2008 @11:24AM (#25933303) Homepage Journal

    Kapor is in his element now, fluent, thoroughly in command in his material. "You go tell a hardware Internet hacker that everyone should have a node on the Net," he says, "and the first thing they're going to say is, 'IP doesn't scale!'" ("IP" is the interface protocol for the Internet. As it currently exists, the IP software is simply not capable of indefinite expansion; it will run out of usable addresses, it will saturate.) "The answer," Kapor says, "is: evolve the protocol! Get the smart people together and figure out what to do. Do we add ID? Do we add new protocol? Don't just say, we can't do it."

    Source: http://www.mit.edu/hacker/part4.html [mit.edu]

    So why the fuck hasn't it been adopted yet?

    ------

    Anyway, does anyone have any sources as to know the other "big" OS's (MS Windows, Mac OS, the BSD's etc.) were able to speak IPv6 (if they are able to at all?)?

    Also, I've tried to find information about whether FreeDOS can do IPv6, but couldn't. Could anyone help there?

    -----

    Finally, the beauty of FLOSS.

    • by drinkypoo (153816)

      So why the fuck hasn't it been adopted yet?

      Because that's your job. Get the fuck over here and migrate my network, stat.

    • Re: (Score:3, Interesting)

      by TheRaven64 (641858)

      Anyway, does anyone have any sources as to know the other "big" OS's (MS Windows, Mac OS, the BSD's etc.) were able to speak IPv6 (if they are able to at all?)?

      The KAME stack was completed in March 2006. It implements IPv6 and IPsec and is used by FreeBSD, BSD/OS, OpenBSD, NetBSD,DragonFlyBSD, and OS X. Linux achieved a comparable degree of support around a year later. KAME snapshots were incorporated in these operating systems before the project was completed, and enough of the protocol to be useful has been supported by them since around 2000. Linux does not use KAME, but I don't know how much (if any) code they borrow from it.

      Itojun did some really amazin

    • by jstott (212041)

      Anyway, does anyone have any sources as to know the other "big" OS's (MS Windows, Mac OS, the BSD's etc.) were able to speak IPv6 (if they are able to at all?)?

      Mac OSX has IPv6 enabled by default. If only my NAT did...

      -JS

    • Anyway, does anyone have any sources as to know the other "big" OS's (MS Windows, Mac OS, the BSD's etc.) were able to speak IPv6

      All currently shipping operating systems have full support for IPv6. This includes Linux (2.4 and 2.6), FreeBSD and NetBSD, Windows XP SP2 and Vista, Mac OS X (since at least 10.2).

      IPv6 is enabled by default on all of the above except Windows XP, on which it must be enabled by the user.

    • by Blakey Rat (99501) on Sunday November 30, 2008 @02:48PM (#25934901)

      IPv6 isn't backwards-compatible with IPv4, and a lot of networks have been really slow to convert over. In most case, they have to spend money to do this conversion, because they have older hardware without full IPv6 compatibility.

      Adoption is slow because IPv6 isn't backwards-compatible, and because it doesn't have enough benefits to outweigh that problem. No conspiracy or anything. (I think it's damn stupid that IPv6 has approx. 40 kajillion IP addresses, and yet they didn't bother to map the existing 4 billion there anywhere.)

  • by Midnight Thunder (17205) on Sunday November 30, 2008 @11:37AM (#25933389) Homepage Journal

    Now that I know Linux joins the ranks of IPv6 compliant OSs, I just need an ISP that supports IPv6. The problem is, in North America at least, is that there are still few to no ISPs providing IPv6 addresses. Instead I have to resort to tunnel providers (some listed here [wikipedia.org]). What we need is a list of major internet service providers in North America and an indication of their IPv6 readiness and what they excuse is for not starting the migration.

    In order to get ISPs moving we could each mail the one we use and ask them when the plan to offer IPv6 addresses.

    Some 'cool stuff' using IPv6: https://www.sixxs.net/misc/coolstuff/ [sixxs.net]

    • by Shikaku (1129753) on Sunday November 30, 2008 @12:32PM (#25933779)
      • Great. I count 5 in the US, zero in Canada.

        In terms of home user options, Lava.net is only in Hawaii, ipHouse is only in Minneapolis/St. Paul, Cutthroat Communications is only in Montana (and no real indication of what their coverage for DSL is like), and Citynet appears to be only in West Virginia (and only offering Dialup/ISDN, no broadband.) and Spectrum is only in parts of Washington.

        I doubt the list is comprehensive, but the grandparent is right, for most of us there are no options other than sketchy/s

        • "for most of us there are no options other than sketchy/slow tunnels"

          Easy there. The tunnel provided by my ISP [sonic.net] is rock solid. Deployed properly, tunnels can be made quite reliable. In fact, there's a pretty good chance your IPv4 service is tunneled over something right now.

          • Which is true, but utterly and totally irrelevant.

            IPv6 tunnels in general seem to be slow, have poor routing, and are prone to unexpected breakage. When I'm routed through Japan to go from Germany to the east coast of the US, something is wrong. When the RTT is 200-300ms more for IPv6 than IPv4 for the same pair of hosts, something is wrong.

  • The Linux Foundation's IPv6 workgroup analyzed the DoD certification requirements and identified key areas where Linux's IPv6 stack needed adjustments in order to guarantee compliance. They collaboratively filled in the gaps and have succeeded in bringing the shared technology into alignment with the DoD's standards."

    So this statement of compliance is as of which mainline kernel revs (2.4 and/or 2.6) or which distro versions?

  • Now, just make a certain highly corrupt organization charge less then several years revenue for a IPv6 address block.

    Wait, you though just because there are 2^64 blocks they aren't trying to make 2^128 dollars off of them?

    It's about the money, your ISP cannot possibly afford an address allocation, so you're not getting IPv6.

The "cutting edge" is getting rather dull. -- Andy Purshottam

Working...