Thread: IPv6 Software updating....

  1. #1
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547

    IPv6 Software updating....

    I'm just now learning about the new internet IPv6 protocal and frankly it's about as clear as mud... Perhaps I can impose on the more familiar here to give me some nice clear answers.

    1) Is IPv6 one continuous address space?
    I've seen articles where there is discussion about IPv6 like it's just one big 128 bit number, but other articles (some newer, some older) represent it as 2 64 bit numbers one to identify the network and another to specify hosts.

    2) How will home networking routers and WIFI handle IPv6?
    The discussion I've seen on these points is *so horridly muddled* that frankly I can make no sense of it at all. I get the NAT and UPNP stuff currently used, but apparently this is toast under the new scheme.

    3) If I build an IPv6 LAN application, how do I isolate it's server from the open Internet?
    From all reports IPv6 does not use NAT or conventional routing techniques that I understand, so a major concern is that an in-house network is NOT exposed to the internet.

    4) Will local IPv4 be possible when IPv6 takes over?
    This relates to question 3... I cannot find information anywhere as to whether I can still use IPv4 addressing on an IPv6 LAN setup.
    Last edited by CommonTater; 12-04-2011 at 10:19 AM.

  2. #2
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    1) IPv6 is just as continuous as IPv4. You specify the number of bits you want for the subnet and for the address within the subnet.
    2) NAT (and probably UPNP, but I don't know about that) should continue to work under IPv6. However, the real reason NAT exists is because of shortage of IP addresses. Since IPv6 fixes this, NAT will become obsolete in this sense. It can still be used to cut off someone from Internet, but with a good software firewall, there should be no reason. It should also simplify Internet programming due to routers not blocking incoming traffic,
    3) Under IPv6, it is hoped that the Internet be as it should have been - that every computer has a unique IP without the need for NAT, so it's no different than usual. All your computers have public IPs, and so do the rest of the Internet.

    I've never really programmed with IPv6 on low level, so I can't really say it will affect you, but my guess is that - it won't.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #3
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by Elysia View Post
    I've never really programmed with IPv6 on low level, so I can't really say it will affect you, but my guess is that - it won't.
    Of course it's going to affect me...
    I'm having to rewrite a considerable amount of software in anticipation of the changeover.
    I need to know what I'm getting myself into here and can't find *any* clear information.
    I'd like to have it done beforehand, rather than plying catch up.

  4. #4
    Registered User
    Join Date
    Sep 2010
    Posts
    7
    To add to a few of the answers already given:

    2) How will home networking routers and WIFI handle IPv6?

    Routing IPv6 over the Internet is the same as routing IPv4 over a private network with multiple subnets. All hosts have a route to all other hosts.

    As you know, in IPv4, hosts on a LAN are usually assigned a private address that is not routable over the public Internet. So, NAT is necessary to translate private addresses from the private LAN into the public, globally routable assigned to your router by your ISP. In IPv6, all hosts on your LAN already have a globally routable address, so no translation is necessary. (Your IPv6 hosts will also have at least one other address per network interface, a link local address, but that's another story.)

    Don't look for added complexity, there's nothing new to learn as far as routing goes. It's the same as routing IPv4 in a private network, so just imagine the Internet as being one really big private network. If that sounds scary from a security point of view, remember that you'll have firewalls to stop traffic from getting to places that you don't want it to go.

    4) Will local IPv4 be possible when IPv6 takes over?

    Yes, this is called a "dual stack" setup, running the IPv4 stack and IPv6 stack simultaneously. Current desktop OSes support this out of the box, and commercial routers above Linksys-level will support it with the correct software images. For home networking gear like Dlink or Linksys, some may not support IPv6 at all at the moment, but the ones that do will also support dual stacking.

    --

    If the IPv6-side of the application rewrite means opening a socket and having it use IPv6 rather than IPv4, there shouldn't be many "gotchas" to worry about, though naturally getting a better understanding of the protocols you're using is a good thing. If it's at a lower level than that, Silvia Hagen's IPv6 Essentials is a pretty good starting point for more information on the protocol.

  5. #5
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Quote Originally Posted by CommonTater View Post
    4) Will local IPv4 be possible when IPv6 takes over?
    This relates to question 3... I cannot find information anywhere as to whether I can still use IPv4 addressing on an IPv6 LAN setup.
    Quite. I am running IPv6 internally and IPv4 externally (because my ISP doesn't believe transitioning to IPv6 is a good idea) (or at least I have).

    Quote Originally Posted by gratuitous_arp View Post
    2) How will home networking routers and WIFI handle IPv6?

    Routing IPv6 over the Internet is the same as routing IPv4 over a private network with multiple subnets. All hosts have a route to all other hosts.

    As you know, in IPv4, hosts on a LAN are usually assigned a private address that is not routable over the public Internet. So, NAT is necessary to translate private addresses from the private LAN into the public, globally routable assigned to your router by your ISP. In IPv6, all hosts on your LAN already have a globally routable address, so no translation is necessary. (Your IPv6 hosts will also have at least one other address per network interface, a link local address, but that's another story.)

    Don't look for added complexity, there's nothing new to learn as far as routing goes. It's the same as routing IPv4 in a private network, so just imagine the Internet as being one really big private network. If that sounds scary from a security point of view, remember that you'll have firewalls to stop traffic from getting to places that you don't want it to go.
    Just to add to that. It is still possible to use NAT with IPv6. In fact, all the addresses in fd00::0/116 (I believe that's the right mask postfix, but don't quote me on that) is reserved for private addresses; hence they're not globally routable. You can use all of those addresses for internal network routing.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  6. #6
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by CommonTater View Post
    Of course it's going to affect me...
    I'm having to rewrite a considerable amount of software in anticipation of the changeover.
    I need to know what I'm getting myself into here and can't find *any* clear information.
    I'd like to have it done beforehand, rather than plying catch up.
    As gratuitous_arp says, if your software is on top of tcp/ip, this does not amount to a big deal unless you are in the habit of crassly hardcoding IP addresses, because that is all it will affect (ip addresses). I'm pretty sure at this point all common platforms have an IPv6 socket that can accept IPv4 addresses in "IPv4 mapped" format, so yes, eventually your servers need to use those, but this is little more than adding a flag to a function call.

    So if you are really worried, just write an IPv6 server and an IPv4 client and see if everything works out the way you think it will locally. That'll save you hours of unnecessary reading about low level details that make no difference to what you are doing anyway.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  7. #7
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by gratuitous_arp View Post
    To add to a few of the answers already given:

    2) How will home networking routers and WIFI handle IPv6?

    Routing IPv6 over the Internet is the same as routing IPv4 over a private network with multiple subnets. All hosts have a route to all other hosts.

    As you know, in IPv4, hosts on a LAN are usually assigned a private address that is not routable over the public Internet. So, NAT is necessary to translate private addresses from the private LAN into the public, globally routable assigned to your router by your ISP. In IPv6, all hosts on your LAN already have a globally routable address, so no translation is necessary. (Your IPv6 hosts will also have at least one other address per network interface, a link local address, but that's another story.)
    I think you misunderstand ... I need the server in the immediate project to be absolutely inaccessible beyond the confines of the local area network. It's involved in Home Theatre... so unless someone wants to wake up to 1500 watts of Smoke On The Water at 3:00am, I can't be letting anyone on the wan side know the thing even exists.

    Other projects involve access to file shares in servers that are just as isolated because they hold large volumes of corporate and personal data.

    I'm not worried about getting access to or from the internet... just the opposite, my goal is making it impossible.

    I get the part about NAT not being needed here... and frankly that's part of what's bothering me.

  8. #8
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    How can it bother you? NAT does not disconnect a computer from the network.
    If you really don't want others to be able to access a specific computer, then you can drop all packages to that computer from non-trusted sources. Granted, you'd probably need an enterprise router to do that, though.
    You can also created a NAT with IPv6, but it kind of defeats its purpose.

    EDIT:
    Also, you can disable the default network on those devices you want to hide.
    This will allow you to access them inside the current subnet, but not outside.
    Last edited by Elysia; 12-04-2011 at 05:22 PM.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  9. #9
    Registered User
    Join Date
    Sep 2010
    Posts
    7
    Quote Originally Posted by Elysia View Post
    Just to add to that. It is still possible to use NAT with IPv6. In fact, all the addresses in fd00::0/116 (I believe that's the right mask postfix, but don't quote me on that) is reserved for private addresses; hence they're not globally routable. You can use all of those addresses for internal network routing.
    Quite right -- several address scopes are reserved for non global use, like the link-local addresses mentioned above.

    Quote Originally Posted by CommonTater
    I need the server in the immediate project to be absolutely inaccessible beyond the confines of the local area network.
    This is a requirement that is best solved outside of your software. The server's firewall (Windows firewall, iptables, etc.) will be able to prevent direct access from the Internet when properly configured.

  10. #10
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by gratuitous_arp View Post
    This is a requirement that is best solved outside of your software. The server's firewall (Windows firewall, iptables, etc.) will be able to prevent direct access from the Internet when properly configured.
    Ok... will an IPv6 compatible router do this for us?

    Perhaps I should have put more detail in the first message... Basically what we now use is a pretty standard D-Link 4 port wirless router. The HTPC and file server (5tb, nice!) are hard wired to the router. Other devices (laptops, netbooks, etc) access the local network by wireless. It's pretty standard home networking with XP style file sharing, with everything funnelled through a single modem... but it's connected to top of the line AV gear. We dare not let anyone traverse in from the wan side simply because we can't have people accessing the system from beyond ear shot (which given the audio we set up, can be a couple of city blocks).

    I do have password security on the server software... every packet is passworded and I have a weak form of packet encryption implemented... but that won't stop a "designed for this system" remote control in Tokyo from accessing it after only a few password guesses.

    The other systems which need similar levels of security are corporate inventory management sort of packages... the need for security is equal, but different in these cases. Here we're preventing people from accessing shared folders and files.

    I have a very good reputation for "impenitrability" up to this point (and people have tried) and don't really care to see that flushed down the toilet by a change in technlogy...


    Also... If I understand correctly, most Windows systems and most routers will fall back to IPv4 on the subnet side when local systems are using IPv4 addresses... Does this mean I can continue with the older DNS and dotted quads even if the rest of the network is using IPv6?
    Last edited by CommonTater; 12-04-2011 at 07:43 PM.

  11. #11
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by CommonTater View Post
    4) Will local IPv4 be possible when IPv6 takes over?
    This relates to question 3... I cannot find information anywhere as to whether I can still use IPv4 addressing on an IPv6 LAN setup.
    Yes. Ideally, Your IPv4 address (x.x.x.x) should always be directly mappable to ::FFFF:x.x.x.x

  12. #12
    Registered User
    Join Date
    Sep 2010
    Posts
    7
    Quote Originally Posted by CommonTater View Post
    Ok... will an IPv6 compatible router do this for us?
    The D-Link may or may not. If it's supported, the web configuration utility should show a firewall or filter section and you should be able to add rules for IPv6, so I would suggest poking around in there as a means of checking.

    Quote Originally Posted by CommonTater
    Also... If I understand correctly, most Windows systems and most routers will fall back to IPv4 on the subnet side when local systems are using IPv4 addresses... Does this mean I can continue with the older DNS and dotted quads even if the rest of the network is using IPv6?
    If you don't remove any of the existing IPv4 addresses, hosts will still be accessible by IPv4 and DNS will continue to work as it does now. Routers and computers don't actually need to "fall back" to IPv4 -- they'll simply use the correct type of address (IPv4 or IPv6) depending on the protocol used by an incoming packet (assuming they support IPv6 and IPv4). This the dual stack scenario.

  13. #13
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by gratuitous_arp View Post
    The D-Link may or may not. If it's supported, the web configuration utility should show a firewall or filter section and you should be able to add rules for IPv6, so I would suggest poking around in there as a means of checking.
    Our current batch of routers do not, this we know. (It's also why I thought to ask before recommending a $5,000 purchase order)

    If you don't remove any of the existing IPv4 addresses, hosts will still be accessible by IPv4 and DNS will continue to work as it does now. Routers and computers don't actually need to "fall back" to IPv4 -- they'll simply use the correct type of address (IPv4 or IPv6) depending on the protocol used by an incoming packet (assuming they support IPv6 and IPv4). This the dual stack scenario.
    Thank you... so we should be making sure the routers are dual mode then... that helps a lot!

    That just leaves the question about firewalling... Is it still possible to keep these servers (Windows machines) invisible from the wan side... Even if these routers are connecting to another switch (as they do in some SOHO setups) we don't want these servers visible even to the parent switch...

  14. #14
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Tater, you can continue to use NAT inside IPv6 if you want.
    If all your computers are on the same subnet (ie, you use switches instead of routers), then all you need to do is disable the local gateway on the servers to prevent any access to/from them (since the servers can't respond, no one will know they ever existed; and even if they break in, no data can be sent back).
    You could also configure your firewall to drop all traffic outside your subnet(s).
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  15. #15
    Banned
    Join Date
    Aug 2010
    Location
    Ontario Canada
    Posts
    9,547
    Quote Originally Posted by Elysia View Post
    Tater, you can continue to use NAT inside IPv6 if you want.
    If all your computers are on the same subnet (ie, you use switches instead of routers), then all you need to do is disable the local gateway on the servers to prevent any access to/from them (since the servers can't respond, no one will know they ever existed; and even if they break in, no data can be sent back).
    You could also configure your firewall to drop all traffic outside your subnet(s).
    That's pretty much what we're doing on v4. In home setups usually we do allow the HTPC onto the net ... Netflix and such... but not our server. So it has to be able to connect out but nothing can connect in. In SOHO setups we usually attach our router to the existing switch, creating a new subnet and encapsulating the entire system, since it's used almost exclusively for presentations ... and Christmas parties.

    So it can also be done on v6... that's good to know.

    One of the big touts I keep seeing for v6 is "everything connects to everything else"... exactly the opposite of what I want. I mean, really... does your toaster have to connect to a vaccuum cleaner in South Africa?
    Last edited by CommonTater; 12-05-2011 at 09:20 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. pcap and ipv6
    By IsmAvatar2 in forum Networking/Device Communication
    Replies: 1
    Last Post: 06-10-2008, 10:25 AM
  2. ipv6 addressing
    By venkatam in forum Networking/Device Communication
    Replies: 1
    Last Post: 03-13-2008, 06:52 AM
  3. IPv6 Address
    By sarathius in forum Networking/Device Communication
    Replies: 8
    Last Post: 03-02-2008, 05:52 AM
  4. IPv6 convert
    By smmad in forum C++ Programming
    Replies: 0
    Last Post: 05-02-2007, 03:53 AM
  5. IPv6 Directed Routing
    By leonidas in forum C Programming
    Replies: 2
    Last Post: 11-28-2002, 10:59 AM