[LAC-TF] IPv6 vs. IPv4: Which is Really Better?

Fernando Gont fernando at gont.com.ar
Fri Nov 16 20:36:41 BRST 2012


El articulo de referencia, comentado: ;-)

On 11/16/2012 05:03 PM, Alejandro Acosta wrote:
> IPv6 vs. IPv4: Which is Really Better? by Jennyrichards    November
> 06, 2012
> A lot of people are wondering if IPv4 is better than IPv6. Some
> people still hold this to be true. In fact however, IPv6 has many
> more impressive features than the previous Internet protocol version.

Muchas personas coinciden con ese punto de vista. Algunas referencias:

* <http://www.truecrimereport.com/smoking-pot.jpg>

> The following are some of the reasons why.
> More Address Space
> Version 4 has 32 bits which permits around 4 billion different IP
> addresses. It seems like a lot. But the exponential growth of the
> Internet has made this inadequate. Version 6 has 128 bits. This
> translates to 340 billion billion billion billion (3.4x1038)
> different addresses. To get an idea of the size difference, imagine
> that the whole v4 is stored in one iPod. In contrast, the whole v6
> space would be the size of the Earth.

En *teoria*. facil, alreadedor de un 40% del espacio se pierde al
utilizar /64s para LANs. Luego, si descontamos los bloques utilizados
apra link-local, multicast, etc., seguimos "perdiendo" direcciones.

Dicho de otro modo, quien crea que la cantidad de direcciones
disponibles a la practica son 2**128, está fumando cosas raras.

> Better Networks

"Better networks" depende de una infinidad de factores. Ver, por
ejemplo, slide 14 de
En el corto y mediano plazo, ciertamente no vamos a tener "better networks".

> This ensures there will be more space for future Internet addresses.
> The additional space also means there is no more NAT. Networks are

En absoluto. Datapoint:

* <http://lwn.net/Articles/468671/>

> easier to set up, Hardware and software become less complicated.

Falso. Comprar la complejidad de:

1) IPv6 + ND + MLD + ICMPv6 + SLAAC + DHCPv6

con al de:

2) IPv4 + ARP + ICMPv4 + DHCPv4

> Another advantage is that you can create a network where various
> appliances and gadgets are on one network. Because there are a lot of
> IP addresses, no conflicts in that area will be occurring.


* Datapoint:

> Superior Connectivity End to End
> The extra address space means better end-to-end connectivity is
> assured. For home users it means streaming media, VoIP and similar
> services will work much better.

Falso. Ver slides 20-22 de

> Auto-Configuration
> Anyone who sets up networks will be happy to know that v6
> configuration is automatic. The system itself has been greatly
> simplified. Compared to the laborious setup of v4, the new Internet
> protocol offers plug-and-play. It has DHCPv6, which streamlines the
> system.

Falso. En la praçtica, usualente terminas necesitando tanto SLAAC como
DHCPv6, lo que resulta ser doblemente complicado.

> Header Structures are Simpler
> Internet protocol version 6 has a simplified packet header structure.
> The reduced complexity means less effort and time goes into
> processing. It became possible because fields that are not essential
> are set only after the protocol header. Because of this, the headers
> are more effectively processed. There is no need for fragment and
> reassemble packets, network-layer checksums computation and headers
> parsing.

Falso (http://www.kcconfidential.com/userfiles/national-pot-smoking-day.jpg)

La estructura del encabezamiento resulta ser jodida. Datapoints:

* http://tools.ietf.org/id/draft-ietf-6man-nd-extension-headers-01.txt
* http://tools.ietf.org/id/draft-ietf-6man-oversized-header-chain-02.txt

Y lo cierto es que debido a esta complejidad, es probable que no podamos
usar opciones
(http://tools.ietf.org/id/draft-carpenter-6man-ext-transmit-01.txt), y
que ni iquiera funcione el mecanismo de fragmentación

> Routers overhead processing is reduced. The end result is that more

Solo si asumimos que el router no debe mirar nada mas allá del
"fixed-length IPv6 header" -- lo que no es el caso (menos aun si el que
envia paquetes es un atacante).

> packets can be processed. The extension header makes protocol
> inclusions more flexible. Version 4 has size restrictions; version 6
> does not. 

Too bad. Resulta que *si* deberia haberlas tenido:

(Y por otras consideraciones, os headers deberian estar todos en, aprox,
os primeros 128 bytes, o algo asi).

> It is possible to expand them for data accommodation.
> Standard version 6 protocols do not have an extension header. They
> will only be added of required. This is in cases of special handling.
> The design makes version 6 more than capable of handling any given
> situation.

More capable of handling the theoretical situation in which pakets do
not employ extension headers, and middle-boxes do not need to follow the
entire IPv6 header chain.... (sigh)

> Security Improvements
> Version 6 has also improved in the security aspect. 

Falso (https://www.youtube.com/watch?v=U0X-SzmvY_0).



> Data
> communications are secured by cryptographic protocols. Three security
> protocols are used: Internet Key Exchange (IKE), Encapsulating
> Security Payload (ESP) and Authentication Header (AH). These measures
> assure end to end mechanisms are in place to secure information. It
> means programs no longer need to have these features integrated.

(Overdose total :-) )

No solo es falso, sino que, tal como fuera mencionado por ej., en la
reunión del opsec WG en la ultima reunion de IETF, por ejemplo se
dispone de contadas clientes/servidores de VPN para v6:

(ver comentario de Paul Hoffman, cuando se lanza la discusión (luego de
la resentación del sujeto de remera verde e inglés rudimentario :-) ).

> There are many computer users who are not familiar with either type.
> However, it is still important for people to know if iPv4 is better
> than iPv6.

Bullshit. Who cares? (al fin y al cabo, es como decía mi amigo:

Lo importante es identificar posibles/potenciales problemas, y arreglarlos.

> Knowing these facts is essential for anyone who is running
> a network or uses the Web a lot.

En realidad, la mayoría de la gente que "usa mucho la web" utiliza
explorer (o similares) con la cuenta root (o similar). Esta situacion
hace que dichos usuarios tengan cosas bastante mas importante por
preocuparse. :-)

> Charlie is a free lancer of www.tech-faq.com/ and he is explaining
> everything about

(no comments) :-)

De cualquier modo, no se trata de afectar los animos de nadie
sino simplemente de desmantelar esos mitos que vienen desde hace años.


Un abrazo,
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the LACTF mailing list