back to article IPv6 is great, says Facebook. For us. And for you a bit, too

Facebook has wandered down to Speakers' Corner and climbed onto a fruit-crate to spruik the benefits of the decades-old, much-needed and still-relatively-unused IPv6 protocol. With IPv4 addresses just-about-depleted worldwide, Facebook has penned a blog post telling websites to roll out the protocol, if they haven't already. …

Page:

      1. Frumious Bandersnatch Silver badge

        Re: Nat as a security measure

        NAT makes for better privacy. The use of IPv6 without any NAT is likely to make each device in your site uniquely identifiable by its global address.

        Sorry, but that's probably the #1 myth about ipv6. If you use SLAAC then the global address for a single host will change over time. See for example, this page which says (emphasis added):

        IPv6 provides both a stateful and a stateless address configuration functionality. Stateful address configuration is similar to the existing DHCP functionality in IPv4. IPv6 also supports Stateless Address Auto Configuration (SLAAC). In this mode, nodes can automatically configure their network configuration by generating a local IP address, locating neighbors on the same local segment, locating a default router, and even generating a globally routable address using the prefix supplied by the router through ICMP messages. All of this occurs without any user interaction. Another interesting note is that IPv6 provides the ability to easily renumber these global addresses via the routers on the network instead of configuring the hosts individually. Securing these interactions is definitely something to consider when deploying IPv6.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nat as a security measure

      Also as NAT often goes hand in hand with PAT on a router, generally the set up to allow access to a server with a private IP via NAT specifies the port to allow it on.

      It is much easier to accidentally open up access to a single IP (IPv6) from public and not open up a single port.

      Also from a firewall point of view the separation between your private/trusted network and your public network is defined and obvious from the network address space. WIthout NAT and pure public addresses you must ensure you are using the interfaces correctly on your firewall to segregate the traffic. With a simple two interface firewall that is not a problem. However when you have multi-DMZ using a mix of physical and virtual interfaces and semi trusted zones there is more room for a misconfiguration.

      Sure anyone dealing with high end firewalls will have a good ITSM procedure configuration testing etc, but a busy IT team with no specialists and multiple configurators can make mistakes.

  1. Anonymous Coward
    Black Helicopters

    Facebook love IPv6

    Because even if you turn off your location services, we'll be pretty sure we know where you posted it from.

  2. Crisp Silver badge

    I learned a new word today: spruik

    I'm going to borrow that one.

  3. -tim
    Happy

    It seems faster

    I'm seeing 10% faster and when you add in the fact that most tracking and ad sites (except google) don't do IPv6 at all, I'm finding turning off IPv4 isn't a real problem with many sites and speeds up things even more.

    1. Charlie Clark Silver badge

      Re: It seems faster

      How do you get on El Reg then?

  4. Alan Brown Silver badge

    20-30% of sites available via ipv6

    Yet Ofcom STILL won't order ISPs to make it universally available - and refuse to consider complaints that "not providing ipv6 is not full Internet access"

    Mind you, I suspect trading standards could make a good fist of it if someone was to push the complaint that way.

    1. Len Silver badge

      Re: 20-30% of sites available via ipv6

      It's true, the UK is woefully behind most other countries in Europe when it comes to IPv6 use. We'd be lucky to make it into the European top 30 some day. For now we're trailing behind countries that have only recently got stable electricity networks and indoor plumbing...

      https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption&tab=per-country-ipv6-adoption

      Another comparison? Have a look at basic hosting accounts. In many EU countries even very basic (three quid a month) hosting accounts give you an IPv6 block as standard. In the UK even major hosters will tell you they have no idea when they'll implement it. It means that I have now consolidated all my hosting that used to reside at seven hosters at just two that do understand IPv6. Mythic Beasts for the more techie stuff and OVH for the more mainstream heavy load stuff. Good riddance.

  5. Charlie Clark Silver badge
    Go

    Moar performance

    I suspect that Facebook is seeing high latency particularly in Asia where multi-layered NAT is common and use on mobile devices, where latency matters more, is predominant. Switching to IPv6 should be a no-brainer.

    The real win, however, will be with HTTP/2 over IPv6.

  6. ZeroSum

    UK isn't a complete IPv6 laggard any longer

    Sky Broadband soft launched dual-stack IPv4+IPv6 in August and as a consequence Google is seeing 10 times as much IPv6 traffic from the UK. Last weekend it was 2.1%.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019