This discussion has turned into a bit of a general IPv6 discussion,
rather than a Wikipedia-on-IPv6 or Mediawiki-tools-IPv6-support discussion.
Marcin Cieslak wrote:
>> You *DON'T* want to renumber your whole
home network every time
>> your ISP changes your IPv6 prefix.
You probably don't want to *manually* renumber your whole home network
every time your ISP changes your IPv6 prefix. But since your home
network will use global IPv6 addresses, you will have to.
As a side-note: I don't think (and hope) that IPv6 prefix renumbering is
very common; it sure is not needed like re-assigning IPv4 addresses was
required. After all, IPv4 re-assigned was only introduced after they
became scarce. Some will remember the time when end-users where assigned
a whole block op IPv4 addresses (I still have 16 public IPv4 addresses
at home).
Anyway, renumbering is probably just a matter of sending out a new
prefix in the Router Advertisement message of the Neighbour Discovery
Protocol. This happens automatically, so I don't see an issue here.
And for those few nerds who really don't want to renumber (for example,
because they are multi-homed: e.g. have multiple ISP connections to
their home), there is something called prefix renumbering, akin to NAT
in IPv4.
For detailed info on IPv6 renumbering, please read
http://tools.ietf.org/html/rfc4192 (This details the procedure for IPv6
renumbering of larger office networks).
Anthony wrote:
> A dynamic address (IPv4 or IPv6) generally
provides *some* privacy
> above a static one. Not a lot, especially not without taking other
> measures, but some.
An issue that was brought up earlier is that there is a significant
change in IPv6: Most device and networks use stateless address
autoconfiguration (SLAAC). By default, the MAC address of your computer
is added to the network prefix (plus a 2-byte filler 0xFEFF to get to
right number of bits). For example, the MAC address of my laptop is
"00:23:6c:97:6c:e6" and the IPv6 address of at home might be:
2a01:238:43ed:a300:223:6cff:fe97:6ce6
while the IPv6 address of this laptop at work could be:
2001:610:108:2006:223:6cff:fe97:6ce6
Despite that the prefixes differ, you still know this is the same laptop
because the last part of the address is the same. This allows a site
such as Wikipedia to track users by their IP address, thus without cookies.
This problem has been acknowledged for quite some time, and the solution
is something called "privacy extensions" for IPv6. The solution is that
the host picks a random address, rather than using the MAC address, and
change this random address about once per day.
These privacy extensions are supported by most (all?) major operating
systems nowadays, so I do not seen any issue regarding privacy of IPv6
addresses anymore.
Details can be found in
http://tools.ietf.org/html/rfc3041
Marcin Cieslak wrote:
>> The whole point of IPv6 is to give the choice
not to use external
>> providers - you become part of the "cloud", not just a dumb consumer.
I don't think so, but to be honest I have no clue what you are trying to
say here. A consumer always need one (or more) network providers for
connectivity. What *is* a non-external provider?
Also, remember that the work on IPv6 was started in 1994, and the IPv6
specification was published in 1998, well over 10 years ago. I can
testify that "cloud" was not yet part of the obligatorily hype-speak at
the time.
For the record: There have been about four proposals for IPNG, and the
one that the IETF choose was one which only solved one issue: adding
more addresses, and explicitly did not add any other features.
Yes, there has been some talk about making IPsec manditory (thus
theoretically making IPv6 more secure) but I don't think that has ever
been implemented in practise, so there is no functional difference
there. The only significant change of IPv6 over IPv4 is that it makes
much better use of multicast, but that really is a small technical
change that most users will never notice.
The only problem I still see with IPv6 related to Wikipedia is that it
is so easy for vandals to get a new IP address, that blocking a single
IPv6 address is not going to stop them. Hence, I suspect it is better to
block a whole /64 prefix by default. To what extend this is a problem,
and if this is indeed a good solution is best judged after gathering
some actual vandalism statistics in the coming months.
Allow me to once more iterate my gratitude to the Mediawiki team and
those present at the Berlin hackaton to make Wikipedia available over
IPv6. Many of use already run Mediawiki over IPv6, but we all realise
that doing it for Wikipedia is a different ballpark with all the Squid
instances and separate backends. Given that I haven't seen any mention
of major incidents, this only testifies for the overall quality of the
software and infrastructure. Kudos.
Regards,
Freek Dijkstra