Archive

Archive for May, 2012

No IPv6 on WordPress, but there are options…

May 30, 2012 Leave a comment

Today I reviewed my blog entries, hosting services, domain names, videos and slides I have created for over 8 years. Once I was complete, only one thing still needed to be tested –  the ability for WordPress to support IPv6. Well they failed and I needed a method to ‘proxy’ my site through an IPv6 to IPv4 infrastructure. The solution was CloudFlare, a provider that frontends IPv4-only websites allowing them to be accessible via IPv6.

The process was quick and easy, took a short time to set it up including making CloudFlare the hosting service for my domain DNS.

Upside: quick and easy

Downside:

        Turning the hosting of my domain names over to another vendor,

        IPv4-only code running under IPv6 is now vulnerable

        CloudFlare’s inability to support DNSSec.

Anyway, for the short term this seems the only solution.

Advertisements
Categories: General, IPv6, Security

I want IPv6, but…

May 29, 2012 Leave a comment

Ok, I am not a big fan of Teredo, a tunneling technique that rides IPv6 inside UDP packets over IPv4, but there are times when it is required.  Let’s first start with a time when it should not be used and that is when you are an authorized user on an enterprise and need IPv6. In this case call your IT department.

When should it be used? Anytime that you need to connect to IPv6, but the local switch, upstream router, network firewall or ISP does not support IPv6.  Here are methods to enable IPv6:

  • Windows XP – enable Ipv6
  • Vista,  Windows 7 and Window 8 – IPv6 is enable by default; your IT department might have disabled it by default in all cases. Call your IT department.
  • Linux Ubuntu/Debian – “sudo apt-get install miredo” is enough to have IPv6 connectivity. There is no configuration needed.

Is my connection end-to-end, ready for IPv6?

May 29, 2012 Leave a comment

When speaking and consulting around North America, I am often asked the question, how do I know whether I am running IPv6?

This is actually a complex question, and the test you need will depend on your purpose. The simplest test will try the routability of your packet to a test website with the result of providing your current unicast IPv6 address. Websites that fit this model include:

Note: If you are unable to obtain a simple IPv6 address, ensure the following:

  1. Does your operating system support IPv6?
  2. Is IPv6 enabled on your system?
  3. Does the host have a firewall which is blocking IPv6?
  4. Does your switch support IPv6?
  5. Is your router capable of supporting IPv6? Is it configured for IPv6?
  6. Is your firewall capable of supporting IPv6? Is it configured for IPv6?
  7. Is your ISP capable of supporting IPv6? Have they configured your network connection?

* details on how to do the above steps will be explored in a future posting

The second level not only validates the routability, but also validates the DNS, traceroute, and a few other features. These include:

The last and most complete tests are found on sites I use to troubleshot and tune customer’s networks and include the following:

If you find others, please post them under comments.

Categories: General, IPv6 Tags: ,

With IPv6 being turned on, is keeping IPv4 a bad idea?

May 28, 2012 Leave a comment

Over the last 8 years, I have convinced several large organizations to enable an IPv6 only network, disabling IPv4 completely. The result has been a lower cost of managing the networks, as compared to organizations running dual-stack environments. Another major benefit is mitigating a vast amount of malware, command and controls channels (C&C), and Remote Access Trojans (RATS), lowering the number and cost of compromises.

It now seems others are beginning to think about these issues, according to an article from Government Computer News (GCN).  It looks like Steve Pirzchalski, IPv6 program manager for the Veterans Affairs (VA) Department, gets it.

Google Trends and IPv6

May 25, 2012 Leave a comment

Have you ever gone to Google Trends just to see if something is becoming popular and where people are who most interested? I just typed in IPv6 to Google Trends and discovered that the top 10 regions of the world interesting in IPv6, based on google searches are:

  • Taiwan
  • Japan
  • China
  • South Korea
  • Czech Republic
  • India
  • Sigapore
  • Malaysia
  • Finland
  • Netherlands

The US is not even in the top 10. Does that mean the US is just not interested?

The top 10 Cities are:

  • Bejing China
  • Bangalore India
  • Chiyoda Japan
  • Osaka Japan
  • Shanghai China
  • Signapore Singapore
  • Munich, Germany
  • Amsterdam, Netherlands
  • New Delhi, India
  • Paris, France

Again, the US is not in the top 10. Where are the US Cities?

In the US, I found it interesting that the number one language was Chinese to query for the word IPv6.

Categories: General, IPv6 Tags:

Cisco / Linksys leave their current customers behind

May 25, 2012 3 comments

Based on the Home Router page on the Cisco website (http://home.cisco.com/enus/ipv6), millions (perhaps tens of millions) of routers will need to be replaced. The sad part is that Cisco has had working versions of IPv6 code on many of their older lines of products for at least three years, but has not released it, presumably because they figured they could force the consumer to churn the product.

Sadly, Cisco has not been listening to their own customers’ demands for IPv6 on their routers since 2005.[1]

These references can also be found on Cisco’s own forums – in some cases going back to 2007.[2]

I have two questions for Cisco at this point. Can Cisco still be considered a trusted name in consumer products? And as the code you withheld will            force perhaps tens of millions of routers to go to the trash dump, who is going to pay for the early demise of these routers?”

Users that want to get a few more years out of that ‘old Cisco router’ and are willing to spend an afternoon on it, can load dd-wrt to enable IPv6.        (www.ddwrt.com/)

Categories: IPv6 Tags: ,

No IPv6 on AT&T Mobility – for now

May 24, 2012 Leave a comment

As a treat to myself, I decided to purchase a 4G hotspot for days when I am traveling. I looked at everyone’s product and decided on the AT&T Mobile Hotspot Elevate 4G by Sierra Wireless.  Connected it up, had good service everywhere I went, until one day I tried to access several websites that would not work. After researching them on my home network I realized that those websites were IPv6 only.

During this research, I had my hotspot stolen and had to make a decision how to handle it. I called AT&T and reported the loss of the hotspot and discovered they did not know anything about IPv6. Once the service was disconnected, I informed them, I was not going to need the service anymore. I was passed to another person who attempted to entice me into purchasing another product, but without IPv6 I decided it was easier to cut bait.

Searching on Google for “IPv6 AT&T Mobility” I discovered a website that promised me “AT&T is prepared for IPv6 across our products, services, and network infrastructure for all of our customers. Most customers will not need to take any action for IPv6 – AT&T has you covered”, but no date was listed of when they were going to implement.  Looking at the page information in my browser however, I did notice that AT&T included Meta tags describing the ISP I was on, the location, longitude and latitude, bandwidth, the browser I was using and the search terms I had used to arrive at this page: (http://www.att.com/esupport/ipv6.jsp#fbid=HKAOQIIfiBM).

In addition, I noticed multiple comments that AT&T iPad 3G does not support IPv6[1], and saw this interesting quote: “AT&T Inc. (NYSE: T) has not yet replied to LR Mobile’s questions about its IPv6 plans. The operator’s CTO, John Donovan, however, says in his blog that AT&T has been working on its “multi-year” IPv6 transition since 2006.”[2] Deciding to give them a fighting chance, I began researching the Sierra Wireless device I purchased, figuring that maybe if they don’t have it yet working on their infrastructure, at least they would be ready by ensuring the mobile devices they sell to their customers supported Ipv6. Well I was wrong.

I accessed the Sierra Wireless website, and using the search button provided I did a search for IPv6. What I discovered is that none of the products including AirCard Mobile Broadband Devices, AirPrime Embedded Wireless Modules, AirLink Intelligent Gateways and Routers and AirVantage M2M Cloud platforms support IPv6.  Again, this is based on searching their website.

What I did discover is that Sierra Wireless also sells to Sprint, Deutsche Telekom, Accel Networks, Silver Spring Networks, ORBCOMM, Schneider Electric, ABB’s Distribution Automation, Atos Worldline, Pulse Energy, NSGDatacom, Panasonic Toughbook, Garmin, EDMI, Elster, Maestro Wireless Solutions, NetMotion Wireless, Track Star AVLS GPS Software Solution, Routeware and Fleeteyes. This one product impacts IPv6 support for mobility carriers, smart grid companies, automation systems, electronic payment systems and more.
I then went to the IPv6 Ready website (http://www.ipv6ready.org/) and find none of the above products listed. Then I proceeded to check National Instutute of Standards and Technology (NIST) web site for authorized IPv6 testing groups and discovered that neather  icsalabs[3] nor NH-IOL[4]  showed the above products supporting IPv6.

In short, AT&T Mobility blogged about it in 2006, and 7 years later they have not even ensured that the products they sell to their customers support IPv6. In addition Sierra Wireless, a company which provides products to many companies, also does not support IPv6.

So what is the impact to the consumer? Well first, if you are using AT&T on World IPv6 day, the products you have purchased are not supported and will require you to buy new products. Second, the businesses depending on AT&T mobility or the Sierra Wireless products should not expect support for IPv6 for some time.

If you are an integrator, inventor, innovator or business expecting to leverage IPv6 over the next few years, it appears that the above companies may not have the ability to deliver.

Lesson for carriers and companies developing network based products, it’s time to ensure you have a procurement policy requiring IPv6 on all products.

In short, if you want IPv6 on June 6, 2012, go elsewhere.