It is not the transport's job to enforce an access control policy.
True, but in the case of the home user, it's a very handy side effect.
Those of us who have been building IP networks since the old days when every small organization had a /24 and every large organization had a /16 (and they really were still called "Class C" and "Class B" networks back then) remember assigning a public IP address to every single node. It was still possible to deploy a firewall, but the firewall's only job was access control.
We did rules like "Allow 126.96.36.199/24 to access 0.0.0.0/0" which would, for example, give all of the computers in that network access to the Internet.
With IPv6, you'll see rules like "Allow 2607:f1d0:1:fe::0/64 access to ::/0" in order to give all of the computers on that IPv6 network access to the Internet.
You'll still have automatic address assignment. Autoconfiguration in IPv6 is even easier than IPv4. You don't need a DHCP server. A new node coming online just listens for the nearest router, figures out the network prefix, and assigns its own address with the lower 64 bits set to its own MAC address.
Most importantly, without NAT you don't need to have your firewall spoof FTP and other protocols which need to know the endpoint addresses in order to function properly.
this is for end users not server runners.
'bout sums it up.
Though I haven't read the RFCs, my understanding is that for any IPv6 host, it's recommended that the host's MAC address (actually, the host's EUI-64 address, see below) be used as the host portion (the lower 64-bits) of the IPv6 global address (see below), but it's not a requirement. As IG mentioned, the host address can be locally administered. Either through static configuration or via a DHCPv6 server (or some other, as not yet invented, method).
As for MAC vs. EUI-64. The IEEE is pushing networking vendors to switch to using EUI-64 addresses instead of MAC-48. My understanding is that the unassigned MAC-48 address space is starting to dwindle, probably due to the way that MAC-48 addresses are structured with an organizationally unique identifier (OUI).
Obviously, though, there's a lot of equipment out there still using MAC-48s, and vendors aren't going to switch to EUI-64s until they have to, so the IEEE came up with a method to convert MAC-48s into EUI-64s on-the-fly. I'd recommend googling for the details, or, if there's interest, I can post it here.
As for IPv6 addresses. Also remember that, unlike IPv4, IPv6 addresses are scoped. IPv6 defines scopes to limit the validity of certain network addresses.
There's quite a few when it comes to multicast, but for "normal" unicast addresses, the most important are link-local and global. Where global addresses recommend the use of the host's EUI-64 as the interface portion of the address, I believe a link-local address may require it. Obviously, as the name implies, a link-local address is only valid in the scope of the link connected to the host.
Isn't IPv6 fun???
Wikipedophilia says that the IEEE is expecting the MAC-48 space to be exhausted in 2100, but their citation for this claim says nothing of the sort.
What IEEE *does* say [http://grouper.ieee.org/groups/msc/MSCRacInfo/UseOfEUI.htm] is that NEW APPLICATIONS are strongly encouraged to make use of EUI-64 instead of MAC-48. "New applications" for the purpose of this discussion means "things other than Ethernet." Fibre Channel, for example, makes use of non-legacy EUI-64 space.
IPv6 does document the "correct" way to map either a MAC-48 or an EUI-64 to the host portion of an IPv6 address in a /64 subnet, though. We have yet to see what the common practice will become.
Autoconfiguration makes perfect sense for desktops. It may make sense for certain types of servers as well.
I hesitate to ask, but how does DNS over IPv6 work? Is it built into IPv6, or a separate thing?
Transmitting IPv6 information over DNS can occur over IPv4 *or* IPv6. The protocol can handle it. We use a new record type: AAAA. Whereas you advertise an IPv4 address over an A record, you advertise an IPv6 address over an AAAA record.
(Get it? The address is four times as long, so there are four times as many A's.)
Any given host can have an A record, an AAAA record, or both. The idea is that if you have an IPv6-enabled client for some particular service, you look up the AAAA record first, and if you get one, you try to connect to that address.
If that fails, then you look up the A record. The idea is that someday the A records and associated IPv4 records will simply go away.
If I wanted to register an address for IPv6, to whom do I go?
Your ISP should be able to provide IPv6 addresses to your home internet. And any web/server hosting providor should be able to answer wether they have IPv6 support or not.
I know my home ISP does support IPv6, and all of my operating systems and routers do as well (mind you, my router is close to 5 years old). I just haven't thought about switching until it's absolutely necessary.
Hrm... what does a router with IPv6 support look like? I don't tend to see any options in the router for something like that.
Most routers automatically detect what IPv you're using. Most of the older ones (5+ years old) will only recognize IPv4 and will give you a weird error if it's trying to get to IPv6, or just will not connect at all.
Most of the routers around today will have 'IPv6 Support' listed in their features. Try looking for it on your current router.
I'll have to do that. I'm using the same router as we use at work, so if its good for me, it'll be good for where I work, too.
It's a modern router though, so I should think it has support.
Hrm... I'd still be able to access all the IPv4 goodness, right? Because that would be pretty serious.