Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This sort of shenanigans will be over with IPv6. Blocking ICMP is not an option there.


Then it is likely that they will never be over.

Much like Google did with SPDY, I suspect they can (and at some point some big player will, be it google or someone else) release a TCP replacement that, unlike IPv6, is actually useful if you only have an IPv4 link between endpoints; and it will be this protocol that will eventually replace IPv4 rather than IPv6.

There's even a candidate: CCN; read apenwarr on Van Jacobson for more http://apenwarr.ca/log/?m=201211#11

I just hope they combine it with something like NACL, so that we have secure by default, end-to-end unsniffable communciation.


OK, no.

First, don't read apenwarr for the info, read the paper.[1] Unfortunately, that still won't carry you that far because there's a whole lot of "community knowledge" that is carried in DS papers that you don't get unless you read a lot of them or are in the community.

CCN is not an actual proposal. It's a pie-in-the-sky networking redesign.

Do you know what would be required to implement CCN? Go read the paper. The hardware cost alone is insane. This is not coming any time soon. Be prepared for IPv6 for the next 20 years at least.

[1] http://sites.google.com/site/zhongrenshomepage/Networking%20...


I'll take your word for how pie-in-the-sky CCN really is, I skimmed through the paper without a critical eye. However ...

> Be prepared for IPv6 for the next 20 years at least.

I have, for the last 10 (or more?) I think it was 1999 when I was thinking "I should probably implement IPv6 in this project, because next year it's going to be everywhere".

I think you mean "be prepared for IPv6 to be the up-and-coming protocol for the next 20 years at least".

Maybe not CCN, but I suspect it's more likely that a killer-app with it's own tunnelled-in-IPv4 protocol is more likely to take over than IPv6. BitTorrent had a chance to do that, but didn't. I can't point to the next one myself.


Can you elaborate on why that is?


Because IPv6 breaks hard if ICMP is filtered. It depends on a bunch of newly allocated message types and replaces things like ARP and (some functions of) DHCP with broadcast ICMP.

There is tons of little crap like this in the low level details of IPv6. "We don't like that people do X, so we will force them to stop"


IPv6 no longer supports fragmenting on routers. That means if you don't want to be stuck with the default minimum MTU of 1280 (which you really don't want to for low-latency applications) you need to support Path MTU Discovery, which in turn requires ICMP to go unhindered across a large number of different networks between you and the receiver.


ipv6 enforces a minimum MTU of 1280? I've personally run into many VPNs with much smaller MTUs


And so the networks involved in those VPNs need to support path MTU discovery, and they won't have any problems.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: