This discussion has turned into a bit of a general IPv6 discussion, rather than a Wikipedia-on-IPv6 or Mediawiki-tools-IPv6-support discussion.
Marcin Cieslak wrote:
You *DON'T* want to renumber your whole home network every time your ISP changes your IPv6 prefix.
You probably don't want to *manually* renumber your whole home network every time your ISP changes your IPv6 prefix. But since your home network will use global IPv6 addresses, you will have to.
As a side-note: I don't think (and hope) that IPv6 prefix renumbering is very common; it sure is not needed like re-assigning IPv4 addresses was required. After all, IPv4 re-assigned was only introduced after they became scarce. Some will remember the time when end-users where assigned a whole block op IPv4 addresses (I still have 16 public IPv4 addresses at home).
Anyway, renumbering is probably just a matter of sending out a new prefix in the Router Advertisement message of the Neighbour Discovery Protocol. This happens automatically, so I don't see an issue here.
And for those few nerds who really don't want to renumber (for example, because they are multi-homed: e.g. have multiple ISP connections to their home), there is something called prefix renumbering, akin to NAT in IPv4.
For detailed info on IPv6 renumbering, please read http://tools.ietf.org/html/rfc4192 (This details the procedure for IPv6 renumbering of larger office networks).
Anthony wrote:
A dynamic address (IPv4 or IPv6) generally provides *some* privacy above a static one. Not a lot, especially not without taking other measures, but some.
An issue that was brought up earlier is that there is a significant change in IPv6: Most device and networks use stateless address autoconfiguration (SLAAC). By default, the MAC address of your computer is added to the network prefix (plus a 2-byte filler 0xFEFF to get to right number of bits). For example, the MAC address of my laptop is "00:23:6c:97:6c:e6" and the IPv6 address of at home might be: 2a01:238:43ed:a300:223:6cff:fe97:6ce6 while the IPv6 address of this laptop at work could be: 2001:610:108:2006:223:6cff:fe97:6ce6 Despite that the prefixes differ, you still know this is the same laptop because the last part of the address is the same. This allows a site such as Wikipedia to track users by their IP address, thus without cookies.
This problem has been acknowledged for quite some time, and the solution is something called "privacy extensions" for IPv6. The solution is that the host picks a random address, rather than using the MAC address, and change this random address about once per day.
These privacy extensions are supported by most (all?) major operating systems nowadays, so I do not seen any issue regarding privacy of IPv6 addresses anymore.
Details can be found in http://tools.ietf.org/html/rfc3041
Marcin Cieslak wrote:
The whole point of IPv6 is to give the choice not to use external providers - you become part of the "cloud", not just a dumb consumer.
I don't think so, but to be honest I have no clue what you are trying to say here. A consumer always need one (or more) network providers for connectivity. What *is* a non-external provider?
Also, remember that the work on IPv6 was started in 1994, and the IPv6 specification was published in 1998, well over 10 years ago. I can testify that "cloud" was not yet part of the obligatorily hype-speak at the time.
For the record: There have been about four proposals for IPNG, and the one that the IETF choose was one which only solved one issue: adding more addresses, and explicitly did not add any other features. Yes, there has been some talk about making IPsec manditory (thus theoretically making IPv6 more secure) but I don't think that has ever been implemented in practise, so there is no functional difference there. The only significant change of IPv6 over IPv4 is that it makes much better use of multicast, but that really is a small technical change that most users will never notice.
The only problem I still see with IPv6 related to Wikipedia is that it is so easy for vandals to get a new IP address, that blocking a single IPv6 address is not going to stop them. Hence, I suspect it is better to block a whole /64 prefix by default. To what extend this is a problem, and if this is indeed a good solution is best judged after gathering some actual vandalism statistics in the coming months.
Allow me to once more iterate my gratitude to the Mediawiki team and those present at the Berlin hackaton to make Wikipedia available over IPv6. Many of use already run Mediawiki over IPv6, but we all realise that doing it for Wikipedia is a different ballpark with all the Squid instances and separate backends. Given that I haven't seen any mention of major incidents, this only testifies for the overall quality of the software and infrastructure. Kudos.
Regards, Freek Dijkstra