Requesting IPV6 in unRAID kernel.


Recommended Posts

2 hours ago, jonp said:

And again, let me be clear here:  ipv6 is on our roadmap

 

 

...really?

 

 

This isn't a reason to support the technology.  There are numerous gas stations that have power recharge options for electric cars; doesn't mean that all cars should come with electric motors.

 

 

 

ipv6 shouldn't be on the roadmap. I'd have thought it should be done already.

 

Yes really unless in the meantime the IETF released ipv8.

 

I'm not arguing about forcing electric motors into vehicles, I'm arguing the gas station should support electric recharging and petrol fuel.

 

1 hour ago, jonp said:

 

That is the crux of this whole discussion.  ipv6 support doesn't really enable us to do anything with the OS that we couldn't do before (or at least that is our impression at the current moment). 

 

You could use the same argument to say that we should all be riding horses instead of using cars then.

Seeing as you want evidence/ examples:

 

https://www.sophos.com/en-us/security-news-trends/security-trends/why-switch-to-ipv6.aspx

Here's a concrete example:

I don't want to use NAT-PMP / forwarding because it is garbage, but I want have my plex server or other service from unraid accessible from the internet. I could use port forwarding but I'd prefer to get a unique ipv6 address for my device instead, that way I never have to fiddle with CNAMEs or update my DNS when my dynamic ip changes. Without ipv6 I am effectively forced to either buy a static IP from my ISP or port forward with DNS work. I don't want to pay £5 per month for a static (ipv4) IP so much and ipv4 addresses are only going to get more expensive.



 

Edited by aterfax
Spelling
  • Upvote 1
Link to comment

For what it is worth as we speak 1 in every 7 internet users access google using IPv6. This time last year it was 1 in 10 and we are on track for upwards of the 30% of the entire internet google use by end of year.

 

These figures are scewed very heavily by country but they took me by surprise.

Link to comment

 

On 2/22/2017 at 2:10 PM, aterfax said:

You could use the same argument to say that we should all be riding horses instead of using cars then.

 

Not at all.  Cars enable us to get to our destinations faster and with more comfort.  There are plethora of features and benefits that cars offer over horses that you don't have to be an engineer to appreciate.

 

On 2/22/2017 at 2:10 PM, aterfax said:

 

This isn't what I was looking for at all.  In fact, it's 100% the opposite of what I was asking of you.  This is a technical article arguing over the technical benefits of ipv6 vs. ipv4.  And from that article, I found this giant section:

 

Quote

What are the problems with IPv6?

We’ve already seen widespread malware with IPv6-based command-and-control capabilities. So if your server enables IPv6 by default but your firewall doesn’t, which may be the case for many, we’ll all inevitably see more abuse for malicious ends.

 

Proper deployment and configuration is a serious issue. Trying to deploy IPv6 the same way IPv4 was done guarantees problems. IT administrators must learn a whole new approach to networking, from simple network troubleshooting to configuring firewalls and monitoring security logs. There are many opportunities for confusion and mistakes.

 

There’s no instant switch to change from IPv4 to IPv6, so partial adoption means using tunneling technologies to transport IPv6 over IPv4. This kind of workaround is another potential source of confusion, misconfiguration and security gaps.

 

As adoption of IPv6 picks up and cybercriminals spend more time and effort analyzing how to subvert its built-in security, it’s likely we’ll see more problems. As new problems are uncovered, we’ll need new methods and tools to overcome them.

 

So it's not all sunshine and daisies in the land of ipv6 and proper implementation is important.  Just enabling it in the kernel and throwing a few basic script edits around it doesn't appear to be enough.  It will take a keen eye for detail when we're implementing this.  Perhaps you have a ton of experience with ipv6?  Perhaps you are a network engineer?  If so, that explains a lot, but know that we don't have that experience and we aren't network engineers by trade.  So dropping everything we're working on to support something like this isn't a 2 minute job.  It is an investment of time which we are willing to make when the time is right, but at the present moment, we had more important concerns to address.

 

On 2/22/2017 at 2:10 PM, aterfax said:

Here's a concrete example:

I don't want to use NAT-PMP / forwarding because it is garbage, but I want have my plex server or other service from unraid accessible from the internet. I could use port forwarding but I'd prefer to get a unique ipv6 address for my device instead, that way I never have to fiddle with CNAMEs or update my DNS when my dynamic ip changes. Without ipv6 I am effectively forced to either buy a static IP from my ISP or port forward with DNS work. I don't want to pay £5 per month for a static (ipv4) IP so much and ipv4 addresses are only going to get more expensive.

 

 

 

Notice the bolded words?  You start off your example with an anecdotal statement, then in the second sentence, you acknowledge a completely different method is available to overcome the issue you present which wouldn't require us to support ipv6.  Furthermore, how many of our customers actually would care about this.  Sure there are some folks replying in this thread, but we all know that doesn't represent the majority of the user base.

 

In your reply, you seemed to ignore my most basic request for examples involving applications.  You haven't shown me any apps that don't work because of the lack of ipv6 support.  You haven't shown me any use-cases that are definitively requiring ipv6 kernel support either.

 

So, as I stated before, it is on the roadmap.  I've taken the other user's suggestion to our dev team about just enabling it in the kernel without official support in the GUI or otherwise.  If it is truly simple enough to do, that will have to suffice as a short-term solution.

 

On 2/23/2017 at 8:09 AM, NAS said:

For what it is worth as we speak 1 in every 7 internet users access google using IPv6. This time last year it was 1 in 10 and we are on track for upwards of the 30% of the entire internet google use by end of year.

 

But does that statistic mean that 1 in every 7 internet users CAN'T work with a local server on the router that needs an ipv4 address?  I know plenty of routers that can support a public ipv6 address and a private ipv4 address scheme.

Link to comment

Yes I agree. I was not quoting stats to say that there is no other way, I just wanted to point out that global rollout is further along that I expected it to be.

 

Personally I think the security risks of not needing NAT and the privacy issues of the big players being able to profile specific machines within the local network mean that the general userbase should hold off for as long as possible.

 

I dont know when is the right time to start developing it properly but I would have thought as a non GUI, dev only feature that time may be now.

  • Upvote 1
Link to comment
1 hour ago, jonp said:

There are plethora of features and benefits that cars offer over horses that you don't have to be an engineer to appreciate.

So, exactly the same as ipv6 then? You don't need to be a net op to understand why ipv6 is better.

To the security issues of ipv6 with respect to firewalls. A: firewalls are a feature that developers should enabled by default at this point and B: If you are silly enough to not use a firewall on all of your devices, let alone something that is meant to be on the wider internet you pretty much deserve the IT Darwin Award/Russian hackers on steroids.

 

1 hour ago, jonp said:

but know that we don't have that experience and we aren't network engineers by trade

Then forgive me for being blunt, get one. You are having people pay for unraid, an OS primarily developed/used for network accessible storage and you do not have a networking specialist? Why?

I understand you need to prioritise other aspects of the OS (particularly encryption - god knows I want that myself), but at the same time it sounds like you are working with little to no resources (human or otherwise) which is making jobs that might take a day or a week for a team to develop (add on the testing) take 10x that.

 

Your demand for specific examples where apps won't work due to a lack of ipv6 is banal. It's like asking for examples where "the car will only work if we upgrade its tires." A needlessly specific example? Say I have an ipv6 VPN provider who to save costs no longer has, buys or supports ipv4 addresses. You know as well as I do as does everyone else that ipv6 is a general update none specific to any one app or service.

Ultimately, my argument is about a feature that isn't 100% necessary in the same way premium gasoline isn't 100% necessarry, but it has existed for long time and I think my car should support using it. It's basically the same fuel but I can go faster, though I could accidentally explode my engine however...

Your argument is, retrofitting the engine to support both will take too long (and you need to work on the alarm system anyway) and besides, until more people use the premium fuel, its just for enthusiasts. Problem is, eventually all you will have to burn is premium gasoline.

You need to prioritise other things sure, I'm just salty because you shouldn't be in a position where getting ipv6 working is difficult or taking a lot of time.
 

1 hour ago, jonp said:

 If it is truly simple enough to do, that will have to suffice as a short-term solution.

 

It should be given Slackware already has it, just integrate and blacklist the module or disable it via some of the other methods.

 

1 hour ago, NAS said:

 

Personally I think the security risks of not needing NAT and the privacy issues of the big players being able to profile specific machines within the local network mean that the general userbase should hold off for as long as possible.

 

The following is semi on topic wrt ipv6...

Depends on who you think the big players are and what exactly your concerns are? State actors don't need IPV6 or IPV4 static IPs to profile individual machines behind a gateway/in a LAN. If its your general skiddie or "Russian" hacker on steroids the effect of a gateway is still fairly minimal. Gateway or not, you run a vulnerable service or device and I'll just pivot from that machine into your LAN anyway. Knowing a ipv6 machine is running a certain service or has a certain port open isn't greatly helpful compared to *some device* behind ipv4 NAT.

 

On top of that, the general execution of infosecurity via web browsers is so weak you can easily uniquely track any individual's session across the internet irrespective via 3rd party cookies, ad networks and the unique characteristics of your browsers. In short, really you're just patching a broken dam with a band aid by avoiding ipv6. 

 

.p.s. NAT-PMP is still garbage :) anecdotal or not.

Edited by aterfax
  • Upvote 2
Link to comment
30 minutes ago, aterfax said:
1 hour ago, jonp said:

 If it is truly simple enough to do, that will have to suffice as a short-term solution.

 

It should be given Slackware already has it, just integrate and blacklist the module or disable it via some of the other methods.

I'm assuming that slackware is the chosen distro as it remains the one distro where LT has to explicitly state whether to include modules or not.  Each additional module carries the risk of potential compatibility issues for the software (webUI) that unRaid utilizes.  I do happen to agree with jonP that something like this does have to be tested to death to insure that it doesn't cause any issues for the majority of users.

 

That all being said, I do think that ipv6 support should be included in unRaid regardless (although for the conceivable future I would have no use for it).  It checks off another box on the selling features

 

36 minutes ago, aterfax said:

but at the same time it sounds like you are working with little to no resources (human or otherwise) which is making jobs that might take a day or a week for a team to develop (add on the testing) take 10x that.

If you thought Limetech was akin to Microsoft or Google, then you're running the wrong software..  But, the company does expand its internal resources as its growth dictates...  (And my opinion is that its a growing company with great ideas for the future)

Link to comment
2 minutes ago, Squid said:

Each additional module carries the risk of potential compatibility issues for the software (webUI) that unRaid utilizes.  I do happen to agree with jonP that something like this does have to be tested to death to insure that it doesn't cause any issues for the majority of users.


Correct, alpha and beta test it with your users as an opt in. Everyone other company seems to be doing it and it saves the dev team a lot of time.

  • Upvote 1
Link to comment

Lets get into specifics rather than brinksmanship, what are the real implications of this and do they break anything.

 

e.g perhaps this list includes

  • GUI work for general network config
  • Documentation work (lots)
  • License server
  • Update servers
  • Docker GUI work
  • Docker back end
  • Virtual GUI work
  • Virtual back end
  • Samba control
  • AFS control
  • FTP control
  • NFS control
  • Core addons e.g. unassigned drives
  • Windows domain specific stuff

What is missing or included by mistake?

What need to work at alpha stage when IPv6 is a command line only option?

 

  • Upvote 1
Link to comment

/pitchfork

 

To say IPV6 isn't a thing in the US, so therefore it's low priority is typical.  NEWSFLASH: The US isn't world leader in everything. 

 

Most of the UK is moving quickly to IPV6 - BT are planning to move in the next year or so, which makes up a very large proportion of UK users.

 

This "it doesn't affect us, so piss off" attitude stinks, and as a long term unRAID user I'm more and more thinking of moving back to Windows Server.  Hell, I even have a Server 2016 Essentials licence unused here, and really I am thinking of moving sooner rather than later.  

 

But, hey, you've already got my money, so you don't care, do you?

 

/pitchfork off

Link to comment

I think BT have already activated IPV6 in the UK.

I'm pretty clueless on IPV6 myself and for me, personally, it's not an issue.

Can somebody explain like I'm five, what IPV6 would allow the typical home user to accomplish that we aren't able to at the moment.

I ask because often with features I desire, the reason I desire them, is so I can "do" something. But I'm not yet at that position with IPV6.

Link to comment

If you are located in the USA, ipv6 isn't likely to be interesting in your lifetime.

 

If you live in China, it's the opposite. CG-NAT as implemented in China is a huge hassle. (I have unRAID servers in both)

 

If unRAID is focused on the American consumer, I agree with jonp. But outside of the USA ipv6 with all its warts is a much bigger issue.

 

And in summary it's complex. The China server is connected to a China Telecom location that doesn't have ipv6 yet. Go figure...

 

 

 

 

Link to comment
5 hours ago, CHBMB said:

I think BT have already activated IPV6 in the UK.

I'm pretty clueless on IPV6 myself and for me, personally, it's not an issue.

Can somebody explain like I'm five, what IPV6 would allow the typical home user to accomplish that we aren't able to at the moment.

I ask because often with features I desire, the reason I desire them, is so I can "do" something. But I'm not yet at that position with IPV6.

 

IPV6 isnt going to really do anything for you as a user, and in fact on a home LAN its going to have the negative effect of making things a bit more complex. however, due to ipv4 address exhaustion isp's will more and more be pushed into enabling and pushing the use of IPV6 for internet connectivity, thats really all its about, the only reason its taken sooooo long for people to adopt ipv6 is that nobody wants to take the leap to ipv6 as its not backwards compatible with ipv4 (the single biggest mistake they made when designing it), and thus 99% of the internet would become inaccessible to you, but this percentage is changing, slowly :-).

 

There are some mental stats about IPV6 allocation, things like this:- 

 

"So we could assign an IPV6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future."

  • Upvote 2
Link to comment
4 minutes ago, binhex said:

"So we could assign an IPV6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future."

 

Wow..... O.o

Link to comment
21 minutes ago, binhex said:

"So we could assign an IPV6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future."

 

So what if you are an atom on the 200th earth, and you want to connect?  I betcha didn't even think of that!  It's only fair we wait for IPv8.   :S

  • Upvote 1
Link to comment
2 hours ago, tr0910 said:

If you are located in the USA, ipv6 isn't likely to be interesting in your lifetime.

 

I...

over 30% of the worlds IPv6 access to google is recorded as coming from the USA.

 

Fundamentally every ISP and NOC int the world is jumping through ever more expensive hoops to cater for IPv4 since it the address space exhaustion is making it more and more expensive. Money drives all innovation as usual.

 

Meanwhile IoT, cheap phones and an exponential increase in connected devices increases sucks up more and more IPv4 space..

 

IPv6 is not just inevitable it is becoming a necessity faster than most predicated.

 

But I point people back to my lists of changes needed for IPv6. Its non trivial and touches the vast majority of unRAID components in some way or another. This is a not a simple tick the box change, its giant.

 

But we need to start somewhere.

  • Upvote 1
Link to comment

so going back to jonp question regards why do we need ipv6 then, i think one thing to look at is purely from a marketing viewpoint, which current NAS offerings support IPv6, from my quick googling around i cant see one yet that doesn't, other than yep you guessed it, unRAID, so although this could be taken as a weak argument for what probably is a significant amount of work, i think it also needs to be weighed up, as a potential customer lack of IPv6 support would be a worry for me, not so much when i first purchased an unraid licence but more so as time has progressed.

 

As a real life case for having IPv6 support i saw a user who wanted to run DelugeVPN Docker container with a particular VPN provider, however this wasn't possible due to the fact that the provider only allocated IPv6 tunnel addresses, and as unRAID doesn't support IPv6 on the host it's then also not accessible inside a container either, so it was a no go, its a fringe use case but hey there ya go, probably the use of IPv6 for internal networking from ISP's, VPN providers etc will become more common as time progresses.

  • Upvote 1
Link to comment

I think in the end, adding the IPv6 module and blacklisted - ie, turn it on your own for real power users, and have them document anything that seems to break.

This way we can build a list of things affected (obvious or not) through those who need it or are willing to mess with it.

 

I'm guessing LT should just remind those who have it on that they need to turn it off for any support issues (other than data recovery)

We have a diverse community here who seems to have a lot willing to be your beta testers, don't waste that for experimental and hard to test features. :D

 

Link to comment
On 2/24/2017 at 10:44 AM, aterfax said:

Then forgive me for being blunt, get one. You are having people pay for unraid, an OS primarily developed/used for network accessible storage and you do not have a networking specialist? Why?

 

A human resource has a huge recurring cost associated with them.  C'mon man, please don't pretend to understand our business, income, and expenses.  You don't.  It's easy to sit on the outside and demand all this stuff because...you know...REASONS!  It's a whole different thing when you have weigh the costs of development against the values it brings to sustaining and growing our business.

 

On 2/24/2017 at 10:44 AM, aterfax said:

I understand you need to prioritise other aspects of the OS (particularly encryption - god knows I want that myself), but at the same time it sounds like you are working with little to no resources (human or otherwise) which is making jobs that might take a day or a week for a team to develop (add on the testing) take 10x that.

 

The reason we don't have a network specialist today (and haven't had one for the 12+ years we've been in business), is because we understand networking well enough to support the product the way it is today.  We also don't think that hiring someone just to master networking is necessary.  Networking has seen minor adjustments from us over the course of our development, but it generally just needs care and feeding as opposed to major overhauls.  Jumping into the ipv6 pool is something that we haven't personally gone through and it will be an investment of time on all of our parts to fully understand all the intricacies to it.  Until we've done that, we won't feel comfortable adding that in as a feature to officially support, and we certainly don't know if this is something that warrants immediate inclusion.

 

On 2/24/2017 at 10:44 AM, aterfax said:

I'm just salty because you shouldn't be in a position where getting ipv6 working is difficult or taking a lot of time.

 

Another anecdotal statement.  This dramatically downplays all the things I and others (including NAS) have brought up.  It's not trivial.  Are you a programmer by trade?  Ever developed an OS and had to add ipv6 support to it?  If so, I'd be willing to engage in a conference call with you about all the considerations you and your team had to go through when doing that.  If not, I suggest you stop assuming how much work something takes to implement.  I get that you really want this feature.  I get that you have tons of articles to link me to on why I'm a fool for not making this #1 on our to-do list.  But coming here and posting like this isn't going to win the argument.  I already gave you a winning recipe to follow if you want this to be #1 on the list, but since you don't like that recipe, here's another:  convince me that adding ipv6 will help LT sell more licenses than other features.  Before you do, know that other than this thread, we have only ever received ONE e-mail to [email protected] requesting ipv6.  Only one.  The only other place this feature has been requested is in this thread.  So demand seems low.

 

28 minutes ago, binhex said:

so going back to jonp question regards why do we need ipv6 then, i think one thing to look at is purely from a marketing viewpoint, which current NAS offerings support IPv6, from my quick googling around i cant see one yet that doesn't, other than yep you guessed it, unRAID, so although this could be taken as a weak argument for what probably is a significant amount of work

 

It is a weak argument but only because we can't validate how many of our competitors users even leverage that feature or how many sales we've lost to a competitor due to not having that feature.  Also know that any competitors you compare us to that are at a substantially higher price point may be marketing to a completely different group of customers.  Enterprise business customers can afford to pay a premium for a completely hardware-based NAS solution that has all sorts of advanced networking and storage features.  But we market our solution primarily to consumers and small business owners who wear both the hat of the user and the IT guy at the same time.

 

19 minutes ago, ken-ji said:

I think in the end, adding the IPv6 module and blacklisted - ie, turn it on your own for real power users, and have them document anything that seems to break.

This way we can build a list of things affected (obvious or not) through those who need it or are willing to mess with it.

 

I'm guessing LT should just remind those who have it on that they need to turn it off for any support issues (other than data recovery)

We have a diverse community here who seems to have a lot willing to be your beta testers, don't waste that for experimental and hard to test features. :D

 

 

As I mentioned before, this is probably the most reasonable solution that we could consider for shorter-term inclusion.  Now that 6.3 final is out, the forums are migrated, and a few other business items are almost completed, we are refocusing efforts on 6.4.  I will be pushing for this basic ipv6 support in that release, but it will be completely dependent on the community to help us test so that we can eventually add full support for it (webGui management).

 

Last comment on this thread:

 

I'm going to be done chiming in for a while here because the conversation honestly hasn't progressed much since I first chimed in.  Here's the TLDR of this feature request:

 

Ipv6 is on the roadmap, but we do not have it scheduled for a specific release just yet.  This is because we have yet to see a reason to prioritize it for full inclusion / support over other features.  I am going to push for basic inclusion as a module for the next release, but this is NOT a commitment that it will be there.

Link to comment
1 hour ago, CyberSkulls said:

 

BTW, where is this roadmap you speak of??

 

*edit. That is meant to be literal, not sarcastic.

 

Sent from my iPhone using Tapatalk

 

Wouldn't you like to know!!  We don't publish it publicly.  Typically you'll find out what's coming in the next release when we push out a release candidate.

Link to comment
9 hours ago, tr0910 said:

If you are located in the USA, ipv6 isn't likely to be interesting in your lifetime.

 

 

I live in the US and my ISP has been supporting and encouraging users to use IPV6 for over a year now, so it's not entirely all doom and gloom in the US when it comes to that.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.