Let's Talk IPV6

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
So, IPV6 has been coming for seemingly ever now. the Last IPV4 addresses were assigned in 2011 at this point, that's almost a decade ago now, so you'd think we would by necessity have transitioned by now.

And some of you in large enterprise settings may already have, but for the rest of us, it seems like we have been in "hurry up and wait" mode for years with people crying about how the sky is falling, and addresses are running out, yet nothing happens. My high end home internet connection continues to be IPV4.

...and that doesn't necessarily bother me. I think IPV6 is complete and utter trash. The biggest failure in major consortium efforts in decades. Vastly overkill on the address space front (2^128, or ~3.4*10^38, or 340 undecillion or 340 trillion trillion trillion, why would every atom on earth need its own IP address?) It might seem like no harm no foul, right? The more the merrier, there's no problem with having too many. Well, there is if it results in the address format not being human readable, which is what IPV6 does. They could have just added another octet to IPV4, resulting in over a trillion addresses, enough for ~141 addresses for every man woman and child on earth (when at most with NAT we probably only need three per person, one for home, one for a mobile device, and one for a vehicle) But no, that's not what they did, because fuck the user, right?

Anyway, it's neither here nor there. IPV4 is quickly running out of being useful, we need a replacement, and the clusterfuck that is IPV6 is all there is. It's not the solution we want, but it may be the one we deserve.

So, with that in mind, does anyone have an idea of when this will hit us home users? How will it change our network setups? Can we still use NAT if we want to have a real private network with our own address space?

I already have a router that is IPV6 capable, but it is set to not use and firewall off all IPV6 traffic, and every machine and device on my network has IPV6 disabled.

When will I no longer be able to do this, and what will I have to do then?

Appreciate some thoughts from those in the know.
 
Last edited:

PigLover

[H]ard|Gawd
Joined
Jul 11, 2009
Messages
1,180
Disregarding the opinionated part...

The effective lifespan of IPv4 has been extended by the widespread adoption of CG-NAT by the largest ISPs and the growth of IPv6 on the interior of most large scale networks like AWS, Azure, the ISPs themselves, wireless carriers, etc. This has allowed the existing inventory of IPv4 addresses to remain sufficient for the time being even though no new address blocks are being assigned (except in dribs and drabs).

This can't last. This model works well for the large established players that already have large blocks they can assign into NAT pools for end users. But it is already suppressing the entrance of new innovative ISPs in the US, Europe and much of Asia. You can't start a business serving IPv4 to end users if you can't get a reasonable block of addresses to serve them with. Even if you have 200:1 assignments in your CG-NAT its difficult to get blocks large enough to make a meaningful business out of it.

As for IPv6 in the home, it is already available in most of the world. In most cases the ISP will assign your home router a /64 "prefix" that can have endpoint devices assigned within it. So you get the lower 64 bits to assign to your devices. In the simplest case, the router will advertise its address with a "router advertisement" message - which in IPv6 just says I'm available to be your default gateway - and then the end devices can self-assign the lower bits using Stateless Auto Address Configuration (SLAAC). Simple and easy.

So in IPv6 you don't really need NAT as you've known it. You can serve all of your devices with live public IPv6 addresses. The one thing you lose in doing this is the pseudo-firewall effect of NAT where devices on your network can only be reached on connections initiated by the device. But this is a trivial rule to enforce in a firewall function on the router.

If you have a 4g mobile device in your hands you'll find that this is already being done. All major US, European and Asian wireless carriers already assign both NAT'd private IPv4 and public IPv6 addresses to the device when you attach to their network. Prove it to yourself - take your phone, turn off wifi (to make sure you are using cellular data and not your local network) and on your phone's browser go to the site "https://test-ipv6.com". It will show if you have IPv6 connectivity and whether it is configured correctly.

Some ISPs will optionally allow you to assign bigger networks. For example, Comcast in the US will allow you to request a /60 IPv6 addresses. This allows you to assign up to 16 separate subnets of 64 bits each. One use case might be to split your local network into separate VLANs with a different IPv6 subnet assigned onto each one - all of them publicly routeable if you wish. With Comcast's business accounts they will permit the same thing but with a /56 (256 subnets).

You might question the wisdom of assigning such large blocks to end user networks. But one of the benefits of having such an unreasonably large namespace for addresses (128 bits) is that you have enough room available do this. And by doing this you completely eliminate the need for NAT in 99.9% of the real use cases. And the definition of Link-local (layer-2 local) and Unique-Local (network local) addresses deal with most of the remaining uses for NAT in IPv4.

To your question: when will IPv4 stop working? Perhaps never. Its just to embedded in the Internet. You'll NAT your way there for as long as you like - or at least the next 10 years.

To your unasked question: when will IPv6 be used? It already is. Almost all large internet services support IPv6 today (Google, FB, Netflix, Akamai, Amazon, Rakuten, etc). And total volume of IPv6 traffic is accelerating. As of World IPv6 day (June 2012) it was less than 0.2% of total Internet traffic. In May 2016 it accounted for ~10% of total traffic on the internet. By May of 2019 it was up to ~28%. And this years measurements should be available soon.
 
Last edited:

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
Yeah, I'm well aware that it is already in use out there. I'm wondering when I'll be forced to consider it in my local network design and setup, or risk not being able to access certain services or sites.

Hmm. I don't like the SLAAC and lack of NAT.

One of the things I really like about current NAT:ed local networks is that what's inside them is to a large extent obscured from the outside world. Sure you can use a firewall to accomplish most of that without NAT, but then the local IP addresses within your address range will be leaked to the outside world whenever these devices access the internet.

I like my local network being a complete black hole to the outside world. I have WebRTC blocked to make sure nothing leaks, and I route all traffic out from my single local gateway IP through a VPN service.

I just feel like the IPV6 concept of "let's assign absolutely everything a public IP address just because we can" is a really bad idea, especially when it comes to IOT which is not reliably patched for security.
 
Last edited:

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
Yeah, I'm well aware that it is already in use out there. I'm wondering when I'll be forced to consider it in my local network design and setup, or risk not being able to access certain services or sites.

Hmm. I don't like the SLAAC and lack of NAT.

One of the things I really like about current NAT:ed local networks is that what's inside them is to a large extent obscured from the outside world. Sure you can use a firewall to accomplish most of that without NAT, but then the local IP addresses within your address range will be leaked to the outside world whenever these devices access the internet.

I like my local network being a complete black hole to the outside world. I have WebRTC blocked to make sure nothing leaks, and I route all traffic out from my single local gateway IP through a VPN service.

I just feel like the IPV6 concpept of "let's assign absolutely everything a public IP address just because we can" is a really bad idea.
NAT was a kludge to extend the life of IPv4. There is nothing inherently safe about it. In fact, it's a single point of entry into your entire network if someone can compromise your router or any device within a subnet.

That being said, IPv6 does allow for local addresses, so you don't have to allow public IP addresss on your local devices. And public addresses that are being used don't reveal anything about the nature of your network (except for the single device using that public address). It also allows for temporary and cryptographically generated addresses to prevent tracking as your device moves from one network to another.

IPv6 is about a lot more than just 1 address for every atom.
 

PigLover

[H]ard|Gawd
Joined
Jul 11, 2009
Messages
1,180
NAT was a kludge to extend the life of IPv4...
This. +10,000. NAT is a thorn in the side of the internet. While it might not bother your day-to-day web browsing there are literally thousands of applications that are not "NAT safe" and require Application Specific Gateways to make them work right, which has led to security nightmare protocols like UPnP. It does just enough to make you believe it is "protecting" your home network that people believe they don't need actual firewall protections. Its like a veneer table - it looks nice but it isn't solid and it won't last like the real thing.

IPv6 is about a lot more than just 1 address for every atom.
Also this. Also +10,000.
 
Last edited:

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
This. +10,000. NAT is a thorn in the side of the internet. While it might not bother your day-to-day web browsing there are literally thousands of applications that are not "NAT safe" and require Application Specific Gateways to make them work right. And it does just enough to make you believe it is "protecting" your home network that people believe they don't need actual firewall protections. Its like a veneer table - it looks nice but it isn't solid and it won't last like the real thing.
I'm not arguing that NAT is a replacement for a good firewall. It isn't. You need a good firewall.

NAT is absolutely wonderful for privacy though. I do not want the internal devices on my network exposed publicly by each having a public IP.

And IPv6 privacy extensions provide, by default, one new IP address per day. This is not privacy, this is the real afterthought and kludge of IPV6. It requires each client to be knowledgeable and set up more frequent changes as opposed to everyhting being handled by the router. And even with it on, there is some level of data collection possible by counting number of simultaneous IP addresses in use, etc. I don't like showering with a semi-transparent shower curtain, and I don't like anyone outside being able to peer into my network. I want it to be a black hole, controllable from one point, by me. IPV6 ruins this. Unless I can figure out how to workaround it and use NAT with IPV6, counter to IETF's recommendations.

It almost seems like IETF is just a shill for data harvesting companies out there.

I also like NAT as I can set completely independent addresses on my network that I control, and have meaning to me without any consideration at all for what random nonsense address my ISP decided to give me.

I can think of absolutely no reason why a 40 bit IPV4 (let's call it IPV4.1) with 5 octets instead of 4, wouldn't have made me much happier!

My network, my control, hate IPV6, love NAT, won't give it up easily.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
I'm not arguing that NAT is a replacement for a good firewall. It isn't. You need a good firewall.

NAT is absolutely wonderful for privacy though. I do not want the internal devices on my network exposed publicly by each having a public IP.

And IPv6 privacy extensions provide, by default, one new IP address per day. This is not privacy, this is the real afterthought and kludge of IPV6. It requires each client to be knowledgeable and set up more frequent changes as opposed to everyhting being handled by the router. And even with it on, there is some level of data collection possible by counting number of simultaneous IP addresses in use, etc. I don't like showering with a semi-transparent shower curtain, and I don't like anyone outside being able to peer into my network. I want it to be a black hole, controllable from one point, by me. IPV6 ruins this. Unless I can figure out how to workaround it and use NAT with IPV6, counter to IETF's recommendations.

It almost seems like IETF is just a shill for data harvesting companies out there.

I also like NAT as I can set completely independent addresses on my network that I control, and have meaning to me without any consideration at all for what random nonsense address my ISP decided to give me.

I can think of absolutely no reason why a 40 bit IPV4 (let's call it IPV4.1) with 5 octets instead of 4, wouldn't have made me much happier!

My network, my control, hate IPV6, love NAT, won't give it up easily.
fc00:/8 is the private prefix for IPv6. You can append whatever 40bit random number you want allowing you to have 2^80 private addresses (split into 2^16 subnets). They're not reachable outside of your network, and you can NAT to your hearts content.

I don't like showering with a semi-transparent shower curtain, and I don't like anyone outside being able to peer into my network.
IPv4 is showering with a curtain while Norman Bates knows where you house is and that you're in the shower. NAT is just the screen door that he has break down.

IPv6 is showering ... somewhere? We think? He'll have to check 2^64-2^72 places (assuming he already knows the /64 block you're in).
 
Joined
Dec 1, 2011
Messages
796
NAT is absolutely wonderful for privacy though. I do not want the internal devices on my network exposed publicly by each having a public IP.
The hell it is. All NAT does is consolidate all your devices behind a single, usually unchanging IPv4 address. Also, you can still be tracked through various other means. Off the top of my head:
  • Your public IPv4 address
  • Cookies
  • Other browser fingerprinting methods
  • OS fingerprinting
  • Various smartphone apps
  • "Smart"/IoT devices phoning home
  • etc.
IPv4 NAT/PAT is a hell of a lot more of a kludge than the current IPv6 privacy extensions. You're simply accustomed to it. Needing the router to keep mappings for every single LAN device and rewriting the packet each time one crosses is a waste of its resources, and won't scale up well as the typical number of LAN devices grows.

As mentioned, IPv6 is about more than expanding the address space. The entire IP protocol was re-evaluated and streamlined. For your hypothetical "IPv4.1", the same thing would have had to happen. Entire new network stacks and support applications would still have to be developed. The same growing pains would have still have been encountered. Sure, the new IP addresses would have been easier to use manually than those of IPv6, but if you're consistently accessing devices by IP address instead of name you're doing it wrong. And with such a relatively small increase in new address space, in 20-30 years we'd again be in the same predicament of running out off addresses.

(Also, your VPN service probably isn't protecting you from anything. You're simply moved the data collection point from the ISP to the VPN provider.)
 

jmilcher

Supreme [H]ardness
Joined
Feb 3, 2008
Messages
4,518
I mean some people still use Windows XP. And how many people here swear you will have to pry Windows 7 out of their dead hands? Something tells me he fits into that category of people. Just used to what he knows and likes.

ipv6 is the future.I can’t see ipv4 going away in the foreseeable future, but it could end sometime.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
And with such a relatively small increase in new address space, in 20-30 years we'd again be in the same predicament of running out off addresses.
The assumption is we continue to use NAT. This way at the very most the world will only ever need 5 IP addresses per human. A 40bit address space can thus support 200 Billion humans, and if we get there, we'll have much larger problems.

NAT is not a problem. (DOUBLE NAT is a problem, and that's what we avoid by increasing the address space, but we do not need (and probably do not want) globally unique addresses for every device. That's just an Orwellian nightmare waiting to happen.

(Also, your VPN service probably isn't protecting you from anything. You're simply moved the data collection point from the ISP to the VPN provider.)
Of course you always have to trust your endpoint. I have a higher degree of trust in an independent swedish company (Mullvad) subject to EU privacy laws which is staking it's reputation on privacy than I do Verizon which I know embeds uniquely identifiable ID's into every IP packet that leaves my network.
 
Joined
Dec 1, 2011
Messages
796
The assumption is we continue to use NAT. This way at the very most the world will only ever need 5 IP addresses per human. A 40bit address space can thus support 200 Billion humans, and if we get there, we'll have much larger problems.

NAT is not a problem. (DOUBLE NAT is a problem, and that's what we avoid by increasing the address space, but we do not need (and probably do not want) globally unique addresses for every device. That's just an Orwellian nightmare waiting to happen.
But NAT is a problem. It's just that most apps and consumer-level devices have been engineered to work around its issues. And now we've been given the chance to eliminate those obstacles by rolling out a new more efficient IP protocol.

The exact same amount of work would have been required to implement some hypothetical IPv4.1 as IPv6. So why endure the extra overhead of NAT when it's not needed? Any supposed advantages of NAT are pretty much fiction.

I'm not sure why you believe that having a few mostly-fixed IPv4-like addresses for all your devices is somehow more secure and private than every device generating its own random IPv6 address every few hours.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
647
TLDR .... I don't understand IPv6 and NAT = security/privacy

FMD where to start!? Screw it ....... NAT needs to DIE IN THE FIRES OF HELL!!! It is, was, and forever shall be a a giant kludge that the ignorant masses have latched onto as something good. It is is not good in way shape or fashion. The purpose has been served and it is time put on your big boy pants and stop crying. If you don't want someone in your network then block them. The rest of should not have do things ass backwards or write and hassle with protocol handlers to deal with embedded ip addresses because you can't bother to learn to control your network. If you really beleive that NAT somehow offers you security and or privacy then by all means put your head back in the sand. The rest of us are happily moving along.


5 addresses ....I carry 2 phones and 2 tablets and a laptop with me everywhere everyday. I guess the rest of my gear is SOL ... LMAO!
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
5 addresses ....I carry 2 phones and 2 tablets and a laptop with me everywhere everyday. I guess the rest of my gear is SOL ... LMAO!
There is absolutely no need for them to be global and unique.

Once you walk into a building and connect to it's wifi you can share one ip address with hundreds of people.

And if your application causes you trouble with Nat, then your application is a turd. It is absolutely trivial to forward a port if you need a connection initiated remotely.

As I have stated repeatedly, I know NAT is not for security. It is however ideal for keeping my network mine. I know perfectly well how it works. Simple state table is all there is to it. Child's play.

IPV6 blurs the border between the private and the public, and that is absolutely awful.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,785
You are just further demonstrating your lack of understanding of IPv6. You do know that firewalls aren't going anywhere, right? Security isn't changing at all and having a public address doesn't alter any aspect of that.

With NAT, you have to put in not only a firewall rule, but also a NAT rule (with no overlap to any other existing rule). In the IPv6 world, it's much easier as all you need to put in a firewall rule. How is that not better?

As the others have said, NAT is a pain. It will not help you maintain "ownership" of your home network in any way.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
You are just further demonstrating your lack of understanding of IPv6. You do know that firewalls aren't going anywhere, right? Security isn't changing at all and having a public address doesn't alter any aspect of that.

With NAT, you have to put in not only a firewall rule, but also a NAT rule (with no overlap to any other existing rule). In the IPv6 world, it's much easier as all you need to put in a firewall rule. How is that not better?

As the others have said, NAT is a pain. It will not help you maintain "ownership" of your home network in any way.
No one is listening to what I am saying.

I have repeatedly said I am not concerned about securitywith IPV6, or at least not any more than with IPV4.

I am concerned about privacy. Privacy and security are not the same thing. The IPV6 privacy extensions are an afterthought and not very effective, especially since they need each individual client to set them. They can't be set network wide by the network owner.

Any time you have a globally unique identifier this is a concern.

I also don't want my ISP deciding what my ip addresses on my local network should be, or having multiple addresses per device.

My local network needs to be completely independent of the outside world, connected via a single point gate that I fully control.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
There is absolutely no need for them to be global and unique.

Once you walk into a building and connect to it's wifi you can share one ip address with hundreds of people.

And if your application causes you trouble with Nat, then your application is a turd. It is absolutely trivial to forward a port if you need a connection initiated remotely.

As I have stated repeatedly, I know NAT is not for security. It is however ideal for keeping my network mine. I know perfectly well how it works. Simple state table is all there is to it. Child's play.

IPV6 blurs the border between the private and the public, and that is absolutely awful.
It appears you don’t actually know much about IPv6, what it does, how it does it, and why. You just see atoms with IP adddress and shut it all down.

IPv4 was designed in a time (1978) when the need to address and route packets to a billion devices on the Internet was unfathomable. It has been stretched, twisted, and bent in so many different (and often incompatible or insecure) ways that it’s a wonder it works at all.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
647
I also don't want my ISP deciding what my ip addresses on my local network should be, or having multiple addresses per device.

My local network needs to be completely independent of the outside world, connected via a single point gate that I fully control.
Seriously, pick up a book and read it. Yes, you can use PD and address your network that way but you don't have to. You can setup an IPv6 DHCP server and do it that way internally if you like. You can go buy a block from Arin. It is not even that much money. You can get a free /56 from HE and tunnel it out. The level of control is up to you. BUT you need to understand there is NO privacy on v4 or v6. If think any differently you're sorely mistaken. If you want privacy ditch the connectivity. They are mutually exclusive.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
Meh.

Sounds like I'll just have to use NAT66 with inconveniently long, convoluted and annoying hexadecimal IP addresses going forward instead of the nice convenient setup I've been using for 25 years.

It's a downgrade for me, but I'm done arguing about it.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
No one is listening to what I am saying.

I have repeatedly said I am not concerned about securitywith IPV6, or at least not any more than with IPV4.

I am concerned about privacy. Privacy and security are not the same thing. The IPV6 privacy extensions are an afterthought and not very effective, especially since they need each individual client to set them. They can't be set network wide by the network owner.

Any time you have a globally unique identifier this is a concern.

I also don't want my ISP deciding what my ip addresses on my local network should be, or having multiple addresses per device.

My local network needs to be completely independent of the outside world, connected via a single point gate that I fully control.
-Your ISP does not determine your IP address, only the network address.

-Your network is still independent of the outside world.

-Globally unique does not mean globally identifiable. It just means that an address can be generated and chances are extremely slim that it’ll collide with another.

-You still have control of the traffic coming into and going out your network through a single point.

-Security and privacy go hand in hand. If you don’t have security, you have no privacy.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
647
There is absolutely no need for them to be global and unique.

Once you walk into a building and connect to it's wifi you can share one ip address with hundreds of people.

And if your application causes you trouble with Nat, then your application is a turd. It is absolutely trivial to forward a port if you need a connection initiated remotely.

As I have stated repeatedly, I know NAT is not for security. It is however ideal for keeping my network mine. I know perfectly well how it works. Simple state table is all there is to it. Child's play.

IPV6 blurs the border between the private and the public, and that is absolutely awful.
There is absolutely no need for them to be global and unique. -- disagree and leaving it at that


And if your application causes you trouble with Nat, then your application is a turd. It is absolutely trivial to forward a port if you need a connection initiated remotely.

I don't disagree with you on principle but there are many applications that embed IP address info in the data, not just the headers ie SIP and lots of other communication tools. These require special handlers as just port forwarding alone will not work. The fact you seem unaware of this is not surprising but, if you really want to be taken seriously you need to delve a little deeper into the subject you are trying to champion.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,785
I am concerned about privacy. Privacy and security are not the same thing. The IPV6 privacy extensions are an afterthought and not very effective, especially since they need each individual client to set them. They can't be set network wide by the network owner.

Any time you have a globally unique identifier this is a concern.
And your public IPv4 address is what exactly? It's no different than a public IPv6 prefix.
I also don't want my ISP deciding what my ip addresses on my local network should be, or having multiple addresses per device.
They don't.
My local network needs to be completely independent of the outside world, connected via a single point gate that I fully control.
That's not changing either.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
647
Meh.

Sounds like I'll just have to use NAT66 with inconveniently long, convoluted and annoying hexadecimal IP addresses going forward instead of the nice convenient setup I've been using for 25 years.

It's a downgrade for me, but I'm done arguing about it.
WTF uses the addresses on a regular basis? Setup DNS and be done.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
WTF uses the addresses on a regular basis? Setup DNS and be done.
Why would I use DNS locally when I can just moroize the last octet of my assigned address? That is so inefficient.

DNS is crucial for users browsing the web, but outside of that it is a stupid overly complex solution to a problem that shouldn't exist. Lack of easily human readable addresses.

I have every static IP address on my network memorized. If I forget I have it in a file I can look up. I do not use multicast DNS or hostnames and I do not use a DNS server. These things are a crutch for failures elsewhere.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,785
Not sure if you're just trolling now? Please do propose a solution to name the ~18 million addresses in the private IPv4 range. If that's too much, how about the ~66k in just the 192.168.0.0/16 block? I'm sure everyone will be keen to hear.
 
Last edited:
Joined
Dec 1, 2011
Messages
796
Why would I use DNS locally when I can just moroize the last octet of my assigned address? That is so inefficient.

DNS is crucial for users browsing the web, but outside of that it is a stupid overly complex solution to a problem that shouldn't exist. Lack of easily human readable addresses.

I have every static IP address on my network memorized. If I forget I have it in a file I can look up. I do not use multicast DNS or hostnames and I do not use a DNS server. These things are a crutch for failures elsewhere.
DNS is a crutch? That's got to be one of the odder statements I've read in a while.

I honestly don't mean this to be insulting, but a lot of your networking thinking and methodology seems to be stuck in the 1990s/early 2000s. I really feel you need to step back, review what you're network is and could be, and implement some current best practices.

I don't know what your router and DNS/DHCP setup is, but many routers automatically register the hostname of DHCP clients to its caching DNS server. There may be a checkbox to toggle the option. Pretty sure Pi-Hole also supports this. Simple, and more efficient than having to memorize the IP address of every LAN device. Just throw a device on the network and access it by its hostname. If something needs a fixed address, just set up a reservation in the DHCP server. No more difficult than maintaining your list.

Bonus of running your own DNS, such as Pi-Hole, is you can also set up a stub resolver such as Stubby to implement DNS-over-TLS to encrypt all of your queries.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
DNS is a crutch? That's got to be one of the odder statements I've read in a while.

I honestly don't mean this to be insulting, but a lot of your networking thinking and methodology seems to be stuck in the 1990s/early 2000s. I really feel you need to step back, review what you're network is and could be, and implement some current best practices.

I don't know what your router and DNS/DHCP setup is, but many routers automatically register the hostname of DHCP clients to its caching DNS server. There may be a checkbox to toggle the option. Pretty sure Pi-Hole also supports this. Simple, and more efficient than having to memorize the IP address of every LAN device. Just throw a device on the network and access it by its hostname. If something needs a fixed address, just set up a reservation in the DHCP server. No more difficult than maintaining your list.

Bonus of running your own DNS, such as Pi-Hole, is you can also set up a stub resolver such as Stubby to implement DNS-over-TLS to encrypt all of your queries.
Funny that.

It is generally my opinion that the internet peaked I the early 2000's, before going stupid.

Probably 2005 to 2007 or so. Everything new since then has just been one shit show after another, with the mobile revolution probably being the worst of it.

I liked the 90's. I liked how my network worked in the 90's and I'd kind of like it to stay that way.
 
Last edited:

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
Funny that.

It is generay my opinion that the internet peaked I the early 2000's, before going stupid.

Probably 2005 to 2007 or so. Everything new since then has just been one shit show after another, with the mobile revolution probably being the worst of it.

I liked the 90's. I liked how my network worked in the 90's and I'd kind of like it to stay that way.
Well, enjoy your carburetors and rotary dialed phones too.
 

Nobu

Supreme [H]ardness
Joined
Jun 7, 2007
Messages
4,135
So fec0::/10 is depreciated, so you shouldn't do fec0::1bc1 is pc1, and fec0::1bc2 is pc2, etc. but there is a private address range in ipv6 just like ipv4. You set it on the computer, and your router doesn'tkknow iit unless yyou send it some packets. Your router doesn't send any of those out to the internet or accept any, nor does it broadcast all of your private IIPs unless you tell it to. Aside from having to write down the first half so you don't have to memorize it, it's no different from ipv4?

Sorry,SwiftKeyiis givingmme an even biggerhheadache than gboard. :/
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
IMO - the big problem with IPV6 is the assumption in a lot of its standards that networks will be operated by network admins that know what they are doing. In 1998,when IPV6 became a draft standard, that was a fairly valid assumption. Today, that is the exception. Most folks that have a network don't know why they might need a firewall or what a firewall is. Same for a DNS server. They might not even realize they have a network. And given the fail rate of OS finding local devices, expecting Ma and Pa Kettle to find/copy/and enter an IVP6 address so they can print to their new networked printer is a bit much.

I think they need to revise the IPV6 standard with the idea that there are now millions of small networks in the hands of folks who know nothing about networks, firewalls and security. And further that most of these small networks don't need thousands or millions of public IP addresses.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
IMO - the big problem with IPV6 is the assumption in a lot of its standards that networks will be operated by network admins that know what they are doing. In 1998,when IPV6 became a draft standard, that was a fairly valid assumption. Today, that is the exception. Most folks that have a network don't know why they might need a firewall or what a firewall is. Same for a DNS server. They might not even realize they have a network. And given the fail rate of OS finding local devices, expecting Ma and Pa Kettle to find/copy/and enter an IVP6 address so they can print to their new networked printer is a bit much.

I think they need to revise the IPV6 standard with the idea that there are now millions of small networks in the hands of folks who know nothing about networks, firewalls and security. And further that most of these small networks don't need thousands or millions of public IP addresses.
I agree, but to be fair, most low knowledge users are provided with an ISP router (which I guess will no longer be an actual router due to the lack of NAT, but I bet we will still call them that, even though they now will pretty much just be a firewall/wireless access point/switch), which out of the box contains a firewall, set up to by default block all incoming traffic, so I don't think this will actually result in more of a security problem than there is today.

I'm more concerned about the slightly higher knowledge users, who still don't know what they are doing, but will go in to "fix" their incoming connections, often by following instruxctions from some YouTuber who also is clueless.

Most people will look at those hexadecimal IP addresses with countless colon's and their eyes will glaze over and they will need help. So this is a valid concern. I expect more support calls will be generated based on this alone.
 
Joined
Dec 1, 2011
Messages
796
I agree, but to be fair, most low knowledge users are provided with an ISP router (which I guess will no longer be an actual router due to the lack of NAT, but I bet we will still call them that, even though they now will pretty much just be a firewall/wireless access point/switch), which out of the box contains a firewall, set up to by default block all incoming traffic, so I don't think this will actually result in more of a security problem than there is today.

I'm more concerned about the slightly higher knowledge users, who still don't know what they are doing, but will go in to "fix" their incoming connections, often by following instruxctions from some YouTuber who also is clueless.

Most people will look at those hexadecimal IP addresses with countless colon's and their eyes will glaze over and they will need help. So this is a valid concern. I expect more support calls will be generated based on this alone.
Pretty much agreed. It's usually not the unknowledgeable that are to be feared in such situations. It's the ones who know just enough to be dangerous. Dunning-Kruger Effect and all that.

Most people will do what they do now for IPv4, which is use the ISP's provided router or pick something up at Best Buy/etc. The stock security setup will be similar to IPv4, with a enabled stateful firewall. It will receive a /64 from the ISP, and advertise that to the LAN via SLAAC for the clients to set up their public IPv6 address(es). Advanced setting will be available for more esoteric setups, like receiving a larger subnet from the ISP, manual addressing, DHCP6, etc. Really not much different than some of the setup options available with IPv4 now.

Though I don't believe that the nature of IPv6 addresses themselves will cause support problems. Most people now (compared to 10-20 years ago) don't really know or care much about IPv4 addresses, and I don't expect this to change with IPv6. Most will probably not even realize it's there and active.

(Also, lack of NAT does not make something not a router. To be an IP router, a device only needs to be able to pass packets between subnets based on layer-3 addressing. No translation/rewiting of layer-3 is required. One could argue that in the consumer space, the use of the term "router" is really overloaded, as it's really multiple devices in one, but that's probably a different discussion...)
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,785
Most people will look at those hexadecimal IP addresses with countless colon's and their eyes will glaze over and they will need help. So this is a valid concern. I expect more support calls will be generated based on this alone.
IPv6 addresses also don't have to be obnoxiously long. Leading zeroes get dropped and all zero groups do too. It means some addresses are even shorter in IPv6 than IPv4. The equivalent of 127.0.0.1 in IPv6 is just ::1. You can make all your local addresses fe80::1, fe80::2, etc. No need to write out fe80:0000:0000:0000:0000:0000:0000:0001, fe80:0000:0000:0000:0000:0000:0000:0002, etc.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,747
IPv6 address space is never going to be anywhere near exhaustion (as long as we’re still stuck in this galaxy). Preventing exhaustion is only part of why the address space was made so large. Organization and routing simplification was a big part of why IPv6 ended up the way it did.
 

ComputerBox34

Right in the Box
Joined
Nov 12, 2003
Messages
11,658
IPv6 is not going to become prolific until there's a financial reason to do so. This will happen when some random company needs a /24 for a project and finds that it now costs tens of thousands of dollars in the secondary market due to simple supply and demand. Although most of the major CDN's and bigger players out there have adopted it, there's still a long way to go for the internet as a whole. From what I gather most of the major home ISP's still don't support it although there are rumors that FIOS is close. The LTE carriers however have supported it for years alongside of CG-NAT.
 

Blue Fox

[H]F Junkie
Joined
Jun 9, 2004
Messages
11,785
A lot of home ISPs in the US support it, including AT&T, Comcast, and Cox. It's nothing new. For example both AT&T and Comcast started offering it in 2011. The US has an adoption rate of ~50% and is close to the highest globally.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
A lot of home ISPs in the US support it, including AT&T, Comcast, and Cox. It's nothing new. For example both AT&T and Comcast started offering it in 2011. The US has an adoption rate of ~50% and is close to the highest globally.
Where do you find IPV6 adoption statistics? I was googling earlier but was unsuccessful.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,220
Funny that.

It is generay my opinion that the internet peaked I the early 2000's, before going stupid.

Probably 2005 to 2007 or so. Everything new since then has just been one shit show after another, with the mobile revolution probably being the worst of it.

I liked the 90's. I liked how my network worked in the 90's and I'd kind of like it to stay that way.

It all went downhill when folks no longer had to work out how to download/configure Trumpet Winsock and Netscape from a BBS to get connected.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
30,300
It all went downhill when folks no longer had to work out how to download/configure Trumpet Winsock and Netscape from a BBS to get connected.
Maybe I should have clarified, late 90's and early 2000's.

Back when most internet sites were started by hobbyists in it for the fun of it.

Really where the internet went south was when people started expecting to make money off if it. Money ruins everything. Social Media, Advertising, Professional bloggers / youtubers, all of that nonsense ruined the good internet. And mobile just made it all stupid.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,220
Maybe I should have clarified, late 90's and early 2000's.

Back when most internet sites were started by hobbyists in it for the fun of it.

Really where the internet went south was when people started expecting to make money off if it. Money ruins everything. Social Media, Advertising, Professional bloggers / youtubers, all of that nonsense ruined the good internet. And mobile just made it all stupid.

No you are quite right. The time I mention is that time. Free ISPs that would let you load their access software on from a CD and away you went. No barrier to entry. They first popped up in the UK around 1998.

But yes I remember the days when websites were most in Time New Roman. I was called in to informally consult on "The Internet" for my corporation back around 1994/5 (as I was the only one anyone knew that had "The Internet") and the first thing I told them was under no circumstances should they put any HUGE images on the website. 14K modems just didnt like that. So when they launched their first website...guess what it had on the main page? A huge interactive image that took 3 minutes or more to download...everytime.

Jeez....
 
Tags
ipv6
Top