| |
| ▲ | apitman 2 days ago | parent | next [-] | | If I have a bunch of machines on my network and want them all to be able to access the internet, I can use NAT and let them all share a single IP. No one on the internet needs to do anything. If I have a bunch of servers and want them to be accessible by the internet, I can use SNI and let them all share a single IP, again with no special action required by those connecting. With IPv6, it doesn't solve case 1 until all the servers on the internet support IPv6. AFAIK it doesn't support case 2 either, because you would need some way to route an incoming IPv4 connection to the right IPv6 server. IDK maybe there's a way. | | |
| ▲ | imoverclocked 2 days ago | parent [-] | | For case 1, there is nat64. IPv6-only clients can use a special dns (dns64) to get access to the IPv4-only hosts while being able to talk directly to IPv6 hosts. It doesn't even require special support on the client. For case 2, a dual-stack reverse-proxy will do the job and can talk to the IPv6-only servers without issue. | | |
| ▲ | apitman a day ago | parent [-] | | But you're still using NAT and SNI for IPv4 hosts, so there's little incentive to add the complexity of IPv6. | | |
| ▲ | imoverclocked a day ago | parent [-] | | Yes, but then you get native connectivity for “free.“ Turning your argument around, there is little reason to deal with the continued complexity of IPv4 (requiring NAT and SNI) just to talk to the remaining global NAT front-ends when it can all be skipped for direct communication over native IPv6. BTW, NAT doesn’t scale forever. There are often several layers of NAT in carrier implementations and the port mapping issue alone can dictate the maximum number of clients-per-global-IPv4 address. One of the reasons NAT and IPv4 can still work is because much of the world has shifted to IPv6. |
|
|
| |
| ▲ | Hizonner 3 days ago | parent | prev [-] | | If I run out of IPv4 addresses for my own network, I can install NAT and make that problem (sort of, mostly, vaguely) go away. If I want to use IPv6 to solve my IPv4 address shortage problem, and I want to communicate with you, I have to wait for you to also install IPv6. SNI isn't really the same thing. For one thing it has actual positive benefits, very much unlike NAT (and no NAT is not a fucking security feature and is orthogonal to fucking firewalls don't make me come over there). And for me to use SNI, your browser (or whatever) has to send SNI, so it's still a change on only one end. But it still does let me put more than one service on a single IP address, and you only have to upgrade one program, probably a program you were going to upgrade anyway, rather than change your whole networking structure. The way this should have worked was that IPv4 should have been turned off completely in the public Internet around 1997 or 1998. But ISPs didn't want to tell the much smaller number of much more sophisticated admins back then that they had to, you know, change things. So people just kept baking IPv4 into more and more things, and throwing in more and more NAT, and not even bothering learn or teach IPv6... and ignoring all the things they were breaking. Many (not all!) of the things they were breaking were things that really came into play if you were trying to do P2P. Like, for instance, the ability to, you know, actually make a connection to any random peer. There are hacks, but they work poorly when they work at all. So since NAT was everywere, P2P didn't have a chance. There were other forces at work too, but basically everybody's business model and expectations gelled around centralization in a way that might have had a chance of not happening if there hadn't been NAT all over the place. | | |
| ▲ | taskforcegemini 2 days ago | parent | next [-] | | >NAT (and no NAT is not a fucking security feature and is orthogonal to fucking firewalls..) is this about the meaning of the term "NAT"? because of course it is a security feature if something is offline by default | | |
| ▲ | Hizonner a day ago | parent [-] | | A box that enforces that doesn't have to do NAT. In fact it's simpler and less error-prone if it doesn't. I will be over there soon. |
| |
| ▲ | throw0101d 3 days ago | parent | prev [-] | | > If I want to use IPv6 to solve my IPv4 address shortage problem, and I want to communicate with you, I have to wait for you to also install IPv6. Or you set up DNS64/NAT64/464XLAT on your IPv6 end of things, and those on IPv4 side don't have to do anything. | | |
| ▲ | apitman 2 days ago | parent | next [-] | | I'm not really familiar with IPv6. If I have a million IPv4 servers, it's pretty simple to set up a million subdomains and route incoming TLS requests using SNI. If I have a million IPv6 servers, can I somehow accomplish the same thing using DNS64/NAT64/464XLAT? Assuming the incoming request is from an IPv4-only host. | | | |
| ▲ | Hizonner a day ago | parent | prev [-] | | ... meaning I still have to have a public IPv4 address (or many) for them to connect to, and I have to install a NAT system that is, if anything, an even uglier, more complicated kludge than plain IPv4 NAT. And I still don't get any-to-any connectivity with the IPv4 people, which is what you need if P2P is going to be seamless. | | |
| ▲ | Dagger2 a day ago | parent [-] | | You're never going to get that. There isn't enough v4 in the world for that. That's kind of why we're doing v6. You don't have to install NAT64 to connect to v4-only hosts -- you can run dual-stack, and use your existing v4 setup to reach them. NAT64 is just what you do when you want to turn off v4. You said in the post above that people running networks should have been told they had to change things, so you don't get to whinge about needing to do it yourself. Also, you don't need to have a public v4 address for v4-only people to connect to you. Reverse proxying is a service you can pay for, and only the people running the proxy need v4. CloudFlare do this (for free, even, depending on what you're doing). In fact the same is true of NAT64; set your DNS server to e.g. 2a01:4f8:c2c:123f::1 and away you go. |
|
|
|
|
