Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
throw0101d 3 days ago

> If I want to use IPv6 to solve my IPv4 address shortage problem, and I want to communicate with you, I have to wait for you to also install IPv6.

Or you set up DNS64/NAT64/464XLAT on your IPv6 end of things, and those on IPv4 side don't have to do anything.

apitman 2 days ago | parent | next [-]

I'm not really familiar with IPv6. If I have a million IPv4 servers, it's pretty simple to set up a million subdomains and route incoming TLS requests using SNI. If I have a million IPv6 servers, can I somehow accomplish the same thing using DNS64/NAT64/464XLAT? Assuming the incoming request is from an IPv4-only host.

throw0101c a day ago | parent [-]

> If I have a million IPv6 servers, can I somehow accomplish the same thing using DNS64/NAT64/464XLAT? Assuming the incoming request is from an IPv4-only host.

You can have a front-end with IPv4 and have a box send the request to the back-end which is IPv6.

This is how FaceMeta works for the last few years: they are completely IPv6 internally in their DC and only have IPv4 at the edges to service 'legacy' connections.

* https://www.youtube.com/watch?v=IKYw7JlyAQQ

* https://engineering.fb.com/2017/01/17/production-engineering...

apitman a day ago | parent [-]

So I still need SNI for IPv4 requests.

throw0101c a day ago | parent [-]

Given the finite nature of IPv4 addresses, how can it be otherwise?

Hizonner a day ago | parent | prev [-]

... meaning I still have to have a public IPv4 address (or many) for them to connect to, and I have to install a NAT system that is, if anything, an even uglier, more complicated kludge than plain IPv4 NAT.

And I still don't get any-to-any connectivity with the IPv4 people, which is what you need if P2P is going to be seamless.

Dagger2 a day ago | parent [-]

You're never going to get that. There isn't enough v4 in the world for that. That's kind of why we're doing v6.

You don't have to install NAT64 to connect to v4-only hosts -- you can run dual-stack, and use your existing v4 setup to reach them. NAT64 is just what you do when you want to turn off v4. You said in the post above that people running networks should have been told they had to change things, so you don't get to whinge about needing to do it yourself.

Also, you don't need to have a public v4 address for v4-only people to connect to you. Reverse proxying is a service you can pay for, and only the people running the proxy need v4. CloudFlare do this (for free, even, depending on what you're doing).

In fact the same is true of NAT64; set your DNS server to e.g. 2a01:4f8:c2c:123f::1 and away you go.