| ▲ | przmk 6 hours ago |
| My ISP refuses to give you a static IPv6 prefix unless you're a business customer, despite having an "unlimited" amount of them. This results in me not bothering to set it up properly and focusing on IPv4 still. |
|
| ▲ | sliken 6 hours ago | parent | next [-] |
| Do you have a static IPv4, presumably a single IP? I find it useful, mine does change periodically, but I just have a script that Updates DNS when it changes: nsupdate -v -y "${KEY_ALGO}:${KEY_NAME}:${KEY_SECRET}" <<EOF
server $DNS_SERVER
zone $ZONE
update delete $RECORD AAAA
update add $RECORD 300 AAAA $CURRENT_IP
show
send
EOF
Sure some services might notice for a bit, but it's plenty good for me. |
| |
| ▲ | przmk 5 hours ago | parent [-] | | I don't have a static IPv4 address and I have to use a DDNS built into the Caddy plugin on my OPNSense router. From what I understand, you can't get a static "local" (I know, IPv6 has no direct equivalent) address to use for a reverse proxy — at least not in an easy manner. I might be completely wrong but that's why I don't bother with IPv6. | | |
| ▲ | kstrauser 5 hours ago | parent [-] | | You’re looking for a Unique Local Address there. It’s a non-externally-routable address that you can use for internal connections. https://en.wikipedia.org/wiki/Unique_local_address | | |
| ▲ | simoncion 3 hours ago | parent | next [-] | | Yep. ULA addresses are the equivalent of 10.0.0.0/8, 192.168.0.0/24, and 172.16.0.0/12 space. [0] And you can use them to do NAT, just like with IPv4. The huge difference from the IPv4 world is that the procedure for generating your /48 ULA prefix ensures that it's very, very unlikely that you will get the same prefix as anyone else. So, if everyone follows the procedure, pretty much noone has to worry about colliding with anyone else's network. Following the procedure has benefits. For example, VPN providers who want to use IPv6 NAT can do that without interfering with the LAN addressing of the host they're deployed to... companies that merge their networking infrastructure together can spend far less (or even zero) time on internal network renumbering... [1] etc, etc, etc. [0] And link-local addresses are the equivalent of 169.254.0.0/16 space. [1] Seriously, like a year after one BigCo merger I was subject to, IT had still not fully merged together the two company's networks, and was still in the process of relocating or decommissioning internal systems in order to deal with IPv4 address space constraints. Had they both used ULA everywhere it was possible to do so, they could have immediately gotten into the infosec compliance and cost-cutting part of the network merging, rather than still being mired in the technical and political headaches forced upon them by grossly insufficient address space. | | |
| ▲ | bigfatkitten an hour ago | parent [-] | | Problem with ULA is that it's functionally useless on a dual-stack network, because clients will attempt to use IPv4 before they attempt to use ULA. https://blog.apnic.net/2022/05/16/ula-is-broken-in-dual-stac... | | |
| ▲ | simoncion 28 minutes ago | parent [-] | | > Problem with ULA is that it's functionally useless on a dual-stack network. Nope, it works just fine. I use it for stable local addressing and LAN host AAAA records and let my ISP-delegated global prefix drift as my ISP wishes it to. And -as it happens- the prose in that article about source address selection is incorrect. On Linux, source address preference appears to be application-specific. For example, curl prefers IPv6 addresses, and falls back to IPv4 if the v6 connection fails. I checked just now by removing my globally-assigned IPv6 address, and capturing the traffic created by executing 'curl https://www.google.com'. I know for a fact that BIND 9 prefers non-link-local IPv6 source addresses over IPv4 addresses because until I set up my home-built router to reject Internet-bound traffic coming from my ULA, a sufficiently-long failure of the DHCPv6 server run by my ISP would cause name resolution to get very, very, very slow when the global prefix expired and BIND started using its host's ULA as a source address and my router dutifully relayed that traffic into my ISP's black hole. I'm certain that very many applications unconditionally prefer non-link-local IPv6 addresses over IPv4 ones. You might also care to pay attention to this comment and its publication date: [0] OTOH, Firefox prefers IPv4 connections in that scenario and doesn't even attempt a v6 connection. I assume Chrome is the same way. And, that article suggests GUA space as a replacement for ULA space: > All of these are serious pitfalls that arise when attempting to use ULA. The simple and more elegant answer is to simply leverage GUAs. Which... uh... no. I'd have to go through my local RIR to get an allocation, and then negotiate with my ISP to get it routed. Given that I'd have to go through ARIN because I'm in the US, and I have a boring residential account with my ISP, neither of those things will ever happen. The entire point of ULA is that no coordination with external entities is required to do network-local addressing. Also, the documentation that that article links to to discourage people from deploying NAT66 is almost literally "It's exactly as complicated as NAT44. Why do it when you can get global IPv6 addresses?!?", which isn't a useful complaint when your intent is to exactly replicate what you get from IPv4 NAT in an IPv6 world. I agree that globally-routable addresses are better, but if your site admin demands (for whatever reason) that you not have them, then -because of the collision-avoidance property of the ULA prefix generation procedure- you're better off than with IPv4 NAT. [0] <https://blog.apnic.net/2022/05/16/ula-is-broken-in-dual-stac...> |
|
| |
| ▲ | immibis 3 hours ago | parent | prev [-] | | Note that although the policy is that you choose a random prefix, nothing actually enforces this and nothing stops you using fd00::1, fd00::2, etc just like 10.0.0.1 etc. |
|
|
|
|
| ▲ | snalty an hour ago | parent | prev | next [-] |
| For those in the UK who want a static IPv4 or IPv6 block AAISP offer a L2TP service for £2/month. It's limited to 3 megabit/s but might be enough for some use cases. |
|
| ▲ | ectospheno 6 hours ago | parent | prev | next [-] |
| My ISP is xfinity. They say the same thing but my IPv6 address hasn't changed any more frequently than my IPv4. In my experience it changing isn't any more annoying than my v4 changing so I'm not sure why people still get up in arms about it. |
| |
| ▲ | thaumasiotes 6 hours ago | parent [-] | | In about a year of treating my comcast-assigned ipv6 address as static, it changed once. Sadly, this happened despite me specifically requesting the same address as always. That caused me some grief. But it's not common. | | |
| ▲ | pirates 4 hours ago | parent | next [-] | | My xfinity ipv4 changes once every few years, if that. I treat it as static and update things if or when it changes, which fortunately isn’t too much work. I never requested anything special regarding it, and I have a normal/non-business account. I wonder why some change often and others don’t? | | |
| ▲ | alargemoose 2 hours ago | parent [-] | | I had Xfinity for 4 years and my IP changed once in that time! Now I have fiber from centurylink, and it changes anytime I need to reboot the fiber modem or my firewall. Different companies, same metro area though. That too makes me wonder about how both manage their allocations give the difference in IP assignments. |
| |
| ▲ | linuxftw 3 hours ago | parent | prev [-] | | On the other end of the connection, there are physical servers and routers. Every once in a while they change how things are connected/deployed for maintenance, upgrades, etc. | | |
| ▲ | pixl97 2 hours ago | parent [-] | | Pretty much, I have my cable modem on continuous power and it will keep the same address pretty much forever. Two times it changed is when I had a 48 hour power outage and shut everything down, and the other time was maintenance at the cable companies side where they rebooted their equipment. |
|
|
|
|
| ▲ | kevin_thibedeau 6 hours ago | parent | prev | next [-] |
| Get a virtual server and do the things on it that you'd want a static address for. Use a VPN connection back to your home to merge it with your network. This is a great way to deal with CGNAT. |
|
| ▲ | ToniCipriani 6 hours ago | parent | prev | next [-] |
| Same here, I had a working IPv6 setup previously with my DSL provider, but now that I moved to a fibre connection, the new one refuses to support it. |
|
| ▲ | OptionOfT 5 hours ago | parent | prev | next [-] |
| But do they give you PD? My prefix is tied to the mac address of the device that's connected to the PON. |
|
| ▲ | dboreham 6 hours ago | parent | prev | next [-] |
| My ISP (naming no names...erum...Spectrum) refuses to even admit they know what IPv6 is. It's like asking the NSA what Menwith Hill is for... |
| |
|
| ▲ | iso1631 5 hours ago | parent | prev [-] |
| I recently moved house and looked at a new offer from a new ISP for a long term lockin but a cheap price. They used CG-NAT. I instead chose one which gives me as many ipv4s or ipv6s as I can reasonably use, doesn't oversubscribe its upsteam connectivity etc. For home internet service I would prefer to pay extra for a better service, it's too important to try to penny-pinch 0.1% of my income on it. But then I live in a capitalist country where there's competition, I believe some countries you don't get a choice. |
| |
| ▲ | immibis 3 hours ago | parent [-] | | FYI it's practically impossible not to oversubscribe your upstream connectivity unless they either spend way too much money or offer very slow service to users. Consider ten thousand users with 1G connections - should they have 10 terabit upstream? The more practical thing to look for is that they aim to upgrade it based on need, instead of arbitrarily throttling the users. | | |
| ▲ | pixl97 2 hours ago | parent [-] | | Where I live the cable system is fine, and the cellular system is fine... until one goes down, then the other gets flooded with traffic and stops working leaving no internet at all. |
|
|
