Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
GuB-42 2 hours ago

The point is not really to support a galactic empire, the idea is that you have a network part and an interface part, each is 64 bits. The "network" part is used by routers, the interface part is to identify the device on the endpoint. Each interface have an identifier that is world unique (usually based on the MAC address), each network is also unique. Usually, your ISP gives you a /48 prefix, so you have 16 bits for potentially 64k internal networks. This way, you don't need something like DHCP to get an address, you just take it and you won't have conflicts.

But because you have two independent unique parts, you need twice as many bits, so 64+64=128 bits. It simplifies routing and address allocation, at the cost of 16 bytes per packet compared to 64 bit addresses.

That we could use IPv6 on galactic empires is an added bonus, but not really the reason.

system2 an hour ago | parent [-]

Bypassing the router to get to the device directly via IP sounds like insanity. Like a forever-open port.

GuB-42 6 minutes ago | parent | next [-]

You are not bypassing the router, the devices need to get their packets from somewhere, and it is only like a forever-open port if the router/firewall decides it is.

My ISP router supports IPv6 but blocks all incoming connections by default, which is kind of like what NAT does as a side effect.

It sounds like insanity because we tend to assume that no NAT means no firewall, because NAT has some firewall-like properties, and on the most basic networks, that's the only "firewall" there is. But none of the security features of "NAT as a firewall" are exclusive to IPv4, in fact, IPv6 has an advantage because the much larger address space makes a full scan practically impossible.

hdgvhicv 39 minutes ago | parent | prev | next [-]

Anti nat advocates seem to fall into the “the network shouldnt provide a stateful firewall” camp, because once you have a stateful firewall then nat is a trivial amount of extra bytes and very few issues with modern protocols (ones which don’t embed layer 3 addressing in layer 6/7 messages)

tekne 24 minutes ago | parent [-]

I like the end-to-end principle. Good times.

krupan an hour ago | parent | prev [-]

It's a big privacy problem too. Basing your IP address on your Mac address doesn't help in that regard either. Times have changed a lot since IPv6 was invented.

sgjohnson 21 minutes ago | parent [-]

> Basing your IP address on your Mac address doesn't help in that regard either.

This hasn’t been the case for 20 years. Privacy Extensions solved that, and every SLAAC implementation supports them.