new | show | ask | jobs Github

iso1631 2 days ago

Sure you can do that

So what's the point in ipv6?

▲

zekica 2 days ago | parent | next [-]

You can do fc00::/7 in addition to public addresses so your lights don't have public address while your phone does.

▲

knorker 2 days ago | parent | prev [-]

I mean, so many reasons. Not the least of which is carrier grade NAT is out. And that alone implies so much cost savings, performance increase, and home user flexibility .

I'm struggling to assume good faith on your question, since it's so strange. I feel like I need to start from scratch explaining the internet, since asking this question reveals a lack of knowledge about everything networking.

▲

iso1631 a day ago | parent [-]

I don't have CG Nat, I choose a proper ISP. Opening a hole in my ipv6 firewall or forwarding a port in in my ipv4 firewall is effectively the same thing, I define the policy (allow traffic arriving on $address on tcp/1234 to this server on vlan 12) and it goes live.

Away from home, like I am at the moment, I vpn all my traffic back home, to work, or to a mullvad endpoint. Neither the hotel wifi nor tethering off my phone gives me a working ipv6 address (anything other than an fe80::) anyway.

All my workflows work on ipv4 only. Some workflows (especially around the corporate laptop) don't work on ipv6 only - maybe that's a zscaler thing, maybe its a windows thing.

As such the only choice is ipv4 with ipv6 as a nice to have, or ipv4 only.

Personally I prefer the smaller attack surface of a single network protocol.

Sounds like ipv6 is a good solution for people who choose ISPs with CGNat. It doesn't matter to me if I vpn home via my ipv6 endpoint or my ipv4 endpoint, I expose a very minimal set of services.

I guess if I wanted to host more than 4 servers on the same port at home it would be handy, as my ISP will only allow me to have 4 public IPs without paying for more. I don't host anything other than my wireguard endpoint and some UDP forwards which I specific redirect to where I want to go (desktop, laptop, server) - another great feature of nat, but yes nat66 can do that too.

But where's the killer feature of ipv6. Is it just CGNat on poor ISPs?

▲

knorker a day ago | parent [-]

I'm not sure where that long story is supposed to convey. Cool story, bro.

> Sounds like ipv6 is a good solution for people who choose ISPs with CGNat.

I mean… this is just "not even wrong".

> Is it just CGNat on poor ISPs?

I already said no to this.

Look, like I said, you appear to be unaware of so much about everything about the Internet, running an ISP, running a service provider, corporate networks, ISP-customer relationships, small businesses, BGP viable policies, cloud economics, etc… that it's hard to know where to even start. And while HN is great for some things, HN comments are just not suitable for something that is shaped more like a course or internship. This can't even be described as "gaps" in your knowledge.

I'm put off by your confidence without the knowledge, and of course also by your implication that if you have CGNat then you should have just worked a little harder to not be so poor, to pay a better ISP, or you should move to a more expensive place where other ISP options exist. Of course ignoring that this doesn't scale to the population at all, and extra address bits are very relevant to scaling.

	▲	iso1631 20 hours ago \| parent [-]
		I don't directly deal with public peering, I leave that to my colleagues, my only practical BGP knowlege is on private ASes. Your shitty ISP doesn't give you an ipv4 access, that's fine. ipv4 address blocks cost $20 an address and are cheaper today in real terms than in 2016, and have been coming down in nominal terms for years. ipv6 makes sense at a global scale, it still makes no sense for many individuals with a good ISP, mainly because of how it was implemented, too much stuff still relies on ipv4. If you have to also run ipv4 then why run ipv6. I have no services I use that are ipv6 only I have services that are ipv4 only, so I have to run a 6:4 nat I want a stateful firewall because it's not 1999 I want to handoff to multiple consumer ISPs, using PBR, not running BGP, so I need to use NAT66 (changing IPs isn't good enough, I want to round-robin based on various rules, send traffic to dropbox via one ISP, send udp via another, etc) I have software which doesn't work on ipv6 on a client, so I have to run CLAT on the device But not all my local devices can run CLAT, I thus have to run dual stack to use ipv6 successfully. Thus as I'm running ipv4 anyway, and running NAT, there is no benefit over running ipv4 only. IPV6 adds more things to go wrong (NAT64/DNS64), but offers no benefits. Even without the ipv6 client requirement I still need to run both NAT64 and NAT66. I have an ipv6 only network at home which I put phones on. It works, but there's no benefit other than keeping awareness of ipv6. Now sure, the reason that ipv4 addresses are cheap is because other people are moving to ipv6 (especially mobile), and relying on 464 gateways, with 46 in their CPE and 64 on the ISP level. That's great. But that doesn't change the equation for someone with a choice of ISPs, as they can choose an ISP which provides them with static ipv4 addresses.