The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.

My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.

[–] Bytemeister@lemmy.world 26 points 1 day ago (3 children)

My favorite feature of IPv6 is that there are so many addresses available. Every single IPv4 address right now could have its own entire IPv4 range of addresses in IPv6. It's mind-boggling huge.

load more comments (3 replies)

[–] madcaesar@lemmy.world 13 points 1 day ago

I understand some of these words!

load more comments (1 replies)

[–] frezik@lemmy.blahaj.zone 190 points 1 day ago (17 children)

I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.

No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.

Fortunately, Google reports that IPv6 adoption is close to cracking 50%.

[–] Auli@lemmy.ca 2 points 13 hours ago (1 children)

Ipv6 took awhile for me to understand. One of the biggest hurdles was how is it secure without NAT.

load more comments (1 replies)

[–] truthfultemporarily@feddit.org 87 points 1 day ago (3 children)

I think NAT is one reason why the internet is so centralized. If everyone had a static IP you could do all sorts of decentralized cool stuff.

[–] frezik@lemmy.blahaj.zone 61 points 1 day ago

Right, not the only reason, but it's a sticking point.

You shouldn't need to connect to your smart thermostat by using the company's servers as an intermediary. That makes the whole thing slower, less reliable, and a point for the company to sell your personal data (that last one being the ultimate reason why it's done this way).

[–] Creat@discuss.tchncs.de 33 points 1 day ago (1 children)

Everyone having a static IP is a privacy nightmare.

There's a reason the recommendation in the standard for ipv6 had to be amended (it whatever the mechanic was) so that generated local suffixes aren't static. Before that, we were essentially globally identifiable because just the second half of your v6 address was static.

[–] frezik@lemmy.blahaj.zone 21 points 1 day ago

IPv4 centralization creates far more privacy issues than everyone having a static IP. The solutions are still things like VPNs and onion routing.

[–] PacMan@sh.itjust.works 7 points 1 day ago

Which is why IPv6 was created. Everything used to get a public routable IP. Large company’s such as ATT and IBM got a whole /8 to themselves. NAT made it so we did not run out of IP’s in the 2000’s

load more comments (15 replies)

[–] ExLisper@lemmy.curiana.net 19 points 1 day ago (1 children)

Is this IPv5?

[–] SteveTech@programming.dev 15 points 23 hours ago

Fun fact: IP version 5 is actually reserved for the Internet Streaming Protocol.

[–] 2910000@lemmy.world 17 points 1 day ago

I love the flat earther energy in this

[–] domi@lemmy.secnd.me 44 points 1 day ago (4 children)

My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.

I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.

[–] drmoose@lemmy.world 17 points 22 hours ago (2 children)

This is exactly why ipv6 was never widely adopted. There's too much power in a limited IP pool.

load more comments (2 replies)

[–] qaz@lemmy.world 14 points 1 day ago (2 children)

Could you link the privacy extension in question I haven't heard of it

[–] kieron115@startrek.website 23 points 1 day ago* (last edited 1 day ago) (1 children)

it's not a browser extension, its a SLAAC thing https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac.

TL;DR is that SLAAC used to use part of your device MAC to form it's IP, which would be trackable/fingerprintable. Now devices just pick the last 48-bits at complete random on the assumption that no other device is going to have that specific address out of the 4 quintilion available addresses.

edit the RFC https://datatracker.ietf.org/doc/html/rfc4941

load more comments (1 replies)

load more comments (2 replies)

[–] socsa@piefed.social 30 points 1 day ago (1 children)

Meh, the idea of having every address be globally routable makes a lot of sense. NAT is a great bandaid but it's still a bandaid. It still limits how peer to peer and multicast applications function, especially on larger networks.

[–] Korhaka@sopuli.xyz 13 points 1 day ago* (last edited 1 day ago) (2 children)

NAT444 is shit. I can't even host a web server without routing it through a VPN, and my ISP can't work out how to provide an IPv6 addresses yet. Give it to me and I will work out how to use it.

Slight update - Just looked and apparently they had a goal of rolling out IPv6 addresses to all customers by earlier this year. I'll check my router config tomorrow and who knows. Maybe I will be able to get one now? Would be pretty sweet.

load more comments (2 replies)

[–] Blaster_M@lemmy.world 50 points 1 day ago* (last edited 1 day ago) (1 children)

Skill issue

IPv6 is easy to do.

2000::/3 is the internet range

fc00::/7 is the private network range (for non routing v6)

fe80::/64 is link local (like apipa but it never changes)

::1/128 is loopback

/64 is the smallest network allocation, and you still have 64 bits left for devices.

You don't need NAT when you can just do firewalling - default drop new connections on inbound wan and allow established, related on outbound wan like any IPv4 firewall does.

Use DHCPv6 and Prefix Delegation (DHCPv6-PD) to get your subnets and addresses (ask for a /60 on the wan to get 16 subnets).

Hook up to your printer using ipv6 link local address - that address never changes on its own, and now you don't have to play the static ip game to connect to it after changing your router or net config.

The real holdup is ISPs getting ultra cheap routers that use stupid network allocation systems (AT&T) that are incompat with the elegant simplicity of prefix delegation and dhcp.

load more comments (1 replies)

[–] LaLuzDelSol@lemmy.world 30 points 1 day ago* (last edited 1 day ago) (11 children)

Just my perspective as a controls (SCADA engineer):

I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.

I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don't see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn't gonna happen for decades (if it ever does). Unless you need more IPs it's just worse to work with. And there's a huge amount of inertia- got one singular device that doesn't talk ipv6 at a given generation site? What are you supposed to do?

[–] Captain_Faraday@programming.dev 1 points 12 hours ago* (last edited 12 hours ago)

I’m a protective relay settings engineer at a contractor for lots of power companies. I’m dipping my toes into my first substation automation project. Getting to design the device native files, IPs, and other networking parts from the drawings package of site and device manuals. It’s all SEL equipment with a gateway at the top and local powerWAN, RTAC, annunciators, and relays below. I live thousands of miles from the site, so local testing would be challenging but probably have to fly or something lol. I have been doing some research on how to emulate this is a lab setting when all you have is the RTAC and some relays. Is this something SCADA engineers have to do sometimes? Like if you need to test a scheme when you can’t build it physically first?

load more comments (10 replies)

[–] NuXCOM_90Percent@lemmy.zip 48 points 1 day ago (14 children)

In my personal life I will probably "never" intentionally use ipv6.

But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"

load more comments (14 replies)

[–] thejml@sh.itjust.works 42 points 1 day ago (5 children)

I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.

Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.

load more comments (5 replies)

[–] Voyajer@lemmy.world 18 points 1 day ago (4 children)

CGNATs suck ass though, I had to buy a vps just to access my own network outside my home.

load more comments (4 replies)

load more comments