Most active commenters
  • unethical_ban(4)
  • GoblinSlayer(4)
  • icedchai(4)
  • immibis(3)

←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 33 comments | 20 Oct 24 05:54 UTC | HN request time: 0.001s | source | bottom
Show context
hairyplanter ◴[20 Oct 24 07:13 UTC] No.41893537[source]
I have fully implemented IPv6 in my home network.

I have even implemented an IPv6-Only network. It fully works, including accessing IPv4 only websites like github.com via DNS64 and NAT64 at my router.

The only practically useful thing about my IPv6 enabled network is that I can run globally routable services on my lan, without NAT port mapping. Of course, only if the client is also IPv6.

Other than this one use case, IPv6 does nothing for me.

It doesn't work from most hotels, nor from my work lan, nor many other places because most "managed" networks are IPv4 only. It works better at Cafes because they are "unmanaged" and IPv6 is enabled by the most common ISPs, like ATT and Comcast and their provided routers.

Based on this experience, I think IPv6 is less valuable than us HN audience thinks it is. Private networks, NAT, Carrier Grade NAT are good enough, and internet really doesn't care about being completely peer-to-peer.

I think the adoption rate reflects this--it's a linear growth curve over the last 25 years. It should have been exponential.

I think cost of IPv4 reflects this--it is now below the peak, and has leveled off.

As surprising as it seems, IPv4 exhaustion has not been a serious problem. Internet marches on. IPv6 is still a solution looking for a problem, and IPv4 exhaustion wasn't one of them.

replies(21): >>41893541 #>>41893647 #>>41893711 #>>41896275 #>>41898003 #>>41898138 #>>41898700 #>>41898907 #>>41898988 #>>41899569 #>>41900489 #>>41900918 #>>41901253 #>>41901285 #>>41902429 #>>41902453 #>>41902668 #>>41903211 #>>41903638 #>>41903908 #>>41913238 #
1. BrandoElFollito ◴[20 Oct 24 07:37 UTC] No.41893647[source]
I had to reluctantly deploy ipv6 on my home network because of ISP requirements + will to use pihole.

Ipv6 is hard. I had to learn quite a bit to make it work and not only I see no value, but it is significantly more difficult to use dire to the address length.

I think IPv6 is a missed opportunity, it was probably designed by experts that did not take into account the population that will use it (not the one users who do not care, but the layer above them)

replies(3): >>41893708 #>>41897299 #>>41903427 #
2. qwertox ◴[20 Oct 24 07:50 UTC] No.41893708[source]
What requirement could an ISP impose on you for you to be forced to migrate the intranet to IPv6 (because of PI-hole)?

You could always place a small NAT-enabled router between your ISP's device and your home network.

The only problem I could see would be the lack of a (semi-)static public IPv4 address, which one could solve by renting a VPS.

replies(1): >>41893775 #
3. BrandoElFollito ◴[20 Oct 24 08:07 UTC] No.41893775[source]
My ISP is the French "Free". They provide a router that is difficult to swap with my own (it is possible, but it is way easier to switch it to a bypass mode). With this router comes a TV box that requires IPv6 to work.

When I replace DHCP/DNS with Pihole I need to account for that. While this is not a complex setup once you understand IPv6 you still need to learn it.

I work in IT so I tried to get myself to IPv6 several times but never had any reason to do so (despite self-hosting a lot and generally being a nerd). I had to do that this time and my uninformed opinion is that it could have been done so that it is much simpler for advanced users (but not yet networking experts)

replies(1): >>41902249 #
4. unethical_ban ◴[20 Oct 24 18:11 UTC] No.41897299[source]
I struggled to get IPv6 running on my home network, then had issues with DNS dual stack once I got it going, so I turned it off.

That said, I think the difficulty of IPv6 is in the UI of the home routers that implement it, and a lack of sane defaults.

The ISP should give every SOHO/residential customer a /60. The router of a simple IPv6 should do prefix delegation. The router should default to SLAAC for local IP addresses, and configuring DNS with Router Advertisements. And residential routers can be set up to have an internal DNS server which populates the ".internal" domain with hostnames from the network.

As a network admin, you have to learn new things like the uses of IPv6 multicast, and ND, the lack of ARP, and some other things. Home users shouldn't have to care about that.

replies(2): >>41899787 #>>41900629 #
5. m348e912 ◴[21 Oct 24 00:56 UTC] No.41899787[source]
>The ISP should give every SOHO/residential customer a /60.

The ISP should give every residence 295 quintillion IPv6 addresses? I know there is an abundance of ipv6 addresses but that seems like a lot of waste.

Even assigning a /96 would provide 4.3 billion ipv6 addresses (which is the same number as all ipv4 addresses in existence)

And since available ipv6 space is basically 4.3 Billion^2, assigning an ipv6 /96 would be like assigning a /32 in ipv4 terms of total ipv6 space utilization.

replies(3): >>41899841 #>>41899916 #>>41900301 #
6. mbirth ◴[21 Oct 24 01:08 UTC] No.41899841{3}[source]
/64 is needed for SLAAC to work and is basically the default.

Anything larger (usually /56, sometimes even /48) gives the customers a chance to segment their LAN.

7. unethical_ban ◴[21 Oct 24 01:25 UTC] No.41899916{3}[source]
Like other person said, /64 is the minimum subnet size. And submitting in ipv6 is best done 4 bits at a time. A /60 is overkill for residents, but because it gives 16 subnets, not because it gives excessive addresses.
replies(1): >>41901712 #
8. Dylan16807 ◴[21 Oct 24 02:59 UTC] No.41900301{3}[source]
That's not how you're supposed to use IPv6. It would just be 64 bits if that was the case. Instead, 99% of the time, it's a 64 bit subnet ID and a 64 bit device ID.
9. tomjen3 ◴[21 Oct 24 04:12 UTC] No.41900629[source]
Sorry, but under no circumstances should an ISP router auto route internal computers from the network. Thats just going to expose so many internal services, most consumers wouldn't even know they were running in the first place.

If we are to have a transition to IPv6, and I am very much in favour of this, then by all means make the addresses be globally routable, but force people to select the ports and addresses to be shared in their router. Otherwise we end up with another mess ala "open wifi".

replies(4): >>41900721 #>>41901151 #>>41901765 #>>41903782 #
10. SirGiggles ◴[21 Oct 24 04:38 UTC] No.41900721{3}[source]
It doesn't need to, IPv6 has unique local addresses which is are non-globally reachable; I recall those had it's own can of worms depending on deployment but it's an option for private, local addresses.

EDIT: I also understood the GP comment to be getting around the problem of long IPv6 addresses and not actually making every machine globally accessible.

11. unethical_ban ◴[21 Oct 24 06:14 UTC] No.41901151{3}[source]
I didn't think I suggested an open firewall.

Just as today people have to adjust NAT as kind of an implicit inbound policy, a proper home IPv6 router defaults to drop for inbound traffic.

12. megous ◴[21 Oct 24 07:51 UTC] No.41901712{4}[source]
There's no minimum subnet size.
replies(1): >>41901776 #
13. immibis ◴[21 Oct 24 08:03 UTC] No.41901765{3}[source]
That's literally the ISP's and router's job: get packets from A to B.

Now, a home router should probably have a stateful firewall that's on by default, but that's a different matter.

14. immibis ◴[21 Oct 24 08:05 UTC] No.41901776{5}[source]
/64 acts as a soft limit due to the prevalence of SLAAC. Which is good in a way, since it means ISPs have to give out at least /64, which means you're always able to subnet (although you can't use SLAAC and must use static addresses or DHCP) unlike IPv4 where you have to pay for extra addresses.
replies(2): >>41903342 #>>41903798 #
15. albuic ◴[21 Oct 24 09:30 UTC] No.41902249{3}[source]
So you had to learn IPv6 the same way you learned IPv4. The question is: was it harder ? It seems you wanted to know IPv6 without learning it because you thought it would be the same as IPv4. And yes the Free boxes are hard to work with if you don't want to mess with vlan and still have TV services.
replies(2): >>41905663 #>>41905977 #
16. GoblinSlayer ◴[21 Oct 24 12:18 UTC] No.41903342{6}[source]
The purpose of SLAAC intends to have many customers in one /64 network though.
replies(2): >>41903709 #>>41903809 #
17. pmarreck ◴[21 Oct 24 12:27 UTC] No.41903427[source]
The biggest design failure of IPv6 is that it was not designed to be backwards-compatible with IPv4. Technologies with established user bases need to evolve with backwards compatibility if they want to take advantage of existing network effects.
replies(1): >>41903708 #
18. growse ◴[21 Oct 24 13:01 UTC] No.41903708[source]
This comment shows up like clockwork.

How does a device with a 32-bit-sized addressing scheme construct an IP packet to a device with an address in a 128-bit-sized addressing scheme?

replies(2): >>41904260 #>>41907097 #
19. immibis ◴[21 Oct 24 13:01 UTC] No.41903709{7}[source]
No, just many devices.

You can DoS your whole subnet by pretending to be a billion devices. In IPv4 you can do it by occupying all the IP addresses. Therefore putting several customers on one network is a bad idea, just like in IPv4.

20. icedchai ◴[21 Oct 24 13:09 UTC] No.41903782{3}[source]
"Auto routing" is fine, as long as there is a firewall.
21. megous ◴[21 Oct 24 13:11 UTC] No.41903798{6}[source]
Yes, you can't use SLAAC feature, but there's no subnetting limit in IPv6. Any subnet size works.

Writing to you from /72.

replies(1): >>41903971 #
22. icedchai ◴[21 Oct 24 13:12 UTC] No.41903809{7}[source]
The purpose of SLAAC is to make it "easy" for a client to get onto the network without something like a DHCP server tracking addresses. If you set it up, it generally just works.
replies(1): >>41904135 #
23. unethical_ban ◴[21 Oct 24 13:30 UTC] No.41903971{7}[source]
You're technically correct, but ISPs best practice is to hand out a /64.
24. GoblinSlayer ◴[21 Oct 24 13:49 UTC] No.41904135{8}[source]
Previously it worked by putting the MAC address in the last 64 bits.
replies(1): >>41904210 #
25. icedchai ◴[21 Oct 24 13:57 UTC] No.41904210{9}[source]
Yes, that was before privacy extensions. It hasn't been like that (in most implementations) for a very long time.
replies(1): >>41904305 #
26. GoblinSlayer ◴[21 Oct 24 14:01 UTC] No.41904260{3}[source]
It could work like 4 socks requests wrapped in each other like onion. But LAN services wouldn't need to care about long addressing as they don't need to cross network boundary, while letting everything else use new approach, so you could use old stuff without changing anything and there would be no need for new ip6 drivers with new vulnerabilities that are yet to be fixed.
replies(2): >>41907127 #>>41909968 #
27. GoblinSlayer ◴[21 Oct 24 14:05 UTC] No.41904305{10}[source]
And you get no privacy if /64 prefix is a stable identifier of one customer.
replies(1): >>41904358 #
28. icedchai ◴[21 Oct 24 14:10 UTC] No.41904358{11}[source]
This doesn't seem like an IPv6-specific issue. For most broadband customers, your external IPv4 address is also generally stable. Mine hasn't changed in years.
29. qwertox ◴[21 Oct 24 16:14 UTC] No.41905663{4}[source]
I think this misses the point. An IPv4-only home network has a lot of benefits, simplifying whatever you to in it which relies on IP addresses which you'll have to handle manually in code and databases.

His scenario is really a PITA, where he's basically forced to migrate to IPv6 only because of IPTV. There might have been a solution by creating an IPv6-only VLAN just for the TV, while keeping the rest at legacy, but it's not really trivial.

IPTV with Deutsche Telekom is also a pain, because they feed it in a separate VLAN and the routers and switches need to handle IGMP messages properly (IGMP proxy, IGMP snooping).

30. yjftsjthsd-h ◴[21 Oct 24 16:49 UTC] No.41905977{4}[source]
I think the main difference is that when I learned IPv4, pure-v4 was sufficient. Today, you can't run a pure-v6 network; you have to deal with both. The closest you can get is NAT64, which 1. doesn't always work, and 2. is still annoying to manage. (Which sucks, because doing just v6 would be nice)
31. WorldMaker ◴[21 Oct 24 18:45 UTC] No.41907097{3}[source]
I also appreciated how much the linked article is adamant that IPv6 is what you get when all you do is increase the addressing size. There were wilder alternatives discussed that broke more things or took a more progressive stance. Part of the "there's no compelling 'use case' for IPv6" is that it really doesn't do anything new or exciting, it just increased the address size, and then dealt with the consequences (including "lack of backward compatibility", that was always going to be a consequence of increasing the address size).
32. WorldMaker ◴[21 Oct 24 18:48 UTC] No.41907127{4}[source]
There have been tunneling protocols and systems for IPv6 since nearly the beginning of IPv6. The ability to tunnel it hasn't solved all the "backwards compatibility" complaints for IPv6.

Same for network address translation, both NAT46 and NAT64 standards have existed for a while now and that also hasn't solved the "backwards compatibility" complaints for IPv6.

33. Dagger2 ◴[22 Oct 24 00:25 UTC] No.41909968{4}[source]
But no v4 devices support this "four socks requests wrapped like an onion" thing you're proposing, so how would they work with it?