←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 2 comments | 20 Oct 24 05:54 UTC | HN request time: 0.001s | source
Show context
Uptrenda ◴[20 Oct 24 07:16 UTC] No.41893547[source]
These charts that show IPv6 adoption really don't mean shit. The thing is: every single device out there isn't being used directly by a human bean (and a real hero.) They include things like sensors, smart lights, fridges, washing machines, a huge huge number of mobile devices, company networks, ... apparently even tooth brushes? Look at another sector and the story is ((quite horrible.)) I'm talking a regular fixed home network.

Start by looking at routers for IPv6 support. And what do you see? Total crap across the board. Here's some of the issues I've seen. Routers that have no IPv6 support (common for ISP provided routers.) Routers that have NO FIREWALL for IPv6. Routers that crash every 3 minutes after assigning an address. Routers that don't support the exact combination of network details to setup IPv6 on your network (there are multiple ways to deploy IPv6.)

What about if you want to use features like UPnP with IPv6 (something that would probably be useful for some software given that IPv6 is supposed to give you public addresses but firewall it on the router.) What I've found is there's really just one UPnP library that every router uses even though it sucks. miniupnpd. This is a library that can barely manage to handle different types of addresses. It's really a mixed bag whether an IPv6 firmware will have miniupnpd enabled and if its built for IPv6 (and if anyone bothered to test it.) The odds go down dramatically.

If you manage to get a router with IPv6 at home working alongside other useful Internet standards made for it (since 2010) color me impressed. You probably buy a lottery ticket at that point. Because if testing IPv6 deployments for the past 2 years has taught me anything: its that no one really cares about this shit. Present day, present time. You still hear people telling others to turn IPv6 off for some vague reason ('security', 'bad', 'problems.') These people don't really have a clue. It's all just a massive cope because they tried to get it to work and failed. And after the shit I've said I can't say I blame them. But I also want to note that their conclusions are BS.

replies(4): >>41893657 #>>41893724 #>>41894937 #>>41899372 #
1. jeroenhd ◴[20 Oct 24 07:56 UTC] No.41893724[source]
All routers I've ever encountered have a default deny rule for IPv6, replicating the port forwarding setup people have come to expect from NAT. Except you can use multiple Xboxes in the same network now, of course.

Even the mini router I bought for 15 bucks five years ago does IPv6 addressing just fine. Just announcing a prefix (or two, local network stuff over ULAs and all that) is enough to make SLAAC do its thing. Never had any problem with DHCPv6 PD for automatic subnetting either.

I haven't looked into UPnP on IPv6 much, but the ones that did UPnP all seem to do IPv6 fine after 2015 or so. I usually turn it off because I don't want random crap manage my firewall unauthenticated (and many router manufacturers have had vulnerable implementations that would accept UPnP packets from the internet so screw that).

Brands that I've successfully used IPv6 with without any hassle include TP-Link, D-Link (don't buy from them), AVM, Mikrotik, and Netgear.

The most annoying part I find about routers is actually that they don't let you disable ALGs anymore it seems. Every few years Samy Kamkar writes up a way to bypass most IPv4 firewalls by abusing the hackery we've accumulated around NAT and the easiest fix ("let FTP/SIP/H363/PPTP be broken on IPv4") doesn't seem to come with routers anymore.

It took a while, but router manufacturers seem to have realised that the world is moving towards "CGNAT or IPv6" and not having usable IPv6 breaks networks in those cases.

The most broken IPv6 deployments I've seen were from people who tried to turn it off though weird hacks like firewall rules which subsequently got IPv6 from their ISP. Had they actually disabled IPv6 they would've just been stuck OK IPv4 like regular, but their weird hacks made half the TCP connections need to time out before they could access the internet.

replies(1): >>41898244 #
2. throw0101c ◴[20 Oct 24 20:32 UTC] No.41898244[source]
> I haven't looked into UPnP on IPv6 much

Added as an appendix in 2011:

* https://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1....