←back to thread

The IPv6 Transition

(www.potaroo.net)
215 points todsacerdoti | 1 comments | 20 Oct 24 05:54 UTC | HN request time: 0s | source
Show context
uobytx2 ◴[20 Oct 24 21:14 UTC] No.41898529[source]
People posting have mentioned that IPv4 is working for what they use the internet for. But of course it is. When NATs has been required for your whole life, how could the internet have built features that needed p2p routing? Just convince businesses to build something that requires special router configuration? And still wouldn’t work on phones or with ISPs that require CG NAT? You got what worked out of the box. You obviously couldn’t use what didn’t exist.
replies(2): >>41899158 #>>41899246 #
theamk ◴[20 Oct 24 22:55 UTC] No.41899158[source]
Why do people assume IPv6 means "easy p2p"?

Even if NAT will be gone one day, the stateful firewalls won't. Every every home router would still ship with "deny all incoming" by default, and every corporate network would have the same setting as well.

Same as IPv4, IPv6 serving would still need registration with border device, either manual by user, or via UPnP-equivalent.

replies(3): >>41899364 #>>41899487 #>>41901569 #
numpad0 ◴[20 Oct 24 23:25 UTC] No.41899364[source]
"everything gets a global IP, no more NAT headaches" was one of marketing talking points for IPv6. Not necessarily the case nor welcomed by everyone, but that was the intent.
replies(1): >>41899708 #
mike_d ◴[21 Oct 24 00:39 UTC] No.41899708[source]
Wide scale deployment of NAT (the "home router" that allowed you to connect multiple devices) was the greatest leap in internet security we ever made. I remember the days when we had "everything gets a global IP," and we do NOT want to go back to that. Look up Conficker, Code Red, Blaster, etc.

People naively assume the large IPv6 address space somehow hides your computer on the internet. That isn't true. Both because v6 host discovery is a solved-ish problem for attackers, and worms have near unlimited resources to throw at the wall.

replies(3): >>41899815 #>>41900115 #>>41900299 #
1. numpad0 ◴[21 Oct 24 02:58 UTC] No.41900299{3}[source]
NAT is technically not a firewall in itself, I believe early/some NAT implementations used deterministic assignments between external range to internal ip:port. They can be more transparent if that is the goal.

But the effect of proliferation of cheap Wi-Fi routers with cheap dynamic NAPTs in conjunction with UPnP did to XP-era PC security - 100% agreed, it was like sunlight self-disinfecting brass door handles.