Basically what the title says. Here’s the thing: address exhaustion is a solved problem. NAT already took care of this via RFC 1631. While initially presented as a temporary fix, anyone who thinks it’s going anywhere at this point is simply wrong. Something might replace IPv4 as the default at some point, but it’s not going to be IPv6.

And then there are the downsides of IPv6:

  • Not all legacy equipment likes IPv6. Yes, there’s a lot of it out there.
  • “Nobody” remembers an IPv6 address. I know my IPv4 address, and I’m sure many others do too. Do you know your IPv6 address, though?
  • Everything already supports IPv4
  • For IPv6 to fully replace IPv4, practically everything needs to move over. De facto standards don’t change very easily. There’s a reason why QWERTY keyboards, ASCII character tables, and E-mail are still around, despite alternatives technically being “better”.
  • Dealing with dual network stacks in the interim is annoying.

Sure, IPv6 is nice and all. But as an addition rather than as a replacement. I’ve disabled it by default for the past 10 years, as it tends to clutter up my ifconfig overview, and I’ve had no ill effects.

Source: Network engineer.

  • blackstrat@lemmy.fwgx.uk
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 months ago

    I posted this elsewhere a few days ago. I don’t think IPv6 can do what I require of a basic home network, let alone a large enterprise…

    I gave it a really good shot at implementing this past week. I spent 3 days getting up to speed, reading loads and trying various different things. But I am now back to IPv4 only because I just can’t get IPv6 to do what I want and no amount of searching has made me think what I want to do is even possible.

    Some background about the IPv4 network I run at home: I run opnsense on a Proxmox server. I have a few services publicly available using port forwarding. I run several VLANs for IoT, VoIP, Cameras etc. I use a bunch of firewall rules that are specific client devices on the network. So for example I have a rule that blocks youtube from the kids tablets and the TV. I have a special rule around DNS for the wife as she doesn’t want to use the pihole blocking features. These rules are made possible because the DHCP server is set to give them a fixed IP and I can create a firewall alias and rule based on that.

    None of these things on my existing network are particularly difficult to configure, they run really well.

    What I want from IPv6 is:

    1. All devices to use IPv6 including android devices.
    2. To have the same firewall rules configured and not have them be easily bypassed.
    3. To use privacy addresses as I don’t want to make every device uniquely trackable over the internet.
    4. To be able to cope with changes to the ISP provided /48 prefix seamlessly.
    5. Have internal DNS make accessing intranet devices easy.
    6. To ensure the privacy of individual devices on my network by avoiding individual device tracking.

    What I’ve tried:

    1. Using DHCPv6, but this excludes android devices. So that’s out.
    2. Using a NAT (to avoid tracking of individual devices) and fd00/8 addresses, but this is pointless as those addresses are lower priority than IPv4 (FFS!)
    3. SLACC just seems a non-starter.

    Additional: I don’t think I have a problem with “thinking about it all wrong for IPv6”. I may have a skill issue, hence this question.

    As far as I can tell to achieve requirement 1) you must use SLAAC. SLAAC without privacy extensions doesn’t allow for 6).

    Changes to external ISP prefix assignment impacts MY INTERNAL NETWORK (this just seems insane). And as far as I can tell there’s no easy way around this, especially if I have static addresses configured for servers which would (if using SLAAC) have to be manually configured.

    I can’t see how DNS would be updated either, either Unbound running on Opnsense, or to the pihole. If I go for SLAAC with privacy extensions and I keep paying for a static IP (v4 & v6) to my ISP then I can’t implement any firewall rules for specific devices as devices will change their IP regularly. And its even worse if I don’t pay for a static IPv6 prefix.

    I don’t think anything I’m trying to do is particularly strange or unusual but 26 years after its introduction I don’t see that IPv6 can meet these requirements. And one of the leading firewall routers, especially in the homelab doesn’t have answers to these questions either.

    Can you suggest a way to meet all 6 requirements I have with IPv6?

    • Lem453@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      But why? What benefit does ipv6 bring to a home network that ipv4 doesn’t have?

      As you said everything is already setup well with ipv4 so why change it?

      • blackstrat@lemmy.fwgx.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        I’d read a lot if people saying how good and easy IPv6 was and I thought I’d use it as an opportunity to learn about it.

        But turns out the only thing it does is give everything a public IP because the creators were so obsessed about getting rid of NAT. Nothing else seems to have been thought through.

        There are IETF mailing list threads where no one has a clue as to why it’s not being adopted, including one where they discover their own RFC is inconsistent with itself and that’s the reason why IPv4 is given higher priority than fd00::/8. You can tell how half baked it is when you look at the number of revisions, additional protocols that have been added decades after it was initially proposed.

        Their hatred of NAT seems to drive everything, but for most home and business users NAT is a great feature that drives so much simplicity by keeping you private networks private and independent of the rest of the internet.

        • Cort@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          Yeah, NAT is great for home users. Unless your ISP is also using (carrier grade) NAT. Then you’re fucked by double NAT and have to call your ISP every time you want to forward a port.

          • blackstrat@lemmy.fwgx.uk
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            Obviously with IPv6 there’s be no need for CGNAT. But NAT within each household or business is useful.