We don't talk about IPv5
-
Ipv6 took awhile for me to understand. One of the biggest hurdles was how is it secure without NAT.
Can you share more details please?
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
Ipv6 is broken for those that want control over their home networks
I don't see how? Works great for my home network.
-
bro just add another octet to the end of ipv4. That goes from 4 billion to a trillion and will most definitely outlast modern electronics and capitalism
wrote on last edited by [email protected][This comment has been deleted by an automated system]
-
Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity
wrote on last edited by [email protected]I don’t won’t my IOT to have a real IP to the Internet
Why not? What's the difference to them having a nat ipv4?
-
[This comment has been deleted by an automated system]
It looks daft now with a little hindsight, but we're kind of still in the foresight stage for the overall life of IPv6.
-
fun fact, the RFC introducing NAT calls it a "short-term solution"
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
What did Google do? Just curious as I'm not into home networking
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
Broken how? What parts are not commonly understood?
-
many “unused” IP addresses are unused because they’re kinda like having spare parts: if you’re planning on extending your network in the futures, your IP block kinda should reflect your end state (ie the parts you need over time to replace or “build” new hosts)
or for blue/green deployments where it’s likely that at least half the IP range will be used in terms of process, but unused most of the time in terms of reachability
and then there’s weird things with splitting up IP blocks into subnets with a division of 3 (the minimum needed for dealing with net splits etc) - eg across availability zones… there are always “waste” IPs because you can’t divide multiples of 8 cleanly into 3
-
What did Google do? Just curious as I'm not into home networking
They refuse to support DHCP6 and will only use SLAAC on Android devices.
-
Ipv6 is broken for those that want control over their home networks
I don't see how? Works great for my home network.
I want per device firewall and DNS rules for myself, the wife and the kids. With opnsense or pfsense I don't believe this is possible with SLAAC, which is what android only supports.
Shove all devices on a flat network with no special firewall rules and you are probably golden. But trying to control your own network, last few times I've tried, is impossible.
-
Broken how? What parts are not commonly understood?
See this post below https://lemmy.fwgx.uk/comment/2126323
-
in the real world we actually use distribution centers and loading docks
because we can pass packages in bulk between large distances… in routing, it’s always delivery boys: a single packet is a single packet: there’s no bulk delivery, except where you have eg a VPN packing multiple packets into a jumbo frame or something…
the comment you’re replying to is only providing an analogy: used to explain a single property by abstraction; not the entire thing
we can have staff specialise in internal delivery
but that’s not at all how NAT works: its not specialising in delivery to private hosts and making it more efficient… it’s a layer of bureaucracy (like TURN servers and paperwork - the lookup tables and mapping) that adds complexity, not because it’s ideally necessary but just because of limitations in the data format
routers still route pretty much exactly the same in IPv6 direct or NAT, but just at the NAT layer public IP and port is remapped to internal addresses and ports: the routing is still exactly the same, but now your router has to do extra paperwork that’s only necessary because of the scheme used to address
In the real world, addresses are an abstraction to provide knowledge needed to move something from point A to point B. We could use coordinates or refer to the exact office the recipient sits in, but we don’t. Actually, we usually try to keep it at a fairly high level of abstraction.
The analogy is broken, because in the real world, we don’t want extremely exact addressing and transport without middlemen. We want abstract addresses, with transport routing partially to fully decoupled from the addressing scheme. GP provides a nice argument for IPv4.
I know how NAT works, but we are working within the constraints of a very broken analogy here. Also yes, internal logistics can and will be the harbinger of unnecessary bureaucracy, especially when implemented correctly.
-
IPv6 is too complex, error prone and unsupported to deploy without shooting yourself in the foot, even now, a few decades after introduction.
Which is purely down to people not testing things before releasing them, because the support is there but there's layers of unnecessary stuff put in the way. Like I had an old ISP provided router that ran Linux, but the management UI was only ever tested against v4 networks so none of the v6 stuff was actually hooked up correctly.
Support in desktops and mobile devices is effectively 100%, but even in embedded hardware there's often full support, just not enabled correctly or tested.
Lustre 2.16 got released recently, so in a year or so you may actually be able to run commercially supported Lustre with IPv6 support. Yay!
After that, it’s only a matter of time before it’s finally possible to start testing supercomputers with IPv6! (And finally building a production system with IPv6 a few more years after that, when all the bugs have been squashed)
Look at the Top500 list. Fucking everyone runs Lustre somewhere, and usually old versions. The US strategic nuclear weapons research is practically all on Lustre. My guess is most weather forecasting globally runs on Lustre. (Oh, and a shitton of AI of course.)
Up until now, you were stuck with mounting your filesystem over IPv4 (well, kinda IPv4 over RDMA, ish). If you want commercial support for your hundreds of petabytes (you do), you still can’t migrate. And this isn’t a small indie project without testers, it’s commercially supported with billions in revenue, supporting compute hardware for even more money.
My point with this rambling is that a open source software that is this widely deployed, depended upon and this well funded, still failed to roll out IPv6 support until now. The long tail of migrating the world to IPv6 hasn’t even begun yet, we are still in the early days. Soon someone will start looking at the widely deployed, depended upon and badly funded stuff.
And maybe, if IPv6 didn’t try to change a bunch of extra stuff, we’d be further along. (Though, in the specific case of Lustre, I’ll gladly accuse DDN and Whamcloud for being incompetent…)
-
They refuse to support DHCP6 and will only use SLAAC on Android devices.
Do they only use SLAAC because it's easier to tie devices to MACs and therefore identities?
-
I want per device firewall and DNS rules for myself, the wife and the kids. With opnsense or pfsense I don't believe this is possible with SLAAC, which is what android only supports.
Shove all devices on a flat network with no special firewall rules and you are probably golden. But trying to control your own network, last few times I've tried, is impossible.
wrote last edited by [email protected]I've done this using separate networks, each device group I want to treat differently get's its own subnet/vlan pair and I firewall the whole vlan. No matter what ips clients have (or even what ips they statically set themself) they can't get past the firewall.
To physically get them connected to the network I use something similar to this config to have one wpa2-personal ssid that leads to multiple vlans depending on the password. Though you could also have multiple ssids with one vlan each or even wpa2-enterprise.
The router doesn't know the IP of android devices (though it doesn't need to), it only knows the vlans of the clients and what network they come from.
For all other clients I have dhcpv6.DNS is on the router and can be set for each network.
-
Lustre 2.16 got released recently, so in a year or so you may actually be able to run commercially supported Lustre with IPv6 support. Yay!
After that, it’s only a matter of time before it’s finally possible to start testing supercomputers with IPv6! (And finally building a production system with IPv6 a few more years after that, when all the bugs have been squashed)
Look at the Top500 list. Fucking everyone runs Lustre somewhere, and usually old versions. The US strategic nuclear weapons research is practically all on Lustre. My guess is most weather forecasting globally runs on Lustre. (Oh, and a shitton of AI of course.)
Up until now, you were stuck with mounting your filesystem over IPv4 (well, kinda IPv4 over RDMA, ish). If you want commercial support for your hundreds of petabytes (you do), you still can’t migrate. And this isn’t a small indie project without testers, it’s commercially supported with billions in revenue, supporting compute hardware for even more money.
My point with this rambling is that a open source software that is this widely deployed, depended upon and this well funded, still failed to roll out IPv6 support until now. The long tail of migrating the world to IPv6 hasn’t even begun yet, we are still in the early days. Soon someone will start looking at the widely deployed, depended upon and badly funded stuff.
And maybe, if IPv6 didn’t try to change a bunch of extra stuff, we’d be further along. (Though, in the specific case of Lustre, I’ll gladly accuse DDN and Whamcloud for being incompetent…)
I mean yeah, there's extra stuff layered on top of the underlying protocols that is badly designed. Docker was built with a hard dependency on IPv4, so was the Dat protocol. If these things were designed properly from the start we wouldn't be having these issues.
Apple was smart here, they mandate that iOS apps must support single stack IPv6 only and perform functional testing of that as part of the app store process. Devs can't get away with pretending it's not necessary and not wiring up support for it.
-
My isp and router both claim to have IPv6 but every test site has failed.
There is likely a filter you need to turn off.
