We don't talk about IPv5
-
Just my perspective as a controls (SCADA engineer):
I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.
I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don't see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn't gonna happen for decades (if it ever does). Unless you need more IPs it's just worse to work with. And there's a huge amount of inertia- got one singular device that doesn't talk ipv6 at a given generation site? What are you supposed to do?
i've done both ipv4 and v6, but never embedded. from my perspective, ipv6 addresses can be easier to remember and use, with a little clever arrangement of zeros and especially because they're hexadecimal. that's in addition to the way more elegant way the protocol itself handles various things. obviously not worth upgrading systems that don't even need dhcp, but that applies to a lot of things in that field
-
NAT is like package delivery IRL. If you’re a server and send a package to a client without NAT, that’s like sending a delivery boy to deliver pizza, goes straight from source to destination.
But with NAT it’s like ordering a package online. It first will be delivered to a distribution center, and then a delivery warehouse in your area, and then the courier delivers packages to all people on his route.
It’s way more complex and you now have a whole bunch of points of failure.
And yet, in the real world we actually use distribution centers and loading docks, we don’t go sending delivery boys point to point. At the receiving company’s loading docks, we can have staff specialise in internal delivery, and also maybe figure out if the package should go to someone’s office or a temporary warehouse or something. The receiver might be on vacation, and internal logistics will know how to figure out that issue.
Meanwhile, the point-to-point delivery boy will fail to enter the building, then fail to find the correct office, then get rerouted to a private residence of someone on vacation (they need to sign personally of course), and finally we need another delivery boy to move the package to the loading dock where it should have gone in the first place.
I get the ”let’s slaughter NAT” arguments, but this is an argument in favour of NAT. And in reality, we still need to have routing and firewalls. The exact same distribution network is still in use, but with fewer allowances for the recipient to manage internal delivery.
Personal opinion: IPv6 should have been almost exactly the same as IPv4, but with more numbers and a clear path to do transparent IPv6 to IPv4 traffic without running dual stack (maybe a NAT?). IPv6 is too complex, error prone and unsupported to deploy without shooting yourself in the foot, even now, a few decades after introduction.
-
Hi I have no idea what I’m doing when it comes to networking. I have ipv6 off on my home network because I was scared of accidentally exposing things outside of my home network. I’m using Ubiquiti. Can someone give me/link me a crash course on how to setup ipv6 without introducing any security holes into my network? Maybe also a crash course in firewalls.
i don't use ubiquiti, but the only thing you need to do with your firewall to get better-than-NAT security is allow only outgoing connections/disallow incoming connections. usually on consumer routers that's the default setting anyway or there's a checkbox to that effect.
-
My home network is millions of ants with tiny little backpacks
you'll never believe this
-
Let me one up this. IPv4 NAT is like the pizza guy has to deliver to you, but you live in a gated community with a strict no visitors policy, which does not allow you to even mention what unit you're in, and none of the addresses in the community are registered with the post office or on Google Maps either. Instead, you tell the guardhouse you want to order, and they order the pizza for you. The pizza guy delivers to the guardhouse, and the guardhouse delivers the pizza to you.
IPv6 (with firewalling) is like a normal gated community, you order the pizza and include the unit number, and the delivery driver can deliver your pizza directly, as long as the guardhouse approves.
The difference is, with NAT, the guardhouse has to both guard (firewall) and route (keep track of all deliveries, and deliver) your packages, where with IPv6, the guardhouse (firewall) only has to guard (firewall) the packages.
Sounds good to me
-
Waiting for IPv8 when the delivery guy takes a slice and feeds it to me so I don't need to worry about greasy fingers.
Nah that's just ransomware
-
you'll never believe this
The backpacks themselves? I'm glad you asked. So, they each function on an actor model, where each potential state for each actor has its own address...
-
No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.
That's the thing, you are still thinking in ipv4 terms, and that's ok. It's a different way to think of things using ipv6 and the proper way to configure them. No worries tho. Not like you are being forced to ipv6 for internal home networks.
-
I am sorry to interrupt, my ISP gave me an ipv6 address, but I just can't access anything through it even when I specify it in the firewall, maybe they are blocking this functionality because they sell static ips.
I can use dynamic DNS, the problem is I can't host over NAT444 without something like a VPN.
Still not been given an IPv6 address though.
-
That's the thing, you are still thinking in ipv4 terms, and that's ok. It's a different way to think of things using ipv6 and the proper way to configure them. No worries tho. Not like you are being forced to ipv6 for internal home networks.
Ok, so what would the equivalent be?
-
The backpacks themselves? I'm glad you asked. So, they each function on an actor model, where each potential state for each actor has its own address...
are there quintillions of states
-
are there quintillions of states
No, actually tbh the address space is the least of my worries. At this point I'm gonna be honest, the ants just don't wanna play ball
-
Ok, so what would the equivalent be?
Create a new /64 and don't give it a route to the internet.
-
My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.
I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.
Hah, do they not just block the whole /64? That's actually really funny.
-
Waiting for IPv8 when the delivery guy takes a slice and feeds it to me so I don't need to worry about greasy fingers.
The good ol' American ipV8 motor
-
This post did not contain any content.
bro just add another octet to the end of ipv4. That goes from 4 billion to a trillion and will most definitely outlast modern electronics and capitalism
-
And yet, in the real world we actually use distribution centers and loading docks, we don’t go sending delivery boys point to point. At the receiving company’s loading docks, we can have staff specialise in internal delivery, and also maybe figure out if the package should go to someone’s office or a temporary warehouse or something. The receiver might be on vacation, and internal logistics will know how to figure out that issue.
Meanwhile, the point-to-point delivery boy will fail to enter the building, then fail to find the correct office, then get rerouted to a private residence of someone on vacation (they need to sign personally of course), and finally we need another delivery boy to move the package to the loading dock where it should have gone in the first place.
I get the ”let’s slaughter NAT” arguments, but this is an argument in favour of NAT. And in reality, we still need to have routing and firewalls. The exact same distribution network is still in use, but with fewer allowances for the recipient to manage internal delivery.
Personal opinion: IPv6 should have been almost exactly the same as IPv4, but with more numbers and a clear path to do transparent IPv6 to IPv4 traffic without running dual stack (maybe a NAT?). IPv6 is too complex, error prone and unsupported to deploy without shooting yourself in the foot, even now, a few decades after introduction.
IPv6 is too complex, error prone and unsupported to deploy without shooting yourself in the foot, even now, a few decades after introduction.
Which is purely down to people not testing things before releasing them, because the support is there but there's layers of unnecessary stuff put in the way. Like I had an old ISP provided router that ran Linux, but the management UI was only ever tested against v4 networks so none of the v6 stuff was actually hooked up correctly.
Support in desktops and mobile devices is effectively 100%, but even in embedded hardware there's often full support, just not enabled correctly or tested.
-
This post did not contain any content.
fun fact, the RFC introducing NAT calls it a "short-term solution"
-
Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity
NAT is not much different to a firewall though… just because the address space is publicly routable does not mean that the router has to provide a route to it, or a consistent route
NAT works by assigning a public port for the outgoing stream different to the internal port, and it does that by inspecting packets as they go over the wire: a private machine initiates a connection, assign an arbitrary free port, and sends that packet off to the router, who then reassigns a new port, and when packets come in on that port it looks up the IP and remapped port and substitutes them
that same process can easily be true in IPv6 but you don’t need to do any remapping: the private machine initiates a connection, and the router simply marks that IP and port combination as “routable” rather than having to do mappings as well
-
No, actually tbh the address space is the least of my worries. At this point I'm gonna be honest, the ants just don't wanna play ball
have you tried giving them tiny ant-sized balls
