We don't talk about IPv5
-
The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.
My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.
They kept talking it was because address exaustion, and IANA sold all the remaining blocks they had...
I tested it at the time. Ran nmap ping scan across a block all night with zero results. IANA sold the internet
-
That would imply en existence of display/usb outputs…
We’re essentially talking a bunch of embedded devices talking to each other. You can give them all the dns entries you want, but if they (or the programming environment) don’t support DNS lookup you might as well put your dns server in excel.
The microcomputers (raspberry pi, arduino, whatever) could have a modern network interface and relay the communication to the embedded devices over oldschool serial. But yeah, straight DNS wouldn't work. I like the idea though, gonna start posting my 10 favorite IP addresses on a piece of paper on the fridge. Who needs excel!
-
This post did not contain any content.
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
Waiting for IPv8 when the delivery guy takes a slice and feeds it to me so I don't need to worry about greasy fingers.
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
wrote on last edited by [email protected]Let me one up this. IPv4 NAT is like the pizza guy has to deliver to you, but you live in a gated community with a strict no visitors policy, which does not allow you to even mention what unit you're in, and none of the addresses in the community are registered with the post office or on Google Maps either. Instead, you tell the guardhouse you want to order, and they order the pizza for you. The pizza guy delivers to the guardhouse, and the guardhouse delivers the pizza to you.
IPv6 (with firewalling) is like a normal gated community, you order the pizza and include the unit number, and the delivery driver can deliver your pizza directly, as long as the guardhouse approves.
The difference is, with NAT, the guardhouse has to both guard (firewall) and route (keep track of all deliveries, and deliver) your packages, where with IPv6, the guardhouse (firewall) only has to guard (firewall) the packages.
-
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
But you could do the same thing with a rogue DHCP server I IPv4... With similar methods to prevent the misbehavior on networks
-
Having the breathing room is great.
You have two teams that independently set up private networks but now someone has to talk to them both?
In IPv4, they likely stepped on the same private subnets. In ipv6, they pretty much certainly did not step in the same ULA prefixes. My VPN setup is a mess of a maze to deal with the fact that most things I connect to are all independently allocated 10. subnets, with the IPv6 focused customer being easiest.
Also, if you want to embed information in your addressing, like vlan I'd or room information.
Besides, you can have addresses like fd37:5f1a:b4c1::feed:face, and that's fun isn't it?
-
I do like how I can easily remember IPv4 addresses while I struggle to remember a single IPv6 address
Come on, it's e easy to remember one IPv6 address: ::1
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
is a /56 not enough address space for your home network
-
Its unlikely someone with guess your ipv6 of your iot.
No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.
-
The one thing you can't do with IPv6 is yell the address across the room to the technician plugged into the switch trying to ping the node.
you can if you make it mostly zero
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
And 10 years before fusion power?
-
Surely we can do better. Why not IPv10? That's 4 higher than 6!
My IP goes up to 11.
-
is a /56 not enough address space for your home network
My home network is millions of ants with tiny little backpacks
-
Hi I have no idea what I’m doing when it comes to networking. I have ipv6 off on my home network because I was scared of accidentally exposing things outside of my home network. I’m using Ubiquiti. Can someone give me/link me a crash course on how to setup ipv6 without introducing any security holes into my network? Maybe also a crash course in firewalls.
Block new connections inbound on the router's wan. Also block ping if you don't want pings to find you. That's the most basic setup for firewalling on the udm, ipv4 and 6. Every router in 2025 should be able to block new inbound on ipv6.
-
Just my perspective as a controls (SCADA engineer):
I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.
I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don't see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn't gonna happen for decades (if it ever does). Unless you need more IPs it's just worse to work with. And there's a huge amount of inertia- got one singular device that doesn't talk ipv6 at a given generation site? What are you supposed to do?
i've done both ipv4 and v6, but never embedded. from my perspective, ipv6 addresses can be easier to remember and use, with a little clever arrangement of zeros and especially because they're hexadecimal. that's in addition to the way more elegant way the protocol itself handles various things. obviously not worth upgrading systems that don't even need dhcp, but that applies to a lot of things in that field
-
NAT is like package delivery IRL. If you’re a server and send a package to a client without NAT, that’s like sending a delivery boy to deliver pizza, goes straight from source to destination.
But with NAT it’s like ordering a package online. It first will be delivered to a distribution center, and then a delivery warehouse in your area, and then the courier delivers packages to all people on his route.
It’s way more complex and you now have a whole bunch of points of failure.
And yet, in the real world we actually use distribution centers and loading docks, we don’t go sending delivery boys point to point. At the receiving company’s loading docks, we can have staff specialise in internal delivery, and also maybe figure out if the package should go to someone’s office or a temporary warehouse or something. The receiver might be on vacation, and internal logistics will know how to figure out that issue.
Meanwhile, the point-to-point delivery boy will fail to enter the building, then fail to find the correct office, then get rerouted to a private residence of someone on vacation (they need to sign personally of course), and finally we need another delivery boy to move the package to the loading dock where it should have gone in the first place.
I get the ”let’s slaughter NAT” arguments, but this is an argument in favour of NAT. And in reality, we still need to have routing and firewalls. The exact same distribution network is still in use, but with fewer allowances for the recipient to manage internal delivery.
Personal opinion: IPv6 should have been almost exactly the same as IPv4, but with more numbers and a clear path to do transparent IPv6 to IPv4 traffic without running dual stack (maybe a NAT?). IPv6 is too complex, error prone and unsupported to deploy without shooting yourself in the foot, even now, a few decades after introduction.
-
Hi I have no idea what I’m doing when it comes to networking. I have ipv6 off on my home network because I was scared of accidentally exposing things outside of my home network. I’m using Ubiquiti. Can someone give me/link me a crash course on how to setup ipv6 without introducing any security holes into my network? Maybe also a crash course in firewalls.
i don't use ubiquiti, but the only thing you need to do with your firewall to get better-than-NAT security is allow only outgoing connections/disallow incoming connections. usually on consumer routers that's the default setting anyway or there's a checkbox to that effect.
-
My home network is millions of ants with tiny little backpacks
you'll never believe this
-
Let me one up this. IPv4 NAT is like the pizza guy has to deliver to you, but you live in a gated community with a strict no visitors policy, which does not allow you to even mention what unit you're in, and none of the addresses in the community are registered with the post office or on Google Maps either. Instead, you tell the guardhouse you want to order, and they order the pizza for you. The pizza guy delivers to the guardhouse, and the guardhouse delivers the pizza to you.
IPv6 (with firewalling) is like a normal gated community, you order the pizza and include the unit number, and the delivery driver can deliver your pizza directly, as long as the guardhouse approves.
The difference is, with NAT, the guardhouse has to both guard (firewall) and route (keep track of all deliveries, and deliver) your packages, where with IPv6, the guardhouse (firewall) only has to guard (firewall) the packages.
Sounds good to me
