We don't talk about IPv5
-
Any day now brother
It's the year of the ipv6 server
-
Don't worry Ubiquiti has ipv6 issues. You have an excuse.
What issues? I'm pretty much 100% ipv6 on all ubiquity equipment.
-
NAT is like package delivery IRL. If you’re a server and send a package to a client without NAT, that’s like sending a delivery boy to deliver pizza, goes straight from source to destination.
But with NAT it’s like ordering a package online. It first will be delivered to a distribution center, and then a delivery warehouse in your area, and then the courier delivers packages to all people on his route.
It’s way more complex and you now have a whole bunch of points of failure.
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
Why are we eating pizza in the bedroom
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
Perfect, perfect analogy. Like, seriously, I've hardly ever seen an analogy that works so flawlessly where even the implications just line up perfectly.
I am in awe.
-
Why are we eating pizza in the bedroom
I was eating salad in my bedroom 2:30 in the morning today.
Me: Fuck, can't sleep I'm hungry. You want anything?
Wife: yeah, fill up my water bottle and bring me something to eat.I went downstairs, made two loaded salads and brought them up to the bedroom.
I might in fact be getting old.
-
This post did not contain any content.
Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity
-
Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity
Its unlikely someone with guess your ipv6 of your iot.
-
I was eating salad in my bedroom 2:30 in the morning today.
Me: Fuck, can't sleep I'm hungry. You want anything?
Wife: yeah, fill up my water bottle and bring me something to eat.I went downstairs, made two loaded salads and brought them up to the bedroom.
I might in fact be getting old.
If you can eat a salad and then lay down without getting an explosion of acid reflux, maybe you aren't old yet
-
The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.
My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.
They kept talking it was because address exaustion, and IANA sold all the remaining blocks they had...
I tested it at the time. Ran nmap ping scan across a block all night with zero results. IANA sold the internet
-
That would imply en existence of display/usb outputs…
We’re essentially talking a bunch of embedded devices talking to each other. You can give them all the dns entries you want, but if they (or the programming environment) don’t support DNS lookup you might as well put your dns server in excel.
The microcomputers (raspberry pi, arduino, whatever) could have a modern network interface and relay the communication to the embedded devices over oldschool serial. But yeah, straight DNS wouldn't work. I like the idea though, gonna start posting my 10 favorite IP addresses on a piece of paper on the fridge. Who needs excel!
-
This post did not contain any content.
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
Waiting for IPv8 when the delivery guy takes a slice and feeds it to me so I don't need to worry about greasy fingers.
-
That's a great analogy for carrier grade nat.
For regular nat it's like the pizza is able to get all the way to your house but then has no idea who to go to so somebody has to answer the door and then take the pizza from the door to the person who ordered it themselves.
And IPv6 is like the pizza delivery guy just walks right into the house up the steps into your bedroom and hands you the pizza directly.
The best part is they each have the same exact problems you'd have in real life.
wrote on last edited by [email protected]Let me one up this. IPv4 NAT is like the pizza guy has to deliver to you, but you live in a gated community with a strict no visitors policy, which does not allow you to even mention what unit you're in, and none of the addresses in the community are registered with the post office or on Google Maps either. Instead, you tell the guardhouse you want to order, and they order the pizza for you. The pizza guy delivers to the guardhouse, and the guardhouse delivers the pizza to you.
IPv6 (with firewalling) is like a normal gated community, you order the pizza and include the unit number, and the delivery driver can deliver your pizza directly, as long as the guardhouse approves.
The difference is, with NAT, the guardhouse has to both guard (firewall) and route (keep track of all deliveries, and deliver) your packages, where with IPv6, the guardhouse (firewall) only has to guard (firewall) the packages.
-
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
But you could do the same thing with a rogue DHCP server I IPv4... With similar methods to prevent the misbehavior on networks
-
Having the breathing room is great.
You have two teams that independently set up private networks but now someone has to talk to them both?
In IPv4, they likely stepped on the same private subnets. In ipv6, they pretty much certainly did not step in the same ULA prefixes. My VPN setup is a mess of a maze to deal with the fact that most things I connect to are all independently allocated 10. subnets, with the IPv6 focused customer being easiest.
Also, if you want to embed information in your addressing, like vlan I'd or room information.
Besides, you can have addresses like fd37:5f1a:b4c1::feed:face, and that's fun isn't it?
-
I do like how I can easily remember IPv4 addresses while I struggle to remember a single IPv6 address
Come on, it's e easy to remember one IPv6 address: ::1
-
Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.
All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.
is a /56 not enough address space for your home network
-
Its unlikely someone with guess your ipv6 of your iot.
No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.
-
The one thing you can't do with IPv6 is yell the address across the room to the technician plugged into the switch trying to ping the node.
you can if you make it mostly zero
