IPv6 for self hosters
-
So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
wrote on last edited by [email protected]No need to put some AI slop in here.
-
Cool, thx!
For me to switch, I'd need a simple tutorial on how to do it. Something that I could learn and solve first problems within a day or weekend. I hope it's not grub level difficult
Its really not that hard. Sadly, my ISP doesn't offer IPv6 yet, but for my vServer, enabling IPv6 was just a checkbox during creation. Then, you need to make sure that the service (e.g. webserver) also listens on the IPv6 address and maybe tweak the configuration of the webserver to actually serve websites via IPv6. Also, check your firewall settings. Lastly, you need to set the DNS AAAA records and you're done.
-
wrote on last edited by [email protected]
That is because of the child safety act
Nothing I can do
-
Cool, thx!
For me to switch, I'd need a simple tutorial on how to do it. Something that I could learn and solve first problems within a day or weekend. I hope it's not grub level difficult
What network hardware do you have?
-
So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
This looks like some kind of weird AI slop, sorry.
-
So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
Isnât sharing a prefix the same as sharing a v4 /32, privacy wise?
-
Its really not that hard. Sadly, my ISP doesn't offer IPv6 yet, but for my vServer, enabling IPv6 was just a checkbox during creation. Then, you need to make sure that the service (e.g. webserver) also listens on the IPv6 address and maybe tweak the configuration of the webserver to actually serve websites via IPv6. Also, check your firewall settings. Lastly, you need to set the DNS AAAA records and you're done.
If you need IPv6, you can get a free tunnel from Hurricane Electric. They will give you a /48 if you request it. I used it for years since my old ISP didn't have IPv6. I am close to one of their servers, so the latency was very low.
-
What network hardware do you have?
wrote on last edited by [email protected]I have no idea. Speedport from vodafone, ipv6 is enabled but I don't use it
I'm not behind some NAT -
Thanks for posting this. The idea of individual services having their own IP address had never occurred to me and would solve so many issues.
I always thought it's kind of odd how frivolous we are with IPv6 addresses given the problems that gave us with IPv4. US DoD has like 200 million IPv4 addresses and they probably only use a tiny fraction of that. There's also a bunch of old companies like HP, IBM, and Apple, that have entire /8s, so that's 16 million IPs each. I know IPv6 is ridiculously bigger but we're talking about giving IP addresses to our lightbulbs now at a time we're also looking to inhabit other planets.
-
I always thought it's kind of odd how frivolous we are with IPv6 addresses given the problems that gave us with IPv4. US DoD has like 200 million IPv4 addresses and they probably only use a tiny fraction of that. There's also a bunch of old companies like HP, IBM, and Apple, that have entire /8s, so that's 16 million IPs each. I know IPv6 is ridiculously bigger but we're talking about giving IP addresses to our lightbulbs now at a time we're also looking to inhabit other planets.
But it's 2âľÂ˛ addresses for each star in the observable universe.
Or in other words, if every star in the observable universe has a planet in the habitable zone, each of them got 2²Ⱐmore IPs than there are IPv4 addresses. -
So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
I still havenât figured out how to make a firewall rule with slaac on pfsense, with an ISP that hands out addresses at random. Itâs my understandingâs slaac is the ârightâ way to do things, not dhcp and reservations.
Granted, itâs been a minute since I tried so I donât remember the issues, but as I recall, when ipv6 prefix changes, device gets new IP (and it seems not just the prefix part. I can get the firewall to register IPs into DNS and use a dns based firewall rule, but unbound restarts and blows out its cache when a device joins the network. And there another part to it but itâs all gone fuzzy.
-
I always thought it's kind of odd how frivolous we are with IPv6 addresses given the problems that gave us with IPv4. US DoD has like 200 million IPv4 addresses and they probably only use a tiny fraction of that. There's also a bunch of old companies like HP, IBM, and Apple, that have entire /8s, so that's 16 million IPs each. I know IPv6 is ridiculously bigger but we're talking about giving IP addresses to our lightbulbs now at a time we're also looking to inhabit other planets.
You may know IPv6 is ridiculously bigger, but you don't know it.
There are enough IPv6 addresses that you could give 10^17 addresses to every square millimeter of Earth's surface. Or 5Ă10^28 addresses for every living human being. On a more cosmic scale, you could issue 4Ă10^15 addresses to every star in the observable universe.
We're not going to run out by giving them to lightbulbs.
-
I always thought it's kind of odd how frivolous we are with IPv6 addresses given the problems that gave us with IPv4. US DoD has like 200 million IPv4 addresses and they probably only use a tiny fraction of that. There's also a bunch of old companies like HP, IBM, and Apple, that have entire /8s, so that's 16 million IPs each. I know IPv6 is ridiculously bigger but we're talking about giving IP addresses to our lightbulbs now at a time we're also looking to inhabit other planets.
Going to other planets would require a total re-architecting of our communications infrastructure anyway. There's such distance too it's not really viable to have a shared internet. Even Mars would have up to 22 minute latency at peak. So I don't think it makes sense to plan our current internet around potential future space colonization.
Even so, IPv6 is truly massive. We could give a /64 to every square centimeter of the Earth's surface and still have IPs to spare. Frankly, I think the protocol itself will be obsolete before we run out.
-
If you need IPv6, you can get a free tunnel from Hurricane Electric. They will give you a /48 if you request it. I used it for years since my old ISP didn't have IPv6. I am close to one of their servers, so the latency was very low.
You're right, that's an option. I could set this up at my router, this way it would be almost indistinguishable from IPv6 via my ISP.
-
You may know IPv6 is ridiculously bigger, but you don't know it.
There are enough IPv6 addresses that you could give 10^17 addresses to every square millimeter of Earth's surface. Or 5Ă10^28 addresses for every living human being. On a more cosmic scale, you could issue 4Ă10^15 addresses to every star in the observable universe.
We're not going to run out by giving them to lightbulbs.
You may know IPv6 is ridiculously bigger, but you donât know it.
âSpace is big. You just won't believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts to space.â
No matter whether we are talking about real space or IPv6 address space, Douglas Adams' quotes always come handy.
-
I still havenât figured out how to make a firewall rule with slaac on pfsense, with an ISP that hands out addresses at random. Itâs my understandingâs slaac is the ârightâ way to do things, not dhcp and reservations.
Granted, itâs been a minute since I tried so I donât remember the issues, but as I recall, when ipv6 prefix changes, device gets new IP (and it seems not just the prefix part. I can get the firewall to register IPs into DNS and use a dns based firewall rule, but unbound restarts and blows out its cache when a device joins the network. And there another part to it but itâs all gone fuzzy.
You probably need private addressing
SLAAC shouldn't be used with static IPs
-
This looks like some kind of weird AI slop, sorry.
I'm a chat bot and I'm here to serve
-
No need to put some AI slop in here.
None of this is AI generated
-
So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
Iâve considered using v6 as I host a lot of services from my homelab and it would be great if each had its own address. The question I have is, is v6 prevalent enough that all the clients out there are ready to go and I can just switch my lab servers to v6 and swap my A records with AAAA records, or will I still need to serve up v4 (and therefore, may as well just stick with the topology, reverse proxies, etc. Iâve already got.)
