• the_doktor@lemmy.zip
    link
    fedilink
    arrow-up
    243
    arrow-down
    4
    ·
    edit-2
    7 months ago

    Working in computing for years and this is what I’ve heard

    2000: IPv4 is about to dry up, we really need to start moving to v6!

    2005: OH NO THE SKY IS FALLING IPv4 IS ALMOST GONE! IPv6 IN THE NEXT YEAR OR TWO OR THE INTERNET WILL DIE!

    2010: WE’RE SERIOUS THIS TIME IPv6 NEEDS TO BE A THING RIGHT NOW! HELP!

    2015: Yeah, okay, NAT has served us well so far, but we can only take it so far, we really need v6 to be the standard in the next 5-10 years or we’re in trouble!

    2020: Um… guys? IPv6? Hello? Anyone? crickets

    2024: IPv6ers are now the vegans of networking

    this may or may not be satire, just laugh if unsure

    • MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      arrow-up
      103
      arrow-down
      1
      ·
      7 months ago

      As a networker, ipv6 is the future. I’m a fan of it, but I don’t really talk about it anymore because there’s no point.

      I threw in the towel after an ISP messed up so badly that I just couldn’t bother anymore.

      At a previous job a client I was doing some work for got a new internet connection at a new site, the ISP ran brand new fiber for it. This wasn’t a new building or anything, but the fiber was new. They allocated them a static IPv4 thing as usual, and I asked the tech about V6, and they said we would have to take it up with the planning team, so I did. I was involved in the email chain at the end of the sales process to coordinate the hookup. So I asked. After many emails back and forth, I was informed the connection was allocated.

      They allocated one single IPv6 subnet directly off of their device. I couldn’t even.

      For those that don’t understand, the firewall we had connected to the device is an ipv6 router. What normally happens, especially in DHCP customer connections, is that the router will use DHCP-PD to allocate a subnet for the router to use on the LAN, and automatically set up a route to say “reach this subnet we allocated for this router, via this router” kind of thing. I’m dramatically simplifying, but that’s the gist. In DHCP-PD, the router will also have an IPv6 address on the ISP-facing link to facilitate the connection. In the case of the earlier story, they gave us an entire subnet to communicate between the ISP and the router, and didn’t give us a subnet for the client systems inside the network.

      I did ask about this and I can only describe their reply as “visible confusion”.

      I know many who will still be confused by this point are people who have not used IPv6; to explain further: the IP on your local (LAN) systems needs to be a public IP address, because the router no longer does network address translation when sending your data to the internet. So the IP on the router has no bearing on your computer having a connection to the internet over v6. If your local computer does not have a globally unique ipv6 address, you cannot use IPv6. There are ways around this, NAT66 exists but it’s incredibly bad practice in most cases. The firewall I was working with didn’t really support NAT66 (at least, at the time) and I wasn’t really going to set that up.

      ISPs are the reason I gave up on IPv6.

      I’ll add this other story to reinforce it. I’ll keep it brief. A different ISP for a different company at a different site entirely. The client purchased a static IPv4 address, and I asked about IPv6, as you do. To preface, I know this company and used them for my own connection at the time. They have IPv6 for residential clients via DHCP-PD. I was told, no joke, that because of the static IPv4 assignment, and how they execute that for businesses, that they couldn’t add IPv6 to the connection, at all.

      The last thing I want to mention is a video I saw, which is aptly named “CGN, a driver for IPv6 adoption” or something similar. It’s a short lecture about the evils of carrier grade NAT, and how IPv6 actually fixes pretty much all the bs that goes with CGN, with fewer requirements and less overhead.

      IPv6 is coming. You will prefer IPv4 until you understand how horrific CGN is.

      • the_doktor@lemmy.zip
        link
        fedilink
        arrow-up
        24
        ·
        7 months ago

        Yep. It was mostly a joke. Mostly. The bungled adoption of v6 plus all the ways we can still leverage v4 is what’s keeping v6 from being adopted any time soon, but one day we’re going to have to rip off the band-aid and just go for it. Sure, v6 is going to bring its own issues and weirdness, but FUTURE!

        • Hobo@lemmy.world
          link
          fedilink
          arrow-up
          17
          ·
          edit-2
          7 months ago

          I swear it’s going to be a generational change where it takes a slow adoption by the younger network people as the older network people slowly retire. Kind of like how racism and sexism has diminished. It wasn’t like we changed anyone’s mind, just that people held onto it until they died and younger people just said, “The future is now, old man.” and moved past it.

          • Semi-Hemi-Lemmygod@lemmy.world
            link
            fedilink
            English
            arrow-up
            21
            ·
            7 months ago

            “IP address are four sets of numbers with dots in between AND THAT’S HOW I LIKES IT!” - Me, an old network guy

            Honestly the fact that I can’t remember or type IPv6 addresses is a big reason I haven’t bothered figuring it out.

            • Hobo@lemmy.world
              link
              fedilink
              arrow-up
              11
              ·
              edit-2
              7 months ago

              I imagine you sitting there like Scotty, “Give me an ip address, not no colon, not no hexadecimal, and not no bloody double colon. Just 4 numbers between 0 and 255 with a dot in between.”

            • MystikIncarnate@lemmy.ca
              link
              fedilink
              English
              arrow-up
              3
              ·
              7 months ago

              So, my argument here is… Why the hell are you memorizing IP addresses?

              Is your DNS so misconfigured that you’re still punching in IPs by hand?

              DNS is the solution. Going to “router.domain.local” or whatever your internal domain is, is easier to remember than… Which subnet am I on again? Is this one 192.168.22.254? Or 192.168.21.1?

              Stop punching in numbers like a cave man. Use DNS. You won’t even notice if it’s IPv6 after that

              • Semi-Hemi-Lemmygod@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                7 months ago

                And what happens when DNS inevitably falls over and I need to fix it?

                And when I’m watching IP addresses scroll by, IPv6 ones are a lot harder to read than v4

                • MystikIncarnate@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 months ago

                  DNS, by its very nature is redundant. So DNS shouldn’t just fall over. If it does, you’re doing something wrong.

                  If you absolutely need to go to IP addresses, they should be documented.

                  Unless DNS is outright wrong, there should not be an issue.

                  For scrolling: are you staring at active log files? Who isn’t using a syslog aggregator? You can easily look up the IP of whatever device that is interesting and filter the log by that IP.

                • KillingTimeItself@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  7 months ago

                  some super gigabrained chad linux nerd will have written a tool to automatically configure it and have open sourced it.

                  You could probably just use that. I think like most things in life, the answer is automation.

          • MystikIncarnate@lemmy.ca
            link
            fedilink
            English
            arrow-up
            10
            ·
            7 months ago

            All I want to say about this is that the technology specialists, especially in networking, are usually not this opposed to change. Things change for networking and systems folks all the time. We’re used to it. Most of the time the hard sell is with the management folks who Green light projects. They don’t want to “waste” money on something that “nobody wants”.

            Legitimately, one company I asked about IPv6 said to me that customers had not requested it, so they haven’t spent any time on implementing it.

            As if customers know what’s good for them…

          • el_abuelo@lemmy.ml
            link
            fedilink
            arrow-up
            5
            ·
            7 months ago

            Speaking of being an old man, let me tell you:

            “The future is now old man” != “The future is now, old man.”

            I genuinely tripped over this sentence thanks to the lack of punctuation.

        • MystikIncarnate@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          7 months ago

          The important bit is that almost every major web service is already running fully dual stacked. Azure, Amazon, Meta, CloudFlare, Google… If it’s a commonly known internet company, it’s probably ready for IPv6.

          There’s still plenty that isn’t ready, but most well known things have been ready for years at this point.

          • the_doktor@lemmy.zip
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            7 months ago

            The fact that almost the entire internet is controlled by those evil companies is really fucking sad. I remember the old days when people, you know, hosted their own shit and used manual load balancing to keep large sites up and working.

      • I gave it the old college try about 6 months ago. Found out how to send the req for a subnet to my ISP. Configured my opnsense. When it worked, it worked. But it would randomly stop routing regularly. After a lot of troubleshooting determined it was the isp and have up.

        Maybe I’ll try again in another 6 months.

        • MystikIncarnate@lemmy.ca
          link
          fedilink
          English
          arrow-up
          9
          ·
          7 months ago

          This is remarkably common. A major factor is how to handle renewals. There appears to either be bugs with the procedure or there’s disagreement on how it should be handled. So it will work, for a while, until a renewal needs to happen, then everything goes to shit.

          I’ve directly witnessed this in router/firewall logs. That there’s an attempt to renew the DHCP-PD, which does not get a valid reply.

          • KillingTimeItself@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            4
            ·
            7 months ago

            so is there just no standard for renewal? Or are ISPs just refusing to use the standard, for whatever reason?

            I can’t imagine we don’t already have a standard for this shit. I’d be baffled if we didn’t. So surely it’s just ISPs being their usual, useless selves.

            • MystikIncarnate@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              This is less to do with the ISPs and more to do with the implementation of DHCP-PD renewals on various software/hardware devices. I’m not going to point any fingers, but it seems that some vendors don’t play very nicely with other vendors.

      • SpaceCowboy@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Thanks for the comment. Kinda confirms my approach (mostly out of laziness) of “I’ll do it when the ISP starts pushing it” is the correct one.

        I think tech advocacy generally doesn’t work, and in the case of IPv6 I can’t see it working at all unless they can convince the ISPs to devote a lot more resources to it. But since I’m not an ISP… meh, whatever I guess.

      • Alawami@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        7 months ago

        At least you can talk to someone at your ISP who can change things, in 10 years I was literally never been able to contact someone who knows anything about networks in any of the 3 big ISPs here… all I get is this:

        “oh you have speed issue? Let me “refresh” your connection”

        “No sir i have no speed issues, I just need to be able to open IPv6 ports”

        “Oh trying to changing the cable port?”

        “Sigh… can you transfer me to advanced support plz”

        “Sure thing”

        Advanced support: “So you having speed issues?”

        “No i just need to be able to open IPv6 ports”

        “Ah ports, you can do that from your router settings i think”

        “No sir, you are the only ISP here where I can’t open ports or receive any ICMP on my ipv6”

        “Let me see… i’ll refresh your connections”

        And it’s the same of many different issues, you can’t get a hold of anyone who can change anything in any layer about any config. Take it or leave it…

        • MystikIncarnate@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          At most, the difference between your experience and mine was that the support I recieved at least understood what IPv6 was, which is likely a function of most of my stories being from business support, rather than residential support.

          Almost every time I call I get nowhere. Which is why I’ve given up. Obviously, someone high up in the technical teams is trying to implement IPv6 with very limited success. So I’m just trying to be patient, as they navigate the hellscape of corporate approvals and get things working.

          It’s slow going, but at least it’s going.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      41
      arrow-down
      1
      ·
      7 months ago

      But new IPv4 allocations have run out. I’ve seen ISPs that won the lottery in the 90s/2000s (when the various agencies controlling IP allocations just tossed them around like they were nothing) selling large blocks for big money.

      Many ISPs offer only CGNAT, require signing up to the higher speed/more expensive packages to get a real IP, or charge extra on top of the standard package for one. I fully expect this trend to continue.

      The non-move to IPv6 is laziness, incompetence, or the sheer fact they can monetize the finite resource of IPv4 addresses and pass the costs onto the consumer. I wonder which it is.

      • ikidd@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        7 months ago

        Apparently it’s still cheaper to buy IPV4 blocks than to upgrade all the equipment and IT staff to use 6.

      • GTG3000@programming.dev
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        7 months ago

        I mean, at least over here, a white IP has been a paid service for as long as I can remember. Absolute majority of people don’t need a static IP, which is why we haven’t had internet “breaking” because of IPv4 running out.

        • r00ty@kbin.life
          link
          fedilink
          arrow-up
          8
          ·
          7 months ago

          But this is another interesting thing. Dynamic IP addresses made sense, when we were dialling up for internet, and the internet wasn’t the utility it is now.

          Back then we’d dial up for a few hours in the evening or weekend. Businesses that didn’t have a permanent presence would connect in the day to send/receive emails etc. So, you could have 500 IP addresses to around 1500 users and re-use them successfully.

          But now, what is the real point in a dynamic IP? Everyone has a router switched on 24/7 sitting on an IP. What is the real difference, in cost in giving a static IP over a dynamic one? Sure, CGNAT saved them IP addresses. But, with always on dynamic just doesn’t make sense. Except, that you can charge for a static IP. The traffic added by the few people that want to run services is usually running against the tide of their normal traffic. So, that shouldn’t really be an extra cost to them either.

          If everyone that ran a website did the extra work (which is miniscule) to also operate on IPv6, and every ISP did the (admittedly more) work to provide IPv6 prefixes and ensure their supplied routers were configured for it, and that they had instructions to configure it on third party routers, IPv4 would become the minority pretty soon. It seems like it’s just commercial opportunity that’s holding us back now.

          • GTG3000@programming.dev
            link
            fedilink
            arrow-up
            4
            ·
            7 months ago

            From what I understand about the providers, they really don’t like it when you’re generating outbound traffic. Sure it’s advertised to be symmetrical, but the actual hardware they place here can get bogged down if you start hosting a popular site (or seeding too much).

            And of course, if they can charge you for a static IP then defaulting to dynamic is imperative, isn’t it? Pretty sure they’d try that with IPv6 too just to keep the income stream.

            Regardless, the actual issue with IPv6 around here seems to be that the providers either don’t know how to or don’t care to implement it properly. Sure I can tick on “IPv6” in my router, but that doesn’t mean I have an unbroken chain or routing hardware that supports it connecting me to the great internet.

            • r00ty@kbin.life
              link
              fedilink
              arrow-up
              3
              ·
              7 months ago

              And of course, if they can charge you for a static IP then defaulting to dynamic is imperative, isn’t it? Pretty sure they’d try that with IPv6 too just to keep the income stream.

              I’ve mentioned it elsewhere. Some ISPs here in the UK have a dynamic IPv6 prefix. Want a static one? Sure, pay up.

              I suppose to an extent this kind of thing is akin to low cost airlines. Sure you can “technically” get a flight for €15. But once you’ve made it even remotely bearable you’ll be paying around the cost of a full service airline. But, it does make it very hard to have a website doing a proper price comparison.

              I suspect it’s the same here. I pay a bit more than most ISPs. But for that, I get decent in country support, fixed IPv6 prefix and static IP (I actually have a legacy IP block, but you don’t get those included in the base price any more). Whereas plenty of other providers charge less, but will charge you for anything beyond the most basic of connections. It means my ISP always appears at the expensive end of price comparisons.

              • GTG3000@programming.dev
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                Yeah, I just checked, getting a static IPv6 here in Russia from my ISP costs ~.4 eur per month. IPv4 is ~1 eur, so you get a discount if you go for v6! Oh and despite my ISP saying they support v6, connection I got doesn’t have it at all. Probably whatever hardware they got in my house doesn’t know what it is.

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      30
      ·
      7 months ago

      IPv4 dried up a long time ago. But it’s different for every country. Countries like US and UK simply took over large blocks of IPv4 addresses and countries like Brazil got fucked. So, if you’re in a country with a large pool, you won’t notice any issues today, but if you’re not so lucky, a lot of internet services are not accessible to you because some dickhead got IP banned and that IP is shared by thousands if not millions of users in your country.

    • Toribor@corndog.social
      link
      fedilink
      English
      arrow-up
      10
      ·
      7 months ago

      The adoption of IPv6 on some segments of the Internet has lessened the crisis around IPv4 availability.

    • Goodie@lemmy.world
      link
      fedilink
      arrow-up
      10
      arrow-down
      3
      ·
      7 months ago

      Imho

      Ipv4 and peak oil are similar.

      We’re constantly running out; but every fes years, we figure out a new way to extract more oil/make do with the addresses we currently have.

      Someone sells of their underused block, or more people move to the services with excess IP addresses if they need one.

      • Kalcifer@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        We’re constantly running out; but every fes years, we figure out a new way to extract more oil/make do with the addresses we currently have.

        It’s a supply and demand situation. We run out of things not only when they are physically exhausted, but also when it’s not economically viable to find ways to make more. But when demand increases enough, it will eventually become economically viable again.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        We’re constantly running out; but every fes years

        critical difference here was also the consumption of oil. It’s gone down significantly since then as processes have moved to other materials and more efficient methods of manufacturing, due to the price increase of oil. Likewise, our oil consumption has gone down, and our ability to extract it HAS gone up, just not all that much. The big difference is that there’s just more oil that we know about now, than there used to be.

        IPV4 addresses are a static pool, that never changes, the only thing that changes is the adoption of them, as certain things move to IPV6 they’re still likely to hold IPV4 in some capacity, as IPV6 isn’t fully rolled out almost anywhere.

        • Goodie@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          critical difference here was also the consumption of oil. It’s gone down significantly since then as processes have moved to other materials and more efficient methods of manufacturing,

          Do you have a source for that? Because this seems to suggest fossil fuel and oil demand might of roughly plateaued the last few years, the dip looks pretty welly correlated to Covid.

          IPv4 addresses are a static pool, yes. But we’re continually using them more efficiently, the same as Oil. The difference being that Oil has a limit on the amount of energy contained in its chemical bonds, but you could quite happily host 1,000 or 10,000 websites on a single server.

          • KillingTimeItself@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            7 months ago

            Do you have a source for that?

            yes sorry, what i meant to say was “the expected usage of oil over time” When a lot of the early to late 90’s "we’re running out of oil stuff was happening, a lot of predictions would’ve been based on continued increased usage of oil. Rather than it just randomly plateauing. It’s likely that the predicted curve would’ve have been significantly more exponential than presented.

            And we’re also talking on a more local scale here, so this would be more centric around a single country, or north america specifically. Or perhaps assuming that third world countries would start industrializing or something. There are any number of factors that could have influenced the potential consumption predictions.

            another interesting tidbit, this was also just after the time we thought we were going to build a lot of nuclear power, so arguably that influenced the older variants of the graph as well as the modern consumption of oil for power production, for example.

            IPv4 addresses are a static pool, yes. But we’re continually using them more efficiently, the same as Oil.

            Yeah but idk about this one. Perhaps at the scale of CDNs and proxy distribution, but generally, i don’t see this being very possible, simply because in order for a site to be supported strictly by IPV6 it must be supported by all connecting clients, and considering that most clients today are uh, not IPV6. If you want your service to work, it’s going to need to be IPV4. I mean sure internal communications, but those aren’t real so you can use any subnet range you want, it makes no difference.

            but you could quite happily host 1,000 or 10,000 websites on a single server.

            it depends on what you classify as a server, what you define a website as, and how you define the usage of it, but yeah generally, ignoring the fact that this is irrelevant, it’s about that simple.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      7 months ago

      Who needs an IP address anymore? What year is it? You want to connect to your friend’s computer and exchange some information via computer system, seriously? Just use Cloudflare, Google or Azure and route everything through them.

      • the_doktor@lemmy.zip
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        You… do know how computers connect to each other, right? I hope this is sarcasm. But these days unless it’s specifically stated, it’s usually not, just a bunch of dumb kids who can’t understand how the internet works.

        And then the dumb kid realizes he’s dumb and says “uh yeah, sarcasm, duh, didn’t you know i was joking, hahahahaha, yep, I knew, of course I did!” when he totally didn’t.

        But regardless of the fucking point, no one wants to use these big business trash that is ruining the internet.

  • chris@l.roofo.cc
    link
    fedilink
    arrow-up
    92
    arrow-down
    2
    ·
    7 months ago

    The perpetual chicken egg problem of IPv6: many users don’t have IPv6 because it’s not worth it because everything is reachable via IPv4 anyways because IPv6 only service don’t make sense because they will only reach a subset of users because many users don’t have IPv6…

      • krellor@fedia.io
        link
        fedilink
        arrow-up
        26
        arrow-down
        4
        ·
        7 months ago

        I mean, yes and no. For an individual or individual systems? No, it’s not hard. But I used to oversee a WAN with multiple large sites each with their own complex border, core, and campus plant infrastructure. When you have an environment like that with complex peerings, and onsite and cloud networks it’s a bit trickier to introduce dual stack addressing down to the edge. You need a bunch of additional tooling to extend your BGP monitoring, ability to track asynchronous route issues, add route advertisements etc. when you have a large production network to avoid breaking, it’s more of a nail biter, because it’s not like we have a dev network that is a 1-1 of our physical environment. We have lab equipment, and a virtual implementation of our prod network, but you can only simulate so much.

        That being said, we did implement it before most of the rest of the world, in part because I wanted to sell most of our very large IPv4 networks while prices are rising. But it was a real engineering challenge and I was lucky to have the team and resources and time to get it done when it wasn’t driving an urgent, short timeline need.

      • 30p87@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        Or one could use alternative hosters, or maybe even selfhost git services.

    • Album@lemmy.ca
      link
      fedilink
      arrow-up
      20
      ·
      edit-2
      7 months ago

      Honestly this isn’t even true anymore. Most major ISPs have implemented dual stack now. The customer doesn’t know or care because it’s done at the CPE for them.

      I use a browser extension which tells me if the site I’m at is 6 or 4 or mixed. In 2024 most major sites support V6. A lot of this is due to CDN supporting it natively.

      The fact that GitHub doesn’t is quickly becoming the exception.

    • takeda@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      7 months ago

      If IPv6 is done right you don’t even know you have it. If you use a cell phone or a home Internet, there is a high chance you are already using IPv6.

    • chevy9294@monero.town
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      I don’t have IPv6, but I can still reach IPv6 only sites if I use MullvadVPN (and probably also with other VPN providers).

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    59
    arrow-down
    3
    ·
    edit-2
    7 months ago

    I’m not using it because by and large it’s not implemented properly on consumer hardware, and my ISP doesn’t care if their IPv6 network is broken.

    • MagicShel@programming.dev
      link
      fedilink
      arrow-up
      38
      ·
      7 months ago

      I’ve tried multiple times to go IP6 only. I mostly thought, despite my reasonable understanding of IP4, that I was the problem in trying to set it up. I found my dns host was being forgotten multiple times a day, set to something invalid, then it would time out and revert back to the working one. I couldn’t figure out how to connect two computers together for Minecraft.

      Now I hear it was just garbage consumer hardware and software? Fuck me. So much wasted time and effort to say nothing of believing I had turned into a tech idiot.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        28
        ·
        edit-2
        7 months ago

        You’re not an idiot. You’re using tools that don’t really do what they claim because it wasn’t considered an important use case.

        IPv6 is great, but we haven’t seen enough pain yet to really drive adoption on the home LAN.

        My solution uses the ISP box to deliver stateless auto conf, and bridging a consumer router. I can’t open ports but at least I get an IP.

        • Album@lemmy.ca
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          7 months ago

          Do you have an example? Because it works great on openwrt, dd-wrt, pfsense, opnsense, unifi, mikrotik…and then if you’re using the isp equipment it works out of the box.

          • henfredemars@infosec.pub
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            7 months ago

            TP-link can’t open ports in the v6 firewall neither can Linksys and it doesn’t support DHCP forward so literally was incompatible with my ISP implementation. Some current TP Link router sold at Walmart don’t even have an IPv6 firewall.

            Open source works great. Can’t speak to unifi never seen it for sale here.

          • madscience@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            7 months ago

            You’re using open source third party firmware and higher end networking gear as an example. Of course they work. Shitty consumer grade brands aren’t in the same class

              • umbrella@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                7 months ago

                tplink handles it badly ootb, youd need openwrt/ddwrt.

                my isp’s modem cant handle it well either.

                i doubt older asus/linksys/etc devices handle it well either.

    • skilltheamps@feddit.de
      link
      fedilink
      arrow-up
      9
      ·
      7 months ago

      That is not the case for every country though. In France and Germany for example almost 3/4 of google requests are via IPv6.

  • GTG3000@programming.dev
    link
    fedilink
    arrow-up
    58
    arrow-down
    5
    ·
    7 months ago

    “Everyone is using IPv6”

    It’s barely supported. Most providers here “offer IPv6”, but each has a different gotcha to actually using it, if it works at all and they didn’t just route you through hardware that doesn’t know what it is.

    • flying_sheep@lemmy.ml
      link
      fedilink
      arrow-up
      21
      arrow-down
      1
      ·
      edit-2
      7 months ago

      What’s “here”? Here in Germany, mine has it for maybe 10 years or so. Basically since launch day.

      And new ISPs only have v6 since all legacy (v4) blocks have been sold years ago.

      • person420@lemmynsfw.com
        link
        fedilink
        arrow-up
        11
        ·
        7 months ago

        Just because you have a IPv6 address doesn’t mean you’re actually using it. At best you’re tunnelling IPv4 traffic through your carrier’s IPv6 network. Current estimates (from Cloudflare) show only about 34% of the global internet uses IPv6.

        If you only used IPv6, you wouldn’t be able to access nearly 66% of the internet.

      • GTG3000@programming.dev
        link
        fedilink
        English
        arrow-up
        8
        ·
        7 months ago

        Mordor itself, Russia. Technically, most ISPs support IPv6 here but as I said each has something weird in config that makes using it… Fun. I don’t remember specifics since I’m mostly looking at it from consumer side, but I could try finding the article (in russian) that talked about it.

        My current connection doesn’t have IPv6 at all according to https://ipv6-test.com/, although I’m not 100% if it’s because of provider or Cisco AnyConnect blocking shit.

        When you when you sign up for internet here, you get a dynamic IP, it’s been that way for… As long as I can remember, really. Definitely more than ten years. I know in Moscow people used to get white IPs way back when, but that’s long gone. Not really a problem since most people don’t host anything.

      • Opisek@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Not at all only. At times you have both IPv6 and IPv4 and other times you can still get IPv4 at no additional cost like when you run your own router or modem. The layperson will be given IPv6 by default, but it’s not the only thing you can get.

        • flying_sheep@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          Yes only. Note that I said “new ISPs”.

          The older ISPs already own all IPv4 blocks, so while they can still give them out to private or professional customers, it would be stupid to sell the blocks to competitors.

  • RecluseRamble@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    56
    arrow-down
    12
    ·
    edit-2
    7 months ago

    Why should we care? So address space may run out eventually - that’s our ISPs’ problem.

    Other than that I actually don’t like every device to have a globally unique address - makes tracking even easier than fingerprinting.

    That’s also why my VPN provider recommends to disable IPv6 since they don’t support it.

    • MrRazamataz@lemmy.razbot.xyz
      link
      fedilink
      English
      arrow-up
      29
      ·
      7 months ago

      Because people in countries with ISPs that are unable to provide IPv4 (e.g. too expensive) can’t access GitHub easily.

    • umbrella@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      7 months ago

      the only reason i can think of is cgnatting ipv4 because of depleted pool. otherwise yea.

      i believe you can NAT ipv6 too, i mean so you use the router’s address only?

      • Avatar_of_Self@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

        NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.

        • orangeboats@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          The word you are looking for is firewall not NAT.

          NAT does not provide security whatsoever. If the NAT mapped your (internal IP, internal port) to a certain (external IP, external port) and you do not have a firewall enabled, everyone can reach your device by simply connecting to that (external IP, external port).

          I haven’t seen routers that do not come with IPv6 firewalls enabled by default.

          • umbrella@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            7 months ago

            everyone can reach your device by simply connecting to that (external IP, external port)

            to be fair thats the setup most people run when they open ports.

          • Avatar_of_Self@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            7 months ago

            The word you are looking for is firewall not NAT.

            No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

            Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

            By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

            • orangeboats@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              7 months ago

              Consumer router firewalls are generally trash

              [Citation needed]

              They are literally piggybacking on the netfilter module of Linux. I don’t see how that’s trash

              • Avatar_of_Self@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                7 months ago

                They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

                Added some clarification in my first sentence so it makes a bit of sense.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      that’s our ISPs’ problem

      If the Internet means for you a way to access Facebook, Netflix, Google and YouTube, yeah.
      But if it means a network to send something to another computer then it’s a huge problem.

      Because ISP won’t care if you can accept connections or not. They don’t care about decentralization and being able to host stuff yourself. Most consumers just want a pipe to big services and not to their friend’s house.

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      7 months ago

      That’s the dumbest thing I’ve read today… Your ISP is fleecing you and you’re happy with it.

      • RecluseRamble@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        arrow-down
        3
        ·
        7 months ago

        What the fuck are you talking about? My ISP supports IPv6 just fine, but following my VPN’s advice I disable it (on certain devices at least) for privacy concerns. And it makes exactly zero difference in functionality.

          • RecluseRamble@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            7 months ago

            It’s Proton VPN. Lack of IPv6 support is a downer but I wouldn’t call them shit.

            Edit: maybe elaborate why you deem IPv6 so crucial? As I said: everything works just fine without.

    • YTG123@sopuli.xyz
      link
      fedilink
      arrow-up
      24
      ·
      7 months ago

      Mine provides a connection, but doesn’t expose ports on v6. So I can access v6 services but can’t self-host any.

      • NeatNit@discuss.tchncs.de
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        7 months ago

        Huh? With IPv6 you get your own IP address, the ISP doesn’t need to know shit about ports. Your address is not behind a NAT anymore, and ports don’t need to be forwarded.

        Perhaps you mean the ISP set up a firewall that blocks incoming connections? In which case, maybe you can have that firewall disabled? ISP firewalls and “safe browsing” packages are always shit.

        To be honest though there might be some aspect to this I don’t know.

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          13
          ·
          7 months ago

          Honestly, I was there the first time round, when everyone raw dogged the internet on a single modem per PC. I remember Blaster, and talking people through removing it in 60 second bursts as their PCs shut down over and over.

          It was carnage. The average user doesn’t need open ports on the internet, and they’ll only get their elderly machines infected instantly if they did.

      • calcopiritus@lemmy.world
        link
        fedilink
        arrow-up
        35
        ·
        7 months ago

        Not always possible. In Spain IPv6 adoption is at like 5%. There’s literally no ISP that offers it. I don’t even know how that 5% got it, maybe special deals.

        • cellardoor@lemmy.world
          link
          fedilink
          arrow-up
          10
          ·
          7 months ago

          Yes just had a look, according to Google countrywide it’s 10%. Very low, sadly. Neighboring France at 74% IPv6. Interesting to see the difference even with neighbouring countries.

        • cellardoor@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          7 months ago

          Sure, in the UK we have very strict rules around competition law and broadband access. Here, fibre businesses lay fibre to premises (and are paid to do so). Then, a customer can order from any number of broadband providers, and the company who originally laid the fibre lease that line out at wholesale prices. The broadband operator runs ‘over the top’ of whoever installed the fibre.

          That way, the fibre installer makes money over time, gently and progressively. All broadband companies and smaller ‘Alt-Nets’ as we call them, have an equal opportunity to a customer base. Finally the customer has the choice to find services matching their needs and price points. Pay a lot get a lot, pay less get less.

          I think I have a choice of 6. Names which come to mind are EE, Vodafone, Virgin, Trooli, Cuckoo and Orange.

          • Zorsith@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            5
            ·
            7 months ago

            Meanwhile, in the US, the government paid ISPs for fiber to be ran and they just pocketed it instead.

            Now we’ve got smaller companies running fiber and charging less for synchronous gigabit than you’d pay for copper 500mb down 5mb up, and ISPs are panicking a bit.

            All the fiber maps have big empty zones where apartment complexes are, sadly.

        • VitabytesDev@feddit.nl
          link
          fedilink
          arrow-up
          5
          ·
          7 months ago

          Here in Greece, we have three providers, but I don’t want to change, since we pay very little money to the one I am in right now in return of slower speeds (5 Mbps download, 0.5 Upload).

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        14
        ·
        7 months ago

        move providers? Where, to who? There is currently one provider where i live, soon potentially to be two. Though it’s not finalized yet, nor constructed, so for all intents and purposes, it’s just the one provider.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        6
        ·
        7 months ago

        As soon as fiber covers the final < 0.5% of my city with fiber (🤞 but I doubt it will happen) I’ll switch off of cable. Until then I can use cable with one provider or DSL with another.

  • bigredcar@lemmy.world
    link
    fedilink
    arrow-up
    33
    arrow-down
    12
    ·
    7 months ago

    Just remember we got rid of TLS 1.0 the same thing can be done with IPv4. It’s time for browser makers to put “deprecated technology” warnings on ipv4 sites.

    • NocturnalEngineer@lemmy.world
      link
      fedilink
      arrow-up
      68
      arrow-down
      1
      ·
      7 months ago

      IPv4 isn’t depreciated, it’s exhausted. It’s still a key cornerstone of our current internet today.

      We still have “modern” hardware being deployed with piss-poor IPv6 support (if any at all). Until that gets fixed, adoption rates will continue to be low. Adding warnings will only result in annoying people, not driving for improvement.

      • gamermanh@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        7 months ago

        Adding warnings will only result in annoying people, not driving for improvement.

        Given how poorly adoption has gone so far this might be the only way to get actual fast support rolled out. Piss people off, get change

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        3
        ·
        7 months ago

        IPv4 isn’t depreciated, it’s exhausted.

        exhaustion probably also constitutes as “deprecated” once the utility of a system designed to be, well, useful no longer meets the usefulness quotient that it previously provided. Suddenly It’s “deprecated technology”

          • KillingTimeItself@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            genuine question, any reason not to just actually deprecate it then? Like just stop producing hardware that routes IPV4. Chances are there’s enough that’ll already do IPV4 it won’t be a problem, and im sure if you really needed to, you could figure something out.

    • bfg9k@lemmy.world
      link
      fedilink
      arrow-up
      32
      arrow-down
      1
      ·
      7 months ago

      You shouldn’t need to remember IP addresses, they invented DNS to solve that problem lol

      Even so, the addresses can be even easier to remember because we get a-f as well as digits, my unique local subnet is fd13:dead:beef:1::/60 cause I like burgers haha

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        edit-2
        7 months ago

        You do need to know it when you’re working with subnets and routing tables.

        Unless you have anything but a flat network structure with everything in one subnet, working with IPV6 is a giant PITA.

        • bfg9k@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          7 months ago

          I’m curious how you normally deploy since there’s a couple of ways to do it, I’ve mostly dealt with requesting a number of prefixes from the upstream router and delegating to each subnet/VLAN as appropriate, and each time I’ve done it it’s been a breeze

          Even if you need static addressing you can just set it manually and DAD will handle it if it ever conflicts with a DHCP address, at least in my experience

          • DefederateLemmyMl@feddit.nl
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            7 months ago

            It’s when you have to set static routes and such.

            For example I have a couple of locations tied together with a Wireguard site-to-site VPN, each with several subnets. I had to write wg config files and set static routes with hardcoded subnets and IP addresses. Writing the wg config files and getting it working was already a bit daunting with IPv4, because I was also wrapping my head around wireguard concepts at the same time. It would have been so much worse to debug with IPv6 unreadable subnet names.

            Network ACLs and firewall rules are another thing where you have to work with raw IPv6 addresses. For example: let’s say you have a Samba share or proxy server that you only want to be accessible from one specific subnet, you have to use IPv6 addresses. You can’t solve that with DNS names.

            Anyway my point is: the idea that you can simply avoid IPv6’s complexity by using DNS names is just wrong.

              • DefederateLemmyMl@feddit.nl
                link
                fedilink
                arrow-up
                2
                ·
                7 months ago

                You don’t even have to NAT the fuck out of your network. NAT is usually only needed in one place: where your internal network meets the outside world, and it provides a clean separation between the two as well, which I like.

                For most internal networks there really are no advantages to moving to IPv6 other than bragging rights.

                The more I think about it, the more I find IPv6 a huge overly complicated mistake. For the issue they wanted to solve, worldwide public IP shortage, they could have just added an octet to IPv4 to multiply the number of available addresses with 256 and called it a day. Not every square cm of the planet needs a public IP.

        • smileyhead@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          You can subnet it with the exact same rulea as IPv4, nothing is chaning there.

          Replace, for example, 192.168. with fd01::, with digits after this being divided however you like. You might step upon a too basic router that has it’s own way to assign addresses with no way to change it, but that would not be IPv6 fault.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      Since I bought a domain name I do not remember IP addresses. Just like I don’t remember password since I installed password manager or not remember phone numbers since I have a smartphone.

      It’s only annoying when being on someone’s else computer without my clipboard sharing setup and need to copy an address by hand. But that’s an issue when setting something up. I would take this inconvenience while setting up than all everyday inconveniences that IPv4 created in last years.

  • mindlight@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    2
    ·
    7 months ago

    2 months ago I thought I’d start learning IPv6 and started watch some intro videos on YouTube.

    Holy crap… It’s a beast and it just felt like if you don’t know what you’re doing you might lose all control over your network. Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…

    Normally that’s not a problem since your normal home router wouldn’t route 169.254.x.x… But it just seems like there’s A LOT to think about before activating IPv6 at home. I’ve got a Creality K1 Max… Fun thing: factory reset also creates a new MAC Address… So there’s no way in hell thay I just let her lose by activating IPv6.

    Ps. Yes, I most likely panic because I haven’t figured out IPv6… But until I understand IPv6 there’s just going to be IPv4.

    • sloppy_diffuser@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      10
      ·
      7 months ago

      Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…

      Its not that different from a conceptual point of view. Your router is still the gate keeper.

      Home router to ISP will usually use DHCPv6 to get a prefix. Sizes vary by ISP but its usually like a /64. This is done with Prefix Delegation.

      Client to Home Router will use either SLACC, DHCPv6, or both.

      SLACC uses ICMPv6 where the client asks for the prefix (Router Solicitation) and the router advertises the prefix (Router Advertisement) and the client picks an address in it. There is some duplication protection for clients picking the same IP, but its nothing you have to configure. Conceptually its not that different from DHCP Request/Offer. The clients cannot just get to the internet on their own.

      SLACC doesn’t support sending stuff like DNS servers. So DHCPv6 may still be used to get that information, but not an assigned IP.

      Just DHCPv6 can also be used, but SLACC has the feature of being stateless. No leases or anything.

      The only other nuance worth calling out is interfaces will pick a link local address so it can talk to the devices its directly connected to over layer 3 instead of just layer 2. This is no different than configuring 169.254.1.10/31 on one side and 169.254.1.11/31 on the other. These are not routed, its just for two connected devices to send packets to each other. This with Neighbor Discovery fills the role of ARP.

      There is a whole bunch more to IPv6, but for a typical home network these analogies pretty much cover what you’d use.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      Generally, a device cannot get an internet facing IP address unless something else on your network is advertising the prefix. In fact, I’d argue there’s little point using DHCPv6 now. Some devices are only interested in SLAAC. But, if you have a router that gets an IPv6 prefix from your ISP (usually /48 or /64, but you can get other sizes) it will usually then advertise that onto your local network.

      As for the IP addresses. I would say that you should definitely still have a firewall in place. But the setup is the same as IPv4 just without NAT. e.g. you set a blanket rule for your prefix to allow outbound and block unrelated inbound. Then poke holes through for specific devices and services.

      By default, IPv6 implementations make an assumption that they’re not going to be a server (if you want a device to be a server, you can just set a static IP) and their “main” IP will be a random looking one (and the configuration will depend on whether it uses an interface identifier to create the address, or if it is random) within your (usually huge) allocation. But more than that, they will usually be configured to use the IPv6 privacy extensions (RFC4941). This generates extra temporary addresses per device, which are used for outbound connections and do not accept incoming connections. That is, people cannot see your IP address on their host from your connection and then port scan you, since no ports will respond. You could still have ports open on your “real” IP address. But, that one isn’t ordinarily used for outgoing connections, so no-one will know it exists. To discover it they would need to scan your whole prefix (remember that the /64 allocation you will generally get is the internet * the internet in terms of address space, that is much harder to brute force scan).

      I think the differences between IPv4 and IPv6 might seem scary, but most of them are actually improvements on what we had before, making use of the larger pools we have available. Once you work it out, it’s really not so bad.

      I would like to see routers setup to firewall ipv6 by default to give the same protection as NAT though, meaning users need to poke holes into the firewall for incoming connections. Maybe some do. I know mine did not and it was one of the first things I did.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Those are just the same networking concepts as v4. Just 128 bits instead of 32. The hard thing can be ULA or SLAAC, which are like “yeah, just some random address to not get conflicts” and “yeah, first half your ISP gives you, second is taken from MAC address”.

      We even get rid of a bunch loaded crap that holepunching v4 and making it work developed through years.

      Maybe it seems hard, because what was used before was not really learned how it works but just relied on hacks.

  • JATth@lemmy.world
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    7 months ago

    I’m actually bit sad that I had to move onto a ISP which has zero IPv6 support, as I previously did have IPv6. The last thing I did on that connection was to debug the hell out of my IPv6 code I had developed.

      • sep@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        7 months ago

        That should simply not be allowed. Cgnat for ipv4 is fine if they also provide proper ipv6

  • tmpod@lemmy.pt
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    7 months ago

    I just upgraded my Lemmy instance’s hardware and finally got IPv6 support :D