Basic stuff like getting automatically applied dynamic hostnames from the ISP fighting with whatever things are called internally wastes alot of time. I think most devices were getting 4 different addresses for various purposes and the devs had no idea which one they should be using.
I'm sure we were doing it wrong, or used the wrong gear, or whatever. But again, no discernable benefit to anyone involved. If we were located in a place with no IPv4 availability, probably a different story... but we don't. We turned it off except for a few networks that just provide client internet.
It is like carrying a Swiss Army knife in your pocket. Until you start it seems like you’d never need it. Once you do, you won’t live without it.
But yes it uses colons instead of dots. Sorry about that.
Oh! This is how the Internet was supposed to be!
Remember, we only even bother with NAT bullshit in the first place because there aren't enough IPv4 addresses.
The company stuff is super-simple, but my home is as you described in the other comment -- i'm getting into large counts of IoT and other devices.
A lot of cheap IoT WiFi devices do not have IPv6 support but pretty much anything to do with ESP32 or even ESP8266 does have that support now. Ping me if you want to talk more about it.
I don't know what the issue was the last time, and I don't want to know. In particular, I don't want to have to know. When I open the tap, I expect clear, safe, drinking water, not having to debug why the pipe isn't working.
Do you remember what sites didn't load for you?
My ISP provides native IPv6, when it works, and it worked until it didn't, and because I wanted to use the Internet rather than debug the Internet, I took the easy way out. IDGAF whether it was something I could have configured differently that only becomes relevant in some cases, a bug in my router, an issue with my ISPs network, or someone else's misconfiguration: There is a setting in my router, and with the toggle on the left, my Internet works reliably without me having to touch things, with the toggle on the right, it occasionally demands attention at inopportune moments.
The absence of IPv6 within our organizational network is a deliberate and carefully considered decision, implemented in accordance with the requirements of our current cyber insurance provider. Enabling IPv6 would invalidate our existing insurance coverage, which in turn would result in the loss of a critical client whose continued partnership depends on our maintaining this specific insurer. This dependency arises from regulatory obligations that compel our client to source services exclusively from suppliers holding cyber insurance from accredited providers.
We recognize the technical benefits of IPv6, but compliance and risk management considerations must take precedence under these circumstances.
This is a symptom of hiring the cheapest, least sophisticated box-ticking compliance and insurance providers. How do I know? Because I've worked with more than I want to count. And that's all that they know how to do. Sure, they'll give you the certification, or the insurance, but it will be non-stop pain starting the day you sign the contract with them.
A real, competent provider/insurer would take the problem on head-on and be the adviser that you are hiring them to be. They would advise you about the real, actual risks and positives. Then you would have air-cover to go tell the customer during the procurement stage to go pound sand. Insane that you would actually allow a prospective customer to dictate how you do things internally. That also smacks of the customer not having the technical sophistication to even know about the things they are demanding, they just read about the random lines they can throw in a contract because others did.
This industry is fucked and deserves every ounce of comeuppance coming its way.
What, specifically, about the above do you take issue with? These are all issues I've seen personally and up close.
IPv4 works. IPv6 often doesn't. I'd love to see a benefit in ipv6, I see no benefits at all, I can't run an ipv6 only network, so I have to run ipv4, and everything I need runs on ipv4, why do I need to double my workload to run ipv6 and ipv4.
My ipv6 only ssid at home sits idle other than a test vm because when I reach a problem I just move onto my ipv4 only ssid and everything works.
You can have zero configuration address discovery in a way that is simpler than IPv4.
You don’t need to worry about what happens when you get to over 200 devices on your local network (not unheard of in at home networks when you start adding IoT devices.
You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
You save money by not renting IPv4 addresses.
You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
This is before you get into P2P networking without having to rely on a third party relay.
Why is this an advantage? As in, what's the downside to having to port forward?
It really isn't, it's the same declaration in your config, and then your automation makes your devices make it happen.
SLAAC is great, unless you want to be able to be able to register devices ex. so you can add them to DNS, at which point it becomes a liability.
> You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
I do really like that, yes. Being able to do a VPN and not worry about colliding with other RFC 1918 users is great.
> You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
Anyone doing blacklisting by IP just blacklists subnets or ASs, so I really doubt that this is better.
The alternative (dual stack) is more work for no reason.
If ipv6 ever works then great.
I built a test ipv6 network for work but a lot of equipment simply didn't support it, and of that which did our suppliers said "well it might work but nobody actually uses it so we don't know"
It's a solution to a problem which was solved in a more backwards compatible way decades ago. It would be lovely if it worked, but it still doesn't.
As for "why", because I don't have to faff about with NAT or port forwarding, both of which are terrible. I just put addresses into a AAAA record and open a firewall rule, the way it should be. Meanwhile with v4 I have to port forward all web traffic to one server, then reverse proxy it to its final destination. It's more complicated and fragile to set up, whereas v6 is simple and pleasant to work with.
Why do you need v4? because v6 doesn't work.
> NAT or port forwarding, both of which are terrible
Why? I assume you're still using a stateful firewall, so what difference does it make.
Normal source-nat has many benefits too, for example when you want to send some traffic via ISP1 and some via ISP2, controlled at the network layer, and you aren't BGP peering with them.
> Meanwhile with v4 I have to port forward all web traffic to one server, then reverse proxy it to its final destination
Or just use two IPv4 addresses. Personally I reverse proxy my servers anyway to have a single (well dual) point of control on entry at an application layer, ipv4 or ipv6 doesn't matter.
Is anyone happy about it in ipv4 land? No.
I just think it is ironic that the biggest use of ipv6 is cgnat, and it's what they crow about in ipv6 uptake, despite the fact ipv6 is religiously opposed to NATs.
Regular NATs you have control over with poking holes. Cgnat you are restricted to tail scale stuff.
Or are you trying to say the ipv4 is what is natted? Because the ipv4 is where all the stuff the ipv6 phone wants.
There's still some ipv4 only services, but most of the big ones are dual stack. Looks like right now tiktok is v4only, which is probably significant, but Google, Facebook, Netflix are dual stack. Amazon/EC2 have lots of v4 only bits and pieces, but at least www and cdn are dual stack. Github is also v4 only and that's important, but how many people are pulling from their phone?
So here's a question: if your ipv6 is behind CGNAT and calls an ipv6 on the other side of the CGNAT: is it still one-way, or un-NAT'ed?
And you agree the non-oligarch internet is ipv4, along with a large part of the oligarch internet.
CGNAT is generally only done for v4. v6 isn't needed to provide CGNATed v4, and if v6 is provided as well then it generally isn't NATed. I expect you could find an ISP somewhere that NATs the v6 too as a counter-example if you looked hard enough, but as a rule they don't.
(Sometimes CGNATed v4 is provided by making use of the v6 in some way -- e.g. mapping v4 destinations into v6 with NAT64, or by tunnels -- but the CGNATing still only applies to v4 destinations, so this just an implementation detail rather than an undermining of the above point.)
> Cgnat you are restricted to tail scale stuff.
But only on v4, not on v6. That's kind of the point of bothering to make v6 in the first place -- it allows you to keep the ability to poke holes in your inbound firewall even in a world where v4 is exhausted to the point of CGNAT.
The exhaustion and the CGNAT and the resulting restrictions would still be there if you didn't have v6. It's just providing you with a way out of them.
Which btw, is what ipv6 did. They just needed to enlarge the address space, instead it became a whole redesign that was not only harder to adopt but also inherently more complicated than v4 (aside from removing fragmenting). So I wouldn't even say it's the right thing, it's just what someone else wants. Maybe a compromise will be reached in v7, like v6 packet format that otherwise acts like v4 and carries over the old /32s.
> Maybe a compromise will be reached in v7, like v6 packet format that otherwise acts like v4 and carries over the old /32s.
This is, of course, impossible, because v4 only has 32 bits of space for src/dst addresses. You can't cram more than 32 bits into 32 bits. If it was possible we wouldn't have needed v6 in the first place.
This is like an electrician saying it isn’t my job to install ground circuits because appliances shouldn’t get ground faults. Or a consumer saying it isn’t my job to install ground circuits because I am not an electrician.
Also, look at the price of every v4 address you have to rent, and compare it to v6 and tell me there's no return.
I've practically built an entire career out of finding ways for customers to use fewer v4 addresses and the demand is there because v4 addresses are expensive as shit due to their scarcity.
For example some sites might resolve a v6 address which is unreachable and the fallback takes ages. Some sites would resolve, connect but never load. Some must have been routing issues, etc. I'm not going to individually hunt down the issues, disabling is easier.
TMo US gives me a whole routed /64. Why build and staff v6 NAT devices for no reason? At least several years ago several cell carriers were all about v6 to reduce the volume of v4 traffic they carry, because v4 requires expensive addresses, expensive nat boxes, and expensive people to feed and care for the NAT boxes.
This is just absurd on its face. There are very real human, political, engineering, and financial reasons to not want to upgrade things that are IPV4 only. _SHOULD_ one do this, absolutely, but there's a lot more to it than people pulling the "hard" card. There's a bevy of reasons it IS hard, and very few of them are just obstinate luddites.
If there's no IPv6 support, be an engineer and -make- some: write the software that needs the support, use different vendors that don't break it just because they are actively lazy and can't be bothered to implement RFCs that are, at this point, decades old. IPv4 needs to go away yesterday.
The ad hominem, nice.