Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Why IPV6 is not adopted widely yet?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Why IPV6 is not adopted widely yet?

    marsonmarson Member
    edited November 9 in General

    Hello

    I am curious why IPV6 are not yet well available, as an example I will tell you my story. I am contacted my fiber local provider and asked if they can provide IPV6 - the answer? Not yet, we have IPV6 established on our routers, we have BGP through IPV6, we have IPV6 ready but we don't offer IPV6 for customers yet. When I asked why and when it will change? - because I am a first customer who asked about IPV6 and... we never checked if OLT will support that and if ONT at your house will support it also... for me it is ridiculous. What are your stories about IPV6 at home internet? I have to pay about $5 for one static public IPV4 because everybody run-out of IPV4 but we don't check OLT and ONT and we don't tested.... I don't know what to say ;)

    Comments

    • stefemanstefeman Member
      edited November 9

      It wont overtake ipv4 for the next 20 years. Before people adopt it, we have to be truely exhausted of the addresses. as long as theres enough IPv4's for 7 USD VPS servers, you won't see IPv6 overtaking it. People would rather implement CGNAT and re-confiscate allocated but un-used IP space.

    • stefeman said: It wont overtake ipv4 for the next 20 years. Before people adopt it, we have to be truely exhausted of the addresses.

      I don't talking about overtaking by IPV6 - I rather mean about dual stack - IPV4 + IPV6

    • hzrhzr Member, Moderator

      Practically all mobile carriers in the US are IPv6 only, they don't assign dual stack to clients anymore, just NAT them

      Thanked by 1MikeA
    • pikepike Member
      edited November 9

      In germany, for DSL you mostly get a dedicated IPv4 and sometimes IPv6 dualstack. For cable and mobile you get dslite by default, so IPv6 and NAT on v4. Some cable providers offer full dualstack if you bring your own modem, or as a paid add-on.

      In theory the providers need to do whatever is necessary for you to use your own modem (Routerfreiheit), as long as it supports the DSL/DOCSIS protocol. So, if your modem doesnt support IPv6, they're forced to give you free IPv4.

      Recommended virtual servers: PHP-Friends vServer | Hetzner Cloud | r.i.p share-online

    • donlidonli Member
      edited November 9

      Because they didn't design it to be backwards compatible with IPv4.

    • NeoonNeoon Member

      A lot of ISP's still use v4 only, so most of the time all you have is just a tunnel.

      It really looks like, the US went IPv6 #yolocrossing, interesting.
      Europe still looks like Africa.

    • pike said: In germany, for DSL you mostly get a dedicated IPv4 and sometimes IPv6 dualstack. For cable and mobile you get dslite by default, so IPv6 and NAT on v4. Some cable providers offer full dualstack if you bring your own modem, or as a paid add-on.

      I have an individual offer from my ISP, in the most cases they give to his client an ZTE combo ONT + router on one device, before I sign the agreement I talked with the ISP's administrator and asked if I can have bridge and my own router instead of his combo and he agreed, but when tech comes to my home to install everything they bring the combo and... I told to them, that I don't sign handover protocol until they give me bridge and my router. They tell me that is not possible, Only when I told him that I asked the admin before agreement they finally replaced combo with ONT only and now I have my own equipment connected tp ot ;)

    • pikepike Member

      @Neoon said:
      Europe still looks like Africa.

      Ehrr, no.

      Recommended virtual servers: PHP-Friends vServer | Hetzner Cloud | r.i.p share-online

    • jsgjsg Member

      @marson

      (Very short version)

      • Being allowed to install/use this or that equipment may be related tip IPv6 but is an entirely different question anyway. I'll only answer the title question.
      • Because switching to IPv6 is very expensive (some reason below)
      • Because IPv6 sh_ts on the holy rule to never cross the integer/register size of commonly available processors (which is 64 bit today and for many years to come).
      • Because IPv6 sh_ts one the holy rule to not break backwards compatibility unless absolutely required (which is not the case).
      • Because IPv6 solves a problem we don't have. A 64-bit IP4 successor would provide 4 billion times the size of the IP4 address space.
      • Because IPv6 solves a problem we don't have(2). We do not need thousands and in fact not even tens of IPs for home automation, IoT, etc.
      • Because IPv6 requires millions of people in companies, carriers, etc. to basically re-learn networking (which costs billions of $ and decreases reliability for years).
      • Because implementing a solid and real IPv6 product generation would cost many billion $ and would require e.g. to design and build 128-bit processors.
        Reason: You may get away with an inefficient (currently available) processors rape and/or a pure software implementation in most end user equipment but not in the DC, let alone on the backbones, where one needs to shift, parse, sort, and otherwise process billions or trillions of packets per second.

      • Because "I want" != "I need". Almost nobody really needs IPv6 - and those who do would be better server with a sensible 64-bit IP4 successor.
        ... and more, but I want to keep it short

    • dfroedfroe Member, Provider

      In the end of the day it always comes down to money.
      As of today implementing IPv6 most of the time costs more money than it earns.
      As long as accessing Google, Amazon, Netflix is working with IPv4 or CG-NAT, internet service providers won't lose a significant number of customers. ISPs have shown that most customers don't complain with CG-NAT or DS-lite.
      And my guess is that Google & Co. will have enough money to buy as much IPv4 space as they need, which Amazon as shown recently.
      In the enterprise field people do not like any changes. Enterprises will most likely run IPv4 as long as their AS400 systems; at least.

      So my realistic best guess is that some day some major player like Google might start banning IPv4 from the public internet like they did with plaintext HTTP.
      Until then not much will change.
      Fortunatelly IPv6 is there and it is working, so lots of possibilities to play around for us LET people. :)

      From my personal perspective: ISPs suck. I am running three BGP-capable VPS where I announce my own IPv4 & IPv6 space and my home firewall tunnels all my internet traffic through IPSec/GRE tunnels there. So I have everything I want. And since I am probably to old for online gaming now, I don't mind the additional 10ms latency. :)

      IT-Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

    • jsgjsg Member
      edited November 9

      @dfroe said:
      So my realistic best guess is that some day some major player like Google might start banning IPv4 from the public internet like they did with plaintext HTTP.

      • That day won't come anytime soon because ...
      • That day would also be the day when other corporations smell a realistic chance to get a bite of the search engine market.
      • That day would also be the day when a significant amount of "we take your IP4 search requests and send them to Googles IPv6 servers" services would become available.

      But your first main point, money, is absolutely right.

      Thanked by 1Francisco
    • The ipv4 addresses are not distributed evenly across the planet. For U.S., there are more than enough ipv4 addresses so really no urgent need to depoly ipv6. However, for China, the ipv4 addresses are running out, so the ipv6 are depolyed quickly. Maybe when the IoT era really comes, the ipv6 will be finally and completely depolyed.

    • jsgjsg Member

      @w_ho_ami said:
      The ipv4 addresses are not distributed evenly across the planet. For U.S., there are more than enough ipv4 addresses so really no urgent need to depoly ipv6. However, for China, the ipv4 addresses are running out, so the ipv6 are depolyed quickly. Maybe when the IoT era really comes, the ipv6 will be finally and completely depolyed.

      While you are absolutely right that IP4 addresses are distributed brutally inequally and whole countries have less addresses than some us-american high schools I'm not so sure about China force deploying IPv6.

      There are other options and solutions available for a country, especially when it's a very powerful and increasingly rich country like China. They could for example come up with, let's call it IP5b with 64 addresses where by definition an address with the upper 32 bits = 0 is taken to be an IP4 address.
      Considering that the Chinese are also very strong in the telecom/carrier equipment field and that they have good relations with many other countries, many of which are poor, they could even, together with Russia, establish and implement an IPv6 alternative that would be able to provide every country with a just and more than sufficient address space.

      I guess that after not too long a time even western carriers etc. would join in. Simple reason: A sensible solution that solves the IP4 problem and provides a ridiculously large amount of addresses - while at the same time - staying within register boundaries and staying largely IP4 compatible would be extremely attractive for all parties (except some western corporations who dumped big money into IPv6).

    • @jsg your arguments fall apart as soon as you look at reality. You can't buy equipment at enterprice level without IPv6 support. The only part where it could be the case would be CPEs and there it is already so uncommon to have gear that don't support IPv6 that you have actively search for it to fuck your customers.
      So it comes all done to stupid people who can't learn anymore and because of that don't want IPv6 and with that, the company for which they work actively loses money because they lose some customers which want IPv6.

    • My ISP is IPV6 + IPV4. And it follows the IPV6 route by default.

    • jsgjsg Member
      edited November 9

      @user54321 said:
      @jsg your arguments fall apart as soon as you look at reality. You can't buy equipment at enterprice level without IPv6 support. The only part where it could be the case would be CPEs and there it is already so uncommon to have gear that don't support IPv6 that you have actively search for it to fuck your customers.
      So it comes all done to stupid people who can't learn anymore and because of that don't want IPv6 and with that, the company for which they work actively loses money because they lose some customers which want IPv6.

      A propos "stupid people": you might want to learn that ad hominems and repeating meaningless marketing blabla is not a replacement for facts.

      • Fact: 64-bit addresses would provide 4 billion times todays address space.
      • Fact: The decisive criterion for uptake is not that (allegedly) every professional box is (allegedly) IPv6 capable. The relevant criterion is actual uptake - which still is low.
      • Fact: Processing and computing with 64-bit data on a 32-bit processor or with 128-bit data on a 64-bit processor is more than 2 times slower and many highly relevant options like walking tries or hash table lookups are dimensionally slower.
      • Fact: 64 bit processors and memory are more expensive and need more el. power than 32 bit processors. The same is true for 128-bit vs. 64 processors. on-die engineering complexity is higher (hence costlier) too btw.
      • Fact: The more different new is from old the costlier and the more resource and time consuming the change process is. Unfortunately the mental asylum that "designed" IPv6 completely and utterly ignored that fact, which is also a very major reason for slow uptake.
      • Fact: The market did to a very large degree not switch to IPv6 but rather found many ways around it to keep IP4 alive.
      • Fact: IP4 scarcity still is due to IP4 waste to a significant degree. There are still many schools, universities, corporations, public institutions holding ridiculously large address spaces that are not really needed. This is particularly true for the USA and some western countries.
      • Fact: One can put thousands of end users and households behind a single IP without problems. By far most people use the internet largely only or even exclusively for browsing, email, messaging (of which the latter two are often done via http too).
      • Fact: Quite some large network equipment companies have created ASICs because high speed and high load network operations can *not be sensibly run on standard processors*. To needlessly multiply that burden is certainly not a smart thing to do.

      You are welcome to discuss this matter but kindly be prepared to offer more than fanboy enthusiasm and IPv6 marketing talk.
      Additionally you might ask yourself and think about why IPv6 uptake has been so low and slow although, as you say, most network boxes have an IPv6-ready logo on them.

      TL;DR IPv6 is NOT a solution but just another problem, that offers way more than anyone could need and that incurs a high total cost of both switching to it and of running and using it.

    • jsgjsg Member
      edited November 10

      @Neoon

      Yes, Europe (well, most of it) is actually quite pampered and well off re. networks (and IPs).

    • donlidonli Member

      @jsg said:

      • Fact: One can put thousands of end users and households behind a single IP without problems. By far most people use the internet largely only or even exclusively for browsing, email, messaging (of which the latter two are often done via http too).

      The idea that every electronic device in your house needs its own unique IP address is silly.

      At most each device needs a handful of ports and each IPv4 comes with about 65,000 of those.

    • jsgjsg Member

      @donli said:

      @jsg said:

      • Fact: One can put thousands of end users and households behind a single IP without problems. By far most people use the internet largely only or even exclusively for browsing, email, messaging (of which the latter two are often done via http too).

      The idea that every electronic device in your house needs its own unique IP address is silly.

      At most each device needs a handful of ports and each IPv4 comes with about 65,000 of those.

      YES.

      And looking with the eyes of a developer in the IT-security field I think that it's in fact a risk to have everything in ones house connected to the internet. It's way better to use private range IPs for most of those gadgets.

    • As a Canadian, I have readily available IPv4 IP addresses available and any service I need has IPv4 available, so any IPv6 effort is added cost and effort with no perceivable benefit to customer.

      For me personally, entering IPv4 from keyboard number pad without looking is muscle memory and fast. Having to enter static IPv6 over and over from regular keyboard was a HUGE annoyance and enough to not lift another finger to bother with IPV6 again in near future.

      Yes, I'm really lazy, and so are others. Only those that have to do it out of necessity do it.

    • jsg said: A propos "stupid people": you might want to learn that ad hominems and repeating meaningless marketing blabla is not a replacement for facts.

      He'd do better to learn that arguing with @jsg is pointless.

    • somiksomik Member

      @skorous said:

      jsg said: A propos "stupid people": you might want to learn that ad hominems and repeating meaningless marketing blabla is not a replacement for facts.

      He'd do better to learn that arguing with @jsg is pointless.

      Ditto

      @user54321 said:
      @jsg your arguments fall apart as soon as you look at reality. You can't buy equipment at enterprice level without IPv6 support. The only part where it could be the case would be CPEs and there it is already so uncommon to have gear that don't support IPv6 that you have actively search for it to fuck your customers.
      So it comes all done to stupid people who can't learn anymore and because of that don't want IPv6 and with that, the company for which they work actively loses money because they lose some customers which want IPv6.

      You cant "BUY NOW". Just remember that the hardware currently installed at your ISPs are OLD, bought when there wasn't any IPv6.

      So, if you already have a system up and running and earning millions through it, and someone ask you to discard it all and spend billions to earn the same millions, would you?

      The answer is no. Thats IPv6 for most ISPs.

      If the ISPs are still on IPv4, the datacenters switching to IPv6 wont matter as their users still want IPv4 for their clients. Think of how many servers with NAT IPv4 and dedicated IPv6 are sold for making websites without a interpretation layer like cloudflare.

      So ISPs must change out their old hardware for new ones. Only then IPv6 will be commonplace.

    • jsgjsg Member

      @skorous said:
      He'd do better to learn that arguing with @jsg is pointless.

      Is it really? Just recently I not only accepted an argument but I actually changed my "article" (the "primer") based on that. But well, that actually was an argument (as opposed to blabla).

      If I am smart (I know, that's a big if) then not because I was born knowing everything I know but because, at least in many cases, people convinced me with sound arguments and solid facts.

      Calling someone with a different view "stupid" and offering hardly any serious and relevant facts though will indeed convince nobody (with a brain). But that's what he tried.

      Plus I often miss the appreciation of the multiple dimensions of the IP4-IPv6 discussion, because those can strongly influence ones view point. Example: I know people who do not see or care about technical arguments at all but rather simply say that one should take away the large part of the IP4s in the USA and hand them over to countries like China (large population). Evidently, at least IMO that approach is neither feasible nor reasonable but it might be interesting to think about the way IP4 are distributed.
      One might also add a closely related issue, the question what IPs are used for. In the "western world" (loosely speaking) a major part of the demand for IPs stems from what might be called "gadgets" while in large parts of Asia, Africa, and South-America it's about getting into the internet at all.

      One point though is crystal clear: a "discussion" that is based on the marketing blabla of IPv6 fanboys is worthless.
      If anyone has real arguments pro IPv6 bring them on ...

    • rcxbrcxb Member
      edited November 9

      @jsg said:
      And looking with the eyes of a developer in the IT-security field I think that it's in fact a risk to have everything in ones house connected to the internet. It's way better to use private range IPs for most of those gadgets.

      NAT is not for security. A few specially crafted packets will allow an attacker to talk to devices on private IPs behind your NAT router.

      A firewall is for security, and will make it impossible for the rest of the internet to contact any of your equipment you didn't explicitly allow... Whether those devices have private or public IPs makes no difference.

    • jsgjsg Member
      edited November 9

      @somik said:
      You cant "BUY NOW". Just remember that the hardware currently installed at your ISPs are OLD, bought when there wasn't any IPv6.

      So, if you already have a system up and running and earning millions through it, and someone ask you to discard it all and spend billions to earn the same millions, would you?

      The answer is no. Thats IPv6 for most ISPs.

      If the ISPs are still on IPv4, the datacenters switching to IPv6 wont matter as their users still want IPv4 for their clients. Think of how many servers with NAT IPv4 and dedicated IPv6 are sold for making websites without a interpretation layer like cloudflare.

      So ISPs must change out their old hardware for new ones. Only then IPv6 will be commonplace.

      I see your point and it is valid. But there are some "buts" like

      • they need the full chain. If a single box in the chain doesn't do IPv6 or doesn't do it properly then it doesn't work. Plus: the chain isn't limited to the company, e.g. an ISP. It extends far beyond them (carriers, routers, etc.)
      • Most boxes nowadays do have an IPv6 ready label - yet many (most?) do not use IPv6.
      • It's not as simple as "can the box do IPv6?".There is also "can my network run at the required speed (all parameters)?" or "how much does it cost me directly and indirectly to switch to IPv6?".

      @rcxb said:
      NAT is not for security. A few specially crafted packets will allow an attacker to talk to devices on private IPs behind your NAT router.

      A firewall is for security, and will make it impossible for the rest of the internet to contact any of your equipment you didn't explicitly allow... Whether those devices have private or public IPs makes no difference.

      • NAT does help security a lot but you are right that one should also use a firewall
      • As it so happens NAT and firewall are usually closely linked. In fact quite some NAT implementations are a part of some firewall.
      • security isn't black-white. Using private non-routable IPs for diverse inhouse gadgets is certainly more secure than using routable IPs.
    • IPv6 adoption won't pick up until v4 is basically broken, you need more CGNAT and other address saving tech to get into the mix and make the experience worse.

      Biggest mistake in v6 was that so much changed, if it was v4 with more addresses I think you'd see people making the switch, but there is a bit of a learning curve.

      There's no financial incentive for businesses to move unless they're ISPs that are out of space.

      Dual stack is a pain in the ass, double the work to manage and twice as many things that can go wrong.


      However, I'm personally making the switch to v6 largely for financial reasons. Getting more v4 addresses costs money I don't want to spend and it's not getting any cheaper. Setting up port forwarding to run more stuff on less addresses is a pain in the ass.

      I run a fair amount of sites behind Cloudflare and almost all of those only have public v6 addresses on the backend servers. Same with lots of misc personal VMs, backup servers, etc - all v6-only or public v6 + NAT4 outbound.

      Thanked by 1Dazzle

      🐴 Recommended: $20/yr 512MB KVM - Unmetered bandwidth. $5/TB Block Storage - from BuyVM (aff)

    • somiksomik Member

      @jsg said:

      • they need the full chain. If a single box in the chain doesn't do IPv6 or doesn't do it properly then it doesn't work. Plus: the chain isn't limited to the company, e.g. an ISP. It extends far beyond them (carriers, routers, etc.)

      That's what I mean. For example, my provider is IPv6 capable on their upstream side, but on my end (home line), they only support IPv4 and IPv6 through IPv4 tunnel. The same provider supports full IPv6 on my phone network so my phone gets a IPv6 IP when connected to 4G.

      • Most boxes nowadays do have an IPv6 ready label - yet many (most?) do not use IPv6.
      • It's not as simple as "can the box do IPv6?".There is also "can my network run at the required speed (all parameters)?" or "how much does it cost me directly and indirectly to switch to IPv6?".

      The speed isn't a issue for Singapore. All high speed internet here, and this being a small country, they can upgrade easily. Only issue is, like you said, "how much does it cost me"...

      Companies wont spend money unless it makes them money and switching to IPv6 does not make them any additional money (yet) as most of their clients are happy with IPv4 and those wanting fixed IP are still paying for IPv4.

    • jsgjsg Member

      @somik said:
      The speed isn't a issue for Singapore. All high speed internet here, and this being a small country, they can upgrade easily. Only issue is, like you said, "how much does it cost me"...

      Careful there! 1 Mio 100Mb/s lines translate to (worst case) 100 Terabit volume which agains corresponds to > 1 Tera-packets/s worst case and still several ten billion packets/s on average, which translates to sub-nanosecond time per packet (theoretically, because even the core of the core is split into multiple cores).

      THAT is what I'm talking about. Typical aggregation levels in todays network core are in the 40Gb/s and 100Gb/s and there is already a strong trend - due to a strong need - to go towards 200 and 400 Gb/s.
      If I would be unfair and only look at "being right" I'd bring up the DeCix core which already processes multi-Terabit/s ...

      But I'll be fair and focus on not-that-big core nodes like e.g. what's at Singapores IX or what a large french provider has. But that's still multiple 100 Gb/s core lines (expl. A "core line" is a processing line within a major network node, e.g. a router and typically corresponds to their main aggregation interfaces).
      In such a core line, often with one or more ASICs in the data plane you have NANO seconds to take in, parse, process, and shift out a packet. Quadrupling header field sizes - and utterly needlessly at that! - and double (src. and tgt address) in that kind of extremely tight context is an utterly stupid idea! Add to that more than quadruple size lookup tables, tries that are not anymore reasonably usable due to tree depth, insanely blown up hash tables, or even just memory access times (it does make a significant difference whether you fetch/push 4 bytes or 16 bytes!).

      In other words: We are talking about a totally different world than the funny games played on a Xeon (which is only good enough for the control plane in big iron network equipment). Even dual 10 Gb/s NICs are but cute toys compared to what needs to be done in the core of core equipment.

      Now add to that that I didn't touch register-width yet. Because the simple truth is : We do not have 128-bit processors yet, which means that within the few nanoseconds we have per packet we additionally need to do quite some funny multi-word gymnastics which are notorious for adding to computing cost. For a down to earth example everyone can grasp you have a look at the funny big int exercises often needed in crypto (which are a major culprit for RSA calculations being so slow).

      And again: all that needs to happen within nanoseconds!

      THAT, what I merely sketched here, is relevant, not the marketing blabla of IPv6 proponents. And most of those problems wouldn't exist or be easy to handle (for engineers) if went for a 64-bit scheme.

      So it's critical to ask "What do we get for all that trouble and that immensely high price to pay?".

      The answer: Not just 4 billion times todays address space but 4 billion times todays address space squared. I have yet to meet anyone with a brain to sensibly explain why 4 billion times todays address space isn't enough and we need 4 billion times todays address space squared and I very seriously doubt that even a billionaire like Jeff Bezos would ever have more than say 32 billion toys needing a public IP(v6).

    • @somik said:

      @user54321 said:
      @jsg your arguments fall apart as soon as you look at reality. You can't buy equipment at enterprice level without IPv6 support. The only part where it could be the case would be CPEs and there it is already so uncommon to have gear that don't support IPv6 that you have actively search for it to fuck your customers.
      So it comes all done to stupid people who can't learn anymore and because of that don't want IPv6 and with that, the company for which they work actively loses money because they lose some customers which want IPv6.

      You cant "BUY NOW". Just remember that the hardware currently installed at your ISPs are OLD, bought when there wasn't any IPv6.

      About what hardware do you speak? routers/switches it can't be because than they would have 10 mbit/s or so and the electric bill would be higher than the benefit. VoIP maybe?

    • To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • poisson said: To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

      You put an IPv6 address on your box in addition to your IPv4 and voila!

    • @skorous said:

      poisson said: To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

      You put an IPv6 address on your box in addition to your IPv4 and voila!

      My basic understanding is that the traffic is routed differently? Also, is there anything special about DNS that is different from IPv4?

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • It's still routed by subnets though they're much larger. You can't get from IPv4<-->IPv6 ( this is not true but you're not going to do it ).

      IPv6 addresses are AAAA in DNS ( 4x the address space so four A's instead of one ).

    • Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • @poisson said:
      If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.

      https://tunnelbroker.net/ - if you want to put v6 on your whole network (not recommended)

      I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

      🐴 Recommended: $20/yr 512MB KVM - Unmetered bandwidth. $5/TB Block Storage - from BuyVM (aff)

    • @cybertech said:
      Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

      I don't understand it either. Trying to understand it.

      Thanked by 1cybertech

      Tried and trusted: Nexus Bytes, WisHosting, HostHatch, Kimsufi, Hostsolutions, MrVM, Upcloud, MXroute, Iniz, Gullo, Spry Servers, RedIT | To try: Letbox, Hetzner, BuyVM/BuyShared, Inception, HostDoc, SmartHost, PHP-Friends, VirMach #lexit

    • Harambe said: I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

      I'd be interested in what you're doing there. You have anything written down publicly?

    • @poisson said:

      @cybertech said:
      Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

      I don't understand it either. Trying to understand it.

      Thanks for the consolation

      relentless collector of highest clocked, highest performing KVM/NVMe/Gbit VPSes at the most competitive rates. just to hard idle them. zero knowledge on coding/programming; a mere hobbyist.

    • skorousskorous Member
      edited November 10

      cybertech said: Thanks for the consolation

      Honestly, unless you're in a position where you need to troubleshoot it there's not that much you need to know different. As @hzr noted earlier, you're probably using IPv6 without knowing it on your phone.

      ( Edited to credit hzr )

    • @skorous said:

      Harambe said: I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).

      I'd be interested in what you're doing there. You have anything written down publicly?

      No, don't got anything written down. The basic server and client setup are pretty straightforward, here's a good video that breaks that down:

      For v6 you basically need to add some local v6 IPs in the address section on the server + client conf and duplicate the NAT rules for ip6tables, as well as allowing v6 forwarding in sysctl.conf.

      Looks like this guide touches on those parts: https://angristan.xyz/how-to-setup-vpn-server-wireguard-nat-ipv6/

      Thanked by 1skorous

      🐴 Recommended: $20/yr 512MB KVM - Unmetered bandwidth. $5/TB Block Storage - from BuyVM (aff)

    • @cybertech said:
      Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.

      That's what DNS is for.

    • tgltgl Member
      edited November 10

      its the same as with green energy, its a good idea, but not really needed yet, and well it will be more profitable to solve this solution when the people start to panic, now ipv6 is pretty cheap, so there is no interest in adopting it

      in the new world its all about profit, not evolution

    • Excellent, TY. I'll check it out.

    • rcxbrcxb Member

      @jsg said:

      • NAT does help security a lot

      Nope. Assuming your firewall is properly configured (and they tend to have good default settings), NAT doesn't help you the tiniest bit.

    • jsgjsg Member

      @rcxb

      I would have technical response for you but frankly, I'm getting tired of discussions that end looking like "I'm right" - "No, I'm right" so I'll leave it at that.

    • dfroedfroe Member, Provider
      edited November 10

      Regarding the NAT thing (whether it provides security or not) I tend to argue that NAT is crap and I would love to see it disappear with IPv6. However most of the time we talk about NAT we actually mean PAT as well (not only translating IP addresses on L3 but also port numbers on L4), more specific dynamic port translation or overloading like some vendor used to say. In order to perform that dynamic PAT you are required to work stateful. So fortunatelly stateful firewalls became standard on edge gateways. And this is where you security comes from. If we keep the stateful firewall feature only allowing connections to be initiated in outbound direction, you can get rid of all that NAT/PAT and still enjoy the same level of security. You have a good level of implicit/automatic security when using NAT - but it is not because of the NAT. :)

      TL;DR: No to NAT/PAT, Yes to stateful firewalling only allowing outbound connections.

      Thanked by 1skorous

      IT-Service David Froehlich | Individual network and hosting solutions | AS39083 | RIPE LIR services (IPv4, IPv6, ASN)

    • @rcxb said:

      @jsg said:

      • NAT does help security a lot

      Nope. Assuming your firewall is properly configured (and they tend to have good default settings), NAT doesn't help you the tiniest bit.

      It does. A NAT will stop inbound connections as there is no routing table defined by default to state where the connection will go after it goes to a NAT network.

      @jsg said:
      @rcxb

      I would have technical response for you but frankly, I'm getting tired of discussions that end looking like "I'm right" - "No, I'm right" so I'll leave it at that.

      :lol: And here I thought you'll provide a elaboration on NAT vs Firewall and how NAT plays a role in network security.

      @dfroe, you use PAT to do port-forwarding.

      So why do you need to do port forwarding? Why is it that NAT blocks all incoming requests regardless of whether firewall is on or off? If you can answer this question, you'll understand why NAT is "secure" to a certain degree (compared to direct IP)

      Thanked by 1quicksilver03
    Sign In or Register to comment.