Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Enable IPv4 Access in EUserv IPv6-only VS2-free - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Enable IPv4 Access in EUserv IPv6-only VS2-free

24

Comments

  • jsgjsg Member, Resident Benchmarker
    edited March 2021

    @TimboJones said:

    @jsg said:

    @yoursunny said:
    Try calculating the number of atoms in one kilogram of water - this number is larger than UINT64_MAX.

    Duh, that's a bummer because everyone needs to RE-calculate that number every day multiple times. And yet again you are playing with exceptions niches, etc. Sorry, I don't play along with those games.

    Why is that? I would expect 1kg of water to always contain the same amount of atoms. Weight of atoms don't change, do they?

    That was sarcasm, as in "Nobody cares about that calculation. It's the opposite of what happens in network devices where calculations are done thousands or even millions of times each seconds"

    Also, you don't think it's a big deal, but setting up subnets and having to change them later is a pain. This could be slow growth over decades or instant peaks like concerts or emergencies. That's solved in IPv6.

    Most users don't need subnets; they have one public IP or a small public subnet that virtually never changes. And professionals like e.g. providers, well that just is part of their job.

    From network programmers view, having IPv6 allows for much simpler code than dealing with NAT and port forwards and shit. They'd much rather have direct connections and use ports assigned to dedicated service. This is solved with IPv6.

    Pardon me but actually No. As a programmer I usually don't care at all - the kernel does it, I just open and use sockets (with whatever happen to be the IP(s)).

    But being at it ("programmers") let me tell you about some real problems related to IPv6.
    Currently (not low spec) processors work at about 3 - 4.5 GHz which just so happens to match 32 bits, so an ideal processor with an ideal instruction set like e.g. a 'look up an element in a rather full 32-bit list and return it if existing or NULL if not' in 1 cycle. Unfortunately such ideal processors don't exist so we have to either trade time (speed) for space (memory) and/or for cost (e.g. TCAM) and still we can't deal with (low) billions of 32 bit addresses unless we shell out really big money and use expensive (and not available to just every Joe or Harry) networking ASICs, very expensive special memory, etc.
    And all that with 32 bit addresses that nicely fit in both the processor word size and available memory (as in e.g. '16 GB RAM'). But we can handle, store, and work with the IP4 space albeit quite to very costly at the network core level.

    Now square that number and operations and storage and memory. And then square it again ... and you are at 128 bits. Just a hint: NOBODY has 2^128 bytes RAM, nobody. And in fact nobody will ever have (well, at least not in this millenium) because we'd need our sun as power station for that and a very fat power line to the sun.

    Years ago, we made a radio with bridge and NAT router mode. The NAT was fine when only half a dozen clients used it for basic use. But once torrenting became a thing, clients were now opening thousands and thousands of connections. Home routers were now advertising 20,000 tracked connections support. When we checked our router, it used the rest of memory and could do about 350 connections before running out of memory. Trimming stuff and reducing TCP and UDP default times, we got to over 500. That's useless in today's world of file sharing. That hardware would still work fine in bridge mode or router mode with IPv6 just fine, it's just NAT that would be a memory dick.

    No, in fact with IPv6 that router would have handled even way less connections because your problem wasn't IP4 vs 6 but a router thatn was too weak.

    A routed network is always better than a NAT network. You'd have to allow uPnP for that to be feasible, and I'm sure you have choice words about the security of uPnP that you'd not enable that on shared public users network.

    No, for a simple reason: we usually do not even want all our devices to be publicly reachable. NAT isn't just a crutch, it's also a convenient safety device under your full control.

    All of your ideas are workarounds with cons, need something to get past existing issues, not add more.

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records) and lack of proper thinking (back then) and sheer political arbitrariness (like the us-american war ministry having and wasting more IPs than many countries have in total).

    Look forward, not past. I don't think you'd be able to convince a network admin that looks after large networks or devices to go with IPv4 workarounds. Anyone with IoT network (the future) needs two way communications for monitoring and management. Having a device that needs to call the iot gateway to establish connection isn't as good as two way. Always workarounds and drawbacks.

    It's not perfect, but it's not total dog shit.

    My argument is not "it's total d_g shit"!
    My argument, brutally summarized, is "You idiots are about to repeat the same basic sin of back then. THINK and think properly and in a disciplined way!". My argument is that mindlessly and extremely oversizing is not better than or a solution to the problems of yester-decades carelessness and lack of intellectual discipline.

    The real and true solution is cost-effective, practically feasible, and well thought out and well engineered - none of which IPv6 is. The real solutiont boils down to 64 bits, among other reasons because 64 bits happens to be the word size of the processors we know how to build and actually build and because 64 bits is plenty enough and then some.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @jsg said:
    And all that with 32 bit addresses that nicely fit in both the processor word size and available memory (as in e.g. '16 GB RAM').

    If your system requires memory linear to the number of possible addresses, you are doing it wrong.
    Memory usage should be proportional to the number of active addresses.

    Now square that number and operations and storage and memory. And then square it again ... and you are at 128 bits. Just a hint: NOBODY has 2^128 bytes RAM, nobody.

    As you are proposing 64-bit addressing, do you have 2^64 bytes of RAM, then?

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records)

    False. DNS records can convey port number. It's called SRV record.

    Thanked by 1bulbasaur
  • jsgjsg Member, Resident Benchmarker
    edited March 2021

    @yoursunny said:

    @jsg said:
    And all that with 32 bit addresses that nicely fit in both the processor word size and available memory (as in e.g. '16 GB RAM').

    If your system requires memory linear to the number of possible addresses, you are doing it wrong.
    Memory usage should be proportional to the number of active addresses.

    Thank you for sharing your wisdom. But IPv6 addresses are 4 times the size of IP4 and hence need 4 times more memory no matter how many one has to store. Also many algorithm implementations don't work anymore or are impractical e.g. because they must be handled in multiple limbs and anyway don't fit within the word size.

    Funny btw how the IPv6 idiots always talk about the oh so many devices needing an IP address, yet do not want to see the related table growth. So, if you argue that 64 bits are not enough and we absolutely need 128 bits, also recognize that those obviously presumed more than 4 billion times 4 billion devices will enormously blow up table size.
    This "we will need way more than 4 billion times 4 billion device addresses! But we wont need to store, handle, process, etc more than a tiny, tiny fraction of all those addresses" is just one example of the sheer idiocy and nonchalance from the IPv6 idiot camp.

    Now square that number and operations and storage and memory. And then square it again ... and you are at 128 bits. Just a hint: NOBODY has 2^128 bytes RAM, nobody.

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records)

    False. DNS records can convey port number. It's called SRV record.

    ... and are used neither by http nor by https nor by email nor ...

    Sorry, I'm not interested anymore in your foolish "but I WANT IPv6!!!" "discussions". And that actually is what drives you.

    It's just like with your obtrusive push-ups propaganda here which unnerves many and is nothing to do with hosting but hey you feel it's good and right and so you annoy us with it. Similarly you utterly ignore the fact that IPv6 has failed to conquer the world for decades - for solid reasons - as well as the fact that IPv6 is a, pardon me, stupid "quantity wins!" approach to solve problems that either do not exist in the first place (like "4 billion times 4 billion addresses is not enough!") or are the result of man made deficiencies of IP4 (like wasting hundreds of millions of addresses).

    Turn and bend it as you like, fact is that IPv6 is not widely accepted. Fact btw. is also that the vast majority of people on earth are extremely unlikely to have hundreds, let alone millions, of networked gadgets. One important reason, next to lack of funds, being that most people, unlike IPv6 proponents, have a properly working brain and understand that (a) even a, oh so sh_tty IP4 address does allow them to connect hundreds of devices to the internet, and (b) having their fridge and all their diverse devices on the internet actually might not be particularly smart.

    Funny though in a way that the IPv6 idiots like to talk so much about all those (largely imaginary) devices needing addresses ... but hardly ever touch the really relevant question whether and how the majority of people could afford to buy those devices.

    Thanked by 1PulsedMedia
  • @jsg said:

    @TimboJones said:

    @jsg said:

    @yoursunny said:
    Try calculating the number of atoms in one kilogram of water - this number is larger than UINT64_MAX.

    Duh, that's a bummer because everyone needs to RE-calculate that number every day multiple times. And yet again you are playing with exceptions niches, etc. Sorry, I don't play along with those games.

    Why is that? I would expect 1kg of water to always contain the same amount of atoms. Weight of atoms don't change, do they?

    That was sarcasm, as in "Nobody cares about that calculation. It's the opposite of what happens in network devices where calculations are done thousands or even millions of times each seconds"

    I think you make the opposite point, nobody cares about the calculations in these routers and just care if cat/porn videos work.

    Also, you don't think it's a big deal, but setting up subnets and having to change them later is a pain. This could be slow growth over decades or instant peaks like concerts or emergencies. That's solved in IPv6.

    Most users don't need subnets; they have one public IP or a small public subnet that virtually never changes. And professionals like e.g. providers, well that just is part of their job.

    I was referring to sysadmins who manage networks of tens of thousands in companies with revolving personal, changing priorities, merging companies, new and closing offices, etc. You can't just think of a family of 4 as a home user.

    From network programmers view, having IPv6 allows for much simpler code than dealing with NAT and port forwards and shit. They'd much rather have direct connections and use ports assigned to dedicated service. This is solved with IPv6.

    Pardon me but actually No. As a programmer I usually don't care at all - the kernel does it, I just open and use sockets (with whatever happen to be the IP(s)).

    Huh? But you can't just connect to another peer on the other side of a NAT router. Not without setting up a DMZ or port forward. Having to get your clients or customers to do that before their app works is a hassle.

    But being at it ("programmers") let me tell you about some real problems related to IPv6.
    Currently (not low spec) processors work at about 3 - 4.5 GHz which just so happens to match 32 bits, so an ideal processor with an ideal instruction set like e.g. a 'look up an element in a rather full 32-bit list and return it if existing or NULL if not' in 1 cycle. Unfortunately such ideal processors don't exist so we have to either trade time (speed) for space (memory) and/or for cost (e.g. TCAM) and still we can't deal with (low) billions of 32 bit addresses unless we shell out really big money and use expensive (and not available to just every Joe or Harry) networking ASICs, very expensive special memory, etc.
    And all that with 32 bit addresses that nicely fit in both the processor word size and available memory (as in e.g. '16 GB RAM'). But we can handle, store, and work with the IP4 space albeit quite to very costly at the network core level.

    IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.

    Years ago, we made a radio with bridge and NAT router mode. The NAT was fine when only half a dozen clients used it for basic use. But once torrenting became a thing, clients were now opening thousands and thousands of connections. Home routers were now advertising 20,000 tracked connections support. When we checked our router, it used the rest of memory and could do about 350 connections before running out of memory. Trimming stuff and reducing TCP and UDP default times, we got to over 500. That's useless in today's world of file sharing. That hardware would still work fine in bridge mode or router mode with IPv6 just fine, it's just NAT that would be a memory dick.

    No, in fact with IPv6 that router would have handled even way less connections because your problem wasn't IP4 vs 6 but a router thatn was too weak.

    No. It's because of the connection tracking required to track NAT specific connections. That memory is freed up in router mode and it's simpler and faster because it doesn't have to do port forwarding rules which takes cpu on every single packet.

    A routed network is always better than a NAT network. You'd have to allow uPnP for that to be feasible, and I'm sure you have choice words about the security of uPnP that you'd not enable that on shared public users network.

    No, for a simple reason: we usually do not even want all our devices to be publicly reachable. NAT isn't just a crutch, it's also a convenient safety device under your full control.

    They don't have to be. We'd still have stateful firewalls in the routers just as they do today. And firewalls in our OS.

    All of your ideas are workarounds with cons, need something to get past existing issues, not add more.

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records) and lack of proper thinking (back then) and sheer political arbitrariness (like the us-american war ministry having and wasting more IPs than many countries have in total).

    When you mention the US war ministry, you're kinda being the political arbitrary person. The U.S. government has invested more money into IPV6 than any other country or company. They've been at the front of adoption since the start, it's just they're a government and they work as fast as cold molasses going up a hill. But IP subnetting requires preplanning, and you can't do that effectively when you don't know the maximum network count. And the US government would for sure rather have endless addresses than having IPv4 limitations.

    Look forward, not past. I don't think you'd be able to convince a network admin that looks after large networks or devices to go with IPv4 workarounds. Anyone with IoT network (the future) needs two way communications for monitoring and management. Having a device that needs to call the iot gateway to establish connection isn't as good as two way. Always workarounds and drawbacks.

    It's not perfect, but it's not total dog shit.

    My argument is not "it's total d_g shit"!
    My argument, brutally summarized, is "You idiots are about to repeat the same basic sin of back then. THINK and think properly and in a disciplined way!". My argument is that mindlessly and extremely oversizing is not better than or a solution to the problems of yester-decades carelessness and lack of intellectual discipline.

    The real and true solution is cost-effective, practically feasible, and well thought out and well engineered - none of which IPv6 is. The real solutiont boils down to 64 bits, among other reasons because 64 bits happens to be the word size of the processors we know how to build and actually build and because 64 bits is plenty enough and then some.

    I don't think you have solutions to the many, many use cases that would be affected by your solution.

    Maybe Jason Donenfield can rewrite the networking stack in 4000 lines and replace all that shit. ;)

    Funny though in a way that the IPv6 idiots like to talk so much about all those (largely imaginary) devices needing addresses ... but hardly ever touch the really relevant question whether and how the majority of people could afford to buy those devices.

    Esp32's are $2. Light/electrical sockets are $10 normal price. WiFi chips with Socs are stamped out for dollars. WiFi 6 chips under $10!!! IoT is coming... even for the poor.

    Thanked by 2Pixels Ouji
  • @TimboJones

    You're arguing with jsg. They're well known for hiding illogical arguments in a layer of apparent reasonableness.

    Thanked by 3skorupion skorous Erisa
  • jsgjsg Member, Resident Benchmarker

    @TimboJones said:

    @jsg said:
    That was sarcasm, as in "Nobody cares about that calculation. It's the opposite of what happens in network devices where calculations are done thousands or even millions of times each seconds"

    I think you make the opposite point, nobody cares about the calculations in these routers and just care if cat/porn videos work.

    That likely changes when they have to set up a router, a network and a firewall (as very many do/have to do).

    Most users don't need subnets; they have one public IP or a small public subnet that virtually never changes. And professionals like e.g. providers, well that just is part of their job.

    I was referring to sysadmins who manage networks of tens of thousands in companies with revolving personal, changing priorities, merging companies, new and closing offices, etc. You can't just think of a family of 4 as a home user.

    Just like for other professionals: that's just their job.
    And btw. IP4 was and is good enough to allow for quite monstrously large corporations to grow ...

    Pardon me but actually No. As a programmer I usually don't care at all - the kernel does it, I just open and use sockets (with whatever happen to be the IP(s)).

    Huh? But you can't just connect to another peer on the other side of a NAT router. Not without setting up a DMZ or port forward. Having to get your clients or customers to do that before their app works is a hassle.

    BY FAR less hassle than dealing with IPv6.
    And again, for pros, that's their job, and for homes them boxes usually have a nice simple form to add/change/delete NAT details and it's done and works since decades.

    IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.

    Well, then maybe the reason why only a very small percentage of users, both small and large, haven't accepted IPv6 is due to some weird religious thing. Because according to the pro IPv6 crowd the reasons can not be technical, complexity, cost, non existing ASICs or the simple fact that nobody in his right mind things that we need 4 billion times 4 billion times 4 billion IP addresses ...

    A routed network is always better than a NAT network. You'd have to allow uPnP for that to be feasible, and I'm sure you have choice words about the security of uPnP that you'd not enable that on shared public users network.

    No, for a simple reason: we usually do not even want all our devices to be publicly reachable. NAT isn't just a crutch, it's also a convenient safety device under your full control.

    They don't have to be. We'd still have stateful firewalls in the routers just as they do today. And firewalls in our OS.

    Pardon me but this is getting ridiculous. But if you really think that writing firewall rules for IPv6 is simpler than writing NAT rules I respect that. And you kindly respect that I see it differently.

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records) and lack of proper thinking (back then) and sheer political arbitrariness (like the us-american war ministry having and wasting more IPs than many countries have in total).

    When you mention the US war ministry, you're kinda being the political arbitrary person. The U.S. government has invested more money into IPV6 than any other country or company. They've been at the front of adoption since the start, it's just they're a government and they work as fast as cold molasses going up a hill. But IP subnetting requires preplanning, and you can't do that effectively when you don't know the maximum network count. And the US government would for sure rather have endless addresses than having IPv4 limitations.

    That may be so but I don't care. All I see that they waste more addresses than many countries, which btw isn't even a smart thing (as opposed to private ranges) wrt security.

    My argument is not "it's total d_g shit"!
    My argument, brutally summarized, is "You idiots are about to repeat the same basic sin of back then. THINK and think properly and in a disciplined way!". My argument is that mindlessly and extremely oversizing is not better than or a solution to the problems of yester-decades carelessness and lack of intellectual discipline.

    The real and true solution is cost-effective, practically feasible, and well thought out and well engineered - none of which IPv6 is. The real solutiont boils down to 64 bits, among other reasons because 64 bits happens to be the word size of the processors we know how to build and actually build and because 64 bits is plenty enough and then some.

    I don't think you have solutions to the many, many use cases that would be affected by your solution.

    And I think you are wrong. Simple reason: my major issue is the 128 bits and all the problems coming with that. If IPv6 had 64 bits I'd probably not argue.
    Plus, and I'm definitely not alone with that, I dislike that IPv6 is not just 'more addresses' but significant changes in the way networks work - with many of those changes doubted by many incl. experts.

    Funny though in a way that the IPv6 idiots like to talk so much about all those (largely imaginary) devices needing addresses ... but hardly ever touch the really relevant question whether and how the majority of people could afford to buy those devices.

    Esp32's are $2. Light/electrical sockets are $10 normal price. WiFi chips with Socs are stamped out for dollars. WiFi 6 chips under $10!!! IoT is coming... even for the poor.

    For the poor in first world countries maybe, but it's quite different when people earn less than $10 per day. Plus, look at the real world. The vast majority still has zero Pi, ESP, etc. etc. boards, plus those who have such boards have the vast majority of them not connected to the internet. Plus: how many such boards and other devices (smartphones, PCs etc.) are we supposed to have in say 20 years on average (average household)? 10? 100? 1000?
    If your answer to that is halfway reasonable and realistic then 64-bit addresses will be more than sufficient.

  • jsgjsg Member, Resident Benchmarker

    @stevewatson301 said:
    @TimboJones

    You're arguing with jsg. They're well known for hiding illogical arguments in a layer of apparent reasonableness.

    Well, at least I argue ... rather than doing ad hominems as you do ...

    Thanked by 1PulsedMedia
  • skorupionskorupion Member, Host Rep

    @jsg said: people earn less than $10 per day.

    That argument is so fucking invalid

  • jsgjsg Member, Resident Benchmarker

    @skorupion said:

    @jsg said: people earn less than $10 per day.

    That argument is so fucking invalid

    Because? You say so?

    But hey, I change my wording to "$10/day available income", OK. Because that is realistic; in fact I know people in Europe for whom that is true.

  • skorupionskorupion Member, Host Rep

    @jsg said:

    @skorupion said:

    @jsg said: people earn less than $10 per day.

    That argument is so fucking invalid

    Because? You say so?

    But hey, I change my wording to "$10/day available income", OK. Because that is realistic; in fact I know people in Europe for whom that is true.

    Because of the comment, you were replying to already invalidating you...

    @TimboJones said: Light/electrical sockets are $10 normal price.

  • jsgjsg Member, Resident Benchmarker

    @skorupion said:

    @jsg said:

    @skorupion said:

    @jsg said: people earn less than $10 per day.

    That argument is so fucking invalid

    Because? You say so?

    But hey, I change my wording to "$10/day available income", OK. Because that is realistic; in fact I know people in Europe for whom that is true.

    Because of the comment, you were replying to already invalidating you...

    @TimboJones said: Light/electrical sockets are $10 normal price.

    Because you say so. Will I have to address you as "your honor" from now on.

    BS!

  • skorupionskorupion Member, Host Rep
    edited March 2021

    @jsg said:

    @skorupion said:

    @jsg said:

    @skorupion said:

    @jsg said: people earn less than $10 per day.

    That argument is so fucking invalid

    Because? You say so?

    But hey, I change my wording to "$10/day available income", OK. Because that is realistic; in fact I know people in Europe for whom that is true.

    Because of the comment, you were replying to already invalidating you...

    @TimboJones said: Light/electrical sockets are $10 normal price.

    Because you say so. Will I have to address you as "your honor" from now on.

    BS!

    I live in Europe where I with my mom have approx 10 - 20 USD per day available income...
    Oh shit, I have ipv6 enabled on all my devices who would've thought. That's impossible right, ipv6 enabling costs too much right...

    Dude it costs as much as enabling IPv4

    Thanked by 3TimboJones Ouji Erisa
  • TimboJonesTimboJones Member
    edited March 2021

    @jsg said:

    @TimboJones said:

    @jsg said:
    That was sarcasm, as in "Nobody cares about that calculation. It's the opposite of what happens in network devices where calculations are done thousands or even millions of times each seconds"

    I think you make the opposite point, nobody cares about the calculations in these routers and just care if cat/porn videos work.

    That likely changes when they have to set up a router, a network and a firewall (as very many do/have to do).

    For most users, they get a modem/gateway from their cable/dsl provider and if uPnP is turned on, they've never logged into it. I see the majority of SSID's broadcasting around me on the default ISP SSID. It would be just the same with IPv6.

    I was referring to sysadmins who manage networks of tens of thousands in companies with revolving personal, changing priorities, merging companies, new and closing offices, etc. You can't just think of a family of 4 as a home user.

    Just like for other professionals: that's just their job.

    And lots of industries have the professionals develop new standards along the way to make their jobs easier.

    And btw. IP4 was and is good enough to allow for quite monstrously large corporations to grow ...

    You can't argue that point both ways pointing out the waste in IPv4 efficiency. Everytime you split a subnet, you lose IP's to overhead and limit the number of users. Allow large subnets and you have waste. Pick a lane.

    Pardon me but actually No. As a programmer I usually don't care at all - the kernel does it, I just open and use sockets (with whatever happen to be the IP(s)).

    Huh? But you can't just connect to another peer on the other side of a NAT router. Not without setting up a DMZ or port forward. Having to get your clients or customers to do that before their app works is a hassle.

    BY FAR less hassle than dealing with IPv6.
    And again, for pros, that's their job, and for homes them boxes usually have a nice simple form to add/change/delete NAT details and it's done and works since decades.

    So it puts added burden on developer to deal with ports and NAT IP's and end user to preconfigure instead of no hassle with IPv6 with their own endpoints. Takes manual labour and reconfiguration when router replaced.

    IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.

    Well, then maybe the reason why only a very small percentage of users, both small and large, haven't accepted IPv6 is due to some weird religious thing. Because according to the pro IPv6 crowd the reasons can not be technical, complexity, cost, non existing ASICs or the simple fact that nobody in his right mind things that we need 4 billion times 4 billion times 4 billion IP addresses ...

    The reasons for slow adoption are known and religion isn't one of them. Costs and complexity are reasons, but a lack of mandatory switch is primarily the reason. If the World wanted to be IPv6 dominant in 3 years, the big 8 countries just need tax incentives like the Y2K years and it would happen.

    A routed network is always better than a NAT network. You'd have to allow uPnP for that to be feasible, and I'm sure you have choice words about the security of uPnP that you'd not enable that on shared public users network.

    No, for a simple reason: we usually do not even want all our devices to be publicly reachable. NAT isn't just a crutch, it's also a convenient safety device under your full control.

    They don't have to be. We'd still have stateful firewalls in the routers just as they do today. And firewalls in our OS.

    Pardon me but this is getting ridiculous. But if you really think that writing firewall rules for IPv6 is simpler than writing NAT rules I respect that. And you kindly respect that I see it differently.

    It's not simpler or more difficult, really. The NAT rule is actually two rules but most routers add the firewall rule when adding the port forward rule.

    Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records) and lack of proper thinking (back then) and sheer political arbitrariness (like the us-american war ministry having and wasting more IPs than many countries have in total).

    When you mention the US war ministry, you're kinda being the political arbitrary person. The U.S. government has invested more money into IPV6 than any other country or company. They've been at the front of adoption since the start, it's just they're a government and they work as fast as cold molasses going up a hill. But IP subnetting requires preplanning, and you can't do that effectively when you don't know the maximum network count. And the US government would for sure rather have endless addresses than having IPv4 limitations.

    That may be so but I don't care. All I see that they waste more addresses than many countries, which btw isn't even a smart thing (as opposed to private ranges) wrt security.

    They were using them for years before some countries had internet to begin with. You have some problem with them being there from day 1? I believe in the social services that benefit people from a country (health care, education, etc), but you're basically saying there should be World socialism for IPv4 IP's? This seems like an odd argument. The US uses a shitload more electricity and water per person than most other countries, should they give up water and power for free to other countries? Or is it better to work on a new system where everyone has enough resources of their own?

    My argument is not "it's total d_g shit"!
    My argument, brutally summarized, is "You idiots are about to repeat the same basic sin of back then. THINK and think properly and in a disciplined way!". My argument is that mindlessly and extremely oversizing is not better than or a solution to the problems of yester-decades carelessness and lack of intellectual discipline.

    The real and true solution is cost-effective, practically feasible, and well thought out and well engineered - none of which IPv6 is. The real solutiont boils down to 64 bits, among other reasons because 64 bits happens to be the word size of the processors we know how to build and actually build and because 64 bits is plenty enough and then some.

    I don't think this is near as big an issue as you seem to think.

    I don't think you have solutions to the many, many use cases that would be affected by your solution.

    And I think you are wrong. Simple reason: my major issue is the 128 bits and all the problems coming with that. If IPv6 had 64 bits I'd probably not argue.
    Plus, and I'm definitely not alone with that, I dislike that IPv6 is not just 'more addresses' but significant changes in the way networks work - with many of those changes doubted by many incl. experts.

    Change needs to happen for things to get better. Change can't be voided and doesn't need to be.

    Funny though in a way that the IPv6 idiots like to talk so much about all those (largely imaginary) devices needing addresses ... but hardly ever touch the really relevant question whether and how the majority of people could afford to buy those devices.

    Esp32's are $2. Light/electrical sockets are $10 normal price. WiFi chips with Socs are stamped out for dollars. WiFi 6 chips under $10!!! IoT is coming... even for the poor.

    For the poor in first world countries maybe, but it's quite different when people earn less than $10 per day. Plus, look at the real world. The vast majority still has zero Pi, ESP, etc. etc. boards, plus those who have such boards have the vast majority of them not connected to the internet. Plus: how many such boards and other devices (smartphones, PCs etc.) are we supposed to have in say 20 years on average (average household)? 10? 100? 1000?
    If your answer to that is halfway reasonable and realistic then 64-bit addresses will be more than sufficient.

    What? All those $2 devices have connections to the internet. I'm a single guy and there's over 50 Mac addresses on my home network. My brother with three kids has over 80.

    But overall, your point is irrelevant as to the total amount. It is sufficient to be that we can be super wasteful and inefficient and still not run into address exhaustion. We don't need to know what the actual address exhaustion number would be if we far exceed it.

    Thanked by 2Pixels Ouji
  • jsgjsg Member, Resident Benchmarker
    edited March 2021

    @skorupion said:
    I live in Europe where I with my mom have approx 10 - 20 USD per day available income...
    Oh shit, I have ipv6 enabled on all my devices who would've thought. That's impossible right, ipv6 enabling costs too much right...

    Dude it costs as much as enabling IPv4

    Learn to read properly. That was not my argument. You are arguing against a (wrong) deduction in your head and not against what I said.

    @TimboJones said:

    That likely changes when they have to set up a router, a network and a firewall (as very many do/have to do).

    For most users, they get a modem/gateway from their cable/dsl provider and if uPnP is turned on, they've never logged into it. I see the majority of SSID's broadcasting around me on the default ISP SSID. It would be just the same with IPv6.

    Correct - minus that all their devices were reachable through the internet, which considering the very lamentable security of most IoI devices wouldn' t be smart. Or they employ the IPv6 equivalent of NAT (or configure their firewall or ...).

    And lots of industries have the professionals develop new standards along the way to make their jobs easier.

    The same is true for IP4

    And btw. IP4 was and is good enough to allow for quite monstrously large corporations to grow ...

    You can't argue that point both ways pointing out the waste in IPv4 efficiency. Everytime you split a subnet, you lose IP's to overhead and limit the number of users. Allow large subnets and you have waste. Pick a lane.

    No, I don't. I don't have to because there are /8 private ranges where even 1000 lost IPs aren't a problem.

    So it puts added burden on developer to deal with ports and NAT IP's and end user to preconfigure instead of no hassle with IPv6 with their own endpoints. Takes manual labour and reconfiguration when router replaced.

    No, not on a developer but on a sys/net admin. But you are right, for home users that's indeed a small burden.
    At the same time though home users are major group within those not wanting IPv6.

    IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.

    Well, then maybe the reason why only a very small percentage of users, both small and large, haven't accepted IPv6 is due to some weird religious thing. Because according to the pro IPv6 crowd the reasons can not be technical, complexity, cost, non existing ASICs or the simple fact that nobody in his right mind things that we need 4 billion times 4 billion times 4 billion IP addresses ...

    The reasons for slow adoption are known and religion isn't one of them. Costs and complexity are reasons, but a lack of mandatory switch is primarily the reason. ...

    Read your sentence again. It boils down to you want to FORCE IPv6 on everyone.

    Thanks, no more questions ...

    They were using them for years before some countries had internet to begin with. You have some problem with them being there from day 1? I believe in the social services that benefit people from a country (health care, education, etc), but you're basically saying there should be World socialism for IPv4 IP's? This seems like an odd argument. The US uses a shitload more electricity and water per person than most other countries, should they give up water and power for free to other countries? Or is it better to work on a new system where everyone has enough resources of their own?

    When the world changes - and it has changed a lot - then they must adapt. In particular as they don't loose anything because any military typically does not want most of its equipment being reachable from the internet.
    And kindly note that I didn't say "strip them, beat them up, and then burn them!". What I'm talking about is only waste, so if they needed say a /16 I'd have no problem with that. The same goes for the many, many corporations, education and other institutes who still have insanely large ranges.

    So, YES, I think that a whole country with say 20 million people getting say 1 mio more IP addresses is more important than some military wasting some hundred mio. IP addresses they do not really need.

    I don't think this is near as big an issue as you seem to think.

    You are of course free to think whatever you pleas, but I'm afraid reality and physics doesn't care too much.

    Change needs to happen for things to get better. Change can't be voided and doesn't need to be.

    That is not the point, I'm certainly not against change where and when needed. And as I said multiple times, I'm not against a new IP version (although I see it as far less urgent than many make it look like).
    What I'm against is 2 points, (a) the insane and absolutely not needed 128-bits approach, and (b) needlessly changing and even replacing whole protocols.

    Give me a rational, reasonable, and based on facts and real needs proposal and you'll find me open to consider it.

    What? All those $2 devices have connections to the internet. I'm a single guy and there's over 50 Mac addresses on my home network. My brother with three kids has over 80.

    But overall, your point is irrelevant as to the total amount. It is sufficient to be that we can be super wasteful and inefficient and still not run into address exhaustion. We don't need to know what the actual address exhaustion number would be if we far exceed it.

    I believe what you say - but you are not the typical internet user but in a small minority group.

    Thanked by 1PulsedMedia
  • how'd this turn from nat64 to american war politics and developing countries?

    Thanked by 1skorupion
  • jarjar Patron Provider, Top Host, Veteran
  • @TimboJones said: but setting up subnets and having to change them later is a pain.

    I always think IP subnetting is good since it reduces the possibility of broadcast storms. A more stable network. DHCP servers and routers would make subnet changing easier.

  • @aiden1 said: how'd this turn from nat64 to american war politics and developing countries?

    jsg

  • jsgjsg Member, Resident Benchmarker

    @stevewatson301 said:

    @aiden1 said: how'd this turn from nat64 to american war politics and developing countries?

    jsg

    BS, What I said wasn't about politics but about large organisations wasting huge numbers of IPs. It's not my fault that one of the worst if not the worst IP waster isn't the local cat rescue center but the us-american war department - and that's what it's all about, war; not peace, not defense, not saving street cats but wars.

  • TimboJonesTimboJones Member
    edited March 2021

    @TimboJones said:

    That likely changes when they have to set up a router, a network and a firewall (as very many do/have to do).

    For most users, they get a modem/gateway from their cable/dsl provider and if uPnP is turned on, they've never logged into it. I see the majority of SSID's broadcasting around me on the default ISP SSID. It would be just the same with IPv6.

    Correct - minus that all their devices were reachable through the internet, which considering the very lamentable security of most IoI devices wouldn' t be smart. Or they employ the IPv6 equivalent of NAT (or configure their firewall or ...).

    Devices reachable from the Internet is something people want, something you disagree with. Remember how many IP's in /64? Yeah, you're not getting scanned in 3 minutes after coming on line like IPv4 20 years ago.

    And lots of industries have the professionals develop new standards along the way to make their jobs easier.

    The same is true for IP4

    Yes, but it's a standard that was created for limited purpose and then used well beyond its designed purpose and IPv6 was designed to replace that. You can only design IPV4 standard once.

    And btw. IP4 was and is good enough to allow for quite monstrously large corporations to grow ...

    You can't argue that point both ways pointing out the waste in IPv4 efficiency. Everytime you split a subnet, you lose IP's to overhead and limit the number of users. Allow large subnets and you have waste. Pick a lane.

    No, I don't. I don't have to because there are /8 private ranges where even 1000 lost IPs aren't a problem.

    You keep ignoring that private networks are not routable and NAT is limiting. It really isn't a 1:1 replacement, or even as good.

    So it puts added burden on developer to deal with ports and NAT IP's and end user to preconfigure instead of no hassle with IPv6 with their own endpoints. Takes manual labour and reconfiguration when router replaced.

    No, not on a developer but on a sys/net admin. But you are right, for home users that's indeed a small burden.
    At the same time though home users are major group within those not wanting IPv6.

    I am not aware of said group. I can only say enterprises and companies with money have been asking for IPv6 support as mandatory features since 2007.

    I'm in Canada with shitloads of IPv4 and slow IPv6 adoption. We have working service with IPV4 and even more services and capabilities when IPv6 is enabled. I can't think of any "group" of "those not wanting IPv6". They'd either not care or they'd want it. No third group of "don't want it". Their forums are filled with IPv6 requests for years.

    IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.

    Well, then maybe the reason why only a very small percentage of users, both small and large, haven't accepted IPv6 is due to some weird religious thing. Because according to the pro IPv6 crowd the reasons can not be technical, complexity, cost, non existing ASICs or the simple fact that nobody in his right mind things that we need 4 billion times 4 billion times 4 billion IP addresses ...

    The reasons for slow adoption are known and religion isn't one of them. Costs and complexity are reasons, but a lack of mandatory switch is primarily the reason. ...

    Read your sentence again. It boils down to you want to FORCE IPv6 on everyone.

    Thanks, no more questions ...

    Re-read that, please, I didn't say anything I wanted and just stated my opinion on faster adoption. When you have various parties with different goals and needs, there's no incentive to expend effort without benefit. So give the incentive. You seem to have other beliefs as to why adoption isn't higher.

    They were using them for years before some countries had internet to begin with. You have some problem with them being there from day 1? I believe in the social services that benefit people from a country (health care, education, etc), but you're basically saying there should be World socialism for IPv4 IP's? This seems like an odd argument. The US uses a shitload more electricity and water per person than most other countries, should they give up water and power for free to other countries? Or is it better to work on a new system where everyone has enough resources of their own?

    When the world changes - and it has changed a lot - then they must adapt. In particular as they don't loose anything because any military typically does not want most of its equipment being reachable from the internet.

    Who told you that, exactly? It does make sense they don't want it reachable from public Internet, but they've been telling network manufacturers they want all their devices to be reachable and paid millions and billions in NRE's for over two decades. They can firewall and keep their network separate from the Internet and still make every device reachable.

    And kindly note that I didn't say "strip them, beat them up, and then burn them!". What I'm talking about is only waste, so if they needed say a /16 I'd have no problem with that. The same goes for the many, many corporations, education and other institutes who still have insanely large ranges.

    You're talking about taking one's property/asset and giving it to another. For something that isn't a basic necessity. That's hardcore. You do know the tremendous effort to resubnet a university or HP/Coca-Cola? I don't think so or else you'd know what you're really suggesting.

    So, YES, I think that a whole country with say 20 million people getting say 1 mio more IP addresses is more important than some military wasting some hundred mio. IP addresses they do not really need.

    You're arguing to FORCE companies and governments to give up IP ranges they've had for decades, for free, to expend resources and effort for no gain.

    Yes, assign foreign residents the former IP's of military stuff. What could go wrong?

    I don't think this is near as big an issue as you seem to think.

    You are of course free to think whatever you pleas, but I'm afraid reality and physics doesn't care too much.

    Physics? What's the price of tea in China? You're on the wrong OSI layer.

    Change needs to happen for things to get better. Change can't be voided and doesn't need to be.

    That is not the point, I'm certainly not against change where and when needed. And as I said multiple times, I'm not against a new IP version (although I see it as far less urgent than many make it look like).

    You really are. You're disregarding what are reported problems by saying they're not problems.

    What I'm against is 2 points, (a) the insane and absolutely not needed 128-bits approach, and (b) needlessly changing and even replacing whole protocols.

    It's not needless and it's backward compatible. It works in parallel and not as a replacement for a long time.

    Give me a rational, reasonable, and based on facts and real needs proposal and you'll find me open to consider it.

    You ignore them with essentially, "do your job better".

    What? All those $2 devices have connections to the internet. I'm a single guy and there's over 50 Mac addresses on my home network. My brother with three kids has over 80.

    But overall, your point is irrelevant as to the total amount. It is sufficient to be that we can be super wasteful and inefficient and still not run into address exhaustion. We don't need to know what the actual address exhaustion number would be if we far exceed it.

    I believe what you say - but you are not the typical internet user but in a small minority group.

    Designing a protocol for the future on " typical" instead of max/extreme is a big mistake and seems no lessons learned.

    I'm guessing you've never worked in a large company or you'd have some different experience and opinions.

    Thanked by 3Pixels skorous Ouji
  • brueggusbrueggus Member, IPv6 Advocate

    @yoursunny Thanks for the useful guide!

    I went through the guide on CentOS 7 yesterday and have few suggestions:

    • maybe thats a CentOS thing, but systemd requires full paths to the executables in the unit file for security reasons. So ExecStartPre=ip ... becomes ExecStartPre=/usr/sbin/ip and ExecStart=true becomes ExecStart=/usr/bin/true

    Disclaimer: The following two ones may be considered as nit-picking

    • by design, user-defined unit files should go into /etc/systemd/system/instead of `/usr/local/lib/systemd/system/
    • I stumbled upon the fact that one of my VPS uses an MTU of 1400 on eth0 for some reason. Fixing the VXLAN tunnel by lowering its MTU even further should be obvious in that case, but you may want to point that out in your article
    Thanked by 2yoursunny skorupion
  • I just spent hours today on internet looking for this but I couldn't find it in time

    I ended up using clatd

    https://github.com/toreanderson/clatd

    I have little to no networking experience.

    Here is my little contribution to this tutorial

    add real ipv4 connectivity for applications that works only in ipv4 (optional)

    note: this part of the tutorial only works on linux distributions that has systemd or upstart as a service manager (debian, ubuntu, centos and so on). if you are experienced enough you may "translate" the systemd service file to your service manager.
    note²: if you are using archlinux you don't need to follow this part of tutorial because there is a clatd package available on aur: https://aur.archlinux.org/packages/clatd-git/.

    install make, git, cpan/perl, gcc and tayga from your package manager (debian/ubuntu : sudo apt-get install -y make git gcc tayga perl).

    clone the clatd github repository using: git clone https://github.com/toreanderson/clatd.git

    change your current directory to the new directory called clatd: cd clatd.

    install clatd using sudo make install.

    install the required perl dependencies for clatd: cpan net::ip socket6 io::socket::inet6 net::dns.

    start clatd with sudo systemctl start clatd (systemd) or initctl start clatd (upstart).

    wait around 30 seconds then check if you have ipv4 connectivity using curl: curl -4 google.com.

    Thanked by 1farsighter
  • jsgjsg Member, Resident Benchmarker
    edited March 2021

    @TimboJones

    I'll keep this short. I was very polite and patient but you and others have responded to any good will and accommodation from my side with more opposition. Plus from your side you have failed to address my major argument and question and/or simply brushed aside related major technical problems, so I see neither a basis nor a need, let alone interest to really and honestly discuss the 128-bit issue.

    My questions and points get vaguely hand wavingly "countered" and most of your efforts go into picking out details and blindly fighting for IPv6 as if it was a religious matter (it probably is for some here).
    And finally it gets personal. But I have to disappoint you: I have worked for one of the largest american corporations and some other large corporations. So kindly at least stop personal attributions.

    I'm willing to continue the discussion if and when you offer realistic and reasonable arguments for needing a 128-bit address space/why 64-bits is not sufficient. And right away front up: NO, "not designing for max/extreme is a big mistake" is NOT a sufficient and not even an acceptable argument and I counter that easily: (a) engineering is about doing it right; virtually nothing gets designed to an arbitrary extreme, and (b) shove IPv6 up your ... because why not 512 bits? Why going against your own argument ("to the extreme") and limit IPv6 to 128 bits?

    Sorry but good engineering is about "certainly enough plus some reserve". Practical feasibility and costs are relevant real-world factors.

    Thanked by 1PulsedMedia
  • @TimboJones said: Who told you that, exactly? It does make sense they don't want it reachable from public Internet, but they've been telling network manufacturers they want all their devices to be reachable and paid millions and billions in NRE's for over two decades. They can firewall and keep their network separate from the Internet and still make every device reachable.

    I'm surprised that a massive portion of that IP space is actually routed on the internet. Also that there are internet exchanges: https://bgp.he.net/exchange/NASA-AIX

  • TimboJonesTimboJones Member
    edited March 2021

    @jsg said:
    @TimboJones

    I'll keep this short. I was very polite and patient but you and others have responded to any good will and accommodation from my side with more opposition. Plus from your side you have failed to address my major argument and question and/or simply brushed aside related major technical problems, so I see neither a basis nor a need, let alone interest to really and honestly discuss the 128-bit issue.

    Can you point me to any resources that share your opinions? I don't think I understand your technical issues that I haven't responded to and I haven't found another resource that might fill me in on what I'm missing.

    My questions and points get vaguely hand wavingly "countered" and most of your efforts go into picking out details and blindly fighting for IPv6 as if it was a religious matter (it probably is for some here).

    I'm not blindly fighting for it, I recognize the train left the station. Get onboard or get out of the way.

    And finally it gets personal. But I have to disappoint you: I have worked for one of the largest american corporations and some other large corporations. So kindly at least stop personal attributions.

    My point was that they are huge, slow, chaotic and not well organized. Having to go to IT for something takes hours or days and a PITA for any professional who wants something right now and can have right now. You don't want to involve them unless necessary, not as a first choice.

    I'm willing to continue the discussion if and when you offer realistic and reasonable arguments for needing a 128-bit address space/why 64-bits is not sufficient.

    Routing/protcol reasons, not maximum address count.

    And right away front up: NO, "not designing for max/extreme is a big mistake" is NOT a sufficient and not even an acceptable argument and I counter that easily: (a) engineering is about doing it right; virtually nothing gets designed to an arbitrary extreme, and (b) shove IPv6 up your ... because why not 512 bits? Why going against your own argument ("to the extreme") and limit IPv6 to 128 bits?

    I think if you applied that to security, it would be a mistake. The edges of extreme is where bad shit happens. I'm not talking arbitrary, you are.

    Sorry but good engineering is about "certainly enough plus some reserve".

    No, it's really not. That's how people get killed. This is what happens when anybody calls themselves an engineer. In my province, "engineer" is a protected name like Doctor where you have legal obligations and responsibility, none of this software engineer shit that people didn't even get a degree for.

  • jsgjsg Member, Resident Benchmarker
    edited March 2021

    @TimboJones said:
    Can you point me to any resources that share your opinions? I don't think I understand your technical issues that I haven't responded to and I haven't found another resource that might fill me in on what I'm missing.

    I'm sure that you are capable to search for e.g. 'processor word-sizes' I'm also not helping out in that case because you act as if you knew ...

    I'm not blindly fighting for it, I recognize the train left the station. Get onboard or get out of the way.

    That may be the way they handle things where you live or in your mind, but where I live that's not the definition of the playing field and rules.

    My point was that they are huge, slow, chaotic and not well organized. Having to go to IT for something takes hours or days and a PITA for any professional who wants something right now and can have right now. You don't want to involve them unless necessary, not as a first choice.

    I see, and switching to IPv6 is done by secretaries, managers, and kitchen aids?

    I think if you applied that to security, it would be a mistake. The edges of extreme is where bad shit happens. I'm not talking arbitrary, you are.

    Feel free to think whatever you please, but I am actually working in the field.

    Sorry but good engineering is about "certainly enough plus some reserve".

    No, it's really not. That's how people get killed. This is what happens when anybody calls themselves an engineer. In my province, "engineer" is a protected name like Doctor where you have legal obligations and responsibility, none of this software engineer shit that people didn't even get a degree for.

    Engineering, which btw in my country is even more toughly regulated than in yours, is largely the art of doing what is feasible and reasonable.
    Any engineer worth his money will immediately notice the 128 bits and - very mistrustingly - question its supposed need, just like he would question a planned road which was planned to have a 200 feet thick asphalt layer.

    I suggest to drop this (actually non-) conversation and stay friendly, simply accepting that our views and approaches are too different.

  • They Plan to remove the option to change the Nameserver on the Free VPS to prevent missconfiguration and Abuse. So they want to prevent that we can access v4 resources like github at all.

    Change is planned to be implemented in the next Weeks

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited March 2021

    @brueggus said:
    by design, user-defined unit files should go into /etc/systemd/system/instead of `/usr/local/lib/systemd/system/

    This has been updated on yoursunny.com and other sites that I can still edit.
    I have three tutorials making the same mistake.
    Thanks for pointing out.

    maybe thats a CentOS thing, but systemd requires full paths to the executables in the unit file for security reasons. So ExecStartPre=ip ... becomes ExecStartPre=/usr/sbin/ip and ExecStart=true becomes ExecStart=/usr/bin/true

    It's not a Debian thing.

    I stumbled upon the fact that one of my VPS uses an MTU of 1400 on eth0 for some reason. Fixing the VXLAN tunnel by lowering its MTU even further should be obvious in that case, but you may want to point that out in your article

    It's already there: "Note that I reduced the MTU of the VXLAN tunnel interface to 1420 from the default 1500."


    @Edding said:
    They Plan to remove the option to change the Nameserver on the Free VPS to prevent missconfiguration and Abuse. So they want to prevent that we can access v4 resources like github at all.

    Change is planned to be implemented in the next Weeks

    I don't know how to prevent changing nameserver from hypervisor side.
    They could overwrite /etc/resolv.conf and other files, and many providers are already doing that via SolusVM, but that doesn't stop me from overwriting it again in a boot script.

    In enterprise networks, UDP traffic to port 53 could be blocked to non-approved destinations.
    I don't see how data centers would do that.
    Even if they do, it'll be difficult to block DNS over HTTPS.

    Also, the VXLAN approach described in the article does not involve changing nameservers.

    Thanked by 1farsighter
  • Hey,

    I can't get it to work but then again I'm a noob.

    $ traceroute -n -q1 lgger.nexusbytes.com traceroute to lgger.nexusbytes.com (46.4.199.225), 30 hops max, 60 byte packets 1 172.16.41.232 3100.979 ms !H

    I have (I believe) a dual-stack server at mrvm.net. I can ping -4 <domain> succesfully. It is a nat vps and I have only 20 ports available at range 21200-21220. I have an external IPv4 address that I can access from outside world at the ports 21200-21220. That external ip address is not visible from ip addr, instead it has something else. The ip addr on that server shows

    inet 172.16.41.212/24 brd 172.16.41.255 scope global venet0:0

    Your example has your public ip as 192.0.2.1 on the dual-stack so I'm not sure how and which IP on my dual-stack corresponds to that and how I can use it on my commands, but I tried.

    I'm trying the following on euserv free server (redacted ipv6 address). I just picked couple random IPv4 addresses from the same subnet as what ip addr shows on inet

    sudo ip link add vx84 type vxlan id 0 remote <dual's ipv6 here> local <vs4-free ipv6 here> dstport 4789
    sudo ip link set vx84 mtu 1420
    sudo ip link set vx84 up
    sudo ip addr add 172.16.41.232/24 dev vx84
    sudo ip route add 0.0.0.0/0 via 172.16.41.231

    Then on dual-stack I tried:

    sudo ip link add vx84 type vxlan id 0 remote <vs4-free ipv6 address> local <dual-stack's ipv6 address> dstport 4789
    sudo ip link set vx84 mtu 1420
    sudo ip link set vx84 up
    sudo ip addr add 172.16.41.231/24 dev vx84
    sudo iptables-legacy -t nat -A POSTROUTING -s 172.16.41.230/24 ! -d 172.16.41.230/24 -j SNAT --to 172.16.41.212

    I tried with some other values first and it didn't work so I tried to run over with other values and it said: RTNETLINK answers: File exists so I searched the web for it and found that sudo ip addr flush dev vx84 may fix that and so it did (except for the first command where we add the vx84, so I skipped that one as that command would have stayed the same anyway. (I tried changing 172.16.41.232/24.)

    I tried disabling ufw firewall with sudo ufw status to make sure it's not blocking it, but it didn't help

    My guess is that I'm using wrong ip address in place where I have something starting with 172, or that I have to specify ports somewhere somehow, as the dual-stack server can accept only incoming traffic on ports 21200-21220 on ipv4 at least... Can someone help?

  • jmgcaguiclajmgcaguicla Member
    edited April 2021

    @WiLO9hs8L4fSs said:
    I'm trying the following on euserv free server (redacted ipv6 address). I just picked couple random IPv4 addresses from the same subnet as what ip addr shows on inet:
    sudo ip addr add 172.16.41.232/24 dev vx84

    Then on dual-stack I tried:

    sudo ip addr add 172.16.41.231/24 dev vx84

    Your VXLAN subnet overlaps with your NAT-ed IP's subnet, pick a different one.

    Thanked by 1yoursunny
Sign In or Register to comment.