It also means you no longer need the kludge that is NAT. Full E2E connectivity is really nice -- though I've found some network admins dislike this idea because they're so used to thinking about it differently or (mistakenly) think it adds to their security.
NAT still has its place in obfuscating the internal network. Also, it's easier to think about firewall/routing when you segregate a network behind a router on its own subnet, IMO.
I think you'll find some ISPs will be reluctant to let go of CGNAT - they're doing quite nicely by charging extra for 'commercial' services where it's not in the way.
Fortunately, many of us know about cloudflare tunnelling and other services, so NAT really isn't a problem to self hosters and even SMEs any more.
ipv6 in companies...
ipv6 is not hard, but for internal networking no company (really) "needs" more than rfc1918 address space.
thus any decision in that direction is always "less" needed than any bonus for (da)magement personnel is crucial for the whole companies survival...
for companies services to be reachable from outside/ipv6 mostly "only" the loadbalancers/revproxies etc need to be ipv6 ready but ... this i.e. also produces logs that possibly break decades old regexes that no one understands any more (as the good engineers left due to too many boni payed to damagement personnel) while other access/deny rules that could break or worse let through where they should block (remember that 192.168. could the local part of ipv6 IF sone genious used a matching mech that treats the dot "." as a wildcard as overpayed damagement personnel made them rush too fast), could be hidden "somewhere". altogether technical debt is a huge blocker for everything, especially company growth, and if no customer "demands" ipv6, then it stays on the damagement personnels list as "fulfilling the whishes of engineers to keep them happy" instead of on the always deleted "cleaning up technical debt caused by damagement personnel" list.
setting up firewalls for ipv6 is quite easy and if you go the finegrained "whitelisted or drop/block" approach from the beginning it might take a bit for ipv6 specials to be known to you, but the much bigger thing is IMHO the then current state of firewall rules. and who knows every existing rule? what rules should be removed already and must not be ported to ipv6? usually firewalls and their rules are a big mess due to ... again too many boni payed to damagement personnel, hindering the company from the needed steps forward...
ipv6 adoption is slow for reasons that are driving huge cars that in turn speed up other problems ;-|
However I can see when any IPv6 begins with 2a02:12xx:: then it's Swisscom (biggest swiss ISP). But I can't remember any of their hundreds of IPv4 prefixes.
fc00::/7 are ULA (basically what RFC1918 was for IPv4) not entirely true, fc00::/8 is part of ULA, but it is not yet defined. Use fd00::/8 instead.
2001:db8::/32 is for documentation purposes
I keep hearing this, and I KNOW it's true at the enterprise level, but I've been running my home LAN IPv6 native for the last - 6+ years? Ever since I learned Comcat would vend it to you from their stock router.
Works great. No problems. Didn't used to be that way, but these days most (more?) of the stack bugs have been shaken out.
I'm a network engineer and I run ipv6 natively in all of our datacenters. There are even a handful of end systems that have ipv6 native networking stacks with ipv4 sockets for our non-ipv6 compatible applications. IPv6 issues are basically self-inflicted at this point by companies that see their IT systems as cost centers, or by basilisk directors who's knowledge stopped in the 90's.
Yeah, I feel like this is one of those memes that just travevls like lightning because it's attractive to people.
IPv6 WAS crazy bad for a very long time, so I can kind of understand it at least, but wake up and smell the 128 bit addressing people, ipv6 is a SUPER useful tool when you need it :)
It is in the style of the original, where during Covid the page on “Migrating to the Netherlands” simply just started with “Do not migrate to the Netherlands”, before expanding on the Covid restrictions on place and what foreign nationals currently in the Netherlands are to do.
On one hand: Now that's loud & clear communication.
On the other hand, “Just don't” really ties in to the stereotype of Dutch directness/rudeness.
rent a cheap vm, i got one for 1€/month (for the first year,cancel monthly) from ovh currently
setup 3 openvpn instances to redirect all routes through the tunnel, one with ipv4 only, one with ipv6 only and one with both
setup the client on your mobile phone and your laptop both with all three vpns to choose from
have the option to choose now and try out ipv6, standalone or dualstack depending on what vpn you switch on
use this setup to blame services that don't support ipv6 yet or maybe are broken with dualstack 🤣
rise from under-the-stone (disabling ipv6 only) to in-sunlight (to a well-above-industry-standart-level !!! "quick" new network technologies adopting "genious") 🤣
improve your openvpn setup from above to be reachable "by" ipv6 too if you haven't done it from the beginning, done: reach the pro-level of the-late-adopter-noob-group
(if you want, ask for config snippets)
btw i prefer to wait for ipv8😁 before "demanding" ipv6 from services i use 🤣
For individuals. There are tons of benefits for everyone collectively, but as is often the case, there's not enough incentive for any one person to bother until everybody else does.
I'd be open to considering those but I never had a website break it down in a material way. At best 6 to me is shiny and side grade -- if it results in major labor and time spent without reasonable benefit within a LAN then it's not going to be a humdinger. Of course like I said if there are arguments to be made I'm happy to contemplate them.
YMMV, for me the juice hasn't been worth the squeeze yet and I'm not sure it ever will.
No more holepunching kludge with solutions like ZeroTier or Tailscale, just open a port and you are pretty much good to go.
The CGNAT gateway of my ISP tends to be overloaded during the holiday seasons, so using IPv6 eliminates an unstability factor for my lab.
You have a metric sh*t ton of addressing space. I have assigned my SSH server its own IPv6 address, my web server another, my Plex server yet another, ... You get the idea. The nice thing here is that even if someone knows about the address to my SSH server, they can't discover my other servers through port scanning, as was typical in IPv4 days.
Also, because of the sheer size of the addressing space, people simply can't scan your network.
personally, i'd have pretty big benefits for my homelab if i could use my own ipv6 range for everything. having only a singe public IP is just very limiting.
sadly, my ISP does give out ipv6 for home networks, but i cannot connect to any of them from my mobile phone with the same carrier. so that's fun. they talked about rolling out ipv6 on mobile networks years ago, but i guess it'll take a few more....
YMMV. Time, energy, compat*ability problems, unforseen issues which cost time debugging.
Again, I'm speaking for me -- there has to be a tangible real benefit and within networks even with 100 devices IPv4 does the job better than fine and better than IPv6 for some folks.
Not to mention its just plain easier to remember 4 octet sets of numbers running from machine to machine in an office than 6 or 8 or whatever.