Basically the extent of my IPv6 knowledge
Basically the extent of my IPv6 knowledge
Template source: https://web.archive.org/web/20210304000634/https://www.government.nl/topics/coronavirus-covid-19/visiting-the-netherlands-from-abroad/checklist
84 comments
-
-
I also know that I cannot tell the difference between two IPv6 addresses because they all merge into an indiscernible blur inside my head
-
Back when we had to dial ipv4 addresses from memory
-
However I can see when any IPv6 begins with 2a02:12xx:: then it's Swisscom (biggest swiss ISP). But I can't remember any of their hundreds of IPv4 prefixes.
-
I have a feeling making it all CAPS would have made it just a bit easier.
That, or using monospace fonts for it everywhere. -
I recite IPv6 addresses on my company networks from memory all the time. It helps that we got a bit lucky on our allocation. There are no letters.
Plus it's really easy to number subnets in a way that makes sense.
-
-
::1 is the new 127.0.0.1
:: abbreviates empty fields
ipv6 has more addresses
there is something going on with mac addresses (asside from arp)thats all i remember
-
I keep hearing this, and I KNOW it's true at the enterprise level, but I've been running my home LAN IPv6 native for the last - 6+ years? Ever since I learned Comcat would vend it to you from their stock router.
Works great. No problems. Didn't used to be that way, but these days most (more?) of the stack bugs have been shaken out.
-
I'm a network engineer and I run ipv6 natively in all of our datacenters. There are even a handful of end systems that have ipv6 native networking stacks with ipv4 sockets for our non-ipv6 compatible applications. IPv6 issues are basically self-inflicted at this point by companies that see their IT systems as cost centers, or by basilisk directors who's knowledge stopped in the 90's.
-
Yeah, I feel like this is one of those memes that just travevls like lightning because it's attractive to people.
IPv6 WAS crazy bad for a very long time, so I can kind of understand it at least, but wake up and smell the 128 bit addressing people, ipv6 is a SUPER useful tool when you need it :)
-
-
-
I am hosting a few services on my LAN over IPv6, except for Plex, which I am tunneling through IPv4, since Plex itself used to have issues with IPv6.
It's always funny when friends complain that one of my services is down, it was 100% IPv6 not working/enabled/willingly disabled on their site yet.
-
I made an effort to learn it. In 2000. Again in 2012 or whenever the last big push was. If past is prologue, I may need to learn it again soon. 😆
-
Ah, Dutch directness... Nothing says clear communication louder than the Dutch
-
It's an edited image, but you are darn right. Proper communication is great
-
It is in the style of the original, where during Covid the page on “Migrating to the Netherlands” simply just started with “Do not migrate to the Netherlands”, before expanding on the Covid restrictions on place and what foreign nationals currently in the Netherlands are to do.
On one hand: Now that's loud & clear communication. On the other hand, “Just don't” really ties in to the stereotype of Dutch directness/rudeness.
-
-
-
-
maybe start with an adjustable setup:
- rent a cheap vm, i got one for 1€/month (for the first year,cancel monthly) from ovh currently
- setup 3 openvpn instances to redirect all routes through the tunnel, one with ipv4 only, one with ipv6 only and one with both
- setup the client on your mobile phone and your laptop both with all three vpns to choose from
- have the option to choose now and try out ipv6, standalone or dualstack depending on what vpn you switch on
- use this setup to blame services that don't support ipv6 yet or maybe are broken with dualstack 🤣
- rise from under-the-stone (disabling ipv6 only) to in-sunlight (to a well-above-industry-standart-level !!! "quick" new network technologies adopting "genious") 🤣
- improve your openvpn setup from above to be reachable "by" ipv6 too if you haven't done it from the beginning, done: reach the pro-level of the-late-adopter-noob-group
(if you want, ask for config snippets)
btw i prefer to wait for ipv8😁 before "demanding" ipv6 from services i use 🤣
-
I pay yearly more for IPv4 address space for virtual machines on my dedicated server than for that dedicated server itself (ツ)_/.
Let that thing die.
Monthly summary:
54.40€ - 30 IPv4 addresses
\ 0.00€ - 18 quintillion IPv6 addresses
\ 38.39€ - whole server for dozens of services-
Someone is using Hetzner. :) Yes let IPv4 fade away. Still what services are you running that require so many unique IPs?
-
-
Checklist for Migrating to HTTPS:
- Disable all 443 port traffic
-
Yup, the benefits don't outweigh the costs.
-
For individuals. There are tons of benefits for everyone collectively, but as is often the case, there's not enough incentive for any one person to bother until everybody else does.
-
I'd be open to considering those but I never had a website break it down in a material way. At best 6 to me is shiny and side grade -- if it results in major labor and time spent without reasonable benefit within a LAN then it's not going to be a humdinger. Of course like I said if there are arguments to be made I'm happy to contemplate them.
YMMV, for me the juice hasn't been worth the squeeze yet and I'm not sure it ever will.
-
-
personally, i'd have pretty big benefits for my homelab if i could use my own ipv6 range for everything. having only a singe public IP is just very limiting.
sadly, my ISP does give out ipv6 for home networks, but i cannot connect to any of them from my mobile phone with the same carrier. so that's fun. they talked about rolling out ipv6 on mobile networks years ago, but i guess it'll take a few more....
-
I use IPv6 exclusively for my homelab. The pros:
- No more holepunching kludge with solutions like ZeroTier or Tailscale, just open a port and you are pretty much good to go.
- The CGNAT gateway of my ISP tends to be overloaded during the holiday seasons, so using IPv6 eliminates an unstability factor for my lab.
- You have a metric sh*t ton of addressing space. I have assigned my SSH server its own IPv6 address, my web server another, my Plex server yet another, ... You get the idea. The nice thing here is that even if someone knows about the address to my SSH server, they can't discover my other servers through port scanning, as was typical in IPv4 days.
- Also, because of the sheer size of the addressing space, people simply can't scan your network.
-
-
YMMV. Time, energy, compat*ability problems, unforseen issues which cost time debugging.
Again, I'm speaking for me -- there has to be a tangible real benefit and within networks even with 100 devices IPv4 does the job better than fine and better than IPv6 for some folks.
Not to mention its just plain easier to remember 4 octet sets of numbers running from machine to machine in an office than 6 or 8 or whatever.
-
-
84 comments
My ISP doesn't support IPv6, now what?
It's really bullshit.
Hurricane Electric have a free tunnel broker that is super simple to set up if you really want to get on the bandwagon.
https://tunnelbroker.net/
Though honestly I'd say the benefits of setting it up aren't really worth the trouble unless you're keen.
Really bullshit ISP indeed.
It also means you no longer need the kludge that is NAT. Full E2E connectivity is really nice -- though I've found some network admins dislike this idea because they're so used to thinking about it differently or (mistakenly) think it adds to their security.
NAT still has its place in obfuscating the internal network. Also, it's easier to think about firewall/routing when you segregate a network behind a router on its own subnet, IMO.
I think you'll find some ISPs will be reluctant to let go of CGNAT - they're doing quite nicely by charging extra for 'commercial' services where it's not in the way.
Fortunately, many of us know about cloudflare tunnelling and other services, so NAT really isn't a problem to self hosters and even SMEs any more.
Why do you say NAT doesn't make a network more secure?
I had network speed issues and the solution was literally to disable ipv6... Fiber 1gbit network still had issues. https://www.reddit.com/r/youtube/comments/owbjdl/anyone_else_getting_buffering_when_using_ipv6/
Weird. Ipv6 and YouTube stats for nerds shows between 140mbit and 600mbit depending on what's being watched and the time of day.
Is it possible your isp has problems with their ipv6 setup?
IPv6 overheads should only have a marginal impact on max speeds.
ipv6 in companies... ipv6 is not hard, but for internal networking no company (really) "needs" more than rfc1918 address space. thus any decision in that direction is always "less" needed than any bonus for (da)magement personnel is crucial for the whole companies survival...
for companies services to be reachable from outside/ipv6 mostly "only" the loadbalancers/revproxies etc need to be ipv6 ready but ... this i.e. also produces logs that possibly break decades old regexes that no one understands any more (as the good engineers left due to too many boni payed to damagement personnel) while other access/deny rules that could break or worse let through where they should block (remember that 192.168. could the local part of ipv6 IF sone genious used a matching mech that treats the dot "." as a wildcard as overpayed damagement personnel made them rush too fast), could be hidden "somewhere". altogether technical debt is a huge blocker for everything, especially company growth, and if no customer "demands" ipv6, then it stays on the damagement personnels list as "fulfilling the whishes of engineers to keep them happy" instead of on the always deleted "cleaning up technical debt caused by damagement personnel" list.
setting up firewalls for ipv6 is quite easy and if you go the finegrained "whitelisted or drop/block" approach from the beginning it might take a bit for ipv6 specials to be known to you, but the much bigger thing is IMHO the then current state of firewall rules. and who knows every existing rule? what rules should be removed already and must not be ported to ipv6? usually firewalls and their rules are a big mess due to ... again too many boni payed to damagement personnel, hindering the company from the needed steps forward...
ipv6 adoption is slow for reasons that are driving huge cars that in turn speed up other problems ;-|