this post was submitted on 20 Jun 2024
29 points (91.4% liked)

networking

2811 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS
 

I mean on a technical level. Are the devices that make up the infrastructure of the internet hardwired with IPv4? Is the firmware on these devices impossible to upgrade remotely?

If it's just a matter of software or firmware then adoption should only take like a year but clearly that isn't the case. So what specifically is stopping us?

you are viewing a single comment's thread
view the rest of the comments
[–] blackstrat@lemmy.fwgx.uk 6 points 4 months ago (1 children)

Here's my story of trying to use IPV6 for the past 3 days, and I know I'm not a typical user.

I use Opnsense as a router firewall. Using IPv4, 5/6 VLANs, almost all devices statically addressed with alias's configured for each. This lets me have firewall rules like "block youtube on the kids devices", or "use a different DNS server for the wife", only allow the fire stick to access the internet after 7am. That sort of thing.

First problem is working out how to even get IPv6 on the WAN and what it even means that my ISP has given me a /48 and a /64. Loads of reading and some cobbling together later I have it. But no clients are getting addresses. Eventually fix that and now they have an address. But I don't want to use SLAAC as that's a nightmware to keep track of, DHCPv6 doesn't work for android devices so they'll be on IPv4 anyway. I don't want each client to have a globally unique address as that just allows insane tracking. I don't know if my IPv6 address will ever change, but it seems likley it will and that would be a nightmare to fix. I manage to get private fd00/8 addresses allocated to clients, but I don't know how to configure IPv6 NAT so devices have an IPv6 IP, but can't access through the WAN using it. And by that point I just don't see the point any more. I'd just be duplicating all my rules that would be far too time consuming, confusing and I don't see the point.

I want local private IP addresses. I don't want clients to have unique IPs. I want the addresses to be known and static. I want my firewall rules to be tied to specific addresses for 90%+ of devices.

[–] undefined@links.hackliberty.org 1 points 4 months ago (1 children)

You can still use NAT for IPv6 if it’s something you really want, and it works similarly to IPv4.

[–] blackstrat@lemmy.fwgx.uk 0 points 4 months ago (1 children)

But at that point there's no difference other than it's less familiar and more fiddly with v6. Why even bother.

[–] undefined@links.hackliberty.org 2 points 4 months ago* (last edited 4 months ago) (1 children)

To be blunt, I don’t know what 99% of the other commenters are talking about. I’ve never had so many problems with IPv6 in my life, and I’ve been using it for over 10 years now.

At the same time, I’ve only seen less latency and higher bandwidth on IPv6 aware services (though the underlying reasoning is unclear to me).

As someone who builds websites for people all over the globe with any mix of IPv4 and IPv6 it really irks me that people are finding seemingly any excuse to not just move over to IPv6.

What about it is fiddly?

[–] blackstrat@lemmy.fwgx.uk 1 points 4 months ago

What about it is fiddly?

The insane addresses. The reliance on DNS, the unpredictability of addresses, that each device can have so many addresses and you need to know what each does and is used for and how that impacts inter-network routing and firewall rules. Privacy IPs, what the hell? Its a solution to something that's fixed by tried and understood IPv4 NAT.

If you just want a flat simple network where everything on your lan is equal, everything has a globally unique and trackable IP I'm sure it's fine. But if you have something more sophisticated it becomes much more complicated. And I genuinely can't see how IPv6 advocates can't see the problems it introduces.

What we need is a larger address space and fast adoption, that's it. If after 30 years of awful adoption rates and only when people have a gun to their head they begrudgingly might adopt it, then you have a bad protocol.