• 1 Post
  • 114 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle

  • I use IPv6 exclusively for my homelab. The pros:

    • No more holepunching kludge with solutions like ZeroTier or Tailscale, just open a port and you are pretty much good to go.

    • The CGNAT gateway of my ISP tends to be overloaded during the holiday seasons, so using IPv6 eliminates an unstability factor for my lab.

    • You have a metric sh*t ton of addressing space. I have assigned my SSH server its own IPv6 address, my web server another, my Plex server yet another, … You get the idea. The nice thing here is that even if someone knows about the address to my SSH server, they can’t discover my other servers through port scanning, as was typical in IPv4 days.

    • Also, because of the sheer size of the addressing space, people simply can’t scan your network.


  • orangeboats@lemmy.worldtoProgrammer Humor@programming.devJavaScript
    link
    fedilink
    arrow-up
    26
    arrow-down
    2
    ·
    5 months ago

    This is why I try my damnedest not to write in weakly typed languages.

    string + object makes no logical sense, but the language will be like “'no biggie, you probably meant string + string so let’s convert the object to string”! And so all hell breaks loose when the language’s assumption is wrong.




  • I have a 64-bit computer, it can address up to 18.4 exabytes, but my computer only has 32GB, so I will never use the vast majority that address space. Am I “wasting” it?

    You are using the addressing bits in the form of virtual memory. Right now. Unless you run a unikernel system, then in that case you could be right, but I doubt it.

    Anyway, this is apples and oranges. IP addresses are hierarchical by design (so you have subnets of subnets of subnets of …), memory addresses are flat for the most part, minus some x86 shenanigans.

    Yes they are all “used” but you don’t need them. We are not using 2^128 ip addresses in the world.

    But we do need them! The last 64 bits of your IPv6 addresses are randomized for privacy purposes, it’s either that or your MAC address is used for them. We may not be using those addresses simultaneously but they certainly are used.

    Despite that, there still are plenty of empty spaces in IPv6, that’s true. But they will still be used in the future should the opportunity arise. Any “wastage” is artificial, not a built-in deficiency of the protocol. Whereas if we restricted the space to 40 bits, there will be 24 bits wasted forever no matter how.


  • You’re not “wasting” them if you just don’t need the extra bits

    We are talking about addresses, not counters. An inherently hierarchical one at that (i.e. it goes from top to bottom using up all bits). If you don’t use the bits you are actually wasting them.

    you can gradually make the other bits available in the form of more octets

    So why didn’t we make other bits available for IPv4 gradually? Yeah, same issue as that: Forwards compatibility. If you meant that this “IPv5” standard should specify compulsory 64-bit support from the very beginning, then why are you arbitrarily restricting the use of some bits in the first place?

    If you’re worried about wasting registers it makes even less sense to switch from a 32-bit addressing space to a 128-bit one in one go

    All the 128 bits are used in IPv6. ;)


  • Every time there’s a “just add an extra octet” argument, I feel some people are completely clueless about how hardware works.

    Most hardware comes with 32-bit or 64-bit registers. (Recall that IPv6 came out just a year before the Nintendo 64.) By adding only an extra octet, thus having 40 bits for addressing, you are wasting 24 bits of a 64-bit register. Or wasting 24 bits of a 32-bit register pair. Either way, this is inefficient.

    And there’s also the fact that the modern internet is actually reaching the upper limits of a hypothetical 64-bit IPv5: https://lemmy.world/comment/10727792. Do we want to spend yet another two decades just to transition to a newer protocol?




  • Our network architecture has the tendency to waste IP addresses. A subnet may have 10 devices but have 256 IPs (e.g. a /24 network like 192.168.0.0 to 192.168.0.255) - that’s 246 wasted addresses. This wastage is kinda unavoidable since we’d need to keep our routing tables from being too fragmented.

    With that in mind it is entirely possible for 64-bit addressing space to not be enough, unless we revert to methods like NAT which come with their own disadvantages.

    We have already used up about one /11 block of the IPv6 internet. That’s 128-11=117 bits. If we replace the standardized /64 subnets of IPv6 with old /24 subnets typical in IPv4 networks, you get 61 bits. That’s dangerously close to the upper limit of a hypothetical 64-bit IPv5 internet.





  • Oh come on, are you seriously suggesting that default-deny stateful firewall is not the norm??

    Holy. Fucking. Shit. Indeed.

    You keep on suggesting to me that you really have no idea how networking works. (Which is par on course for people thinking NAT == security, but I digress)

    Let me tell you: All. Modern. Routers. include a stateful firewall. If it supports NAT, it must support stateful firewalling. To Linux at least, NAT is just a special kind of firewall rule called masquerade. Disregarding routers, even your computer whether Linux (netfilter) or Windows (Windows Firewall) comes built-in with a stateful firewall.






  • I reckon I see most IPv6 complainers are from the US though…

    In my country, turning on IPv6 is not really something ceremonial, it’s just literally clicking on the IPv6 checkbox. The default configurations set in the router are good enough for an average home user, firewalls and all that security jazz are enabled by default.

    The DNS didn’t break just because I enabled IPv6, nor did my phone apps stop working. Life goes on, and I have gotten rid of that terrible CGNAT. Somehow this is not the case for many US users across multiple ISPs, I have heard IPv6 horror stories from Verizon, Comcast, and AT&T. Like how did you manage to do that?