Comment by zamadatix

Comment by zamadatix 2 months ago

7 replies

View on Hacker News

The nice thing about IP v6 is there is effectively "no structure" to hold in your head. You never need to think about or find out what the netmask is, it's always /64. You never need to calculate the next subnet boundary, increment the digit before ::. You never need to do all sorts of the things associated with IPv4 structure, private addresses and conflicts, NATs and double NATs, DHCP server just to have clients automatically work...

The biggest downside for IPv6 in small networks is, ironically, something which was added later and not part of the initial (nor actually required, but devices opt to do it anyways) and that's "randomized auto rotating addresses" for security. Without them addresses look something like 1234:abcd::${mac} or 1234:abcd::12 but with them they look like 1234:abcd::4729:ab65:f902:7ee0 and a device might have 4 active if it's been running the whole day. I think this one extension is something like 80+% of people's reaction to IPv6 and it didn't even call for it originally.

immibis 2 months ago

These are all defaults, by the way. Subnets don't have to be /64 - that ended up being the default by historical accident; though it's nice that it forces every ISP to give you at least a /64 which you can subnet further if you want to, though without SLAAC.

Privacy addresses should be used for outgoing connections. Don't treat one as a static address. If you need to write down an address, give that machine an easily remembered static one.

Reply View 1 reply
  • paperplatter 2 months ago

    I feel like residential ipv6 would be at least a little further along if routers simply always enabled NAT by default for it, like what cell providers do. Solves all these questions and problems for inexperienced users. Instead, you gotta ask, is the firewall enabled and default-deny, are ULAs enabled...

    Reply View 0 replies
paperplatter 2 months ago

The second thing is the problem with not having NAT. On a home or corp network, I like NAT. I'm not trying to host 20 servers there. Sure ipv6 can use it too, but it's never default and often not supported on the router.

So yeah, 192.168.1.55 is my Mac's local ip, it's easy to remember.

Reply View 4 replies
  • zamadatix 2 months ago

    Inside the home you can usually get away just using the internal link local addresses. E.g. my main PC is fe80::10, my wife's pc is fe80::11, my router is fe80::. You can even use that when you get "fancy" e.g. my NAS is fe80::12 internally or ${public_prefix}::12 "externally" (that one actually works on either side).

    This address will also run afoul with the "privacy first" randomizations on most devices by default. This addition is truly the scourge of letting IPv6 seem dead simple to use.

    Reply View 3 replies
    • nottorp 2 months ago

      And we're getting back to that old problem. Why isn't the link-local IPv6 address automatically fe80::10 if the IPv4 is 192.168.1.10? :)

      Reply View 1 reply
      • orangeboats 2 months ago

        Don't forget that IPv4's link local addresses (169.254.0.0/16) are also randomized for the same reason: making link-local addresses use sequential numbers by default requires a centralized node to coordinate them, which is counteractive because link-local address are designed to not require one.

        IPv6's answer to IPv4 private addresses (e.g. 192.168.0.0/16) is ULA (fd00::/16). Newer routers are beginning to assign local hosts with ULA addresses, thus if you want to have a stable address to a local device, you can simply connect to it by ULA.

        Reply View 0 replies