I had IPv6 enabled for a few months but eventually turned it off since I wasn't confident I had configured my home network securely. When I tried asking for help, I was criticized and told that I should just read the RFCs...
Does anyone have suggestions for a beginner friendly home networking guide? How are others setting up their home network?
It's also a bit frustrating to me that routers provide so many options, yet it seems nigh impossible to find clear explanations of what different features mean, along with clear examples of use-cases of when I might want to enable or disable said features. I'll typically keep the defaults if I'm not as familiarized with a subject matter, but if experience has shown anything it's that most system's defaults are typically not designed with security as the top priority.
Can't say I saw any benefits during my brief IPv6 trial. First of all, typing out an IPv6 address is rather tedious. Second, I wasn't able to get a URL with an IPv6 address as the host to work with my browser. Maybe I had to include a scope, or perhaps I screwed something else up. I have no clue.
I am in the same boat as you. I took a few days to read the RFCs to figure it out (as I never found any sort of good guide for IPv6), and I am not confident I set up my hone network securely, mainly because of the "I don't know what I don't know."
I also had a few different subnets (to separate IoT and untrusted devices from my network), and I could never consistently get a stable subnet from my ISP outside of a /64 (mind you I am using Pfsense, not a consumer router). When did get a /56 subnet, I had a lot of connectivity issues I never had with only IPv4, and they went away instantly once I blocked all IPv6 off my network. I was also never able to confirm outside connectivity into my network via IPv6 either.
I may try it again, but I really don't want to go through a lot of pain and suffering to try and get IPv6 "working" to only have those connectivity issues again.
There's something to be said for aesthetics when it comes to anything human. IPv6 appears far more complex than the traditional 4 octets and its an immediate turn-off especially to those (most) who don't know that octal and hexadecimal are just different ways of representing the same thing. If they simply would have extended IPv4 to 8 octets (64 bits) I think that would have been a better middle ground solution from an intuitive standpoint. 128bit addressing is overkill and I doubt we will still be using the Internet Protocol if 2^128 (3.4X10^38) devices are ever online.
It's not "real" 128-bit addressing; for addressing routable networks you have only 64 bits. The rest is for devices inside that network. Additionally, it is quite possible that any single device will have more than one IP (with SLAAC, it can ask for how many it needs. With DHCPv6, it can be limited, and that's exactly why Android doesn't support it. Your cellphone company would be able to prevent you from tethering). There's no NAT, so you can't hide a network behind a single IP.
There are 128 bits for more flexible subnetting, not for 2^128 devices. There is even recommendation to not assign less than /48 for single site. (and absolutely not less than /64, because SLAAC won't work)
What irked me about IPv6 was extension headers. At first they sound like a great idea. It is very flexible to chain headers. However, hardware engineers hate them, because the number of IPv6 extension headers is potentially unbounded, leading to all kinds of "interesting" corner cases in networking hardware. So they end up not being supported in hardware, which means the either don't work at all, or they kick into a slow firmware exception path. I would not be surprised if there is eventually a DOS attack against IPv6 enabled gear using extension headers.
This is a sad truth. It happened to me as well (in Italy). With ipv6 enabled on Telecom Italia, the country's largest ISP, I keep experiencing random and strange errors and failures. I don't know if I should blame my modem-router (but I tried two distinct devices from different brands), my OS (but it happens both on Linux and MacOS), some configuration, or my ISP, and I don't have the time or the will to investigate.
On the contrary, ipv6 is enabled on my public server and works fine.
> At this point it seems to me it’s more of a nice to have than a requirement.
Except for the fact that, you know, we've _literally_ ran out of addresses bar a very, very limited supply? And that _billions_ of people won't be able to access the internet as a result?
I can only imagine we'll be this complacent with things like oil, or plastic pollution or anything. Only acting when it's _far_ too late. Every ISP around the world should have pledged IPv6 20 years ago, but some are _still_ not starting today!
You may think you're fine because you are able to access ycombinator.com and leave your message, but imagine how many people simply cannot access the v4 network due to address shortages.
That is absolutely, entirely useless and a completely stupid way of prolonging the demise of IPv4; CGN doesn't help in regards to you wanting an IPv4 for your next billion-dollar project which may require several v4's for all the different layers (because most web apps are not that simple these days).
So sure, sharing an IP amongst many people may help a little, but we've already ran out _today_. There are people living right now that will _never_ be able to access the internet or make a website because of this.
One example: Digital Ocean have a cap on the number of servers they can run at one time due to the fact each droplet gets a unique v4.
V4 is dead, time for money to be spent in the right places :)
I agree in general but web apps are IMO the weakest argument because while they may have a number of components only the load-balancer should be public — those hundreds of microservices shouldn’t be exposed to the public or other customers at the same data center anyway.
I’d generally focus on the cost of losing P2P and the continuing rise in the number of devices the average person uses.
> There are people living right now that will _never_ be able to access the internet or make a website because of this.
Well, if that's the only problem then I think we can tone down the sense of urgency because 1) there are much, much bigger problems to deal with in life and 2) the web has become a shithole with its growth in popularity.
That's my opinion of course. I'm guessing that you think Internet access and Internet publishing are basic rights of human existence, but I would disagree with that.
How do you think problems are resolved if not using the internet as a medium to share thoughts with the world? And even if you think it's a 'shithole' you cannot deny how important it is in everyday life. Entire government services are going and have gone online only, and if you were barred from using the internet you'd find it very difficult to exist within modern society.
I don't know you, but I bet given enough information I can find ways the internet are vital to your way of life.
For me, the turn off was that any ipv6 connection on Linux was ALWAYS slow as hell to resolve, often leading to timeouts. Tore my hair out for ages, only to discover after much frustration and searching online that the solution was as simple as disabling the kernel's ipv6 module.
Maybe it would be good to develop IPv5: just add another octet or two to IPv4 addresses, without the all the added complexity and overengineering that made the IPv6 rollout & adoption the failure that it is?
Does anyone have suggestions for a beginner friendly home networking guide? How are others setting up their home network?
It's also a bit frustrating to me that routers provide so many options, yet it seems nigh impossible to find clear explanations of what different features mean, along with clear examples of use-cases of when I might want to enable or disable said features. I'll typically keep the defaults if I'm not as familiarized with a subject matter, but if experience has shown anything it's that most system's defaults are typically not designed with security as the top priority.
Can't say I saw any benefits during my brief IPv6 trial. First of all, typing out an IPv6 address is rather tedious. Second, I wasn't able to get a URL with an IPv6 address as the host to work with my browser. Maybe I had to include a scope, or perhaps I screwed something else up. I have no clue.