The problem with IPv6 is that it's a fundamentally flawed design. Which looks easier to input / dictate over the phone / write down somewhere? 220.12.30.01 or 2001:cdba:0000:0000:0000:0000:3257:9652?
Use DNS, that’s what it’s there for. MAC addresses aren’t referred to as fundamentally flawed and they are approximately the same length as the shorted version of the address you posted.
Forget DNS. Use an overlay with content routing. Hierarchies suck.
It's extremely hyperbolic to call an ugly syntax a bad "design". But IMO it would have been much nicer if they just reused '.' as in IPv4. ':' seemingly came out of their pie in the sky desire to replace MACs.
Speaking of MACs, every time every time I see some cheap trash gizmo come with its own MAC I'm surprised there isn't address space pressure. I guess that's due to having 16 more bits as well as being non-aggregable.
Yeah, that extra 16 bits is a game changer. The whole v6 debacle wouldn’t have happened if v4 was 48 bits.
It’s funny, there is an interview with Vint Cerf where he mentions the choice of 32 bit address space for ipv4 was essentially pulled out of a hat and it could just as easily have been 48/64/24.
> On the other hand, most devs / technical staff type IPs into the browser and terminal daily.
No they don’t. Configure a DNS server and type these in once. Any time I see IP addresses passed around it’s a sign of broken infrastructure. (It also means you aren’t using tls or you’re training people to accept cert errors)
I think you’re confused a bit, so let’s split apart the use cases to be clear why IPs are bad in both cases.
You said devs and technical staff were typing IPs into their browsers. Presumably this means the address bar, which breaks TLS.
SSH derives a big chunk of security from key caching. If you’re using IPs you now can’t have an IP change without triggering key warnings on the SSH clients for a new key at a minimum or (worst case) a breach.
Every server/VM I control (~200) has a DNS entry. Every active IP has a reverse (PTR) entry.
I have a monitoring task to check for missing DNS entries, as it usually suggests a problem (i.e. we've deployed or undeployed something incompletely).
I let about 10 family and friends connect directly to my home server. My firewall blocks everything except for these 10 IP addresses.
I did get tired of having them figure out their IP address so now I just tell them to access a dummy page page on my external VPS and I check the web server log to see their IP to add to my firewall config.
So in other words IPv4's shorter addresses didn't help at all?
And also it seems like a lot to sacrifice in order to make something marginally more helpful about once or twice a year.
Also why would you say it over the phone? Would you not ask them to email or IM it? I can't count the number of times passwords and names have been misunderstood over the phone. Numbers? Basically always at least one number is misheard.
To be fair, your example would (according to the official spec) be shortened to 2001:cdba::3257:9652, which would not be hard to communicate over the phone.