[strenholme]

My issue with IPv6 is that its designers assume that everyone with an IPv6 network will get static IPv6 addresses.

However, it didn’t turn out that way in the real world. Every time my router resets, all of the IPv6 addresses in my home network change. So, I don’t use IPv6 to connect among computers in my home network; since I also get one IPv4 address from my ISP, I simply use IPv4 NAT so that the addresses in my home network are easily remembered and do not change.

The reason I don’t use IPv6 and 6:6 NAT is because the IPv6 designers feel this makes networking too complicated, never mind that NAT is a solved problem, so 6:6 NAT support just really isn’t there.

Another annoyance I have with IPv6 is that it needs to have more than one localhost IP address, considering that IPv4 has a 24-bit space for localhost. A large number of localhost addresses is useful for network regression tests (e.g. if we have one authoritative DNS server on 127.10.0.1 and one which isn’t responding on 127.10.0.2, does our recursive DNS server on 127.12.0.1 correctly handle an upstream DNS server being down? Nice to be able to run the test using only localhost IPs; also nice to be able to change the IPs each test so we don’t have to wait for the kernel to release TCP sockets for a given IP + port).

For the record, I have gone to a lot of effort to give my open source networking software IPv6 support.

[throw0101a]

> However, it didn’t turn out that way in the real world. Every time my router resets, all of the IPv6 addresses in my home network change.

Fair enough. Though you can use private addresses for private networks:

* https://en.wikipedia.org/wiki/Unique_local_address

> The reason I don’t use IPv6 and 6:6 NAT is because the IPv6 designers feel this makes networking too complicated, never mind that NAT is a solved problem

The problems with NAT continue to grow. A whole swath of IPv4 addresses (100.64.0.0/10) were reserved to allow telcos to do CG-NAT. Because folks often used the usual private RFC 1918 at home, ISPs couldn't necessarily assign those address to client equipment because there was the potential for the same range (e.g., 10/8) to be on the "inside" of the user's router/CPE as on the "outside".

* https://datatracker.ietf.org/doc/html/rfc6598

* https://en.wikipedia.org/wiki/IPv4_shared_address_space

Of course now we have double-NATing: once at at the CPE and again at the carrier. Is anyone living with triple-NATing in production?

[pkulak]

> Though you can use private addresses for private networks:

Yeah, but then they are not addressable outside your network, right?

[msbarnett]

Sure, but the same is true of the NATed IPv4 solution strenholme said they resorted to.

The person you’re responding to’s point was that strenholme did not need IPv4 and NAT just to get stable addresses for internal usage.

[sidewndr46]

I'm in a similar space. I can't see why I would ever need to understand IPv6. There are all sorts of theoretical benefits, but those will never be available to me as a residential user. For example, my ISP gives me a single IPv6 address. There is no possible reason for me to bother using it, as there will be no advantage to me.

The way I look at it, IPv6 does the following for me

1. Doubles the number of firewall rules

2. Doubles the attack surface

3. Double the header size in each packet, with no change in MTU this means less space for data.

4. Doubles the number of routes I need to worry about

5. Doubles the points of failure

All for a benefit of ??? to a residential user.

[unethical_ban]

They should be giving you at least a /64 if not a /60. That way, you can have multiple subnets that are publicly addressable. The ISP should be informed they're out of best practice/RFC.

And while I get your "double" theme, most of them are non-points. Header size? Use adblock. Routes? Oh no, a residential router will now have four instead of two!

Yes, it's another addressing scheme and I agree, the benefits for many peoples' usage is low. But it isn't so bad.

[otabdeveloper4]

> I want to have multiple publicly addressable subnets in my home LAN

...is something nobody in the history of home LANs has ever said.

[Dagger2]

Because they don't know the words. It's not uncommon for people to want to do things that would be best done with a separate subnet though.

For example, VPNing in from your phone or making a separate isolated network for untrusted IoT devices.

[unethical_ban]

being publicly addressable != being publicly accessible

I work in network security. I know what words I'm using.

[otabdeveloper4]

You want your network of untrusted IoT devices to be publicly accessible??

(Probably not.)

[Dagger2]

Indeed not. That's not what I said.

I don't even want them talking out to the internet by default, which is why I have a separate subnet with a different set of firewall rules that only allows whitelisted outbound connections.

[unethical_ban]

NAT is a "constrained resource" solution that cosplays as a security solution. Firewalls and ACLs are meant for governing traffic, not NAT.

[lokedhs]

My home LAN setup has exactly that, and I even switched ISPs to get it.

My old ISP only have me a /64 which is completely useless if you want to create subnets. The new one gave me a static /48.

[est31]

> So, I don’t use IPv6 to connect among computers in my home network; since I also get one IPv4 address from my ISP, I simply use IPv4 NAT so that the addresses in my home network are easily remembered and do not change.

Why do you need NAT at all? You can just use IPv4 to communicate among hosts in the network, and use IPv6 for them to communicate with the world. Nothing about IPv6 forbids the existence of IPv4.

[zinekeller]

> Nothing about IPv6 forbids the existence of IPv4.

Which is now the reality, but at the time IPv6 was created IPv4 was planned to be killed permanently.

Which while impossible in hindsight, the way IPv6 were designed (without even a semblance of a "private" network, even just two IPv6 addresses*) actually raises the question if IPv6 were really that well-designed.

* Okay, link-local addresses do exist, but they're not amenable or even map to how IPv4-style private networks work.

[stephen_g]

Not link local addresses - there’s a whole space for ‘Unique Local Addresses’ [1]. It’s basically analogous to the private IPv4 space (apart from the fact that you need a separate globally routable address to access the internet from, but that’s not hard).

1. https://en.wikipedia.org/wiki/Unique_local_address

[Dagger2]

The general plan was, and is still, to stop using v4 once it stops being useful, in much the same way that people stopped using IPX when it stopped being useful. (By which I mean: people still use IPX today, but in general you don't need to think about it.)

You can do private networks on v6; there's a massive range allocated for them (fc00::/7).

In general, v6 is designed just fine. Most of the complaints you see are from people that either don't know what v6 can do ("why didn't they just implement <thing that v6 already does>?") or don't realize that what they want is impossible ("why not just ignore the pigeonhole principle?").

[the_mitsuhiko]

In the real world ipv6 for home networks often is so frustrating that you need to go back to ipv4. My isp forces you through a CGNAT for ipv4 but only when you have ipv6. On v4 only you get your oen ip and that’s it. On ipv6 the CGNAT is also overloaded and unstable, the network gives you a new prefix once every few days and you get worse routes. Additionally the consumer level hardware is a lot buggier on v6. It will probably change but right now it’s painful.

[Dagger2]

That sounds like problems with either CGNAT or your ISP, not with v6. In fact v6 is how you avoid those problems.

[the_mitsuhiko]

That's why I said in the real world and not in theory. There are only a handful of ISPs I can pick from and they all have very broken IPv6 support due to bad CGNATs. Yes in theory it should work, but in practice on consumer grade internet you're better off using IPv4 only here.

[Dagger2]

If the CGNAT is bad, that's a problem with the CGNAT. If your ISP won't turn off CGNAT without turning off v6 at the same time, that's your ISP's fault.

v6 works completely fine in both cases. Your problems aren't with v6.

[tsimionescu]

They're not claiming IPv6 is bad. They're claiming that they can get good service based on IPv4, or bad service based on IPv6. Of course it's the ISP's fault that the IPv6 service is bad, but, since ISPs usually hold local monopolies, overall it means that they are forced to use the IPv4 network - unless they're willing to move to a different area where there are ISPs offering good IPv6 service as well.

[the_mitsuhiko]

I think the reason this is happening is that the IPv6 infrastructure on most ISPs here was built for mobile phones. The few customers who are asking for IPv6 are just added to what was built for the phones which has completely different goals and requirements. Very few people run servers on their phones, do P2P connections or similar.

[Dagger2]

They said that v6 for home networks was frustrating, but it's not. The frustration is coming from the terrible v4 CGNAT, and that has nothing to do with v6 and everything to do with v4 being insufficient.

It's amazing how hard people will misattribute blame to v6 for the very problems it fixes.

[tsimionescu]

In theory, practice and theory should be identical. In practice...

[ClumsyPilot]

I have IPv6/v4 dual stack home network, it 'just works', the amount fo confoguration I had to do is roughly zero, but i can reach IPv6 hosts along with v4

[the_mitsuhiko]

Unfortunately not a single ISP in my country offers dual stack. You either have IPv4 only or DS-lite with various CGNATs.

[goalieca]

You’ll get a few ipv6 address two of which may be local (link-local and routable unique local). The global one will be randomized too within your block for privacy.

Now with that in mind, the implementations do all kinds of funny things that don’t seem to meet spec when it comes to router advertisement (the dhcp replacement) and routing. Use the wrong kind of address for the gateway and nothing works for instance.

[globular-toast]

Use link local IPv6 addresses internally (or unique local if you need to). That's what they are for. You can also make them very short, like fe80::1, fe80::2, etc. Your router won't forward anything in fe80::/10 to the Internet (or any other network).

[strenholme]

That could work really great for connecting among hosts in my network (but IPv4 and an appropriate 172.x.x.x subnet works just fine, with the bonus one IP has Internet access while remaining unchanging), and is something I may try if I ever get back to re-configuring my home network (so take an upvote from me), but it still doesn’t solve the pesky “one IP for localhost issue”.

Sure, I could give localhost a lot more addresses in IPv6 with the appropriate `ipconfig` or `ip` command, but that doesn’t work with the testing Docker container whose Dockerfile I share with my users (since their Docker container will have only one IPv6 address; also, you can’t run `ipconfig`/`ip` type stuff in a Docker container).

[fooblat]

> Every time my router resets, all of the IPv6 addresses in my home network change.

Isn't this solved by using dynamic dns updates?

I've been running a native ipv6 home network for a few years and have not run into any issues. I access my servers by their hostnames.

[cube00]

I'm confused by this too. I use the default mDNS/DNS-SD and access my hosts with the .local TLD. It's not as robust as real DNS (looking at you Android) but works fine on the Windows and Linux hosts.

[vetinari]

How did you make it work with Windows hosts? Apple Bonjour? Windows out of the box works fine with LLMNR, but mDNS/DNS-SD is a problem and is available only for "modern" apps, it is not integrated with system resolver.

[cube00]

My use case is accessing Samba shares on a Linux server from a Windows desktop, and it works with Windows Explorer and even older apps like the original Windows Media Player with no configuration or installation of any additional software.

https://www.ctrl.blog/entry/windows-mdns-dnssd.html

[vetinari]

SMB has its own discovery protocol, that powered the "Network Neighbourhood" since Windows 95 - and it is part of the deprecated SMB1, so modern Samba has a special mode, where the discovery part is enabled, but the rest is disabled. Additionally, Windows can discover SMB shares via WS-Discovery. Samba itself does not support WSD, but there are third-party utilities like wsdd, that will do it instead. Some linux-based NAS-es, like those from Synology, also ship with WSD support enabled out of the box.

My experience with Windows 10 and mDNS/DNS-SD mirrors that from the linked article. As a result, I have now a real DNS domain, with devices with their own A records :/

[cube00]

It's not that. I confirmed with Wireshark mDNS queries are being sent from the Windows side and answered from Linux using the Avahi service. Furthermore, web hosting I have on that Linux server also works in Firefox just by visiting the server's host name.

[strenholme]

DNS issues have, more often than not, caused networking slow downs for me. Running a recursive DNS server on a home network is quite a bit slower than using a public DNS server on a high speed network; the slowdown with a local cache is less, but still there. Just directly using 8.8.8.8/8.8.4.4 or 9.9.9.9 or 1.1.1.1 or 4.2.2.1 is best (faster, more reliable) in my experience: Fewer moving parts. There are significant privacy and security issues with using DDNS addresses which can be resolved by public DNS servers.

For the record, I have written a DNS server from scratch. Three times, actually (try 1, which is still the authoritative DNS server I use for my domains, try 2 which is a tiny caching DNS server, and try 3 -- which, yes, reuses code from try 2 -- is a very flexible DNS server which uses Lua for configuration).

[BenjiWiebe]

Your external DNS server is quicker than a local cache? My local cache adds less than 1 millisecond latency to an uncached lookup, and answers queries for all LAN computers in less than 1 millisecond as well.

Dnsmasq running on ~14 year old hardware.

[strenholme]

My DNS server is pretty fast under ideal circumstances (under 0.07ms per reply using 2000 era hardware as per https://maradns.samiam.org/speed.comparison.html ). I’m sure you’re not getting 1ms in less-than-ideal circumstances (router overloaded and dropping packets, which sometimes happens on my home network), where that extra DNS server starts to really slow things down.

[BenjiWiebe]

Ya my network never drops packets, at least for congestion reasons. Seems like congestion will affect external servers at least as much as internal ones, though.

(Access to my DNS server is not routed on my LAN, it's a flat network.)

[necheffa]

You aren't really supposed to be using globally routeable addresses like that. There are reserved prefixes specifically for local networks that you can allocate statically or through DHCPv6 for exactly your use case.

[tsimionescu]

Isn't the whole promise of IPv6 that each device should have a billion* globally routable addresses to choose from?

* significant understatement