[bdlowery]

Why is switching to ipv6 something to look forward too? What are the benefits?

[blurrybird]

Faster global routing due to simpler routing tables.

[ur-whale]

> What are the benefits?

Being able to access the site from my IPV6 only devices?

[dmichulke]

Until this comment I didn't even know they exist. If you don't mind, what type of device are they and why are they v6 only?

[ur-whale]

> what type of device are they

Almost all of my computers, including my phone, are behind wireguard on a globally routed /64 IPV6 virtual network.

It's a bit of a pain for some sites who do not offer a V6 addie via DNS, but it's extremely flexible and offer tons of other advantages.

Specifically, NAT is basically a thing of the past and any of my devices can talk to all of my other devices by establishing a simple TCP connection or shooting a UDP packet at them.

I can also access all of my devices from wherever I am connected to the internet, as long as the device has a globally routed V6 addie.

[ThePowerOfFuet]

>as long as the device has a globally routed V6 addie

I was waiting for the catch, and I was not disappointed.

[raxxorraxor]

One badly behaving device and your whole network is a screaming blip on the radar that is easily tracked.

Any internet device of mine would immediately go into a quarantine subnet. It is a feature not a bug.

[ur-whale]

No catch: my phone is on VPN and therefore has full V6 connectivity.

[vineyardmike]

If you don’t mind, how did you set this up? I’d love to play around with this sort of thing but I’m a bit of a networking newbie.

[iJohnDoe]

This sounds like the 90s when not using a router.

Don’t you need a basic router/nat to protect your systems?

[ur-whale]

> Don’t you need a basic router/nat to protect your systems?

You are under the mistaken impression that your router / NAT protects you.

It doesn't. It may mitigate some of the most basic attacks, the ones what were cutting edge in the 90s.

[mekster]

It does by not exposing the ports that aren't meant to be and only routing the traffic intended down to the local network.

[toast0]

> Don’t you need a basic router/nat to protect your systems?

No, not really. It's no longer the 90s so tcp/ip stacks aren't easily crashed. And it's no longer the 90s, so no services are listening by default or it's say openssh which isn't easily crashed either (you may want to consider if you want to accept passwords via ssh though).

Additionally, decent OSes will rate limit responses to pings and SYNs and what not, so you won't be a good reflector out of the box.

[mekster]

You could have a VNC in LAN without password but forgot to limit the source IP.

And the way you say, you need a "decent OS" to avoid flood attacks without tinkering, whichever OS that is.

[speedgoose]

How many humans browse internet with IPv6 only devices?

[Gigachad]

Most mobile phones are v6 only and then go through increasingly unreliable CGNAT setups for v4

[speedgoose]

So they are not IPv6 only if I understand well. Why a CGNAT would be unreliable?

[joshenders]

Yet another over-subscribed device to rewrite packets between you and your destination. Spontaneous connection failures due to port exhaustion or overly aggressive connection timers/recycling. Lack of public to private connectability due to absence of port mapping, or any way to influence the configuration of your carrier’s device.

[rascul]

Unfortunately, AT&T doesn't give my phone a v6 address.

[ur-whale]

> How many humans browse internet with IPv6 only devices?

If you browse the net on your phone, it's likely you already do or sit behind some kludged up NAT situation which - among other things - severly curtails your freedom to interact with other devices on the internet.

And things aren't going to improve in that regard given the shortage of V4 addies.

[speedgoose]

True, but it's not IPv6 only devices.

[ur-whale]

You might have missed the "or" word in my sentence.

[miyuru]

some humans do.

https://news.ycombinator.com/item?id=31715661

[speedgoose]

Interesting, so one stubborn guy in USA who decided to sell broken internet access to its customers. I'm sure they are happy, if this story is true.

[fzfaa]

Easier to bypass bans.

[pilif]

not really. By banning the whole /64 prefix, you get the same effect that you got from banning a single IPv4 address.

[d110af5ccf]

You have to be careful about that, not everyone hands out /64. They can be as small as /128 and I've seen some providers give out as large as /48.

[blurrybird]

/48 is the recommendation for home users now.

My ISP (Aussie Broadband) follows that recommendation and provides me with a /48 that I can break into multiple /56s or /64s.

[d110af5ccf]

I'd prefer a much smaller range but being able to request as many as I want via DHCP (or equivalent mechanism). That way it wouldn't be contiguous so I wouldn't feel as much of a need to use a VPN for privacy. As it is, what's the point of handing me an entire /48 if I just end up forcing most of my traffic through a single IPv4 address with a VPN for most of my web browsing anyway?

Although to be fair even with non-contiguous address space I might still want a VPN since ISPs in the US are allowed to sell your browsing history.

Also if I'm hosting a public facing service at home I'm going to proxy it via wireguard through a VPS I rent for obvious security reasons. I don't actually want public facing services directly exposed from my home network and I have to question the sanity of anyone who says they do.

And I've always disabled webrtc for obvious privacy (ie network fingerprinting) reasons. What's so great about getting rid of NAT again?

[xena]

Unless the person uses t-mobile, which puts a lot of people on very small IP blocks, which is such a huge logistical nightmare for enforcing bans. https://news.ycombinator.com/item?id=32038215