Hacker News new | ask | show | jobs
by fudgefactorfive 1217 days ago
To me that was the real strength in IPv6. (I know I know innefficient protocol with complex upgrade path lead to near negligible adoption)

NAT "fixed" the problem of address exhaustion, but it killed the old internet. You cannot run your own network anymore. In the "old" times, I gave you a phone number or IP address and that's it, direct connection. All anyone could do was show up and take the computer to stop that. Sure there's a phone company or ISP involved, but they just powered the pump, you completely controlled what went through it.

Now I can't do that. They ran out of addresses and I share an address with X unknown others. So I can't give you a home address, just to a bank of doors. I could give you an apartment number, but that's also shifting transparently, so num X to you is num Y to someone else.

IPv6 would have solved the problem of exhaustion while preserving the right to an address. I could be some number permanently and you could reliably find a connection to my system using it. In that world I could set up a private DNS service in my house no one can alter without physically plugging in. Then have that store records to other addresses. Every part of that chain requires someone finding you and showing up at your door to disrupt.

Instead now I have to pay digital ocean 5 bucks to keep an address for me so anything can find me via them. A bunch of servers in my home effectively an island without a coordinate until DO points me out on request. Like having all mail addresses be to the local town hall for them to forward to me. Sure maybe you trust your local town hall, but they are fundamentally beholden to someone else.

With IPv6 support and adoption a whole network could be set up independent of any other authority besides BGP. Which requires nation-state levels of mobilization just to block an address, with fallout affecting literally thousands of others. They'd have to nuke a block to suppress any site, only for that site to find another address and be back to normal within minutes. Instead they do a WHOIS, send a scary email and boom, you're unknown, unfindable and disconnected. Hoping that word of mouth brings people to your new "address" exactly like losing your phone (and SIM) while abroad.

I know it sucks as a protocol but v6 to me is a massive extremely important development that would change how the internet, and from that all communication, works.
6 comments
conradev 1216 days ago
> With IPv6 support and adoption a whole network could be set up independent of any other authority besides BGP.

Private individuals have access to IPv4 blocks and maintain their own soverign networks. That fact doesn't change the reality that most people most of the time pay a network operator (ISP, Telecom) to operate their network. Network operators aren't going anywhere, and these network operators still maintain full control over how packets transit their network. In the case of WWAN networks, they will also know roughly where you are.

All IPv6 does is expand the address space and put the price of an address within reach of anyone... but it doesn't change the knowledge or hardware required to run your own network.

link
mindslight 1217 days ago
IP addresses are just a different type of name, and also assigned by hierarchical entities. NAT isn't the issue, rather it's the incumbent power structures gradually tightening the identity/control screws. If you have a public IP on your physical connection and use that for banned publishing, they go after the account holder listed for the physical connection, which eventually gets back to you - the same as if you obtain that public IP from Digital Ocean or a tunnel broker.

The only way around that is using naming systems that don't rely on centralized authorities, or at least can't be coerced by governments.

link
fudgefactorfive 1217 days ago
I miss the days of sending someone a letter with some cash for them to associate address A with line B. All I'd have to do to stay essentially anonymous is finding a someone with bad record keeping.

Suddenly someone shows up with address A and threats and then drowns trying to interpret that persons mappings. While that's happening I can find 5 other someones and suddenly I have 6 addresses all of which essentially ephemerally link to my system. Someone else does that for their mapping system and you get to Dijkstra levels of working out how to block connections.

After like 3 levels of middlemen even centralized authorities just struggle to do the actual work of blocking, outside of just issuing the order.

link
fragmede 1216 days ago
On the one hand, hosting companies don't like getting raided by the feds and taken offline because one of their customers is doing something objectionable.

So I doubt those 5 new addresses will remain live for all that much longer. When you're on the lam, digitally or physically, or both, you find out who your real friends are, real quick.

On the other hand, I can type "tpb" into Google and get to a bittorrent of Disney's latest hits in less than 5 clicks, so maybe the copyright regime doesn't have an omnipotent hand on the Internet.

link
musicale 1216 days ago
I'm not sure how to deliver packets on the internet without destination IP addresses of some sort.
link
mindslight 1216 days ago
The technique is to make it so that the destination/host the IP packets are going to isn't important. Say accessing a TOR hidden service - the IP address the packets are going to is that of any TOR node. To be useful, such an overlay network requires a different naming protocol (in this case, the TOR hidden service one), that allows services to have persistent identities without needing to publish DNS names or IP addresses.

Your traffic is still going to specific IP address(es), but this isn't useful for someone trying to censor, unless they can persecute those running TOR nodes and/or prevent access to all TOR nodes.

link
musicale 1215 days ago
You seem to be describing an overlay network rather than a method of avoiding destination addresses in IP packets sent over the internet.
link
dark-star 1216 days ago
> With IPv6 support and adoption a whole network could be set up independent of any other authority besides BGP. Which requires nation-state levels of mobilization just to block an address, with fallout affecting literally thousands of others.

This is not how it works. Taking down a single IPv6 IP address (or whole AS) is a very simple thing and is done daily to combat spam and DDoS attacks, without requiring "nation-state levels of mobilization" (whatever that means). Also there is essentially no "fallout" at all in IPv6, and there isn't any fallout in IPv4, too, since BGP routes can be as specific as a single host

link
scarmig 1217 days ago
Can't they just send a scary email to the AS administrator who then removes the offending address block from its routing tables? Or are you imagining folks migrating to ones that don't respond to such requests?
link
icedchai 1216 days ago
Even if you have your own IP block, ASN, are set up with multiple BGP peers/upstreams, they can always go to those upstreams and have you filtered/blocked. IPv6 is cheap and plentiful, that’s all.
link
sitzkrieg 1217 days ago
your isp is sharing an IP with other customers? i have never, ever seen that in 3 countries worth of residential isps and doubt its possible and want to make sure its true (and concerning)
link
atahanacar 1217 days ago
If you have ever used mobile data, you've shared your IP address with other customers. Many residential ISPs around the world also use CGNAT. I had to call the customer support of mine to have a dedicated IP address. Other providers may force customers to pay for a static IP address if they want to avoid CGNAT.
link
zzo38computer 1216 days ago
The ISP I am using does have NAT, but I was able to disable the NAT using the modem setting. (When they replaced the modem, I told them what setting I changed and they were able to put that setting into the new modem too) It is a dynamic address, but I can accept incoming connections and the IP address rarely changes (although it has happened before).
link
crtasm 1216 days ago
That's NAT on your modem+router, not from your ISP.

Carrier Grade, CGNAT results in you not getting a public IP at all.

link
fudgefactorfive 1217 days ago
Having your own address in most places is a part of a "dedicated business line". My ISP in Switzerland literally refuses to issue so called "static" addresses at all, business or not.
link
simcop2387 1217 days ago
you'll see it called CGNAT (aka Carrier Grade NAT) and it can be a really big annoyance for a lot of things, usually I see it on mobile/cell connections but I've heard of some DSL providers here in the states using it too.
link
heywire 1217 days ago
Metronet in the US does CGNAT. I’ve had them for about a year and a half. Hasn’t caused me any real issues other than the occasional captcha.
link
WeylandYutani 1217 days ago
4chan is a funny one. Apparently I had the IP of someone who posted "child models".

I'm pretty sure that wasn't me unless I have an alter ego called mister Hyde.

link
trallnag 1216 days ago
How does Mr. Hyde always gets away with it?
link
lxgr 1216 days ago
It’s quickly becoming the norm rather than the exception due to IPv4 exhaustion.
link