|
I've had some gripes with Comcast/Xfinity in the past (as many have) but I feel like they are in the lead as far as residential IPv6 deployment (on by default), and I was originally using their own gateway, which as you mention just works with IPv6. When I switched to my own modem and router (Arris and Ubiquiti/Unifi), I really wanted to dig in and understand IPv6 thoroughly. The modem acts as a bridge and the router gets a single /128 address, and then uses IPv6 Prefix Delegation (PD) over that link to request additional address space for clients (from a different subnet). The Xfinity gateway only has one local network to support so it requests a single /64 PD, and then clients can use SLAAC (and optionally the privacy extensions) to acquire one or more addresses out of the /64. When I switched to the Unifi equipment, through some trial and error I found out I could request up to a /60 from Xfinity. Some ISPs will do more, some will do less. No way to really tell, just request larger prefixes and see what you end up getting. Anyway, my /60 gave me 16x /64s to play with. It is wild that my address space is 68,719,476,736 times larger than the entire IPv4 address space. I have a few VLANs, each of which gets assigned a /64 out of the /60, but even if I'm not using all 16 of them, Xfinity's routing table will send the entire /60 to me. So beyond my VLANs and directly-connected devices, I have the rest of the /60 to use for VMs, Kubernetes pods, etc. and I can add routes to direct that traffic to its next hop. It was a learning curve and a little unsettling that every VM or pod has a publicly routable address. But NAT != Firewall, so unsolicited inbound connections are still blocked, and not having to deal with NAT is very cool! Even though many networking people have it ingrained that private devices should have private addresses. |