| In spite of its wider adoption issues, it's valuable for my personal infrastructure: each of my services/machine has an IPv6 globally routable address. Why bother, when I could just do TLS SNI reverse proxying via nginx? * Some services don't use TLS, or even TCP. * A reverse proxy is yet another intermediary in the chain. * Plain IPv6 routing is simpler than reverse proxying, and I already need a network layer anyway. There are downsides: * some software doesn't support IPv6. I haven't experienced this on the Linux servers I run. * in a dual stack network, now you have two networks! I use NAT64/PREF64 like https://labs.ripe.net/author/ondrej_caletka_1/deploying-ipv6... to have most clients only be on IPv6. They get IPv4 connectivity over IPv6 via NAT64. * If I'm in another country then I often don't have IPv6 connectivity. In this case I use any VPN that offers IPv6 (and have one available via my home, via Wireguard). * Learning IPv6 takes time, but not much. It's one-off. It's not more complex than IPv4, but it is different. If anything, it's simpler. (SLAAC rather than DHCPv4; IP reachability rather than NAT/port forwarding). |