[mort96]

I work with embedded Linux stuff and MCU stuff where we make a significant number of units. Even in an IPv6 world, there's no way each of those would get their own public static IPv6 address with an associated DNS record just for the purpose of being able to spin up a debug web interface. It's explicitly desirable for these devices to not be reachable through the public Internet.

[stavros]

Well then you set your firewall to default-deny. It doesn't make sense to hobble the internet just because NATs are inadvertently a convenient firewall.

[mort96]

And how do I assign the devices globally unique IP addresses? SLAAC is only for local addresses, right?

[stavros]

Wouldn't IPv6 work for that?

[mort96]

I don't know what you mean. I asked what process you would use to assign IPv6 addresses.

[stavros]

Maybe I'm not understanding the use case. Why can't you use DHCPv6 or SLAAC wherever the device is deployed?

[mort96]

DHCP doesn't give you a globally unique IP address...

If you're suggesting getting using a non-unique DHCP-assigned local IP address, I don't understand what difference you think v6 does compared to v4.