[oconnore]

I don't understand why people are so negative about IPv6. I have done essentially zero home networking work and I just ran this successfully. It just works!

``` > ping6 google.com PING6(56=40+8+8 bytes) 2605:59c0:236f:3a08:7883:9d04:c26d:5fa1 --> 2607:f8b0:4005:806::200e 16 bytes from 2607:f8b0:4005:806::200e, icmp_seq=0 hlim=117 time=22.262 ms 16 bytes from 2607:f8b0:4005:806::200e, icmp_seq=1 hlim=117 time=26.124 ms 16 bytes from 2607:f8b0:4005:806::200e, icmp_seq=2 hlim=117 time=26.807 ms ^C --- google.com ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 22.262/25.064/26.807/2.001 ms ```

[magicalhippo]

> I don't understand why people are so negative about IPv6. [...] It just works!

Networking is a lot more than being able to ping a single host.

As a concrete counter-example, IPv6 routinely broke for me when I was using pfSense as a router. Why? Because pfSense, with no way of disabling this behavior, published its public IP as the DNS server for internal clients.

So each time I got a new prefix from my ISP, which happens about once a week or more often, machines stopped being able to perform DNS lookups for hours or until I rebooted them.

And, if I had bothered configuring IPv6 firewall rules, those would have had to be reconfigured manually with the new prefix. I understand this is mostly fixed in pfSense recently, but this was the case for many, many years.

Another counter-example is that Android only supports SLAAC, and SLAAC only supports providing a few key infrastructure details like router and DNS. If you want to tell the Android client something else, like NTP server, you're outta luck. Also, if Android successfully gets an IPv6 address via SLAAC, it requires the DNS server IP to also be an IPv6 address. So your internal DNS server must then also serve on IPv6. If that wasn't the case, it would just silently use Google's own DNS servers, breaking any local configuration you had.

Another point is that a lot of us tried using IPv6 decades ago, and so we still have scars from that time. IPv6 today is a lot better, but I still have a lot of IPv6 frustration associated with it from 15-20 years ago.

[MaKey]

> And, if I had bothered configuring IPv6 firewall rules, those would have had to be reconfigured manually with the new prefix. I understand this is mostly fixed in pfSense recently, but this was the case for many, many years.

Why would you have to reconfigure your firewall rules when you're getting a new IPv6 prefix?

[magicalhippo]

> Why would you have to reconfigure your firewall rules when you're getting a new IPv6 prefix?

Because the IP address of the target changes when you get a new prefix.

There's some discussion in this[1] old pfSense ticket.

With IPv4 you typically do address translation (NAT) and so the internal target address is not tied to the global address.

[1]: https://redmine.pfsense.org/issues/6626

[delotrag]

My consumer router uses iptables under the hood, so it accepts a mask in the firewall rule (so e.g. I can do ::0123:4567:89ab:cdef/::ff:ffff:ffff:ffff:ffff as a target, and when my /56 changes, the rules Just Work™)

[magicalhippo]

It seems iptables has been ahead there.

But I think it further strengthens my case, software support for IPv6 has been quite spotty over the years, which combined with the less-than ideal deployments out there has made things frustrating for many users over the past couple of decades.

[happymellon]

> As a concrete counter-example, IPv6 routinely broke for me when I was using pfSense as a router. Why? Because pfSense, does really bad things.

I mean, I have a router that is trash with IP4. Therefore IP4 is trash!

[magicalhippo]

Please don't put words in my mouth. I did not say "Because pfSense, does really bad things."

How pfSense works is fairly reasonable if every IPv6 deployment had been as the original designers intended, ie you have a static prefix.

It's just that the way IPv6 ended up getting deployed in practice was often not aligned with that original vision. And that has been a large source of IPv6 frustration.

[gertrunde]

There's a few things here that are a bit iffy tbh!

I can't see why an ISP is dynamically changing the IPv6 addressing for a client, but if that's what is going on, then v6 NPT is your friend (RFC6296 - https://datatracker.ietf.org/doc/html/rfc6296).

But pfsense's behaviour is a bit iffy too, unless when you say 'public IP', you mean the IPv6 address being used on the pfsense facing the clients? (I'm assuming it's using DHCPv6 prefix delegation, and the delegation is being changed? And potentially the uplink subnet as well).

[direwolf20]

It's a legal requirement in Europe for privacy. A long term static address is a personal identifier.

[illiac786]

How could this be a legal requirement and at the same time you can purchase static IPs as a paid option from ISPs, like I did?

[anikom15]

Does the mailman come around and change house numbers and street names every month, too?

[pmezard]

Any vague source for that?

Asking as a European who did not have his IPv4 address changed for months or even years. Or is it IPv6 specific? But I cannot see why.

[illiac786]

opnsense can use the delegated prefix for DHCPv6, it then automatically becomes the “LAN net” firewall alias and you can refer to it in a firewall rule I believe. I assume it’s the same for pfsense and I suspect they are not the only ones.

[magicalhippo]

> v6 NPT is your friend

So NAT is the one true solution after all.. /s

> unless when you say 'public IP', you mean the IPv6 address being used on the pfsense facing the clients?

Well, that's kinda the thing, pfSense seems to assume global means it's also the IP facing the local clients. I couldn't get pfSense to advertise its ULA as the DNS server for example. But if you have a static prefix, that's not a bad assumption. And a static prefix is what the IPv6 designers envisioned.

> I'm assuming it's using DHCPv6 prefix delegation, and the delegation is being changed?

ISP indeed uses DHCPv6 prefix delegation. The prefix I get can change "randomly". It always changes when my router or modem reboots, but other times too (perhaps when their equipment reboots).

I should note that after getting very frustrated with pfSense, I threw it away a few years ago and switched to OpenWRT which has worked much, much better when it comes to IPv6.

[kstrauser]

That's literally impossible, to hear some people tell it. "And also, look how hard it'd be to memorize that address", say the people who remember like 2 IPv4 addresses, one of them being 127.0.0.1.

[jen729w]

Tailscale, perhaps ironically in this context, has shown me the value of not caring about an IP address.

I used to. When I had a home network I'd carefully assign `10.52.1.x` where `x` was the periodic number corresponding to the machine name! (I write from `lutetium`.)

Now, with Tailscale's magic DNS – `lutetium` being all I need – why on Earth would I give a crap about an IP address? I've gone from being obsessed to truly not caring at all.

So, give me IPv6. Auto-assign everything! All I want is a name.

[justsomehnguy]

It's akin to remembering the phone numbers. Even 20 years ago I had like 10-20 of most important ones memorized despite some of them not used often ie once in a years. Nowadays I have 'me myself' in the Contacts because I can't remember it despite using it for 5+ years nor I care.

[kstrauser]

Hah, I kinda love your naming and numbering convention!

But yeah. On my own LAN, everything is DHCP for IPv4 and SLAAC for v6. Everything uses mDNS and I connect to everything by name, not address. I can only remember the static IP of one of the servers; the rest are purely names.

[NekkoDroid]

I remember like 10 different IPv4 addresses, 6 of which are DNS servers where each octet is a single number, 1 is my router, 1 is my home network switch, 1 is my home server and the last one localhost.

The main thing all those have in common is they are either something I frequently use (all mentioned local IPs) or just stupid easy to remember (DNS servers), neither of which isn't possible for IPv6.

From memory isn't localhost for IPv6 not shorter than for IPv4? The answer is yes, it is ::1 and I was thinking of the Multicast and Link-local address prefixes which are ff00:: and fe80:: respectively.

[boredatoms]

Telling people to use ULA subnet fddd:: with dhcpv6 is my way.

fddd::7 is easier to type than 10.0.0.7

[opan]

"ten oh oh 7" (how I'd say it or remember it) still seems simpler than "eff dee dee dee colon colon 7". While with ipv4 the dots can be assumed for pauses, v6 doesn't put colons as often, also I could easily see myself forgetting the amount of "d"s. I don't wanna seem too anti-v6, though, I am in favor of everyone adopting the more modern thing.

edit: Well, you said easier to type. I guess I probably agree with that.

[wpm]

There is also the fact that an IPv6 IP has a maximum and minimum number of characters and separators, but not a set one, so the length of any given address is variable.

Instead of being able to run a groove in my head mentally, and read with any sort of rhythm, I have to read them like binary bytes. Every address feels like a foreign phone number where your normal rhythm doesn't fit, but it never gets better.

Perhaps, IMO, the greatest and only sin of IPv6. That and using fucking colons.

[Dagger2]

Dots weren't an option, because then the syntax would overlap with DNS hostnames. "2001.db8.c.d.e.f.g.ca" is a valid host under the .ca TLD.

[cwillu]

one of those addresses requires two hands and hitting the shift key, the other is easily done one-handed.

[Dagger2]

You're looking for one of these: https://ipv6buddy.com/

[itopaloglu83]

When people are managing 20 devices on a network, they access everything by IP address directly and struggle with constant DNS issues.

Introducing a more complex system without easing any of the cognitive load and making fun of it is just cruel at this moment.

Users need a simpler way to connect to their devices, and what tailscale did with magic dns shows that users don’t even care about IPv4 they just want to connect to their devices with something simple they can remember.

[kstrauser]

I have 68 devices on the line at this moment. I just checked. I remember exactly one of their IPs and that’s just one that stuck in my head. I never connect to it by address.

I agree with the sibling comment: crummy CPE is crummy CPE. This is a solvable problem, but people end up with junky routers and it causes them anguish.

[gertrunde]

Weirdly this might be a CPE problem, e.g. crappy ISP routers.

Put in something more interesting, e.g. OpenWRT, or there are proprietary options too, that provides simple & reliable local LAN DNS, then the problem just goes away.