[general1465]

Because IPv4 is logical and makes sense. First thing which IPv6 came up with? No NATs everything will have a public address. It turned out that this was hare brained idea so let's just cover it up with firewall. However misconfigured firewall means that everything is open... IPv6 has been designed by people who were unable to think further than what is going to be tomorrow for a lunch.

[kalleboo]

IPv4 came out in 1982 and was designed for every device to have a unique public address. Protocols like FTP were designed to literally pass an IP address to connect directly to.

As addresses started running out, the NAT RFC was published in 1994 and described NAT as a "short-term solution". NAT was never meant to be an integral part of IPv4. https://www.rfc-editor.org/rfc/rfc1631

NAT broke a ton of things which required more and more hacks piled on, making it more complex to build services on top if it (e.g., a server in the middle to proxy all the traffic needed between peers is a 100% requirement, with all the maintenance and scaling headaches that come with it).

[general1465]

So you actually agree with me, that making all addresses public was stupid to begin with. It was stupid on IPv4 and it remain stupid on IPv6, yet we already have experience from IPv4 that it was stupid.

[throw0101d]

> So you actually agree with me, that making all addresses public was stupid to begin with.

If an address is not public how can you start an connection from it, or end a connection at it? A web server needs a public address if you want to have people reach it. And you, at some point, also have to have a public address if you want to connect to pubic services: either on your end-host, at your CPE/router's WAN interface, or on an interface of your ISP's CG-NAT box.

But having a public address on your end-host also allows for much more functionality than if you were stuck behind CPE-NAT or CG-NAT. Now, you don't have to use this functionality—just like how I didn't when my printer gets an publicly addressable (but not publicly reachable) IPv6 address—but it opens up various possibilities.

[general1465]

So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.

[orangeboats]

The fact that we are giving IP addresses an hierarchy is stupid. If you don't want outsiders to connect to your device use a firewall.

[general1465]

Or use NAT, which is actually better solution, because misconfigured NAT won't expose your whole network, while misconfigured firewall will.

[throw0101d]

> So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.

"Yeah? Well, you know, that's just like uh, your opinion, man." — The Dude

Publicly addressable ≠ publicly reachable.

When I was with my last ISP which had IPv6, my printer had a public address, but the only people who could reach it were those on my home network.

[general1465]

With this logic, my printer can be reachable on google.com, but only from my private network, does not turn my printer into Google.

[juliangmp]

Are you really complaining about the fact that we need to deploy firewalls?

[general1465]

I am complaining about the fact that deploying firewall wrong will open your network to everyone. Deploying NAT wrong wont.

[BenjiWiebe]

Isn't that the first thing that IPv4 came up with as well? One publicly routable address per device that wants to access the Internet (or the network of universities or military installations or whichever network you were on pre-Internet).

[general1465]

You see and IPv6 was not able to learn from the failure - people does not want to have all computers in one network, same like people does not want to live in one skyscraper.