[AndrewDucker]

You have 1 public IP address and everything works because there are external servers for you to bounce things off, in order for external signals to reach the internal devices.

If we want proper peer-to-peer communications to be possible, we need to avoid, where possible, the need for a routable middle-man to help out.

Also, Asia Pacific has long run out of IPv4 addresses - back in 2011. There are now services starting up over there that are IPv6 only. This will spread over the next few years.

IPv6 is the future. There is no point complaining that we can shuffle around a few addresses here and there to make up a bit of space.

[dec0dedab0de]

If we want proper peer-to-peer communications to be possible, we need to avoid, where possible, the need for a routable middle-man to help out.

That is the very reason many people are nervous about the switch. Right now NAT/PAT give home users reasonable security without the need for a firewall. The obvious solution is just to make cheap firewalls that can route properly, and default to blocking all incoming traffic. However, that brings up the same concern of needing some way to dynamically poke a hole through the firewall. Which brings us to UPnP, and I for one do not trust that at all, but maybe thats my tinfoil hat.

I totally agree that we need to move forward with IPv6 though.

[AndrewDucker]

Just because your router supports IPv6 doesn't mean it should open connections from the outside world. I'd expect all home routers to continue to default to "only outwards connections allowed" and let you specify open ports as you need them - exactly as they do now.

[johnjac]

This is getting close to my point. If: 1) outbound only is going to be the default, and 2) most services already need 'man in the middle' (directly service at least) and 3) IPv6 is going to need to NAT to get to the legacy IPv4 addresses anyway

What advantage is IPv6 for most of my devices giving me?

[AndrewDucker]

IPv6 doesn't NAT to get to IPv4 addresses - you'll need to run both in parallell to get to IPv4 addresses, until everyone is switched over.

And the advantage is that when you _do_ want to go direct you aren't stuck with being behind NAT on your router and then another NAT at your ISP, and then possibly another NAT level, and then the same in reverse at the other end, so that it's possible at all.

And sure, it might not give _you_ anything you particularly care about. But when you find that you can't do something, because there are several layers of indirection between you and someone else, and now you need to run your own server in order to hook two machines to each other over the internet, then you'll wish IPv6 was available.

[Shish2k]

For the cases where you do want to allow inbound connections, enabling them becomes simple and reliable

[johnjac]

I know how it works, but the point is it works. Let's not pretend that everyone getting Nest thermostats is a reason for IPv6. And Most applications need "man in the middle" services anyway even if everything was publicly addressable. Nest HQ needs it public servers, There is no need for my thermostat to have a public IP.

[marcosdumay]

> And Most applications need "man in the middle" services anyway

For all instant communication (VoIP, chat, file transfer, setting your thermostat), a man in the middle schema is a hindrance. The communication where you publish, and then somebody reads data need a man in the middle.

If your thermostat does not have a public IP, you must buy it as a service, and it'll never really be your property. One can live with that in a thermostat (but let's not pretend it's a good thing), just think twice before automating more of your home...

[johnjac]

I also need my ISP, my power company, etc. I'll never be an island. This IPv6 utopia where everything is peer2peer just isn't going to happen, there is too much value in central services.

[ghshephard]

Ironically, plenty of companies assign IPv6 addresses from the RFC4193 Unique Local IPv6 Unicast Address space - so no real advantage over IPv4 for them with regards to that. For security fixated companies, non-routability is considered a desirable feature, not a problem.

[AndrewDucker]

And that's fine - options are good!