• empireOfLove2@lemmy.dbzer0.comEnglish
    11·
    7 days ago

    bro just add another octet to the end of ipv4. That goes from 4 billion to a trillion and will most definitely outlast modern electronics and capitalism

    • Part4@infosec.pub
      9·
      6 days ago

      I think they must have thought: ‘Well we thought four and a quarter billion was going to be enough. We don’t want to repeat the mistake, so let’s create an unimaginably large address space.’

      Which, with the benefit of hindsight, now looks daft itself.

      • TWeaK@lemmy.today
        5·
        6 days ago

        It looks daft now with a little hindsight, but we’re kind of still in the foresight stage for the overall life of IPv6.

  • Domi@lemmy.secnd.me
    55·
    8 days ago

    My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.

    I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.

  • Blaster M@lemmy.worldEnglish
    541·
    8 days ago

    Skill issue

    IPv6 is easy to do.

    2000::/3 is the internet range

    fc00::/7 is the private network range (for non routing v6)

    fe80::/64 is link local (like apipa but it never changes)

    ::1/128 is loopback

    /64 is the smallest network allocation, and you still have 64 bits left for devices.

    You don’t need NAT when you can just do firewalling - default drop new connections on inbound wan and allow established, related on outbound wan like any IPv4 firewall does.

    Use DHCPv6 and Prefix Delegation (DHCPv6-PD) to get your subnets and addresses (ask for a /60 on the wan to get 16 subnets).

    Hook up to your printer using ipv6 link local address - that address never changes on its own, and now you don’t have to play the static ip game to connect to it after changing your router or net config.

    The real holdup is ISPs getting ultra cheap routers that use stupid network allocation systems (AT&T) that are incompat with the elegant simplicity of prefix delegation and dhcp.

    • kieron115@startrek.websiteEnglish
      4·
      8 days ago

      On my home network I make sure that my PDs are the same as my VLAN IDs so that I can at least know where a device is based on its IP. If I was smart I would also line them up with the IPv4 subnets as well.

  • thejml@sh.itjust.works
    43·
    8 days ago

    I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.

    Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.

    • palordrolap@fedia.io
      91·
      8 days ago

      How much slack did you have in your 10.* network? Or was it literally 16.7 million devices?

      • drkt@scribe.disroot.org
        141·
        8 days ago

        IPv6 isn’t just a larger IPv4. There are features inherent to it, like link-local actually functioning and being predictable, unlike APIPA in v4 which was grafted on as an afterthought and breaks more than it works.

        It also functions router-less. You can grab 30 10-port switches and just stick them together and start plugging computers in. It will work without configuration or an authority.

        I am all v6 internally, but that’s not because I have a splatillion devices, but rather it’s just better and easier to manage.

        • jj4211@lemmy.world
          3·
          7 days ago

          Well sometimes the lla is not predictable, some stacks take privacy addresses to lla, which is silly but they do it. Of course you can multicast ping and check your neighbor table to get the lla chosen in such cases.

      • jj4211@lemmy.world
        1·
        7 days ago

        Having the breathing room is great.

        You have two teams that independently set up private networks but now someone has to talk to them both?

        In IPv4, they likely stepped on the same private subnets. In ipv6, they pretty much certainly did not step in the same ULA prefixes. My VPN setup is a mess of a maze to deal with the fact that most things I connect to are all independently allocated 10. subnets, with the IPv6 focused customer being easiest.

        Also, if you want to embed information in your addressing, like vlan I’d or room information.

        Besides, you can have addresses like fd37:5f1a:b4c1::feed:face, and that’s fun isn’t it?

  • NuXCOM_90Percent@lemmy.zip
    452·
    8 days ago

    In my personal life I will probably “never” intentionally use ipv6.

    But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than “it’s hard”

    • Nightwatch Admin@feddit.nl
      238·
      8 days ago

      It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/

      Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.

    • NaibofTabr@infosec.pubEnglish
      132·
      8 days ago

      Realistically no organization has so many endpoints that they need IPv6 on their internal networks. There’s no reason to deal with more complicated addressing schemes except on the public Internet. Only the border devices should be using IPv6.

      Hopefully if an organization has remote endpoints which are connecting to the internal network over the Internet, they are doing that through a VPN and can still just be assigned IPv4 addresses on dedicated VLANs when they connect.

      • Pup Biru@aussie.zoneEnglish
        3·
        7 days ago

        you sir/maam have not seen the netflix talk on using IPv6 for their full internal stack because of inefficiencies allocating IPv4 ranges i’m guessing

      • Olap@lemmy.world
        102·
        8 days ago

        If you don’t have ipv6 internally, you probably can’t access ipv6 externally. 6to4 gateways are a thing. 4to6? Not so much.

        And this is why ipv6 will ultimately take another 20 years for full coverage. If it was more backwards compatible from the starting address-wise then this would all have been smoother. Should have stuck with point separators. Should have assumed zero padding for v4 style addresses rather than a prefix

        • The_Decryptor@aussie.zoneEnglish
          5·
          8 days ago

          If you don’t have ipv6 internally, you probably can’t access ipv6 externally. 6to4 gateways are a thing. 4to6? Not so much.

          I’m pretty sure stateful gateways do exist, but it’s a massive ball of complexity that would be entirely avoided if people just used native v6.

  • nonentity@sh.itjust.works
    43·
    8 days ago

    The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.

    My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.

    • gens@programming.dev
      3·
      7 days ago

      They kept talking it was because address exaustion, and IANA sold all the remaining blocks they had…

      I tested it at the time. Ran nmap ping scan across a block all night with zero results. IANA sold the internet

      • Pup Biru@aussie.zoneEnglish
        2·
        7 days ago

        many “unused” IP addresses are unused because they’re kinda like having spare parts: if you’re planning on extending your network in the futures, your IP block kinda should reflect your end state (ie the parts you need over time to replace or “build” new hosts)

        or for blue/green deployments where it’s likely that at least half the IP range will be used in terms of process, but unused most of the time in terms of reachability

        and then there’s weird things with splitting up IP blocks into subnets with a division of 3 (the minimum needed for dealing with net splits etc) - eg across availability zones… there are always “waste” IPs because you can’t divide multiples of 8 cleaning into 3

  • socsa@piefed.socialEnglish
    331·
    8 days ago

    Meh, the idea of having every address be globally routable makes a lot of sense. NAT is a great bandaid but it’s still a bandaid. It still limits how peer to peer and multicast applications function, especially on larger networks.

    • Korhaka@sopuli.xyzEnglish
      16·
      8 days ago

      NAT444 is shit. I can’t even host a web server without routing it through a VPN, and my ISP can’t work out how to provide an IPv6 addresses yet. Give it to me and I will work out how to use it.

      Slight update - Just looked and apparently they had a goal of rolling out IPv6 addresses to all customers by earlier this year. I’ll check my router config tomorrow and who knows. Maybe I will be able to get one now? Would be pretty sweet.

      • cepelinas@sopuli.xyz
        6·
        8 days ago

        I am sorry to interrupt, my ISP gave me an ipv6 address, but I just can’t access anything through it even when I specify it in the firewall, maybe they are blocking this functionality because they sell static ips.

        • Korhaka@sopuli.xyzEnglish
          3·
          7 days ago

          I can use dynamic DNS, the problem is I can’t host over NAT444 without something like a VPN.

          Still not been given an IPv6 address though.

  • LaLuzDelSol@lemmy.world
    321·
    8 days ago

    Just my perspective as a controls (SCADA engineer):

    I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.

    I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don’t see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn’t gonna happen for decades (if it ever does). Unless you need more IPs it’s just worse to work with. And there’s a huge amount of inertia- got one singular device that doesn’t talk ipv6 at a given generation site? What are you supposed to do?

    • kieron115@startrek.websiteEnglish
      51·
      8 days ago

      If you set up your DNS correctly then you don’t even need the IPs. Just give devices unique, human-readable names and maybe do separate sub-domains for each site or something.

        • kieron115@startrek.websiteEnglish
          5·
          8 days ago

          Oh, now that you mention it I’ve never tried to map a static DNS entry to a device without DNS. Welp, time to get thousands of raspberry pi’s to act as IP KVMs!

          • inktvip@lemmy.dbzer0.com
            4·
            8 days ago

            That would imply en existence of display/usb outputs…

            We’re essentially talking a bunch of embedded devices talking to each other. You can give them all the dns entries you want, but if they (or the programming environment) don’t support DNS lookup you might as well put your dns server in excel.

            • kieron115@startrek.websiteEnglish
              2·
              7 days ago

              The microcomputers (raspberry pi, arduino, whatever) could have a modern network interface and relay the communication to the embedded devices over oldschool serial. But yeah, straight DNS wouldn’t work. I like the idea though, gonna start posting my 10 favorite IP addresses on a piece of paper on the fridge. Who needs excel!

    • Captain_Faraday@programming.devEnglish
      1·
      7 days ago

      I’m a protective relay settings engineer at a contractor for lots of power companies. I’m dipping my toes into my first substation automation project. Getting to design the device native files, IPs, and other networking parts from the drawings package of site and device manuals. It’s all SEL equipment with a gateway at the top and local powerWAN, RTAC, annunciators, and relays below. I live thousands of miles from the site, so local testing would be challenging but probably have to fly or something lol. I have been doing some research on how to emulate this is a lab setting when all you have is the RTAC and some relays. Is this something SCADA engineers have to do sometimes? Like if you need to test a scheme when you can’t build it physically first?

    • into_highest_invite@lemmygrad.ml
      1·
      7 days ago

      i’ve done both ipv4 and v6, but never embedded. from my perspective, ipv6 addresses can be easier to remember and use, with a little clever arrangement of zeros and especially because they’re hexadecimal. that’s in addition to the way more elegant way the protocol itself handles various things. obviously not worth upgrading systems that don’t even need dhcp, but that applies to a lot of things in that field

  • MissingGhost@lemmy.ml
    27·
    8 days ago

    I’m surprised by the comments here. I use 90% IPv6. For me v4 is only present for retro compatibility. The transition was hard however.