• moseschrute@lemmy.mlEnglish
    0·
    1 month ago

    Hi I have no idea what I’m doing when it comes to networking. I have ipv6 off on my home network because I was scared of accidentally exposing things outside of my home network. I’m using Ubiquiti. Can someone give me/link me a crash course on how to setup ipv6 without introducing any security holes into my network? Maybe also a crash course in firewalls.

    • Auli@lemmy.caEnglish
      0·
      1 month ago

      Don’t worry Ubiquiti has ipv6 issues. You have an excuse.

  • thejml@sh.itjust.works
    0·
    1 month ago

    I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.

    Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.

      • Frezik@lemmy.blahaj.zoneEnglish
        0·
        1 month ago

        16M devices on one network would almost certainly have major scalability problems all its own. SMB chattiness alone . . . shudder.

      • jj4211@lemmy.world
        0·
        1 month ago

        Having the breathing room is great.

        You have two teams that independently set up private networks but now someone has to talk to them both?

        In IPv4, they likely stepped on the same private subnets. In ipv6, they pretty much certainly did not step in the same ULA prefixes. My VPN setup is a mess of a maze to deal with the fact that most things I connect to are all independently allocated 10. subnets, with the IPv6 focused customer being easiest.

        Also, if you want to embed information in your addressing, like vlan I’d or room information.

        Besides, you can have addresses like fd37:5f1a:b4c1::feed:face, and that’s fun isn’t it?

      • drkt@scribe.disroot.org
        0·
        1 month ago

        IPv6 isn’t just a larger IPv4. There are features inherent to it, like link-local actually functioning and being predictable, unlike APIPA in v4 which was grafted on as an afterthought and breaks more than it works.

        It also functions router-less. You can grab 30 10-port switches and just stick them together and start plugging computers in. It will work without configuration or an authority.

        I am all v6 internally, but that’s not because I have a splatillion devices, but rather it’s just better and easier to manage.

        • jj4211@lemmy.world
          0·
          1 month ago

          Well sometimes the lla is not predictable, some stacks take privacy addresses to lla, which is silly but they do it. Of course you can multicast ping and check your neighbor table to get the lla chosen in such cases.

  • nonentity@sh.itjust.works
    0·
    1 month ago

    The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.

    My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.

    • Bytemeister@lemmy.worldEnglish
      0·
      1 month ago

      My favorite feature of IPv6 is that there are so many addresses available. Every single IPv4 address right now could have its own entire IPv4 range of addresses in IPv6. It’s mind-boggling huge.

      • gnuplusmatt@reddthat.com
        0·
        1 month ago

        you could assign every square meter of the planet an ip and use it for location, and still have addresses left over

        • Zink@programming.dev
          0·
          1 month ago

          Oh it’s way more than that!

          After looking up some numbers, I note we could give every single square MILLIMETER on the planet its own entire IPv4 address space.

          …And then every one of those IPv4 addresses could have its own entire copy of the IPv4 address space!

          …And that would just be a drop in the bucket compared with IPv6! One good comparison I’ve seen is that you could assign an address to every atom on the surface of the earth (but not inside it) and have enough left over for 100+ more earths.

          Rough math for the square millimeters:

          The surface area of the earth is roughly 510 trillion square millimeters. Let’s round that up to a quadrillion or 1015.

          The number of IPv6 addresses is 2128 or 3.4x1038. To be conservative again, let’s just round that down to 1038.

          1038 / 1015 = 1023 IPv6 addresses per square mm of earth.

          IPv4 address space is 232 or around 4 billion. let’s round up to 10 billion or 1010.

          So then 1023 / 1010 = 1013 IPv6 addresses per IPv4 address per square mm of earth.

          1013 / 1010 =

          1,000 IPv6 addresses per IPv4 address per IPv4 address per square mm of earth.

          And that was with the conservative estimates along the way. I think it would actually be tens of thousands.

    • gens@programming.dev
      0·
      1 month ago

      They kept talking it was because address exaustion, and IANA sold all the remaining blocks they had…

      I tested it at the time. Ran nmap ping scan across a block all night with zero results. IANA sold the internet

      • Pup Biru@aussie.zoneEnglish
        0·
        1 month ago

        many “unused” IP addresses are unused because they’re kinda like having spare parts: if you’re planning on extending your network in the futures, your IP block kinda should reflect your end state (ie the parts you need over time to replace or “build” new hosts)

        or for blue/green deployments where it’s likely that at least half the IP range will be used in terms of process, but unused most of the time in terms of reachability

        and then there’s weird things with splitting up IP blocks into subnets with a division of 3 (the minimum needed for dealing with net splits etc) - eg across availability zones… there are always “waste” IPs because you can’t divide multiples of 8 cleanly into 3

  • blackstrat@lemmy.fwgx.uk
    0·
    1 month ago

    Ipv6 is broken for those that want control over their home networks thanks to Google and terribly written RFCs.

    All that was needed was an extra byte or two of address space, but no, some high and mighty evangelicals in their ivory towers built something that few people understand 30 years later. Their die hard fans are sure that this will be the year of ipv6. The Year of Linux on the Desktop will come 10 years before the year of ipv6.

  • LaLuzDelSol@lemmy.world
    0·
    1 month ago

    Just my perspective as a controls (SCADA engineer):

    I work for a large power company. We have close to 100 sites, each with hundreds of IP devices, and have never had a problem with ipv4. Especially when im out in the field I love being able to check IPs, calculate gateways, etc at a glance. Ipv6 is just completely freaking unreadable.

    I see the value of outward-facing ipv6 devices (i.e. devices on the internet), considering we are out of ipv4s. But I don’t see why we have to convert private networks to ipv6. Put more bluntly: at least industry, it just isn’t gonna happen for decades (if it ever does). Unless you need more IPs it’s just worse to work with. And there’s a huge amount of inertia- got one singular device that doesn’t talk ipv4 at a given generation site? What are you supposed to do?

    • kieron115@startrek.websiteEnglish
      0·
      1 month ago

      If you set up your DNS correctly then you don’t even need the IPs. Just give devices unique, human-readable names and maybe do separate sub-domains for each site or something.

        • kieron115@startrek.websiteEnglish
          0·
          1 month ago

          Oh, now that you mention it I’ve never tried to map a static DNS entry to a device without DNS. Welp, time to get thousands of raspberry pi’s to act as IP KVMs!

          • inktvip@lemmy.dbzer0.com
            0·
            1 month ago

            That would imply en existence of display/usb outputs…

            We’re essentially talking a bunch of embedded devices talking to each other. You can give them all the dns entries you want, but if they (or the programming environment) don’t support DNS lookup you might as well put your dns server in excel.

            • kieron115@startrek.websiteEnglish
              0·
              1 month ago

              The microcomputers (raspberry pi, arduino, whatever) could have a modern network interface and relay the communication to the embedded devices over oldschool serial. But yeah, straight DNS wouldn’t work. I like the idea though, gonna start posting my 10 favorite IP addresses on a piece of paper on the fridge. Who needs excel!

  • HubertManne@piefed.socialEnglish
    0·
    1 month ago

    I know its a joke but man its annoying to go from something that is organized in a human readable way to one where you have to rely on the system. I am someone who hates databases though so I have always been like this. Heck way back in the aughts I used to complain that my job involved more seeing and issues and fixing it and the systems were getting to were I feel more like im counseling it.

    • qaz@lemmy.worldOPEnglish
      0·
      1 month ago

      I do like how I can easily remember IPv4 addresses while I struggle to remember a single IPv6 address

      • HubertManne@piefed.socialEnglish
        0·
        1 month ago

        Its really not possible to remember an IPv6. I mean it is but its really an abandonment on human level and a solution that leverage dhcp which was common anyway. Its about as easy as a hardware address.

        • drkt@scribe.disroot.org
          0·
          1 month ago

          Its really not possible to remember an IPv6.

          skill issue. Your ISP isn’t giving you a /128, you don’t have to remember a whole ass SLAAC address. My desktop has like 4 IPv6 addresses most of the time, but I only have to remember the one I assigned it and my network prefix. This is one of the advantages of IPv6; you can have an easy to remember, and SLAAC, and privacy-extension addresses all at once.

          I can’t prove it, but I’m typing this from my head- 2a05:f6c7:8321::10
          That’s about as human readable as IPv4.

  • Domi@lemmy.secnd.me
    0·
    1 month ago

    My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.

    I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.

    • TheFogan@programming.devEnglish
      0·
      1 month ago

      Well of course, how else would you trick script kiddies that figured out when they DDOSed 127.0.0.1 and learned what a loop back was, and get them again in a few weeks with “ok ok my real address is 127.34.21.2”

        • TheFogan@programming.devEnglish
          0·
          1 month ago

          not sure if you are joking, but any valid IP4 address starting with 127. does the same thing, loopback. 127.0.0.1 is just the standard most people use, you could use 127.127.127.127, or 127.1.1.1 or any random numbers 0 and 254 for the second 2, and 1 and 254 for the last and the effects will be identical.

          • Frezik@lemmy.blahaj.zoneEnglish
            0·
            1 month ago

            In fact, it’s so standard that there’s a bunch of shitty code out there that thinks 127.0.0.1 is the only loopback address.

            I’m thinking of a networked Chinese laser cutter that we put on our 10.0.0.0/16 network in the makerspace. It seems to think that 10.0.1.1 and 10.0.2.1 are on different networks. Wouldn’t be surprised if it does a similar mistake with loopback addresses.

        • ramjambamalam@lemmy.caEnglish
          0·
          1 month ago

          A /8 subnet is basically everything after the first of the four segments, e.g. 127...*. marine_mustang was saying that loopback (what you think of as only 127.0.0.1) is actually an entire subnet, so any address that starts with 127 will hit the loopback interface. TIL, never thought about it much before.

  • empireOfLove2@lemmy.dbzer0.comEnglish
    0·
    1 month ago

    bro just add another octet to the end of ipv4. That goes from 4 billion to a trillion and will most definitely outlast modern electronics and capitalism

    • Part4@infosec.pub
      0·
      1 month ago

      I think they must have thought: ‘Well we thought four and a quarter billion was going to be enough. We don’t want to repeat the mistake, so let’s create an unimaginably large address space.’

      Which, with the benefit of hindsight, now looks daft itself.

      • TWeaK@lemmy.today
        0·
        1 month ago

        It looks daft now with a little hindsight, but we’re kind of still in the foresight stage for the overall life of IPv6.

  • MissingGhost@lemmy.ml
    0·
    1 month ago

    I’m surprised by the comments here. I use 90% IPv6. For me v4 is only present for retro compatibility. The transition was hard however.