this post was submitted on 26 Jun 2024
2 points (100.0% liked)

Unpopular Opinion

8198 readers
172 users here now

Welcome to the Unpopular Opinion community!

How voting works:

Vote the opposite of the norm.

If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.

Guidelines:

Tag your post, if possible (not required)

  • If your post is a "General" unpopular opinion, start the subject with [GENERAL].
  • If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].

Rules:

1. NO POLITICS

Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.

2. Be civil.

Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.

3. No bots, spam or self-promotion.

Only approved bots, which follow the guidelines for bots set by the instance, are allowed.

4. Shitposts and memes are allowed but...

Only until they prove to be a problem. They can and will be removed at moderator discretion.

5. No trolling.

This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.

6. Defend your opinion

This is a bit of a mix of rules 4 and 5 to help foster higher quality posts. You are expected to defend your unpopular opinion in the post body. We don't expect a whole manifesto (please, no manifestos), but you should at least provide some details as to why you hold the position you do.

Instance-wide rules always apply. https://legal.lemmy.world/tos/

founded 2 years ago
MODERATORS
JonsJava@lemmy.world
lemann@lemmy.world
ptz@dubvee.org
technopagan@lemmy.world
Dremor@lemmy.world
2
Don't bother promoting IPv6 as "the future". It's never going to be the default. (feddit.nl)
submitted 1 year ago* (last edited 1 year ago) by neidu2@feddit.nl to c/unpopularopinion@lemmy.world
11 comments fedilink hide all child comments
 

Basically what the title says. Here's the thing: address exhaustion is a solved problem. NAT already took care of this via RFC 1631. While initially presented as a temporary fix, anyone who thinks it's going anywhere at this point is simply wrong. Something might replace IPv4 as the default at some point, but it's not going to be IPv6.

And then there are the downsides of IPv6:

  • Not all legacy equipment likes IPv6. Yes, there's a lot of it out there.
  • "Nobody" remembers an IPv6 address. I know my IPv4 address, and I'm sure many others do too. Do you know your IPv6 address, though?
  • Everything already supports IPv4
  • For IPv6 to fully replace IPv4, practically everything needs to move over. De facto standards don't change very easily. There's a reason why QWERTY keyboards, ASCII character tables, and E-mail are still around, despite alternatives technically being "better".
  • Dealing with dual network stacks in the interim is annoying.

Sure, IPv6 is nice and all. But as an addition rather than as a replacement. I've disabled it by default for the past 10 years, as it tends to clutter up my ifconfig overview, and I've had no ill effects.

Source: Network engineer.

top 11 comments
sorted by: hot top controversial new old
[–] Boozilla@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (1 children)

Upvote for semi-unpopular opinion.

I think you're wrong about the shortage being 'solved' by NAT. NAT is great for LAN and WAN in the developed world, but there are billions of folks in remote developing areas where it's not much help. It also severely limits the big chunks of address spaces that can be allocated to business, universities, governments, etc. It is not a trivial problem waved away by NAT.

I think it will continue to be a very gradual but relentless rollout of IPv6. Not saying it will be fast. But 30 years from now, if we haven't destroyed civilization, I suspect IPv4 will be a quaint relic. And IPv6 will never run out of addresses.

[–] Eyron@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (1 children)

There's a large possibility we'll run out of IPv6 addresses sooner than we think.

Theoretically, 128-bits should be enough for anything. IPv6 can theoretically give 2^52 IPs to every star in the universe: that would be a 76-bit subnet for each star rather than the required 64 minimum. Today, we (like ARIN) do 32-48-bit allocations for IPv6.

With IPv4, we did 8-24-bit allocations. IPv6 gives only 24 extra allocation bits, which may last longer than IPv4. We basically filled up IPv4's 24-bits of allocations in 30 years. 281 trillion (2^48) allocations is fairly reachable. There doesn't seem to be any slowdown of Internet nor IP growth. Docker and similar are creating more reasons to allocate IPs (per container). We're also still in the early years of interstellar communications. With IPv4, we could adopt classless subnetting early to delay the problem. IPv6's slow adoption probably makes a similar shift in subnetting unlikely.

If we continue the current allocation trend, can we run out of the 281 trillion allocations in 30 years? Optimistically, including interstellar networks and continued exponential growth in IP-connected devices? Yes. Realistically, it's probably more than 100 years away, maybe outside our lifetimes, but that still sounds low when IPv6 has enough IPs for assigning an IP to every blade of grass, given every visible star has an Earth. We're basically allocating a 32-48 bit subnet to every group of grass, and there are not really enough addresses for that.

[–] mitchty@lemmy.sdf.org 0 points 1 year ago (1 children)

This is the worst math that ever mathed. IPv4 is 32 bits of address space. IPv6 is 128. That is 2^32 vs 2^128. Not 2^52, which isn’t even wrong it’s just weird, hopefully this is just some weird performance joke. There are enough addresses in ipv6 to address every known atom on earth. We aren’t running out anytime soon. 96 doublings of IPv4s address space is a number you can’t fathom.

[–] Eyron@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (1 children)

That wasn't what I said. 2^56 was NOT a reference to bits, but to how many IPs we could assign every visible star, if it weren't for subnet limitations. IPv6 isn't classless like IPv4. There will be a lot of wasted/unrunused/unroutable addresses due to the reserved 64-bits.

The problem isn't the number of addresses, but the number of allocations. Our smallest allocation, today, for a 128-bit address: is only 48-bits. Allocation-wise, we effectively only have 48-bits of allocations, not 128. To run out like with IPv6 , we only need to assign 48-bits of networks, rather than the 24-bits for IPv4. Go read up on how ARIN/RIPE/APNIC allocate IPs. It's pretty wasteful.

[–] mitchty@lemmy.sdf.org 0 points 1 year ago (1 children)

I’m fully aware how rirs allocate ipv6. The smallest allocation is a /64, that’s 65535 /64’s. There are 2^32 /32’s available, and a /20 is the minimum allocatable now. These aren’t /8’s from IPv4, let’s look at it from a /56, there are 10^16 /56 networks, roughly 17 million times more network ranges than IPv4 addresses.

/48s are basically pop level allocations, few end users will be getting them. In fact comcast which used to give me /48s is down to /60 now.

I’ll repeat, we aren’t running out any time soon, even with default allocations in the /3 currently existing for ipv6.

[–] Eyron@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I’m fully aware how rirs allocate ipv6. The smallest allocation is a /64, that’s 65535 /64’s. There are 2^32 /32’s available, and a /20 is the minimum allocatable now. These aren’t /8’s from IPv4, let’s look at it from a /56, there are 10^16 /56 networks, roughly 17 million times more network ranges than IPv4 addresses.

/48s are basically pop level allocations, few end users will be getting them. In fact comcast which used to give me /48s is down to /60 now.

I’ll repeat, we aren’t running out any time soon, even with default allocations in the /3 currently existing for ipv6.

Sorry, but your reply suggests otherwise.

The RIRs (currently) never allocate a /64 nor a /56. /48 is their (currently) smallest allocation. For example, of the ~800,000 /32's ARIN has, only ~47k are "fragmented" (smaller than /32) and <4,000 are /48s. If /32s were the average, we'd be fine, but in our infinite wisdom, we assign larger subnets (like Comcast's 2601::/20 and 2603:2000::/20).

These aren’t /8’s from IPv4. let’s look at it from a /56, there are 10^16 /56 networks, roughly 17 million times more network ranges than IPv4 addresses.

Taking into account the RIPE allocations, noted above, the closer equivalent to /8 is the 1.048M /20s available. Yes, it's more than the 8-bit class-A blocks, but does 1 million really sound like the scale you were talking about? "enough addresses in ipv6 to address every known atom on earth"

The situation for /48s is better, but still not as significant as one would think. With Cloudflare as an extreme example: They have 6639 IPv4 /24 blocks, but 670,550 IPv4 /48 blocks. Same number of networks in theory, but growing from needing 13-bits of networks in IPv4 to 19-bits of networks: 5 extra bits of usage from just availability.

That sort of increase of networks is likely-- especially in high-density data centers where one server is likely to have multiple IPv6 networks assigned to it. What do you think the assignments will look like as we expand to extra-terrestrial objects like satellites, moons, planets, and other spacecraft?

I’ll repeat, we aren’t running out any time soon

Soon vs never. OP I replied to said "never". Your post implied similarly, too-- that these numbers are far too big for humans to imagine or ever reach. The IPv6 address space is large enough for that: yes. But our allocations still aren't. The number of bits we're actually allocating (which is the metric used for running out) is significantly smaller than most think. In the post above, you're suggesting 56-64 bits, but the reality is currently 20-32 bits-- 1M-4B allocations.

If everyone keeps treating IPv6 as infinite, the current allocation sizes would take longer than IPv4 to run out, but it isn't really an unfathomable number like the number of atoms on Earth. 281T /48s works more sanely: likely enough for our planet-- but RIPEs seem to avoid allocating subnets that small.

IPv4-style policy shifts could happen: requirements for address blocks rise, allocation sizes shrink, older holders have /20 blocks (instead of 8-bit class A blocks), and newer organizations limited to /48 blocks or smaller with proper justification. The longer we keep giving away /20s and /32s like candy, the more likely we'll see the allocations run out sooner (especially compared to never). My initial message tried to imply that it depends on how fast we grow and achieve network growth goals:

30 years? Optimistically, including interstellar networks and continued exponential growth in IP-connected devices? Yes.

. . .

Realistically, it’s probably more than 100 years away, maybe outside our lifetimes

[–] elgordino@fedia.io 1 points 1 year ago

43% of Google traffic is now ipv6 and steadily growing

https://www.google.com/intl/en/ipv6/statistics.html

CGNAT is only a temporary band aid for reaching services that are yet to present themselves on IPV6. It’s relatively expensive to operate.

IpV6 might be largely pointless on a LAN, and sure NAT is fine there, but ipv6 already running large chunks of the world’s mobile infrastructure. It’s not going anywhere.

[–] blackstrat@lemmy.fwgx.uk 0 points 1 year ago (1 children)

I posted this elsewhere a few days ago. I don't think IPv6 can do what I require of a basic home network, let alone a large enterprise...

I gave it a really good shot at implementing this past week. I spent 3 days getting up to speed, reading loads and trying various different things. But I am now back to IPv4 only because I just can't get IPv6 to do what I want and no amount of searching has made me think what I want to do is even possible.

Some background about the IPv4 network I run at home: I run opnsense on a Proxmox server. I have a few services publicly available using port forwarding. I run several VLANs for IoT, VoIP, Cameras etc. I use a bunch of firewall rules that are specific client devices on the network. So for example I have a rule that blocks youtube from the kids tablets and the TV. I have a special rule around DNS for the wife as she doesn't want to use the pihole blocking features. These rules are made possible because the DHCP server is set to give them a fixed IP and I can create a firewall alias and rule based on that.

None of these things on my existing network are particularly difficult to configure, they run really well.

What I want from IPv6 is:

  1. All devices to use IPv6 including android devices.
  2. To have the same firewall rules configured and not have them be easily bypassed.
  3. To use privacy addresses as I don't want to make every device uniquely trackable over the internet.
  4. To be able to cope with changes to the ISP provided /48 prefix seamlessly.
  5. Have internal DNS make accessing intranet devices easy.
  6. To ensure the privacy of individual devices on my network by avoiding individual device tracking.

What I've tried:

  1. Using DHCPv6, but this excludes android devices. So that's out.
  2. Using a NAT (to avoid tracking of individual devices) and fd00/8 addresses, but this is pointless as those addresses are lower priority than IPv4 (FFS!)
  3. SLACC just seems a non-starter.

Additional: I don't think I have a problem with "thinking about it all wrong for IPv6". I may have a skill issue, hence this question.

As far as I can tell to achieve requirement 1) you must use SLAAC. SLAAC without privacy extensions doesn't allow for 6).

Changes to external ISP prefix assignment impacts MY INTERNAL NETWORK (this just seems insane). And as far as I can tell there's no easy way around this, especially if I have static addresses configured for servers which would (if using SLAAC) have to be manually configured.

I can't see how DNS would be updated either, either Unbound running on Opnsense, or to the pihole. If I go for SLAAC with privacy extensions and I keep paying for a static IP (v4 & v6) to my ISP then I can't implement any firewall rules for specific devices as devices will change their IP regularly. And its even worse if I don't pay for a static IPv6 prefix.

I don't think anything I'm trying to do is particularly strange or unusual but 26 years after its introduction I don't see that IPv6 can meet these requirements. And one of the leading firewall routers, especially in the homelab doesn't have answers to these questions either.

Can you suggest a way to meet all 6 requirements I have with IPv6?

[–] Coelacanthus@infosec.pub 0 points 3 months ago* (last edited 3 months ago) (1 children)

If I go for SLAAC with privacy extensions and I keep paying for a static IP (v4 & v6) to my ISP then I can't implement any firewall rules for specific devices as devices will change their IP regularly. And its even worse if I don't pay for a static IPv6 prefix.

I don't know which firewall software you used. But if you use nftables, which support suffix match and conntrack for TCP/UDP, you can block all new (identified by conntrack) income (since privacy extension design for outcome) and allow income with specific suffix (for SLAAC with EUI-64, it will stable), needn't care about which prefix was used.

[–] blackstrat@lemmy.fwgx.uk 1 points 3 months ago (1 children)

I'm using opnsense. Can't day I followed your description. Sounds far more complicated than "use NAT", which would solve almost everything.

[–] Coelacanthus@infosec.pub 1 points 3 months ago

Actually it's simple than "NAT", technically. Normally when we said "NAT", it's not just NAT (Network Address Translate), but a NAT plus a stateful firewall (see documents below). The conntrack here is a stateful firewall as in "NAT". And compare to create a map from (paddr, pport) to (iaddr, iport) and match the later, it's more simple to just match suffix of address.

https://datatracker.ietf.org/doc/html/rfc4787

https://tailscale.com/blog/how-nat-traversal-works