![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://programming.dev/pictrs/image/170721ad-9010-470f-a4a4-ead95f51f13b.png)
Private addresses don’t necessitate NAT. IPv6 also allows private addresses in the form of fd00::/8
, like fd00:face:b00b:1::1
.
Private addresses don’t necessitate NAT. IPv6 also allows private addresses in the form of fd00::/8
, like fd00:face:b00b:1::1
.
.local
is already used by mDNS
I have a 64-bit computer, it can address up to 18.4 exabytes, but my computer only has 32GB, so I will never use the vast majority that address space. Am I “wasting” it?
You are using the addressing bits in the form of virtual memory. Right now. Unless you run a unikernel system, then in that case you could be right, but I doubt it.
Anyway, this is apples and oranges. IP addresses are hierarchical by design (so you have subnets of subnets of subnets of …), memory addresses are flat for the most part, minus some x86 shenanigans.
Yes they are all “used” but you don’t need them. We are not using 2^128 ip addresses in the world.
But we do need them! The last 64 bits of your IPv6 addresses are randomized for privacy purposes, it’s either that or your MAC address is used for them. We may not be using those addresses simultaneously but they certainly are used.
Despite that, there still are plenty of empty spaces in IPv6, that’s true. But they will still be used in the future should the opportunity arise. Any “wastage” is artificial, not a built-in deficiency of the protocol. Whereas if we restricted the space to 40 bits, there will be 24 bits wasted forever no matter how.
You’re not “wasting” them if you just don’t need the extra bits
We are talking about addresses, not counters. An inherently hierarchical one at that (i.e. it goes from top to bottom using up all bits). If you don’t use the bits you are actually wasting them.
you can gradually make the other bits available in the form of more octets
So why didn’t we make other bits available for IPv4 gradually? Yeah, same issue as that: Forwards compatibility. If you meant that this “IPv5” standard should specify compulsory 64-bit support from the very beginning, then why are you arbitrarily restricting the use of some bits in the first place?
If you’re worried about wasting registers it makes even less sense to switch from a 32-bit addressing space to a 128-bit one in one go
All the 128 bits are used in IPv6. ;)
Every time there’s a “just add an extra octet” argument, I feel some people are completely clueless about how hardware works.
Most hardware comes with 32-bit or 64-bit registers. (Recall that IPv6 came out just a year before the Nintendo 64.) By adding only an extra octet, thus having 40 bits for addressing, you are wasting 24 bits of a 64-bit register. Or wasting 24 bits of a 32-bit register pair. Either way, this is inefficient.
And there’s also the fact that the modern internet is actually reaching the upper limits of a hypothetical 64-bit IPv5: https://lemmy.world/comment/10727792. Do we want to spend yet another two decades just to transition to a newer protocol?
Tell that to your ISP which has fucked their IPv6 deployment up. In my experience IPv6 is actually faster since it bypasses the IPv4 CGNAT.
On busy days my IPv4 connection can get as slow as 15KB/s, now that’s trash.
And we are facing the effects of it as we’re speaking. CGNAT and protocols like TURN were not invented without a reason.
Our network architecture has the tendency to waste IP addresses. A subnet may have 10 devices but have 256 IPs (e.g. a /24 network like 192.168.0.0 to 192.168.0.255) - that’s 246 wasted addresses. This wastage is kinda unavoidable since we’d need to keep our routing tables from being too fragmented.
With that in mind it is entirely possible for 64-bit addressing space to not be enough, unless we revert to methods like NAT which come with their own disadvantages.
We have already used up about one /11 block of the IPv6 internet. That’s 128-11=117 bits. If we replace the standardized /64 subnets of IPv6 with old /24 subnets typical in IPv4 networks, you get 61 bits. That’s dangerously close to the upper limit of a hypothetical 64-bit IPv5 internet.
Were I really strawmanning you? Is “I never even implied the opposite” really true? Quote:
So, really, you were “correcting” me for you and your specific setup
Yeah, my “specific setup”… which can be found in virtually all routers today.
Oh come on, are you seriously suggesting that default-deny stateful firewall is not the norm??
Holy. Fucking. Shit. Indeed.
You keep on suggesting to me that you really have no idea how networking works. (Which is par on course for people thinking NAT == security, but I digress)
Let me tell you: All. Modern. Routers. include a stateful firewall. If it supports NAT, it must support stateful firewalling. To Linux at least, NAT is just a special kind of firewall rule called masquerade
. Disregarding routers, even your computer whether Linux (netfilter) or Windows (Windows Firewall) comes built-in with a stateful firewall.
It’s a stateful firewall. It simply drops unsolicited packets.
How is this “dropping packets” not applicable to firewalls, then? You are not just going to casually connect to my IPv6 device as we’re speaking. The default-deny firewall in my router does the heavy lifting… just like what NAT did.
Honestly, it just sounds like you need to brush up on networking knowledge. Repeat after me: NAT is not security.
Wait, why are we talking about Layer 7 when NAT and firewalls are Layer 4 at best?
Consumer router firewalls are generally trash
[Citation needed]
They are literally piggybacking on the netfilter module of Linux. I don’t see how that’s trash
I reckon I see most IPv6 complainers are from the US though…
In my country, turning on IPv6 is not really something ceremonial, it’s just literally clicking on the IPv6 checkbox. The default configurations set in the router are good enough for an average home user, firewalls and all that security jazz are enabled by default.
The DNS didn’t break just because I enabled IPv6, nor did my phone apps stop working. Life goes on, and I have gotten rid of that terrible CGNAT. Somehow this is not the case for many US users across multiple ISPs, I have heard IPv6 horror stories from Verizon, Comcast, and AT&T. Like how did you manage to do that?
The word you are looking for is firewall not NAT.
NAT does not provide security whatsoever. If the NAT mapped your (internal IP, internal port) to a certain (external IP, external port) and you do not have a firewall enabled, everyone can reach your device by simply connecting to that (external IP, external port).
I haven’t seen routers that do not come with IPv6 firewalls enabled by default.
People who do work for themselves
Did you notice that I said “merge request” earlier? Your neighbours were kindly helping you to make a cake and you responded to their kindness with GTFO.
Did I say “some”? I think I did.
GNOME developers seem to have some sort of a weird “vision” for their software. If your bug report falls within their vision, good for you. When your bug report doesn’t, it’s insta WONTFIX.
The FDO icon theme fiasco occurred merely a few days ago.
This is why I try my damnedest not to write in weakly typed languages.
string
+object
makes no logical sense, but the language will be like “'no biggie, you probably meant string + string so let’s convert the object to string”! And so all hell breaks loose when the language’s assumption is wrong.