42
Linux
6y

How to start a shitstorm on normie social media:
"IPv6 is not as good as you think"

Comments
  • 11
    Isn't that common knowledge?
  • 5
    @PrivateGER

    Not in a normiefied discussion group
  • 1
    Why should it be better than normal ip's?
  • 1
    @Jilano why do we have to change? 😓
  • 3
    @Wombat because 4 bytes (255⁴) are not really a good space to fit the whole internet in. We need more available ip addresses when we want to connect more devices (IoT, etc.) to the internet. This is what IPv6 guarantees
  • 2
    @ruhe thanks. I got it.
  • 2
    Uhm... Just little confusion of a little boy:

    ipv6... Is it good or not?

    (i thought it was)
  • 7
    @ruhe I think it's a bad idea anyway to connect all this never patched shit to the internet.
  • 5
    @mngr yes it is

    @Fast-Nop I, too, think this is a bad idea. But there are many other advantages, like no need for NATting, that speak for IPv6
  • 2
  • 5
    @ruhe I personally don't even want any of my devices to be reachable directly and have switched off v6 in my router to not be bothered with it. It has nothing to offer that I personally would want, so I don't see why I would waste time on it.
  • 0
  • 4
    I've always had my reservations on IPv6.. firewalls aren't common in client devices, internal networks allow for fuckups without getting the entire internet to attack your host, and so on. And there's the internet of shit argument of course. Personally I also find it much harder to wrap my head around than IPv4. So on my servers I just went and disabled it. There's only a handful of other servers on the internet that this causes connectivity issues with anyway.
  • 5
    @Condor yeah, I think the main connectivity issues will be with Asian servers, especially China because their v4 allocation is too small. However, I really don't care about servers in China because there's nothing that I'd want in their more-or-less intranet. I mean, come on, there's not even pr0n.

    All I actually do get from China anyway is bot hacking attempts on my Wordpress login, and that fails because I don't use Wordpress.
  • 4
    @Fast-Nop haha, same here. Most of the botted attacks seem to come from either Russia or China, as well as US universities at times (probably Tor). Especially China, you'd expect their Golden Shield to be able to deflect it at this point. Such an amazing project for being able to determine with reasonable certainty that their government is probably behind it 🙃

    At some point I even considered just blocking their IP ranges outright, only held back because it'd clutter the firewall too much.
  • 2
    Well...

    IPv6 dates back to the nineties. Lot of stuff has changed since then.

    Psychiatrists needed a lot of time to learn that a lobotomy wasn't clever. Neither electro shocks nor anything else involving severe forms of human violence....

    Maybe sometime in the future people learn from mistakes.... IPv6 is nearly 25 years old. The only reason we do not reinvent the network stack is due to too many devices without proper implementation and upgrade pathes.

    Look at the desastre that TLS 1.3 became... It's a shame.

    sobs in corner
  • 0
    Network newbie here. Why is IPv6 not good? I read the comments and I share your hate against IoT but it doesn't look like it's going to stop, so is there a better alternative?
  • 6
    IPv6 packets is 4 times bigger than a IPv4 packet

    IPv6 packets is not NATable - and with "IoT" on the rise imagine all the DDOS and crap that will kill the internet

    IPv6 does not have any geoIP yet, and you know what that means

    IPv6 is the best way to bring any service down with DDOS
  • 1
    @ruhe

    @condor

    See my comment above.
  • 1
    @Zennoe

    Well, NAT solves that problem.
  • 1
    @Jilano

    Every part of the network needs a major rework.
  • 1
    @Linux, you are way more experienced than me, so I would like to hear what do you think about protocols like B.A.T.M.A.N for ad-hoc routing in wireless networks
  • 1
    @Linux NAT works around the problem
  • 2
    @Linux NAT is also the reason why I now can't reach even my router from the internet, precisely because ISPs now have to NAT over multiple customers
  • 1
    @Linuxx
    I think that some of the things that should definitely die is NAT...

    And rereading your comments I disagree with you.

    Most of the problems that you describe and that occure die to the large addresse range could be solved quite easily.

    Package Size too large? Why is there no compression algorithm...

    A better version of SNDP along with the death of some too much raped and insecure standards like DNS would definitely solve a lot of problems.

    NAT does not solve problems. It creates just a shit ton of new problems.

    I think that especially deep down in the stack regarding auto configuration and negotiation (DNS, NDP, ARP.... and so on) there should be a new approach that allows cryptographally secure layer 2 and up.

    New devices would definitely make this feasible and it would solve a shitton of problems especially regarding firewalls - knowing that the package came from a registered and verified devices via a verified path would be veeeery nice.
  • 1
    @Zennoe same (public?) IP for multiple devices? With the collisions that'd cause, that's a recipe for disaster... And NAT seems to work just fine to only have to give one IP to each customer.. so there's that. Why should we get rid of that in favor of a larger address space? I like being able to surf the internet from behind the comfort of my router. And the only reason to get a direct internet connection is for services anyway, which many ISP's tend to frown upon (such as by blocking TCP 25 for example, to reduce email spam).
  • 0
    @Condor one IP per customer does not work anymore, we have too few IPv4s
  • 1
    @succcubbus And I'm saying that that'd cause collisions. It's impossible to assign the same IP to multiple hosts, because how then would you be able to tell one from the other?

    If you've got some spare time, try assigning the same static IP to 2 VM's that have bridged connections, then fire up tcpdump on both of them and from a third host, start pinging them. Both hosts will receive the traffic, even though only one host should've actually received it.

    Another fun experiment is pinging your third host from one of the duplicate VM's and watching the other duplicate VM receive the pongs.

    In practical terms, imagine that me and you have the same IP, and that you'd receive both your own as well as my traffic, and so do I. We'd be able to authenticate as one another, monitor the other's browsing behavior, and so on. Hence why duplicate assignment is impossible.

    As for whether you can't communicate with your router, are you sure that it's got open ports to the internet/proper forwarding?
  • 1
    @Condor that's the problem that a NAT solves. Two customers are behind the same public IPv4 of a router owned by the ISP. The ISP then opens an internal Network between it's customers. And uses the ports of the connections to distinguish which customer the traffic originated from and therefore where the response traffic should be sent back to.
  • 1
    @succcubbus What? No, the ISP network are public IP's, from a limited range that the ISP has access to. The NAT'ing happens at the home/business gateway/router/whatever you want to call it (consumer routers combine many network utilities that would in business/DC environments be separated). The internal bogon addresses only reside in the local network. Once you pass the router, it's all public internet. The only exception that I've found to this are cellular connections. Those do indeed have a large private IP range, because there's not really any router until you get to the carrier's main network infrastructure. And directly connecting mobile devices to the internet would be madness.
  • 2
    @Condor That's how it usually was, yes. But there aren't enough public IPv4s anymore and the ISPs started to deploy NATs as well. I'm behind two NATs at the moment, my own router and then some router in my ISPs network.
    My public IPv4 differs from my routers WAN IPv4.
  • 2
    @succcubbus double NAT.. now it all makes sense. So essentially your ISP got an IP range with some amount of addresses, grew its customer base beyond that, and now has to do double NAT'ing to work around it? I can see how that's quite the patchwork yeah, and an excellent argument for IPv6 adoption.

    I guess that my lack of experience with double NAT networks goes to show how small my home country Belgium is :') I've never seen this in any of the ISP's here. But in larger countries with a handful of ISP's, I can see how lack of IPv4 addresses can be a problem. I just never realized that that's already being the case now.

    Perhaps bringing the public internet on IPv6 while keeping IPv4 locally (to keep local network config workable) isn't a bad idea after all..

    Also.. come to think of it, would this be how the old sysadmins felt when systemd got introduced? It's kinda hard to deal with the idea that my time spent on learning IPv4 may have been in vain :')
  • 1
    @Condor Yeah, I kinda did a bad job of explaining that. This is in Germany btw.

    And I would probably keep a local IPv4 running just so I can ping sweep it to see which devices are online. At least until IPv6 neighbor discovery works in a stable way for me.

    I believe IPv4 is going to stick around for at least the next 10 years, because too few ISPs and too few Webservers support it, sadly.
  • 4
    @succcubbus

    Sorry, there is actually a shitton of unused IPv4 addresses out there. Many ISP, Universities and Hospitals in the west have hoarded IPv4 addresses that is not used.

    I know several ISP's that have millions and millions of IPv4 addresses that have never been used and probably never will be in many years.
  • 2
    @succcubbus v4 will stick because offering v6 only for a server would harm business, so you have to have v4 anyway. But once you have v4 going, v6 doesn't add value. It's just more maintenance effort and more security holes. That's why ISPs and servers by and large ignore v6.

    v6 is an example of design by comittee with no regard for real world problems.
  • 2
    @Linux I'm with a relatively new/small ISP. So they probably didn't get that many IPv4s. Would be nice if we could properly manage the IPv4s that are left.
  • 0
    @succcubbus

    Yeah small ISP usually buy IPv4 ranges from larger ISP's with a shitton of hoarded IPv4 addresses.
  • 1
    @Fast-Nop

    Exactly, someone here that does have a broader understanding rather than listening on people without technical experience
Add Comment