Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4669025yYou can blame IoT.
This field is blowing out the 32bit range, and for once in an IT managers life, made a future proof decision to push us to a number of IPs that would take some obscene long time to fill. -
IPv6 isn't designed to have 128 bits of different IPs simultaneously assigned but instead to ensure that no IP address is EVER being used again for another device after it has been assigned once. That's why it is being (partly) generated by the MAC adress and other parameters.
Short: It is designed to being able to identify every single device forever by its IP, wiping out the anonymity of reused and shared IPv4s behind NATs. -
@Condor Yes, anonymising with it becomes nearly impossible, and it is send over the network to everyone you connect with, including your internet provider and "privacy protecting" companies like Google and Facebook.
-
Im far from a network specialist, but isnt V6 better than V4? For one because of no need for portforwarding and no dynamic IPs.
Yes its a bit longer and more difficult to remember and type out, but that's better than adding an an extra number everytime we run out of IP addresses. -
lxmcf199505yI hate it because I have customers constantly complain that we only offer IPv6 at request without support .-.
-
By the time 34 is no longer enough we will need a 3rd standard - 36 bits. And when that's saturated - 38 bits. And so on and so forth.
128 sort of guarantees we will not need a new standard for a very, very long time.
When ipv4 was invented noone could imagine that/when its range will be nearly saturated. Noone knew the network-aware tech will evolve and spread that rapidly, that fast. Ironically we are in the same situation today if we contemplate a possibility to extend ip range to something we believe should enough forever :)
interplanetary internet is coming, no matter how exotic that sounds. I believe I will live to the day I ssh to the Mars π -
128bits seems a tad too much today. But it's also a good thing :)
if I give you [accidentally commit to public github repo] my server's root password and tell you that it only has ipv6. How long will it take you to guess my address? π -
endor56665yWanna have some more fun?
If you wanna request an ipv6 range for your own company, the smallest request they accept is a /29 range iirc. Or maybe a /30.
In other words, you get more ip addresses than the entire ipv4 range - and that's just the public part of the ipv6 address! Because let's not forget, each one of those has a /64 range attached to it at the end.
I really don't get it: why come up with such a massive standard, if you're gonna give them away in such massive blocks anyway?
Hell, a single /64 address would be far more than any modern company could ever need in the forseeable future. And even for large cloud companies, a /60 range could probably address all their needs for at least a few years. So why be so wasteful.
In other news, I'm kinda thinking of requesting my own ipv6 range just for shits and giggles, because why the fuck not. Let's use ALL THE SUBNETWORKS!
(Also, some of the ipv6 features seem pretty cool improvements over ipv4, so that's nice) -
endor56665y@Benedikt that's just one specific type of autoconfiguration, for when you don't want to bother configuring dhcp or whatever for address assignment. Using the MAC address as a base is almost guaranteed to avoid any double assignments.
But you can still just not do that: on my network, I assign ipv6 addresses manually (because it's pretty small). The nice thing about that is that addresses are much shorter to write (since I leave most of the /64 block with zeroes, so it can just be shortened with :: ) -
I can see the point, and I also think ipv6 addresses are unwieldy. But I get it. We as a technological race have always had allocation issues. I mean look at ipv4:
We need a loopback. Well we could just assign a /32, like 127.0.0.1 (yknow, the one that fucking everyone uses...) OR we could just give a /8! 127.x.x.x ... done. Cool now Nat 10.0.0.0/8. Works for me. Research? How about 224.0.0.0/6 ! /6?! That's absurd. But fine. And then apipa. And let's just give Google like a whole fucking block, we're never going to run out of these! There's like 4 billion! There will never be 4 billion networked devices! Hahhhaha! How absurd that would be, all those devices!
.... Wait. Where did all the addresses go?
Ipv6 is designed that every human, dog, company, server, and docker container can have a full ipv4 sized space and not even be close to running out.
It's saving ourselves from ourselves -
Kasonnara725y@endor As said
1) We don't know what future is made of. And when you said "could probably address all their needs for at least a few years", I hope it's more than that, when we see the time needed to change from IPv4 to IPv6, we have to think way ahead. Changing the entire internet is not something you want to do every year, it's already so painful to guarantee compatibility.
2) Giving everyone lot of IP, allow him to use use unique un-guessable IP for any device you have, and you can change when ever you want (best advantage at short term for me as I often see some guy in foreign country (usually china) brute-forcing all public IP addresses we have on all port to seek for breaches. The firewall stop them but there is nothing we can do other than hoping it does it's job, we IPv6 address there no way they find these addresses in the first place)
Bonus) you could eventually map all you device ports, to different address -
myss44515yBefore your rant I've never actually looked in specification of IPv6, it was just something I took for granted, but now after going through Wiki and RFC (quickly), think this is best thing that happened to IT since actual birth of internet.
-
Condor323325y@amatrelan Oh, yeah LoRa is something I've heard about earlier as well. Apparently it's superior to other wireless technologies because of its long range.. well, LoRa.. long range.. anyway. But yeah with the deployment of 5G technology that might not be an issue anymore. Plenty of antennas that perform quite well. And those would need to be addressed too I guess. Not sure if LoRa devices already use the same networking stack or just raw-ish wireless to be honest.
Per user it does seem to increase yeah.. but should every device on the network get its own public IP? And one that doesn't change at that. I mean sure it'd be extremely useful for hosting from home because dynamic IP's would be a thing of the past, but the firewalls on consumer devices.. I don't think they're adequate yet to face the internet directly. Not to mention that having to maintain firewalls for all of them would be a pain :/ it's one of the main reasons why I disabled IPv6 on my servers - 2 firewalls is a pain tbh. -
Condor323325y@myss Well yes, it does solve real problems with IPv4. Address exhaustion is a serious issue and I've heard from some German people that their ISP's are now even resorting to double NAT'ing. So there are problems to be solved and IPv6 definitely does that and more. The thing is, I've got no idea why they didn't go with 64-bit addressing if the smallest block one can get is a /64 (effectively making the internet-facing part of the IP pool 64-bit anyway). It just doesn't make much sense and seems to make maintaining it challenging.
Edit: also apparently with IPv4 the assignment of addresses was done quite poorly. On Wikipedia anyway it's stated that in 2011 only 14% of the address pool was actually in use. Perhaps a reassignment would've been a better idea? -
@amatrelan
2-4 seems like a low estimate. Also keep in mind every device which has multiple nics may have multiple ips at a time.
I currently have:
Laptop (wifi +Ethernet)
Desktop
Phone (cell +wifi)
Router (wifi +public facing nic)
Dvr with network capability
Ps3 (wifi and Ethernet)
Xbox one (wifi and Ethernet)
Two Alexa's
Two smart TVs
Phillips hue
Server (dual nic)
Kindle
Tablet
So in terms of physical devices, I have 20 physical network interfaces which may require an ip at any one time. Take into account sub interfaces, VMs, containers, it's a lot!
I'm not saying I'm average. I probably have more devices than many, many people.
But: it's crazy hard to find a non smart TV nowadays. Alexa is being implanted in every device with a speaker ever now. Game consoles. Kindle. Phones count for two because wifi and cellular. I would say the average American (I can't speak for anywhere else) needs 10-15 IPs at any given time. -
@Condor I would agree that a reassignment may solve SOME issues (and probably cause a whole lot more) but you can't fix all the problems that way. There are hard coded IPs in software. There are databases of IPs that are to be used for certain things. There are RFCs, expectations, standards. Remaining compliant and compatible with certain systems.
Not to mention the high availability, highly important devices like nuclear reactor ICS systems that couldn't afford to malfunction should something unexpected happen when mucking about with the allocations.
I think a new system is best. And a new system that is so crazy gigantic, that an even newer system should never in a million years be justifiable. One switch to never have to switch again. And ipv6 is that new, unfathomably hilariously massive solution. It does what it's supposed to.
Although I do wish they found a way to represent the addresses better. No way am I memorizing and hand jamming that shit! -
@Condor 128 Bit is security wise a good idea. Range scans are impossible unless you know the MAC address of a device (and you only get THAT device)
All those unprotected Windows PCs without proper Firewall cannot be scanned and found. On IPv4 -
Condor323325y@StopMotionCuber That'd be security by obscurity, IP stacks (either IPv4 or IPv6) are not made to provide security, and they shouldn't be used for it. Firewalls protect your systems when they're in plain sight (which is effectively what the internet is). Servers are searched for and attacked constantly. That is not something that IPv6 will or is supposed to solve. The search is bigger but it just takes more time to do so. More IP's will just create larger botnets to do the searching.
-
@Condor Well, it's 2^48 times the count for a single device for each MAC you need to probe.
This means you need 2^48 times the power in a bother to have same results as with IPv4.
This cannot be done in an efficient way. (rather thinking of vulnerable routers/IoT devices like the Telekom had recently. Servers can obviously be found by DNS) -
Condor323325y@StopMotionCuber A lot of people tend to think that way of the v4 internet too. There's no way that 4 billion IP's can be searched efficiently. Yet it happens in 5 minutes after bringing your new server online (before DNS is even involved or registered - and as a crawler you often even want to avoid DNS resolution because of the time it takes), because those searches are not targeted. Your or my devices are not the only ones on the internet and such malevolent (state) actors don't really care whose devices are vulnerable or even out there to begin with. That's why it's so fast to find anything on the internet (as a crawler anyway). There's a ton of crawlers and a ton of devices that aren't really targeted in any way, other than by "they exist, they respond to a ping or whatever and those devices have these ports open that might be interesting".
-
Condor323325yThe most frightening part to me anyway is that it is all entirely automated, easily scalable and very easy to parallelize. In other words a malevolent actor (China and Russia being the main ones) can easily just add machines to the pool to adjust the time it takes to index the whole internet, or the frequency at which it happens.
-
@Benedikt With the IPv6 privacy extensions the mac address is not used for internet communication.
-
@deadPix3l and all of your 20 network devices need a unique public ip address?
No. You need one. One public address, and beyond that you can have as many network devices as fit in 192.168.0.0/16
I do *not* want every silly device to have a public address. Having one means it being visible. -
@Yamakuzure there's nothing special about the private ranges. It's just that RFCs say you shouldn't route it. And so isps agree and don't. But they aren't inherently magical to protect you. This is what firewalls are for. And if you have a home router (dear God don't tell me you're directly connected to your modem), you already have a network firewall. And all hosts pretty much run firewalls.
It's really not the issue you're making it.
Let's remember NAT is not a protection mechanism. It was a way to cope with address exhaustion.
Honestly, I would be perfectly happy with all my devices having public addresses with a standard firewall configuration of:
Stateful. No unsolicited incoming. All outgoing accepted. Yknow. Nothing special. -
@deadPix3l I don't talk about protection, but ok.
So because one device (the router) does NAT, it is better to rely on every device having their own firewall? Who'll configure that? One-rule-fits-all won't cut it.
Your idea to block all incoming and allow all outgoing traffic per device fails the moment someone sends a forged reply to your toaster. π
But in the end it won't matter anyway, I guess... π€ -
@Yamakuzure I guess I'm just confused by your stance.
Every windows since xp has had a firewall enabled by default. Every Unix for a decade shipped with iptables.
The point of a stateful firewall is tracking sequence numbers and connections. Forged replys are precisely what they are great at blocking.
And I don't think the router should do Nat either. Most Soho routers, and in fact most Enterprise routers and routers in general act as firewalls. So that should mean every packet that crosses your network passes your routers firewall, and then your devices firewall. That should be more than enough. And in fact has been enough.
Private IPs dont offer much to security, and shouldn't need to be used for that purpose. -
@Yamakuzure @deadPix3l Btw. _all_ available routers will block outside IPv6 traffic to the devices, if it is not an response for requests from the device.
-
@Condor
I think you are missing some points:
- The huge address space is _very_ future proof, a new standard, if 2**64 turn out to be nit enough in the far future, would again take decades for adaptation - even now IPv6 isn't adapted everywhere.
- The standard is actually simplified: The header is far easier and modular. IPsec is now integrated into the standard, instead of being an extra protocol, put around IP packets.
- The large addresses (and assignments of /64) make it possible to ease address assigning: Not anymore looking for "which device has which mac" - it is already clear. Address assigning doesn't involve the router bidirectional anymore: Get the prefix from the router, announce own address, done (if not derived from mac: choose a random one, check if used, announce)
- This idiotic automatic fragmentation of IPv4 by routers "in the middle" is finally reduced, which could lead to massive speed degradation if not detected. If a packet is to large, it is rejected now. Simple as that. It reduces overall complexity, too.
I agree that 128 bit are a bit large, but hey: Use DNS and ipchains if you don't want to remember them. -
Tell the truth : It's simply because you can't remember IP6 addresses easily.
It’s WAY better than ip4 in any other way (Integrated ipsec just to mention one). Granted memory usages etc, but who cares about memory in 2019 ? We have webapps demanding 2GB of ram.. -
Ngl, i just flat out hate it with a passion. Do I know exactly why? No because i'm dumb. For some reason i am just insanely biased against it. I'm willing to go as far as to say I'm racist against IPv6 or whatever the -ist word would be in that case. I mean just look at it, compared to IPv4 it is just so goddamn ugly. I just realized im ranting about an internet protocol at 2am, what tf am i doing with my life.
Related Rants
-
tullo-x868Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:...
-
abhi-inc11A tcp packet walks in to a bar and says βI want a beerβ, barman says βyou want a beer?β and tcp packet...
-
shauryachats4Facebook's public IPv6 address. Notice the face:b00c?
Here are the reasons why I don't like IPv6.
Now I'll be honest, I hate IPv6 with all my heart. So I'm not supporting it until inevitably it becomes the de facto standard of the internet. In home networks on the other hand.. huehue...
The main reason why I hate it is because it looks in every way overengineered. Or rather, poorly engineered. IPv4 has 32 bits worth, which translates to about 4 billion addresses. IPv6 on the other hand has 128 bits worth of addresses.. which translates to.. some obscenely huge number that I don't even want to start translating.
That's the problem. It's too big. Anyone who's worked on the internet for any amount of time knows that the internet on this planet will likely not exceed an amount of machines equal to about 1 or 2 extra bits (8.5B and 17.1B respectively). Now of course 33 or 34 bits in total is unwieldy, it doesn't go well with electronics. From 32 you essentially have to go up to 64 straight away. That's why 64-bit processors are.. well, 64 bits. The memory grew larger than the 4GB that a 32-bit processor could support, so that's what happened.
The internet could've grown that way too. Heck it probably could've become 64 bits in total of which 34 are assigned to the internet and the remaining bits are for whatever purposes large IP consumers would like to use the remainder for.
Whoever designed IPv6 however.. nope! Let's give everyone a /64 range, and give them quite literally an IP pool far, FAR larger than the entire current internet. What's the fucking point!?
The IPv6 standard is far larger than it should've been. It should've been 64 bits instead of 128, and it should've been separated differently. What were they thinking? A bazillion colonized planets' internetworks that would join the main internet as well? Yeah that's clearly something that the internet will develop into. The internet which is effectively just a big network that everyone leases and controls a little bit of. Just like a home network but scaled up. Imagine or even just look at the engineering challenges that interplanetary communications present. That is not going to be feasible for connecting multiple planets' internets. You can engineer however you want but you can't engineer around the hard limit of light speed. Besides, are our satellites internet-connected? Well yes but try using one. And those whizz only a couple of km above sea level. The latency involved makes it barely usable. Imagine communicating to the ISS, the moon or Mars. That is not going to happen at an internet scale. Not even close. And those are only the closest celestial objects out there.
So why was IPv6 engineered with hundreds of years of development and likely at least a stage 4 civilization in mind? No idea. Future-proofing or poor engineering? I honestly don't know. But as a stage 0 or maybe stage 1 person, I don't think that I or civilization for that matter is ready for a 128-bit internet. And we aren't even close to needing so many bits.
Going back to 64-bit processors and memory. We've passed 32 bit address width about a decade ago. But even now, we're only at about twice that size on average. We're not even close to saturating 64-bit address width, and that will likely take at least a few hundred years as well. I'd say that's more than sufficient. The internet should've really become a 64-bit internet too.
rant
ipv6
ipv4