You must log in or register to comment.
I see your satirical IPv6 meme and raise you the highest quality IPv6 evangelism you’ll ever see.
That was beautiful
I wrote and ipv6 parser once.
Never again.
As in a regex or …?
An ipv4 parser would also be sorta difficult.
you have to account for the fact that all the octets can be added to decimal: http://2130706433 (valid 127.0.0.1)
or the fact that octets can be in different formats: http://0x7F.0x0.0x0.0x1 (127.0.0.1)
or the fact that you can mix octet formats: http://0xC0.0250.0.1 (192.168.0.1)
Yeah a mix of regex and heuristics to validate before parsing
It was a long time ago now
It also had to parse ipv4 because they can be embedded (IIRC) and the different octet formats
Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity
NAT is not much different to a firewall though… just because the address space is publicly routable does not mean that the router has to provide a route to it, or a consistent route
NAT works by assigning a public port for the outgoing stream different to the internal port, and it does that by inspecting packets as they go over the wire: a private machine initiates a connection, assign an arbitrary free port, and sends that packet off to the router, who then reassigns a new port, and when packets come in on that port it looks up the IP and remapped port and substitutes them
that same process can easily be true in IPv6 but you don’t need to do any remapping: the private machine initiates a connection, and the router simply marks that IP and port combination as “routable” rather than having to do mappings as well
Its unlikely someone with guess your ipv6 of your iot.
No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.
That’s the thing, you are still thinking in ipv4 terms, and that’s ok. It’s a different way to think of things using ipv6 and the proper way to configure them. No worries tho. Not like you are being forced to ipv6 for internal home networks.
Ok, so what would the equivalent be?
Create a new /64 and don’t give it a route to the internet.
I don’t won’t my IOT to have a real IP to the Internet
Why not? What’s the difference to them having a nat ipv4?
Imagine using ipv6
I love the flat earther energy in this
fun fact, the RFC introducing NAT calls it a “short-term solution”
deleted by creator
https://en.m.wikipedia.org/wiki/Internet_Stream_Protocol
In case anyone wants to know what not to talk about.
The reason IPv6 was originally added to the DOCSIS specs, over 20 years ago, is because Comcast literally exhausted all RFC1918 addresses on their modem management networks.
My favourite feature of IPv6 is networks, and hosts therein, can have multiple prefixes and addresses as a core function. I use it to expose local functions on only ULA addresses, but provide locked down public access when and where needed. Access separation is handled at the IP stack, with IPv4 it’s expected to be handled by a firewall or equivalent.
They kept talking it was because address exaustion, and IANA sold all the remaining blocks they had…
I tested it at the time. Ran nmap ping scan across a block all night with zero results. IANA sold the internet
many “unused” IP addresses are unused because they’re kinda like having spare parts: if you’re planning on extending your network in the futures, your IP block kinda should reflect your end state (ie the parts you need over time to replace or “build” new hosts)
or for blue/green deployments where it’s likely that at least half the IP range will be used in terms of process, but unused most of the time in terms of reachability
and then there’s weird things with splitting up IP blocks into subnets with a division of 3 (the minimum needed for dealing with net splits etc) - eg across availability zones… there are always “waste” IPs because you can’t divide multiples of 8 cleaning into 3
My favorite feature of IPv6 is that there are so many addresses available. Every single IPv4 address right now could have its own entire IPv4 range of addresses in IPv6. It’s mind-boggling huge.
you could assign every square meter of the planet an ip and use it for location, and still have addresses left over
square centimeter is the one I heard
Oh it’s way more than that!
After looking up some numbers, I note we could give every single square MILLIMETER on the planet its own entire IPv4 address space.
…And then every one of those IPv4 addresses could have its own entire copy of the IPv4 address space!
…And that would just be a drop in the bucket compared with IPv6! One good comparison I’ve seen is that you could assign an address to every atom on the surface of the earth (but not inside it) and have enough left over for 100+ more earths.
Rough math for the square millimeters:
The surface area of the earth is roughly 510 trillion square millimeters. Let’s round that up to a quadrillion or 1015.
The number of IPv6 addresses is 2128 or 3.4x1038. To be conservative again, let’s just round that down to 1038.
1038 / 1015 = 1023 IPv6 addresses per square mm of earth.
IPv4 address space is 232 or around 4 billion. let’s round up to 10 billion or 1010.
So then 1023 / 1010 = 1013 IPv6 addresses per IPv4 address per square mm of earth.
1013 / 1010 =
1,000 IPv6 addresses
per IPv4 address
per IPv4 address
per square mm of earth.
And that was with the conservative estimates along the way. I think it would actually be tens of thousands.
I understand some of these words!
My favorite thing to use IPv6 for is to use the privacy extension to get around IP blocks on YouTube when using alternative front ends. Blocked by Google on my laptop? No problem, let me just get another one of my 4,722,366,482,869,645,213,696 IP addresses.
I have a separate subnet which is IPv6 only and rotates through IP addresses every hour or so just for Indivious, Freetube and PipePipe.
This is exactly why ipv6 was never widely adopted. There’s too much power in a limited IP pool.
Define “widely”.
According to Google 46.09% of their traffic is IPv6 and most servers support it. It’s mostly large ISPs dragging their feet.
I think it’s just a few domestic US ISPs. The rest of the world has been happily using it for quite some time.
I’ve never seen functional ipv6 except at university, and I would only consider gci large in terms of coverage area and price.
Hah, do they not just block the whole /64? That’s actually really funny.
Could you link the privacy extension in question I haven’t heard of it
it’s not a browser extension, its a SLAAC thing https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac.
TL;DR is that SLAAC used to use part of your device MAC to form it’s IP, which would be trackable/fingerprintable. Now devices just pick the last 48-bits at complete random on the assumption that no other device is going to have that specific address out of the 4 quintilion available addresses.
edit the RFC https://datatracker.ietf.org/doc/html/rfc4941
Thanks, might have to try that sometime.
Sure, it’s part of the IPv6 spec:
https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/
An ipv6 address turns my brains thinking center off. Short circuit at how fucking stupid it looks.
No different the 10.A4.b2.12
Surely we can do better. Why not IPv10? That’s 4 higher than 6!
My IP goes up to 11.
not sure if you’re aware thats a real thing https://www.ipv10.net/
Guess we have to crank it up to 11, then.
>Forbidden
>You don’t have permission to access this resource.
Awesome.
Obviously. You can only access it in IPv10.
CGNATs suck ass though, I had to buy a vps just to access my own network outside my home.
I’ve recently changed isp and am now hitting CGNAT problems. I have been running Nextcloudpi for years and now I can’t access it from outside. I’ve trying to understand if I can fix the problem using IPv6 but from what you’ve said I’m now wondering if a vps is the solution?
My ISP doesn’t properly support IPV6, otherwise it should work. I use wireguard to route just my server traffic to the vps.
I deal with cgnat on my 2 isps at home. Install tailscale on your vps and your router at home and then on your router you can share subnet devices over your tailscale network. Install a reverse proxy on your vps.
If set up correctly you can route a human readable web address (jellyfin.example.com) to your vps static ip address and then to, for example, a docker container with local address 192.168.100.1:8096, via reverse proxy.
Yeah, had the same issue with my ISP, but at least they switched me back to ipv4 after a support call. Didn’t want to pay extra for the privilege of not being reachable from the outside anymore.
I know its a joke but man its annoying to go from something that is organized in a human readable way to one where you have to rely on the system. I am someone who hates databases though so I have always been like this. Heck way back in the aughts I used to complain that my job involved more seeing and issues and fixing it and the systems were getting to were I feel more like im counseling it.
I do like how I can easily remember IPv4 addresses while I struggle to remember a single IPv6 address
Come on, it’s e easy to remember one IPv6 address: ::1
Its really not possible to remember an IPv6. I mean it is but its really an abandonment on human level and a solution that leverage dhcp which was common anyway. Its about as easy as a hardware address.
Its really not possible to remember an IPv6.
skill issue. Your ISP isn’t giving you a /128, you don’t have to remember a whole ass SLAAC address. My desktop has like 4 IPv6 addresses most of the time, but I only have to remember the one I assigned it and my network prefix. This is one of the advantages of IPv6; you can have an easy to remember, and SLAAC, and privacy-extension addresses all at once.
I can’t prove it, but I’m typing this from my head- 2a05:f6c7:8321::10
That’s about as human readable as IPv4.and you can put words in them too, like 2404:e80:905c:beef::1337
my favorite is ::beef:babe
💪👱♀️
C’mon, IPv4 has so many problems. Sure, let’s reserve a whole /8 for a single loopback address, that’s efficient. 🙄
Well of course, how else would you trick script kiddies that figured out when they DDOSed 127.0.0.1 and learned what a loop back was, and get them again in a few weeks with “ok ok my real address is 127.34.21.2”
Wait… I know 127.0.0.1 but what’s the second one?
not sure if you are joking, but any valid IP4 address starting with 127. does the same thing, loopback. 127.0.0.1 is just the standard most people use, you could use 127.127.127.127, or 127.1.1.1 or any random numbers 0 and 254 for the second 2, and 1 and 254 for the last and the effects will be identical.
In fact, it’s so standard that there’s a bunch of shitty code out there that thinks 127.0.0.1 is the only loopback address.
I’m thinking of a networked Chinese laser cutter that we put on our 10.0.0.0/16 network in the makerspace. It seems to think that 10.0.1.1 and 10.0.2.1 are on different networks. Wouldn’t be surprised if it does a similar mistake with loopback addresses.
A /8 subnet is basically everything after the first of the four segments, e.g. 127.*.*.*. marine_mustang was saying that loopback (what you think of as only 127.0.0.1) is actually an entire subnet, so any address that starts with 127 will hit the loopback interface. TIL, never thought about it much before.
