IPv6 (please boost when you vote)
@revk No offence, but where is the I know what it is but I don’t really care too much about it option?
@revk Sadly, there's no option for "I know what IPv6 is, and in principle think it's an excellent idea, but have explicitly disabled IPv6 on my hosts for operational reasons." Dual-stack means twice the work configuring and securing network services, and would take time and resources from more pressing tasks.
@revk bad idea, only a little facetiously. it's fine if you operate a network, or if you stay in one place and can choose a good network. but if you move around, you've got to run ipv4 anyways, so why run both?
some days, like today, i wax cynical that the internet has not only not turned out the way we wanted it to but has become a resource-hungry monster, and we should throw it all away and start again from first principles.
@revk Not so much bad idea but badly implemented enough, still, that I've once again hit a "is some big upstream doing IPv6 wrong such that it's failing and giving me unresponsive service? I think so, seems to have gone largely away since I turned off v6, again". Which I really wish wasn't the case.
@trini @revk Interesting. I haven't had problems with anyone else's IPv6 deployment in at least 10 years. There were some troubles in the early days when some websites didn't work properly, And there was the time when my ISPs router firmware update went wrong and it took the manufacturer two weeks to fix it. But overall it's about as reliable as IPv4 for me.
Where did you have problems recently?
@attilakinali @revk Historically, steam downloads went down to bytes/second and instagram would just randomly fail (a lot harder to debug that one). Currently, and it's also a "fun" one to diagnose, minecraft authentication servers (I believe that's the right term for the ones they talk to periodically whle connected to 3rd party servers) don't respond quickly enough if they can maybe try a v6 host (which they can, some are on v6 which is good) so the game pauses.
@revk I personally think ipv6 is going to take a long time for people to get used to it. But I understand why it's necessary. ✌️
@revk I look forward to a time when disabling IPv6 doesn't keep cropping up as the solution for weird network problems. 😂
@revk Server broke.
Hmm. I see ipv6 is enabled; turn it off?
Yep, that fixed it. Why? No clue, don't care. I have 99 problems but I'm not making ipv6 be one of them.
@revk I know this and others but 1) is that a problem (not necessarily), and 2) is assigning everything an easy number a good solution, assuming it is a problem?
@cadxdr It is a problem if there are more than 4 billion separate places to which you want to route an IP packet... 🙂
1) There are only 65K ports. If you have enough devices to chew through all of these, you need another IPv4 address, which are scarce.
2) Only TCP and UDP have these port numbers. You've now ossified the stack to only these two. Anybody remember SCTP?
3) The client/server model is now fully entrenched. Goodbye end-to-end principle. eg: If I have a RasPi on my network and I want to talk to the RasPi on your network, you now require a middleman that has a public IPv4 address that both devices have to call out to. Did I mention those are scarce?
Every "solution" people throw out there merely delays the inevitable, and usually by a pitiful amount. There are discussions about freeing up 0/8, 127/8, and some of the multicast block. This would extend the pool by, at best, months.
All of this time, effort, and money could be better spent getting #IPv6 fully tested and deployed.
@adorfer @cadxdr @revk That will still bite you even in IPv6 since the stateful firewall uses conntrack. Put another way: allow established,related is the same across both protocols. Cheap hardware is still cheap hardware :)
The advantage is you don't have to take an extra address table lookup to mangle the packet. It's only an allow/deny lookup and the packet gets dropped back on the wire as-is. Fewer copies of the packet = more speed.
@grumpygrimnir @cadxdr @revk Covered better than I could: https://chrisgrundemann.com/index.php/2011/nat444-cgn-lsn-breaks/
@adorfer Interesting… I thought they closed down their services but that was SixXS who previously hosted my v6-tunnel…
@knut hups... never noticed, used them about 10 years ago, stopped after having v6 on all homegateways and rack servers.
@revk no NAT's and multicast baked in in the specs are pretty good, but I'd think that re-thinking the IP architecture from a total clean-slate could prove more useful (in the long run)
If you're interested in a new view on packet communication: https://ouroboros.rocks/
no layer violations needed, for one
@revk Wish it would work. Can't get OpenWRT to accept the IPv6-PD from upstream. That shit's just way too complicated for its own good.
@revk it is great, but it would be nice if $major-companys infrastructure would support it like v4 ... (Looking at you $VPN)
Sorry missed the poll, still undecided as yet to find a way to firewall, seems to behave more like a worm… have disabled on most of my devices.
Hello to explain …
IPv6 according to the RFC on an ipv4 only network will create a tunnel through the ipv4 network to explore if it can create an ipv6 connection, it will follow the default route and create connection. This can be frustrating for VPN users as instead of traversing the VPN the traffic goes out onto the the wild web. The only solution I found was to have 2 hops or disable on devices directly connected to the web, ie a phone.
Hi thanks for response, last time I checked my DNS would leak out via IPv6 when using a VPN the only way to stop this was the 2 hops. According to the RFC that’s the way it’s meant to work. If you’re trying to route your traffic through a VPN or use alternative DNS this can stop that working. I’ll check it tomorrow and let you know what happens.
My server, my rule, invite only, but part of the Fediverse. Do join Mastodon on any server, and follow...