Follow

IPv6 (please boost when you vote)

@revk why? later you'll have problems with really huge addreses..

@revk@toot.me.uk "wish ISPs got off their assess because tunneling sucks"

@revk No offence, but where is the I know what it is but I don’t really care too much about it option?

@daniel only so many options. The don’t care is it just works, to be honest.

@revk Sadly, there's no option for "I know what IPv6 is, and in principle think it's an excellent idea, but have explicitly disabled IPv6 on my hosts for operational reasons." Dual-stack means twice the work configuring and securing network services, and would take time and resources from more pressing tasks.

@revk it's a good idea but it doesn't just work and I don't love it.

@revk bad idea, only a little facetiously. it's fine if you operate a network, or if you stay in one place and can choose a good network. but if you move around, you've got to run ipv4 anyways, so why run both?

@revk
some days, like today, i wax cynical that the internet has not only not turned out the way we wanted it to but has become a resource-hungry monster, and we should throw it all away and start again from first principles.

@revk and if we're doing *that* we can do much better.

@revk where is the option of my iso don't give me ipv6

@revk Not so much bad idea but badly implemented enough, still, that I've once again hit a "is some big upstream doing IPv6 wrong such that it's failing and giving me unresponsive service? I think so, seems to have gone largely away since I turned off v6, again". Which I really wish wasn't the case.

@trini @revk Interesting. I haven't had problems with anyone else's IPv6 deployment in at least 10 years. There were some troubles in the early days when some websites didn't work properly, And there was the time when my ISPs router firmware update went wrong and it took the manufacturer two weeks to fix it. But overall it's about as reliable as IPv4 for me.

Where did you have problems recently?

@attilakinali @revk Historically, steam downloads went down to bytes/second and instagram would just randomly fail (a lot harder to debug that one). Currently, and it's also a "fun" one to diagnose, minecraft authentication servers (I believe that's the right term for the ones they talk to periodically whle connected to 3rd party servers) don't respond quickly enough if they can maybe try a v6 host (which they can, some are on v6 which is good) so the game pauses.

@revk I personally think ipv6 is going to take a long time for people to get used to it. But I understand why it's necessary. ✌️

@revk fine for use on public networks, internal private networks can stay IPv4. Done.
@revk Love-hate relationship. Great ideas, poorly executed.

@revk I look forward to a time when disabling IPv6 doesn't keep cropping up as the solution for weird network problems. 😂

@revk Server broke.

Hmm. I see ipv6 is enabled; turn it off?

Yep, that fixed it. Why? No clue, don't care. I have 99 problems but I'm not making ipv6 be one of them.

@revk I still don't get what it is supposed to solve. like what *actual* problem

@cadxdr by far the simplest is the fact that there are more devices now than IPv4 addresses.

@revk I know this and others but 1) is that a problem (not necessarily), and 2) is assigning everything an easy number a good solution, assuming it is a problem?

@cadxdr It is a problem if there are more than 4 billion separate places to which you want to route an IP packet... 🙂

@cadxdr @revk What we think of a NAT today is actually NAPT: Network Address and Port Translation.

1) There are only 65K ports. If you have enough devices to chew through all of these, you need another IPv4 address, which are scarce.

2) Only TCP and UDP have these port numbers. You've now ossified the stack to only these two. Anybody remember SCTP?

3) The client/server model is now fully entrenched. Goodbye end-to-end principle. eg: If I have a RasPi on my network and I want to talk to the RasPi on your network, you now require a middleman that has a public IPv4 address that both devices have to call out to. Did I mention those are scarce?

Every "solution" people throw out there merely delays the inevitable, and usually by a pitiful amount. There are discussions about freeing up 0/8, 127/8, and some of the multicast block. This would extend the pool by, at best, months.

All of this time, effort, and money could be better spent getting #IPv6 fully tested and deployed.

@nivex @cadxdr @revk it's not a rare incident to run out of conntrack-buffers on a busy NAT-homegateway (giga broadband and to small RAM)
Most poeple never notice apart from "bad internet".

@adorfer @cadxdr @revk That will still bite you even in IPv6 since the stateful firewall uses conntrack. Put another way: allow established,related is the same across both protocols. Cheap hardware is still cheap hardware :)

The advantage is you don't have to take an extra address table lookup to mangle the packet. It's only an allow/deny lookup and the packet gets dropped back on the wire as-is. Fewer copies of the packet = more speed.

@nivex @cadxdr @revk marketing ipv6 as "routing engine is faster" does not seem a viable route for me. it's more powerful and helps eg. webrtc a lot. but the routing is generally slower than NatV4, for multiple reasons.

@adorfer @nivex @cadxdr I don’t find that, and google certainly have been showing negative latency penalty for IPv6 (ie faster).

@revk Missing: "I wish I had but my ISP is too 1980 to assign me an IPv6 address / subnet…"

@knut @revk there are enough v6tunnelbrokers out there, even free ones like HurricaneElectric.

@adorfer Interesting… I thought they closed down their services but that was SixXS who previously hosted my v6-tunnel…

@knut hups... never noticed, used them about 10 years ago, stopped after having v6 on all homegateways and rack servers.

@revk no NAT's and multicast baked in in the specs are pretty good, but I'd think that re-thinking the IP architecture from a total clean-slate could prove more useful (in the long run)
If you're interested in a new view on packet communication: ouroboros.rocks/
no layer violations needed, for one

@revk: #IPv6 works great. Unless you try to use IPv6 only. Then you see all the things that are not IPv6 capable yet. Like e.g. #Github 😡, #NetworkManager 🤮, People who talk about "Single Stack" 🙄, etc.

@revk: Small amendment: Of course #NetworkManager supports #IPv6, but when we tried to do IPv6-only with it, things went horribly wrong.

@revk Wish it would work. Can't get OpenWRT to accept the IPv6-PD from upstream. That shit's just way too complicated for its own good.

@revk it is great, but it would be nice if $major-companys infrastructure would support it like v4 ... (Looking at you $VPN)

@revk
Sorry missed the poll, still undecided as yet to find a way to firewall, seems to behave more like a worm… have disabled on most of my devices.

@revk
Hello to explain …
IPv6 according to the RFC on an ipv4 only network will create a tunnel through the ipv4 network to explore if it can create an ipv6 connection, it will follow the default route and create connection. This can be frustrating for VPN users as instead of traversing the VPN the traffic goes out onto the the wild web. The only solution I found was to have 2 hops or disable on devices directly connected to the web, ie a phone.

@dylins If you mean 2002::/16 that is pretty much deprecated anyway. Wow!

@revk
Hi thanks for response, last time I checked my DNS would leak out via IPv6 when using a VPN the only way to stop this was the 2 hops. According to the RFC that’s the way it’s meant to work. If you’re trying to route your traffic through a VPN or use alternative DNS this can stop that working. I’ll check it tomorrow and let you know what happens.

Sign in to participate in the conversation
Toot.me.uk

My server, my rule, invite only, but part of the Fediverse. Do join Mastodon on any server, and follow...