The question above for the most part, been reading up on it. Also want to it for learning purposes.

  • tburkhol@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago

    Definitely dual stack if you do. The real benefit of IPv6 is that, supposedly, each of your internal devices can have its own address and be directly accessible, but I don’t think anyone actually wants all of their internal network exposed to the internet. My ISP provides IPv6, but only a single /128 address, so everything still goes through NAT.

    Setting it up was definitely a learning process - SLAAC vs DHCP; isc’s dhcpd uses all different keywords for 6 vs 4, you have to run 6 and 4 in separate processes. It’s definitely doable, but I think the main benefit is the knowledge you gain.

    • designatedhacker@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Your ISP is doing it wrong, which I guess you already know. I get a /64 net via DHCPv6 for my LAN which is pretty standard.

      +1 to dual stack. Too much of the internet is v4 only, missing AAAA, or various other issues. I’ve also had weird issues where a Google/Nest speaker device would fail 50% of the time and other streaming devices act slow/funky. Now I know that means the V6 net is busted and usually I have to manually release/renew. Happens once every few months, but not in a predictable interval.

      Security is different, but not worse IMO. It’s just a firewall and router instead of a NAT being added in. A misconfigured firewall or enabling UPnP is still a bad idea with potentially worse consequences.

      Privacy OTOH is worse. It used to be that each device included a hardware MAC as part of a statelessly generated address. They fixed that on most devices. Still, each device in your house may end up with a long lived (at least as long as your WAN lease time) unique IP that is exposed to whatever sites you visit. So instead of a unique IP per household with IPv4 and NAT, it’s per network device. Tracking sites can differentiate multiple devices in the house across sites.

      This has me thinking I need to investigate more on how often my device IPv6 (or WAN lease subnet) addresses change.

      • Faceman🇦🇺@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I get a fat /48 network, just in case I need one septillion, two hundred and eight sextillion, nine hundred and twenty-five quintillion, eight hundred and nineteen quadrillion, six hundred and fourteen trillion, six hundred and twenty-nine billion, one hundred and seventy-four million, seven hundred and six thousand and one hundred and seventy-six individual IPs.

        IPV6 is pretty wild, we could effectively give every service connecting to every client, in every direction, for every single individual bit its own dedicated address without getting anywhere near using that address space.

    • Katrina
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      And the biggest disadvantage of IPv6 is that each of your internal devices has its own address and can be directly accessible from outside. So you need to completely rethink how you do security.

      • lemming007@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        And can be identified/tracked individually by outside entities. In IPv4, a website sees both my device and my kid’s device as the same IP. In IPv6 they’re different so this just provides more ways for them to track you.

      • thanevim@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Isn’t that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.

        • r00ty@kbin.life
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          You don’t need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.

          With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.

          Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can’t identify you and try to connect back to your ip with a port scanner etc.

          All the benefits of nat with none of the drawbacks.