this post was submitted on 24 Sep 2024
105 points (95.7% liked)
Asklemmy
43978 readers
637 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
IPv6 after so many years still is a victim of the chicken-egg-problem. People don't need it because services don't support it because people don't need it because ... and so on and so forth. I try to enable IPv6 wherever I can and I didn't have a propblem for ages. Dual stack is stable and there are actually a good amount of services that support it.
I think we should all push to implement IPv6 so that IPv4 can finally be laid to rest. Using IPv4 makes everything a bit more expensive because it is so damn expensive to get a stupid number. If someone is really scared that every computer has a publicly routable IP, and if you really think you can not configure a firewall, there is a private IPv6 space and you can use NAT with IPv6. It's not recomended but it's possible. I'd still say using a firewall is not harder and just as safe.
And there is the fact that you can make so many subnets which can make your internal network so much safer. You can controll better how packages are sent to groups because broadcast was dropped in favor of multicast. There is IPSec Support built in. Secure Neighbor Desicorvery to prevent attacks like ARP spoofing. There are a lot of reasons to implement IPv6 and even to switch to IPv6 only if possible.
Why should I use IP6 in my small home network?
Or in an SMB where there are less than 100 IP's used on a daily basis?
First I have to pay the cost of transition, along with the risk of things not working while I do this, and then the risk of something new being added and not working.
There's simply no value in these environments to switching, and a lot of risk.
Now let's look at Enterprise, where you have thousands of desktops, probably thousands of servers, extensive networking that already works (along with many, many devices that don't support IP6, like printers, scanners, access control devices, surveillance hardware, etc, etc). Are you going to pay the tens of millions to transition, and assume the risk?
IP6 is good for backbone right now. It will slowly transition into LAN for larger environments (think Enterprise when they setup new network segments, since they're buying new hardware anyway. But only after extensive testing.
But IP4 is just fine for small networks, and I don't see any reason for IP6, ever, for home and SMB LAN.
You can transition step by step. Dual Stack is a thing.
That makes no sense to me. Every network in itself doesn't need IPv6. The 10.0.0.0/8 range has 16 777 216 addresses. IPv6 only makes sense if everyone uses it. We bought ourselves time with NAT and CGNAT and splitting up older ranges but that won't last forever and is costly.
Everyone needs to transition otherwise services will need to keep their IPv4 forever. And if the services keep their IPv4 users don't have an incentive. Maybe we should transition BEFORE there is time pressure. Now is the time to slowly start setting everything up with enough time to plan and test firewall rules and appliances and everything else.