On 11/12/24 05:38, James Knott wrote:
On 11/12/24 01:24, Lew Wolfgang wrote:
IPv6 is certainly less reliable than v4 in my employer's dual-stacked network. Identical hosts running Leap will sometimes not discover their v6 addresses. I've had to configure our ssh servers to listen only on v4, otherwise connection attempts would freeze waiting for a v6 connection.
You may have other issues.
True.
Then there's the problem of rogue routers.
If you're really worried about security, then you need to watch network traffic. Every router will advertise itself.
Yes, routers advertise themselves in v6. We had one spate of problems where Windows users could accidentally set up their boxes to issue RA's to a dead interface. Sure, a rogue DHCP server could be set up on v4, but not accidentally.
My phone has v4 and v6 addresses, the v4 is on a carrier-grade NAT.
Is your phone's IPv4 address something like 192.0.0.2? If so you're using 464XLAT. Either way, some form of NAT is still being used.
No, it's using 100.64.0.0/10 when not connected to my local NATed WiFi.
CIDR, NAT and SNI on v4
You're still using hacks. Also, even CIDR won't provide enough addresses. It's impossible to connect all the world's devices into the IPv4 address space without using hacks and even hacks on hacks. Those hacks add complexity, reliability and security issues.
But the hacks work. And aren't even hacks if you drop the requirement that all devices can directly reach every other device. That requirement was reasonable when TCP/IP was invented, but why is it needed now on a global basis? CIDR can't supply all needed addresses, true. It can provide something like 3,000,000,000 unique addresses net. Yet there are estimated to be 20,000.000.000 devices currently connected. Sure, some of those are IPv6, but I bet many more are IPv4 NATed. I've got about 20 devices here hiding behind one v4 address, and don't have any issues with our use cases. Regards, Lew