On 11/10/24 11:08, James Knott wrote:
On 11/10/24 13:11, Lew Wolfgang wrote:
So what is to be gained from IPv6 adoption? From my perspective it increases complexity while reducing security and reliability.
Seems to me, the use of NAT, STUN, etc. increases complexity and problems. NAT breaks things. The first I was aware of was command line FTP, back in the dark ages, when it became necessary to use passive mode to get through NAT. In those days, most FTP clients didn't support it. These days, it breaks VoIP and games, requiring the use of STUN. It also breaks authentication headers in IPSec. There may be other things I'm not aware of.
Sorry I'm late to reply. I don't know about VoIP, but Zoom, Teams, Signal, and others work quite well on NAT subnets. Regarding IPSec, I'm using an Aruba Remote Access Point (RAP) to connect to my employer's network. It's sort of like a hardware VPN. I think it uses IPSec, and it works fine on my IPv4 NAT subnet.
SLI requires deep packet inspection, to determine what the destination is. This is not supposed to be a function of routers.
I don't think that SLI requires deep packet inspection. The destination IP is right there where it should be. The server hostname parsing would be done at the destination, not at routing nodes. With SNI, DNS serves sort of like the router.
Why do you think it reduces security and reliability? Seems to me it's the opposite with hack upon hack needed to get around the address shortage.
IPv6 is certainly less reliable than v4 in my employer's dual-stacked network. Identical hosts running Leap will sometimes not discover their v6 addresses. I've had to configure our ssh servers to listen only on v4, otherwise connection attempts would freeze waiting for a v6 connection. Then there's the problem of rogue routers.
This of course is anathema to IP purists who claim that the Internet was designed on the principle that every device has a globally unique address. But in reality, is this really necessary?
Actually, yes. Look at the cell network for just one example. IPv6 is mandatory on 4G and 5G. This is because they use VoIP (VoLTE and VoNR are VoIP adapted to the cell network) and there are not enough IPv4 addresses for every mobile device, let alone anything else. My phone is IPv6 only and uses 464XLAT to connect to IPv4 only sites.
My phone has v4 and v6 addresses, the v4 is on a carrier-grade NAT.
I have had IPv6 on my home network for over 14 years. One nice thing is I can make any IPv6 device directly accessible, firewall rules permitting, just as the network gods intended the Internet should work.
I remember getting compromised twice with hosts directly connected to the Internet. One was an ssh v1.2 bug, the other a mountd bug. Now I use a router-based firewall, NAT, and host-based firewalls.
Also, things like NAT & SLI put more of a load on routers. Incidentally, some carriers moved to IPv6 because there weren't enough IPv4 addresses to create a flat network. This creates network management problems.
Carrier NAT also solves the address starvation problem for carriers.
There are also things, such as fixed length headers, that improve router performance. Also, elimination of broadcasts, in favour of multicasts reduces LAN noise. The equivalent to a broadcast is an all nodes multicast, which is used only when necessary. By using multicasts, only the intended destinations have to receive the packet. With broadcasts, every device has to receive the packet, whether for it or not.
Seems to me the real problem is inertia, ignorance and head in the sand stupidity! I have heard plenty claiming they should have extended IPv4, when the real solution is to move to IPv6. Vint Cerf, one of the creators of IP had said IPv4 was only intended to be a proof of concept and intended the release version to have a much bigger address space. Unfortunately, IPv4 "escaped".
Incidentally, I first learned the details of IPv4 back in 1995, when I took some classes at a local college. One thing I recognized immediately, as I was sitting in the class, was the inadequate address range. Maybe this was because I come from a telecom background where such things are important. Imagine having to use something like NAT when you make a phone call!
Why not give it a try? You may have to unlearn a few bad habits, but in the long run you'll be better off for it. It's not hard.
I did try. You might recall my problems with it a few years ago. I couldn't make it work with Cox and my Zyxel router/firewall. I gave up, especially since there was no clear advantage to v6, while having the disadvantage of more complex firewalling. The basic theme of the podcast was that the core mission for v6, increased address space, was achieved by CIDR, NAT and SNI on v4 while everyone was waiting for v6. Now, there may not be any practical reason to go v6. Regards, Lew