On 11/12/24 10:03, Carlos E. R. wrote:
On 2024-11-12 16:03, Lew Wolfgang wrote:
On 11/12/24 04:05, Carlos E. R. wrote:
On 2024-11-12 07:24, Lew Wolfgang wrote:
On 11/10/24 11:08, James Knott wrote:
On 11/10/24 13:11, Lew Wolfgang wrote:
So what is to be gained from IPv6 adoption? From my perspective it increases complexity while reducing security and reliability.
Seems to me, the use of NAT, STUN, etc. increases complexity and problems. NAT breaks things. The first I was aware of was command line FTP, back in the dark ages, when it became necessary to use passive mode to get through NAT. In those days, most FTP clients didn't support it. These days, it breaks VoIP and games, requiring the use of STUN. It also breaks authentication headers in IPSec. There may be other things I'm not aware of.
Sorry I'm late to reply. I don't know about VoIP, but Zoom, Teams, Signal, and others work quite well on NAT subnets.
Define well.
Works for 99% of users.
All of those systems use an intermediary. You can not do a direct connection with full privacy.
That's why you use encryption. If you are sophisticated enough to require arbitrary direct connections you can set up a cloud relay point. That's what I do, although my need for point-to-point has gone away.
The intermediary gets to know every connection you make. Encryption doesn't solve this.
Yes, and intermediate routers and taps get to know every direct connection you make with IPv6. Unless you use TOR. BTW, I heard that Signal is coming out with messaging that will use their TNO encryption over a TOR network.
I have had IPv6 on my home network for over 14 years. One nice thing is I can make any IPv6 device directly accessible, firewall rules permitting, just as the network gods intended the Internet should work.
I remember getting compromised twice with hosts directly connected to the Internet. One was an ssh v1.2 bug, the other a mountd bug. Now I use a router-based firewall, NAT, and host-based firewalls.
Also, things like NAT & SLI put more of a load on routers. Incidentally, some carriers moved to IPv6 because there weren't enough IPv4 addresses to create a flat network. This creates network management problems.
Carrier NAT also solves the address starvation problem for carriers.
Define "solve".
Regular NAT gives basically 48-bits of addressing. Then, you can put NATs in series to effectively give you unlimited addresses. Indeed, right here at Wolfgang Manor I have two NATs in series. My phone can send and receive encrypted WiFi calls while sitting behind behind two NAT's on two separate routers. The WAN router interface has a straight IPv4 address. So NAT solves my requirements, which are probably more complicated than most routine use cases.
Yes, it requires an external intermediary, but I don't care since all traffic is encrypted.
I can not ssh to locations using CGNAT.
Then you're in the 1% of use cases. You've certainly got the skills to set up a cloud intermediary of your own and configure your endpoints to be mutually connected using nothing but IPv4. Indeed, I did it once years ago to provide an always-on ssh connection from California to a location in the South Pacific using an AT&T cell modem which was on CGNAT.
Or use IPv6 and forget all those tricks.
IPv6 wasn't available end-to-end at that time in this case.
The point of the referenced article is that the adoption rate for v6 is very slow, and that it's possible that v4 and v6 will coexist on a permanent basis, forever.
It is very slow in the USA.
Yes, because CIDR, NAT, and SNI work so well. US v6 adoption has been flat at 52% for more than five years. This kind of matches the data published on Internet Society’s Pulse that reports that only 47% of the top 1,000websites are reachable over IPv6. 100% are reachable over IPv4. Regards, Lew