On 2024-11-12 16:03, Lew Wolfgang wrote:

On 11/12/24 04:05, Carlos E. R. wrote:

On 2024-11-12 07:24, Lew Wolfgang wrote:

On 11/10/24 11:08, James Knott wrote:

On 11/10/24 13:11, Lew Wolfgang wrote:

So what is to be gained from IPv6 adoption?  From my perspective it increases
complexity while reducing security and reliability.

Seems to me, the use of NAT, STUN, etc. increases complexity and problems.  NAT breaks things.  The first I was aware of was command line FTP, back in the dark ages, when it became necessary to use passive mode to get through NAT.  In those days, most FTP clients didn't support it.  These days, it breaks VoIP and games, requiring the use of STUN.  It also breaks authentication headers in IPSec. There may be other things I'm not aware of.

Sorry I'm late to reply.  I don't know about VoIP, but Zoom, Teams, Signal, and
others work quite well on NAT subnets.

Define well.

Works for 99% of users.

All of those systems use an intermediary. You can not do a direct connection with full privacy.

That's why you use encryption.  If you are sophisticated enough to require
arbitrary direct connections you can set up a cloud relay point. That's what
I do, although my need for point-to-point has gone away.

The intermediary gets to know every connection you make. Encryption doesn't solve this.

I have had IPv6 on my home network for over 14 years.  One nice thing is I can make any IPv6 device directly accessible, firewall rules permitting, just as the network gods intended the Internet should work.

I remember getting compromised twice with hosts directly connected
to the Internet.  One was an ssh v1.2 bug, the other a mountd bug. Now
I use a router-based firewall, NAT, and host-based firewalls.

Also, things like NAT & SLI put more of a load on routers. Incidentally, some carriers moved to IPv6 because there weren't enough IPv4 addresses to create a flat network.  This creates network management problems.

Carrier NAT also solves the address starvation problem for carriers.

Define "solve".

Regular NAT gives basically 48-bits of addressing.  Then, you can
put NATs in series to effectively give you unlimited addresses. Indeed,
right here at Wolfgang Manor I have two NATs in series.  My phone
can send and receive encrypted WiFi calls while sitting behind behind
two NAT's on two separate routers.  The WAN router interface has
a straight IPv4 address.  So NAT solves my requirements, which are
probably more complicated than most routine use cases.

Yes, it requires an external intermediary, but I don't care since all
traffic is encrypted.

I can not ssh to locations using CGNAT.

Then you're in the 1% of use cases.  You've certainly got the skills
to set up a cloud intermediary of your own and configure your endpoints
to be mutually connected using nothing but IPv4.  Indeed, I did it once
years ago to provide an always-on ssh connection from California to
a location in the South Pacific using an AT&T cell modem which was
on CGNAT.

Or use IPv6 and forget all those tricks.

The point of the referenced article is that the adoption rate for v6
is very slow, and that it's possible that v4 and v6 will coexist on
a permanent basis, forever.

It is very slow in the USA.