The question above for the most part, been reading up on it. Also want to it for learning purposes.

  • dan@upvote.au
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    There’s a bunch of advantages. IPv6 can be useful since your devices can have the same IP both internally and externally. No dealing with port forwarding. No split horizon DNS (where you have different DNS entries for internal vs external). No NAT. No DHCP required for client systems (can just use SLAAC to auto-generate addresses). Much simpler routing. It’s a bit faster. Proper QoS.

    I used to use Comcast, who actually have very good IPv6 support. They were the first major US ISP to roll out IPv6 to everyone, around 10 years ago. Unfortunately my current ISP doesn’t have IPv6, but they’re aiming to roll it out this year.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        A good ISP that supports IPv6 will give you a /64 range. That’s a huge number of IPs, 2^64. Easily enough for every device on your network to have a lot of public IPs. If you use Docker or VMs, you could give each one a public IPv6 address.

        When every device on your network can have a public IP, there’s no longer a reason to have private IPs. Instead, you’d use firewall rules for internal-only stuff (ie allow access only if the source IP is in your IPv6 range).

        This is how the internet used to work in the old days - universities would have a large IP range, and every computer on campus would have a public IP.

        Of course, you’d still have a firewall on your router (and probably on your computers too) that blocks incoming connections for things you don’t want to expose publicly.

        • rehabdoll@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          arrow-down
          21
          ·
          1 year ago

          A good isp would give you something bigger than a /64 - /56 or /48. something that you can subnet.

  • fedev@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Because devices in your LAN will all be accessible from the internet with IPv6, you need to firewall every device.

    It becomes more of a problem for IoT devices which you can’t really control. If you can, disable ipv6 for those.

    • orangeboats@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      It’s not necessary to firewall every device. Just like how your router can handle NAT, it should be able to handle stateful firewall too.

      Mine blocks all incoming connections by default. I can add (IP, port range) entries to the whitelist if I need to host a service, it’s not really different to NAT port forwarding rules.

        • amki@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Nothing has changed about why that is compelling: NAT sucks and creates nothing but problems.

          Network security is almost the same with IPv6.

          If you rely on NAT as a security measure you are just very bad at networking.

          • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            I mean that, when IPv6 started filtering out to non-specialists, network security wasn’t nearly as complex, and nor was the frequency of escalation what it is today. Back when IPv6 was new(ish), there weren’t widespread botnets exploiting newly discovered vulnerabilities every week. The idea of maintaining a personal network of internet-accessible devices was reasonable. Now maintaining the security of a dozen different devices with different OSes is a full time job.

            Firewalling off subnets and limitting the access to apps through a secured gateway of reverse proxies is bot bad networking. That’s all a NAT is, and reducing your attack surface is good strategy.