IPv6 is around 30 years old , but it still has growing up pains. It was designed before mobile broadband , before small businesses and home users started multihoming. Too many IPv6 cheerleaders saw NAT as a weakness of IPv4 instead of a flexible tool which goes well beyond the "temporary" fix for public addresses exhaustion. Then there are the dozen different ways of v4 to v6 migration and interworking. Also Apple, MSFT and google pushing different paths. Although you can get a PI (provider independent) /48 adress from your RIR , it is just not scalable for the hardware on Internet core routers to handle routing tables with a billion entries which wold result from everyone getting this. IPv6 wihout translation only really works well for big institutions with a fixed PI allocation and BGP multihoming to ISPs or smartphones with temporary /64 , which also allows for temporary hotspot. For small business and home internet I think the solution is ULA (ptivate IPv6) for the LAN with stateless network prefix translation to the WAN prefixes from ever changing ISPs , which could even be multiple concurrently.

So basically local NAT went from "we have to do it" to "it's a feature I rely on"

The hardest part is unlearning. IPv4 is all about numbers as names for hosts. Technically they're interface numbers but you get used to that when it matters and ignore when it doesn't. IPv6 is all about numbers as locators. SLAAC addresses are for the return trip or for putting in DNS. They're not intended to be cozy computer nicknames. But if you want to say your file server is something::4 you just do that. Assign a number to the service. You need a static prefix too but that's what the fc00::/7 block is for. The interesting thing is that you can and should have these address plans in parallel. Hosts just have multiple addresses as a matter of course. A static, locally routed address for your file server, but that file server also has a global address for getting updates. And it might have other addresses for other services. You're right that this slows adoption. People don't want to unlearn ipv4 habits, or aren't even aware that they have to.

I worked with IP6 a little bit 20 years ago. Problem 1: equipment that can't handle it. Problem 2: those address are so damn long. Unless your address has lots of continuous zeros in it, it is very difficult to remember. Problem 3: they keep making changes. Once, they had a standard way to translate IP4 addresses to IP6. Problem 4: If NAT fails on IP4 then nothing gets in. If the firewall fails on IP6, all of your computers are now internet addressable.

I think the biggest problem with your idea is that if people started doing that, the bgp table would become way too big for any normal router to handle. Even today, not all ISPs keep a full bgp routing table since it consumes more ram than their equipment could handle. Imagine if we were to keep track on every customer subnets in one bgp routinf table, that would get impossible to manage. This is what I think, but I might be wrong, it happens a lot.

You need to control your DNS. The IP stack is important but jumping up a layer and controlling your DNS, that's the key.

No video cuts, no animation, no notes, yet so clearly explained!

Internet routing would be impossible if everyone had a permanent portable ipv6 prefix. Route tables would have to be ridiculously large.

IPv6 would allow people to easily self host services like photos in their homes instead of eternally paying a subscription or depending on external providers. I'd love to see it happenning but as time passes what I see is that providers like me don't use them, instead they have their own big private networks and do NAT to give you public internet access. They charge me extra for a public IP (I mean public, not static)

Just discovered your channel through this video popping up on my feed. Just beginning my career, bout to finish uni. Interesting stuff, gives me an insight as to why IPV6 wasn't adopted earlier. They certainly push "we're running out of time to switch" message in school.

This is an EASY question to answer and it is the same reason the internet does not allow /32 IPv4 prefixes to be BGP routed across the internet. In short the routers that actually route the internet could not physically handle the amount or routes you would be talking about in this massivly deaggregated scenario. The current size of the IPv4 global table is just over 900K routes and the IPv6 global table is about 175K routes. You start allowing people to have their own /48 that they own and can take to what ever ISP they like, this will explode the size of the routing table many orders of magnitude. I do not know of any commercial grade routers that could currently hanld a fraction of this, and certainly 99% of the ISPs will not want to spend the money even if the hardware did exist. Maybe in another 20 years... we'll see!

Does anyone else not like the idea of half the IPv6 address being the MAC address of the hardware? Seems like there could be some privacy concerns.

Over the past decade, I've added IPv6, HTTP/2, and TLSv1.3 support to network software I've worked on. If customers ask for it, companies will sell it to you. If not, it will remain on developers' laptops and never be released publicly. Don't be afraid to ask for better IPv6 support. If enough tickets roll in your use case will become supported.

You are doing IPv6 Prefix Delegation the wrong way. The idea is that your router manages an address pool that you can use to delegate smaller prefixes for your local networks from. I get my prefix via DHCPv6 from my ISP and my router will then announce different prefixes delegated from the pool to subnets on the LAN side. The important part is that your router will adapt a new prefix and distribute that when it changes. Also, DynDNS has existed for years and I have been behind a dynamic IP address for years. The same applies to IPv6, just that instead of your router taking care of the DynDNS, now your individual clients have to take care of that. On top of that, dnsmasq for example is a great solution to keep a dynamic DNS in your local network. It will detect changes in IP addresses and it will then distribute the new IPs with the DNS requests. And if you set this up properly, you will never have to remember an IP address ever again and you will never have to set up static DNS for any machine. Also, my internal IPv6 network also has a private prefix which makes really handy and short IPv6 addresses like fd97::1 That's even easier to remember than IPv4, isn't it?

While I love the idea of everyone gets their own /48, I think you're forgetting one of the biggest issues faced with ipv4, route table bloat. While an ipv4 entry only takes 12 bytes, an ipv6 entry takes 48 bytes, while that sounds small, this would be for every single user that wants their own subnet. Is that sustainable for even a moderate sized isp? pppingme

i guess there is a reason BGP is not very open to public. I can only imagine how routing tables would blow up if people would be given private Ipv6 ranges.

My question is, why are they delegating a whole 80 bits worth of /48 to an individual? Wouldn't it be smarter to delegate 24 bits at a time? (a whole /8 in ipv4.) I, as a home user, use 10/8 internally and could probably assign static addresses for every IP-capable thing I own, will own, or have *ever* owned and not run out in my lifetime. That's 16 million addresses for crying out loud.) It reeks of the same thing that the initial classful IPv4 routing stank of "There's plenty of room. Here, Ford, have 18/8. Sure, it's 1995 and you only sold 317,621 vehicles and you're making cheap and practicallly disposable disgusting sh*tboxes without any computers that few will want in 30 years time, but go ahead and have 1/255th of the address space. (Oh, and we're going to sit on 1/8th of the address space for "future use" that won't ever happen because of artificial scarcity.) If you want IPv6 to take off, lobby to have IPv6 delegations *decreased* in size and deprecate IPv4, telling all of those hogs sitting on their /8s that they can keep their addresses, but IPv4 is going away and "your reserved netblocks are turning into a tiny delegation of half of a 64 bit prefix, GL;HF. Congrats, your puny 16 million address netblock is practically valueless now that there's over 340 undectilion addresses available."

To be honest, one of the major "features" of IP4 that still makes me stay with it is that using a private address range and NAT seals my network. I don't have to trust a firewall to block things I don't want; that's the default. Unless I manually add a port forward, nothing gets in that's not a reply to an outgoing request. I don't have to worry about the watering timer on my garden faucet being hackable. It "physically" cannot be reached from the outside, no matter how good or bad the config of my firewall is. And that's with a network I---someone who knows how to configure a firewall reasonably well---am managing. The same goes doubly with 99% of consumers. I still remember the times of Windows 98, when people were dialling in with their PCs (so no router or firewall involved), and you couldn't even set up a new PC and download all the updates without it being loaded to the brim with malware in the meantime. Directly routing incoming internet traffic to a device that wasn't built specifically for it is folly.

You cannot have what you want. It's the same reason why Internet doesn't work on MAC addresses but on IP addresses. IP addresses are assigned to countries and then to ISPs. Having your own IP address means that addresses would have to be randomly distributed across the world. So Internet routers would have to remember each individual IP address - where to route traffic to that address. Switches do exactly that - they remember all MAC addresses assigned to a switch port. Customer switches can have memory for let say a thousand MAC addresses. Internet routers work completely different. They work on addresses classes, not individual addresses. They do something like that - I have packet to 130.133.x.x - oh it's a Germany - I should send it through my D port. It doesn't have to remember each individual IP address, it remembers whole address classes. It's the only technically possible solution.

One of the big reasons IPv6 complicates having your own personal address block, is the same thing that makes it so easy to configure -- addresses very much reflect the network topology. As opposed to IPv4's massive routing tables and exceptions and such, it's just "All addresses with this prefix go here". Letting anyone and everyone have their own addresses complicates that; with 2^96 times as many addresses to route, routing tables would grow beyond all feasibility. The preferred setup, as i heard it, is to DHCP basically everything, and update DNS to reflect what address a name refers to.

I am no expert, but I did a couple of cisco networking courses over the years and it was noticeable how the attitude towards ipv6 had changed over those years. First time it was all enthusiasm and everyone would get personal ips because there were plenty to go round etc etc. Years later they were much more muted and basically came to the conclusion that there were just as many security issues under 6 as there was under 4, Nat was still a good idea for security, and people weren't going to get personal numbers except for the self configuration number which may possibly cause their own problems. Then there is the issue of all the ipv6 traffic that seems not to be noticed by some security software, so you have unknown automatic activities occurring that you don't know are occurring if you normally concentrate on ipv4 still. Throw in the long ipv6 numbers and the autoconfigure oddities, it is perhaps not surprising that anyone apart from the big boys find it easier to stick with ipv4. Nat means the address shortage isn't as acute as first stated. It would perhaps have been more sensible to just double the bit length of the addresses rather that go mad.

There's a difference between publicly routable, and publicly accessible. Firewalls still exist in IPv6.

I disabled IPv6 years ago on my network, in my router. I was noticing laggy behavior with my win 10 machines. I started monitoring a bit with Wireshark and noticed a whole lot of IPv6 traffic, and a lot of it going to Microsoft.. After turning off IPv6 on my machines and the router my networking performance increased quite a bit. To the best of my knowledge I haven't noticed any problems as a result. I don't have an issue with NATing. My ISP does traffic shaping so the upload speeds are pitiful by comparison. Of course this is going to work best for customers that do a lot of streaming. When calling my provider they suggested that I pay for a commercial account if I want faster upload speeds which costs 3 times as much per month than the standard home user account that I am using. I came up with some other solution which put my servers external to my network at a fraction of the cost.

Spot on. Actually, even though the ISP for my company 'offers' IPv6, their issue is their techs don't understand it, and when they deploy it, they're giving to you in the same way they do IPv4 address, and expect you to NAT v6. They don't understand how to do prefix delegation etc, it's awful. So ISP support is still a huge issue.

15 years ago I was excited about IPv6. Finally I would be able to get permanent, global addresses for all of my systems. Then I discovered what you talk about here, that the gate keeping on the IPv6 addresses is just as bad, if not worse, than IPv4. I haven't bothered with IPv6 since.

very good to hear this; (dev ops engineer w/ home lab here)

Hello, I am a Cisco guy. What you do is setup dynamic NAT without overloading (using PAT) on your public router IP. This way when your PC on the inside requests an address it grabs an available public IP from a pool and uses it, another host grabs another one out of the dynamic pool, etc. This is handy when you have an application that doesn't like having its ports translated, or when you have a bunch of hosts that want to build say a L2TP to the same VPN ip. Without translating ports you will want to do stateful inspection on incoming traffic, because you loose the "Firewall" that Overloaded NAT naturally creates. This way when your ISP changes your range, you just build a new pool of addresses. The nightmare that it would create in the BGP backbone routers on the internet, would make it HIGHLY unlikely that you are going to get your own range and move it between ISP's

I've used dual stack IPv4 and IPv6 for a couple of years. I use *Dynamic* *DNS* , so I do not care if my ISP IP changes. Moreover, I totally do not care about IPs as I use *fully* *qualified* *domain* *names* for everything that I need to access remotely. You will never be able to keep your IP number like you keep your phone number. The reason is how routing works. It is not a bug, it is a feature. As a bonus for using FQDN, you get encryption with the use of certificates.

DNSv6 is what you need to set up. DNS was made so that IP addresses can change without affecting accessibility. if you own a domain name (or use a dynamicDNS service), you can have it tie to a IPv6 address and then have the router handle checking it is up to date and updating it if needed.

I haven't looked into v6 because I tend to go along with whatever the network security people suggest. 🧐 I appreciate the video for throwing some light on the topic.

Okay, you seem to have not understand one fundamental part of IPv6: Hosts don't have a single address anymore. It is totally normal for a host to have a dozen of addresses at any time, like multiple SLAAC addresses for multiple networks it may be part of (one would be the one of your ISP, others can be private ULA, which you can pick yourself and never change), one or more managed DHCPv6 address, one or more hand assigned address that are easy to remember (which can also be from your ISP or ULAs or both), a bunch of temporary addresses used to go on the Internet to prevent IP tracking (those change every half an hour or so but the previous ones persists for a while and overlap with new ones, as long as they are still used and even beyond that to retrieve late requests), one link local address per interface, several mulitcast addresses required by the IPv6 standard (e.g. to make ARP work) and maybe additional mulitcast addresses if they are part of multicast groups.Your video makes it sound like those are either/or choices, but they aren't, those are "and, and, and, and even more" choices and it's quite common and normal in an IPv6 environment for any host to have that many addresses. Only one of these would be an address you use for public incoming services (and that would not be the address you use for outgoing connections, those would use a temporary addresses, even a web server would use temporary addresses to download software updates for example) and one of them would be the address you use internally to address your hosts within your LAN (that would be one that does not change, like an ULA address assigned by DHCPv6 or a hand assigned one for an ULA announced by SLAAC).

Small customers owning their /48 would cause the routing tables to grow way too big. About 10 years ago we had issues with edge routers (the ones which need the routing table for the whole internet), the global routing table grew and a bunch of the old edge routers didn't have enough RAM to handle the size. With millions of small customers owning their /48, you would also start running into issues where the edge routers would get slower at looking up the addresses. NAT66 looks to me like the best compromise, especially because it's stateless and any arm/riscv home box should be able to NAT a gigabit link. BTW I also still haven't given ipv6 a proper try, because none of my ISPs over the years supported it.

Well this is why we can't have nice things. ISPs treat static IPv4 addresses as a lever for "business pricing". If they played fair with IPv6, they would lose that cash cow. So they will not.

I have no arguments, only a suggestion: write your congressman! If we could get a bill passed in congress related to the assignment/ownership/routing of IPv6 address space to home users via ISPs, it could make a swift and dramatic difference.

1) You do know that you can do IPv6 NATting as well, if you really want to 2) That the network changes, or the prefix length, it is not a problem if you let DHCPv6 handle IP address allocation in whatever range you use. This works really well in my home, and all the computers has domain names that resolve to those random addresses

I've been running IPv6 on my home network for over 13 years, the first 6 with a 6in4 tunnel, but now with native IPv6 from my ISP. Android devices don't work with DHCPv6, thanks to some genius at Google. Re your changing prefix, that's why you use a DNS server. Hopefully your ISP will provide a consistent prefix. I've had the same prefix for years and it's survived replacing, at different times, my modem and the computer I run my firewall on (pfSense). If you want a prefix that's forever yours, arrange for your own prefix, independent of the ISP and have it routed to you, as businesses do. BTW, your IPv4 address is likely not permanent. With my ISP, mine is, so long as I don't change my modem or firewall hardware. Many others aren't even that lucky, with their address changing anyway. Also, with my ISP, the host name they provide is based on the firewall and modem MAC addresses and again doesn't change as long as I don't change hardware. Do NOT use NAT. It's a curse from the network gods and should only be used to get around the IPv4 address shortage. There's no need for it with IPv6. With SLAAC, you have one consistent address and up to 7 privacy addresses. Use the consistent address for DNS and the privacy addresses are normally used for outgoing connections. The IPv6 equivalent of RFC1918 is called "Unique Local Addresses" (ULA), where you pick a prefix that starts with fd:. You can use ULA for your local devices, so that even if your public prefix changes, you still have the same addresses on your LAN, just like RFC1918. On IPv6, the LAN subnet size is always /64. Run dual stack, as I do, so that both IPv4 & IPv6 are available. Normally, IPv6 is preferred, but IPv4 is still available. I often help people with IPv6 on the pfSense forum. One thing I've noticed is many problems are self inflicted because people are stuck in the IPv4 way of doing things. You seem to be in that category. You also seem to be dreaming up problems on your own. Yes, if you had a business, you could get your own prefix, but you would be paying a lot more for it. Use DNS. That way, should your prefix change, you update the server. Problem solved. A bit about me. I come from a telecom background. I first learned about IPv4 in early 1995, when I took a class through a local college. As I was sitting in the class, I was thinking 32 bits was not enough. Shortly after, I read about IPv6 in the April 1995 issue of Byte magazine and realized that was the way to go and I've been advocating for it ever since. I also got my Cisco CCNA several years ago, and IPv6 was part of the subject matter. As I mentioned, I run pfSense for my firewall/router and have multiple subnets. I also have ULA enabled, though I don't really have a need for it, with my persistent prefix. Regardless it works. Also, with the modems my ISP provides, when in gateway mode, ULA is also provided, in addition to the public prefix.

1) Static addresses & routing normally only available for business products/services. A domain name can be paid for but normally just 1 IP address. DynamicDNS or similar service hosted by another company. QNAP have a way your local NAS tells QNAP DNS service your device IP to route & make your DNS publicly accessible (needs password). 2) NAT is a part of firewall security to protect your local systems from random remote access & probing. 3) Home automation & IoT love IPv6 & having your many local devices reachable from internet so you can access automation when you're not at home. 4) IPv4 to IPv6 may eventually become the longest tech transition in history.

As a non-network engineer, but someone more technical than the average user, like hosting something on a home server, a raspberry pi, etc. My only exposure to ipv6 is when it breaks something, like your PiHole DNS server, and the easiest fix is to turn it off everywhere. So the technology is off to a bad start right off the bat.

So, imagine you're an IT person. And a random user comes to you saying they want their own IP, because they want to host a server. As an IT person, you'd say - no, static IPs are for us, you get dynamic IP. If you want to host a server, you can just point users to your computername, don't worry about the IP address.

why don't u use a domain registrar that allows u to directly update the dns records via an API? I use one and it allows me to directly update any ipv4 or ipv6 records dynamically (like how dyndns works), so i only have to set up a simple script on those devices and even when i would get a total different ipv6 block, my subdomains will automatically get updated too, having the ipv6 adresses reconnected. My DNSprovider also supports low-TTL updates, which means after i propagate the update it takes less than a few seconds to be active and reachable from the whole world (no need to wait before the other side of the world has the new info)

Can you imagine the routing table looks if every /48 is individually touted. Requires every home user to talk bgp4 and the ISP s can't do optimized routes as any /48 can have it's own unique route. And you also need to find a way to properly secure that and keep toute propagation fast. Don't think that'll take off...

For the home user at least in Germany if you set up everything out of the box you have everything dual stack automatically. There are some ISPs that apparently still don’t provide v6 for users with old contracts but at least with Deutsche Telekom you always have full v6 service. That means most people are already using it maybe without even knowing.

IPV6 is like fusion, it will be here in 10 years, every 10 years. I remember being told in 1996 that by 2000 everyone will need to be on IPV6. Well you can see how well that went. Another issue is broadcasting your own IPV6. Lots of carriers will let you take a slice from one of their blocks, but that forces you to stay with them or renumber everything. Oh you want us to broadcast your block? I don't know if that is allowed. Note: this last thing was from a few years ago, I don't know if the carriers have gotten any better.

its simply is unpractical. reading firewall entrys, readon logs - SEARCHING logs. imagine you have to change your search depending if the log uses shortened or non shortened ways to log ips. how many times you have to manually read a routing table to find an error, close to impossible on ipv6 if the table is large enough

The real answer, DDoS mitigation and monitoring tools haven't caught up yet. They are only just recently starting to implement IPv6 and are not yet feature parity with IPv4. It has nothing to do with the end-user experience. IPv6 is much better than IPv4 since it resolves the NAT issue, you think ISPs want to use CGNAT?

There is a reason of not giving everyone an ISP-independent static IP. If you own an IP address and you move country or ISP the route to you changes. This means the routers need more special rules thus slowing the entire routing system down (though probably not much) because you can't just have a rule everything with 130.160.0.0/16 goes to ISP X. So while I'd like this I think it does have some negative benefits in how the entire network works.

For me it comes down to one point. I can remember an IPv4 address. I can't a IPv6. So when dealing with my network of 10+ personal computers and several servers I don't want to have to resort to a "cheat sheet".

I went through something a bit like this almost 30 years ago. The basic problem with IPv4 was lack of addresses. So they came up with IPv6 ~ huge address space. But while that was getting sorted, some sort of quick dirty fix (a hack) was required, and that became NAT. Now NAT does break a couple of your fundamental network paradigms, but it's not all negative. It largely solves the limited address problem and it opens up a complete can of worms with other kinds of network tricks. It mostly makes IPv6 completely unnecessary. If you went pure IPv6 then loads of things would stop working. But if you simply stopped IPv6 and went back to pure 4 ~ a few things would go a bit wonky for a week or so, but then they'd go back to old-school and everything would work again. So this brings me back to today ~ when as a home user I have a dual stack because that's the default, (Linux Mint as host) but mostly the IPv6 doesn't do anything ~ except complicate the picture. As far as I can see, pretty much everything is running through IPv4 + NAT anyway. That's where we were at when I started learning this stuff in '95 ~ '96 and that's where we're at still. IPv6 fixes one problem, but NAT fixes several. It's a quick dirty hack, but it has become a wonderfully useful and versatile hack, it does a number of things simple pure IPv6 doesn't. The quick & dirty hack, is actually a far better and more versatile solution than the proper one. As a Linux-head ~ I find something very oddly appealing about that.

My ISP (a cable company) absolutely refuses to issue an IPV6 address to the WAN side of *their* router. Their configuration, although IU can change it, which doesn't break anything but doesn't help either. My girlfriend has deprecated DSL service from the telephone company. IPV6 works perfectly right through to any device on her home wifi that supports IPV6. Once again, their router, their configuration.

So few home users need or want to bring their own IPs (IP4 or IP6), it's much easier for ISPs to just say no to such requests instead of investing a lot of money into educating their staff and implementing new protocols. Also, for home users NAT via a router is a godsend in terms of security.

Deja vu all over again, in the early days of the Internet we use RIP, and RIP needed a table of all routes, as we added addresses the table got to big and IBM had to build special RS/6000's to hold the routing tables. OSPF and BGP were written to handle this. It shrank the routing tables. So in IPv6 can do what you want, and the IPv6 version of BGP needs to know how to route to your /48 and provide that into the consolidated routing tables for routing packets over the backbone. Adding a large number of random /48's makes that table huge. The ISP have a single larger block keeping this table smaller and more manageable. Thus they charge for reserved blocks of addressing space to limit this to only those entities willing to pay for the routing table entries. (Using routing table loosely here of course).

IP addresses are for routing. The idea that every major network in the world needs to know your IP prefix so it can route to your ISP is just silly. That is what DNS is for. The 6-to-4 issue is the real problem IPV6 is not complicated, but hybrid IPV6 and IPV4 kind of is. If we get to the point where the normal user doesn't need that, we're getting somewhere. Don't know if that will ever happen

While the push for NAT was driven by a lack of IP, it's greatest strengths were security and local addressing/portability. NAT is not needed for IPv6 (for security) with a good router/firewall. But for localized portability something like NPTv6 makes sense. You are a network engineer (as I have been). You are okay with bad actors knowing your IP block no matter which ISP you switch to. But for your everyday person, I'm still not convinced "having your own /48" is a good idea. Anonymity is gold. I'd almost go the other way: it would be good if the ISP changed your /48 every day to help kill the tracking systems. But for non-regular users I agree with you. In fact, I want to dual-home my network with a /48; if I could somehow talk a second fiber ISP to connect to my house.

The other thing that IPv6 has trouble with (or so it seems and I hope to god I am wrong) There doesn't seem to be readily available a registration for word-wide IP addresses. With IPv4 you could perform a "whois" and find out if a particular address was owned or part of a pool and who owned/ managed that range in question. Especially when it comes to managing spam and hostile traffic. As an admin I want to be able to block specific ranges for a variety of reasons.

There's just not a whole lot of business reasons to be able to give an IP address to every grain of sand on the planet. Much less wanting to keep track of them all in your maintenance database for the tech support folks.

I've been working with ipv6 for several years now. And i still consider it harder than ipv4. Not because of the addresses but because the software and stacks around ipv6 just aren't as well tested. So i keep running into issues that were already fixed for ipv4 decades ago, or weird problems cause by weird ipv6 mechanism, such as dad(duplicate address discovery). Also, the way certain solutions implement it, e.g., 1 device that provided internet access only allowed dns over the link local, which meant we couldn't simply route dns requests.

Here in Philadelphia, Verizon (the fiber to premises ISP) finally got IPv6 working, and now I can connect to my linux server in a German datacenter via IPv6!

As for the question „Why use IPv6?“ is concerned, here are some answers which apply to my personal situation: a) Configuring routing for virtual machines and Docker containers becomes easier. b) My ISP supports native IPv6. c) My preferred hosting provider charges for every single IPv4 address since the pool was exhausted, and IPv4 subnets have become prohibitively expensive, while every machine is assigned as many free-of-charge IPv6 /64 subnets as desired. I use some servers which don’t have an IPv4 address anymore.

What you're talking about (in regards to an IPv6 allocation you can move around) already exists for IPv4. It's called Provider Independent (PI). But this really isn't the problem I think. The problem is that right now most providers (even dedicated server providers) will happily "sell" you fixed IP allocations, in block or single IP form for IPv4. But for IPv6 they will not do this. In reality there's no reason they can't, at least within their geographic region let you take your IPv6 address between services in the same way they offer for IPv4. They just give an option for IPv6 yes/no. And they will bung you an allocation. This, I think is because it's still seen as experimental, when it really is a fully functioning technology. I had this happen to me just the other day. A server provider informed me that some feature of a virtual machine I was running was no longer supported and I needed to create a new one and copy my data over. Now, this VM is a secondary DNS for me. So what's to do, install the service and copy over all the config/DNSSEC keys etc. Move the IP to the new VM and all good. But, then I see the IPv6 block is now different, with no way to get the original one back. So, now I need to go to EVERY domain I host, and change glue records and the DNS zones to point the ns2 records to the new IPv6 address. Not fun at all. In regards to going full ipv4 or ipv6. I don't think there's any reason to do that. I've had IPv6 on my home network for probably around 12 years (via tunnel for the first half of that). All the time I've run dual stack, and frankly until they turn off IPv4 (if that ever happens) that will be the only sensible way to go I believe. In the last 5 years or so, ipv6 adoption has increased greatly. Big social media (facebook, google, youtube etc) work via ipv6, in fact I can tell you this video was served over IPv6 to me. Most good hosting providers support it. Dual stack isn't a bad thing. It should of course be configured to use IPv6 first over IPv4. In which case you'll be using it everywhere you can use it. I am confused why we've not moved to ipv6 fully by now. Pretty much all kit out there supports it including basic level consumer kit, ISPs could easily move to it, many of the good ones have done some time ago and certainly if you run a service on the internet your provider almost certainly offers IPv6 to your VM or bare metal server. Everything is in place right now. But for some reason most people are still dragging their feet.

As somewhat of a techy I have always been curious about IPv6, but like you said, it's scary at first jumping into something you aren't familiar with especially when it comes to configuring your network and you need to understand how it works and be confident in it. The whole address structure of ipv4 is very simple to remember off the top of your head when you are working in the field. Great video and appreciate you sharing your experience! One question I had was how exactly does security come into play here though. If devices communicate directly, isn't that by nature attempting to cut out the middleware (router, firewall, etc)? I would assume this would put regular users at even more risk because now their device (printer, IoT, laptops, tv's, phones, etc) are now directly exposed to the internet. Unless the router will always need to exist simply for the wifi/hardwired connections? But ISP's seem to like to rent their modem/routers or just completely lock you out of them anyways so you are left up to whatever they issue. It would also mean that you would have to somehow force each device to register a new ip if you wanted to rotate them for some reason (like repeated attacks)... the nightmare that comes to mind when dealing with IoT devices...

funny thing with NAT is i don't see why an IPv6 router with a firewall which offers even better protection than NAT wouldn't be a bad thing. like literally just have a rule to drop incoming non-established connections. or even IPv6, a firewall, and NAT.

Major reason why IPv6 not in use is its "feature" to allow direct access of any home/small office device direct access from the internet. Which is a fundamental security issue. The approach when FTTH modem/router will have IPv6 outside but ipv4 inside is more secure.

Very interesting (as usual). My understanding is that, aside from address space exhaustion, one of the problems the IPv6 working group was trying to solve was "huge" routing tables in the core backbone routers. That had arisen because of historical "classful" routing and the lack of any serious discipline, at least early on, to allocate IPv4 in a strict hierarchical fashion. IPv6 follows strict guidelines allocating blocks to regional NICs, then sub-blocks to countries, then smaller blocks to ISPs. I've always felt that, while the strict hierarchical nature of IPv6 is good for keeping routing tables manageable, it also enables more accurate geo-location and that's probably a good reason for sticking with IPv4. Second, I've been told that in some places in the world (Germany), ISPs rotate prefixes every 24 hours. ISPs claim to be protecting home users who expose routeable addresses but my guess it's the old "if you want a permanent address you have to pay for a business connection". Seems to me the solution to this is enhanced DDNS where any prefix changes are communicated with your DDNS provider.

it's annoyingly complicated versus v4 for those who are uninitiated. like, optics counts, it was a lot to ask people to hold 4 octets in their head at a time... people also like the inherent NAT + firewall + port forwarding model, because when done right it really works well, offers a structured environment where traffic is strictly controlled versus a sense of v6 "defaulting" to a level of openness that frankly, alongside the explosion of insecure IoT devices, is a cause for concern. if the wider internet goes to v6, it's likely that most people will still just run a v4 network with the same old structure at home, regardless. because it's unnecessary to them, they're normies, they don't care, it just has to work. people forget that level of effort isn't worth it to most people, or completely uninteresting. I have a public v6, I'll just keep using v4 internally, I don't *need* v6, that's an important distinction to make, the majority of people do not need it and it's not their problem, the internet needs it and it's the problem of the organisations who collectively run the internet, not mine, I already pay my due which is a connection fee, that's my obligation here, and much like vegans or arch linux users, some people are really obnoxious about it... don't forget it ain't a religion and don't take it too seriously. :)

I don't understand your router configuration, mine is configured to track interface of the wan address. when the wan interface ipv6 address my DHCPv6 and local interface all change to track the assigned interface. I using PD of 56, but I assign my VLAN in the network additional segments.

Most software engineers barely understand IPv4, forget VLANS. IPv6 requires a whole different class of dead chicken to whirl over your head to make anything work.

In around 2010 there were many IPv6 enthusiastic ISPs. But that was also the time when Internet blocking laws appeared. Controllers were connecting to the Internet in each café with free WiFi, and if they managed to connect to the forbidden resource, they posted notable fines for law violation. Controllers often had muTorrent installed on notebooks, and muTorrent configured Teredo and/or 6to4. If Teredo and/or 6to4 helped to reach the forbidden resource, they posted fine. At the same time Internet-blocking software was immature, barely capable of blocking IPv4 correctly. ISP could either provide native unblocked IPv6 and be fined for that, or not provide IPv6 at all. Instantly IPv6 became damnation for cafés and for ISPs. They blocked each and every IPv6 loophole. No more 6to4, no more Teredo. Nobody likes fines. That's how IPv6 was canceled in Russia.

I thought the same thing. I work at an SMB company, our ISP offers dual stack with a /48 on IPv6. I hesitate to set up IPv6 internally without NAT66 because the ISP is then in charge of my prefix. I researched the thing and found out you CAN get a /48 for yourself (as a company at least), even for reasonable money. BUT you will have to implement BGP to make it work, which adds a lot of complexity and cost (for the routers).

1. Use SLAAC 2. Use a DynDNS mechanism to update the hostname in DNS

I'm an old crone and really see your point. Absolutely valid analysis. 35 years ago, I had this idea everyone laughed about, that every person born should have their own, permanent IP address for life as their birth right. I still think that idea makes sense along with restoring the core Internet to a public trust that is lasted to private enterprise. The way the Internet was privatized as a corporate dictatorship is one of the worst mistakes in modern history, and we've got to address it before it's too late if it isn't already.

You need a PI (provider independent) prefix, which is to be requested via a registrar. That's what we use at work (in IPv4), also time to play with AS(autonomous system number). It isn't too scaleable for routers though, so ISP larger prefixes were pushed to keep route tables manageable.

Thanks for the video. You've just saved me a ton of time researching this as I was also looking into ipv6.

Seems the dhcp service should pick up the current prefix and dish out assignments based on that, then retire the old prefix? And ya, update dns accordingly 😞

I recently got IPV6 working, and have dual stacks running, we have to start getting familiar with it, so why not…

My employer does not currently have IPv6 deployed in the network, but we own a public address block (/42?). It is registered to my employer, at ARIN. Just as the /24 IPv4 address space we own is registered with ARIN. It is ours, and whichever ISPs we choose for service, we would announce our networks using BGP. Or, we could simply point our default to the ISP, and they would point a static route to our public IP blocks and redistribute into BGP. What you are addressing in this video is the situation where you are ‘leased’ an IPv6 block (/48) from your ISP. This is a /48 out of a much larger space that your ISP has been allocated. It isn’t portable, so you can’t own it and take it to any other ISP. IPv6 address blocks allocated via DHCPv6 also has the mechanism to request the same prefix each time the DHCPv6 allocation expires, if only all ISPs would honor this! I really think the big challenge with IPv6 is that we approach it with the same mindset that has been used for decades with IPv4. RFC1918 addresses on the LAN, NAT to a single public IP address, implied security because of Stateful NAT, etc. Even in larger (enterprise) IPv4 networks where the organization has a public assigned address block, and has a mix of Static NAT to present public facing services as well as dynamic NAT/PAT for outbound connections initiated by internal users and systems. For IPv6 use in small environments (home, or SMB), if you lease an IPv6 address block from your ISP, you need to be able to accommodate the potential for prefix allocation changes, incorporating DNS and SLAAC. For larger networks, request an address block from ARIN (or whoever your Regional authority is), and then you will have that permanent address block.

I think it’s mostly routing table size that is preventing the registries like RIPE NCC assigning a /48 to home users directly. I’ll ask some of my contacts there if they ever thought about it.

For sceptics, this might become useful if interplanetary colonization happens in the far future, probably not now. Plus it's a godd safeguard of the limit is reached for whatever reason

100% agree with this. I wouldn’t and won’t implement IPv6 on our customers networks, or my own (except for testing) We manage many sites that utilise multiple WANs and in my opinion the ISP needs to be disposable; their network stops at the WAN.

Really interesting point on the impact of changing ISP. Have you played about much with Wireguard on IPv6? I use it quite a lot to remotely access my LAN when off site and it works really well from a security POV, not sure how it would work with IPv6 or does that then need v6 NAT too?

Hi! Have you considered using both? Private adresses for internal use, memorable adresses that never change and use SLAAC at the same time to provide publicly routable adresses for when you need to go out into the internet? You can use the auto assigned addresses, private and public ranges at the same time with no wories. This way theres no NAT or One to One funky translations.

This is exactly why I haven't adopted IPv6. With multiple ISPs using active / standby. One of my carriers will reset to a new IP address (4 & 6) every time the modem is rebooted. I have given up on the whole IPv6 thing. I also have many devices in my IoT life that don't support IPv6 so that was the hammer for the nail. 🔨😁

Have you tried Hurricane Electric? I use HE since 2008 and it works just fine and costs nothing.

I use BT in the UK and *each* time the router restarts the external connection it gets a different IPv6 address from BT. Most frustrating as I can’t use native IPv6 as it’s changed daily.

Why couldn't be solved with dhcp using the prefix assigned from your ISP as the "network" portion and the remaining address as the hosts portion then the dhcp only assigns unique host bits while prefixing the "network" portion to the hosts bits.

IPv6 seemed difficult for me because I was trying to think of IPv6 in terms of IPv4 and trying to relate IPv6 to IPv4. The best way to learn IPv6 was to forget everything I knew about IPv4 and start from scratch. OneMarcFifty's videos on IPv6 helped me there. That said, IPv6 is such an overcomplicated solution to needing more IP addresses.

I'm waiting for IPv7 with the planetery prefix, then allocate a block designated for Mars If you give people the ability to buy IP6 ranges in bulk, then you'll just end up with large companies buying huge chunks for themselves for "just in case" I suspect you'll end up with IP6 eventually on the interwebs because of the lack of IPs, but private range will probably stay on IP4 with nating

The main reason that you can't have your own prefix in IPv6 is because it's designed to be hierarchical when assigning prefixes in order to keep routing tables small. IPv4 routing tables are a mess because of the way they've been assigned and traded over the years, and IPv6 is supposed to simplify the routing tables otherwise the routers will just run slower and huge chunks will be unreachable as the routing table size exceeds the maximum RAM capacity of the router. So the prefix system allows the IP addresses to be tiered with the large providers having a huge chunk and carving it out to their customers - perhaps the big guys get /96 (32 bits) then give the huge customers /64s out of that, and that may be subdivided into /48 or /32 for their customers and so on. Key point being that the first few prefix bits tells you which network to route to and that network can look at the next set of prefix bits to determine the customer and so on. If you could get a random /32 then the whole scheme breaks down as now everyone needs a special rule that your traffic now goes to this other network, i.e., now you added a line to everyone's routing table.

I thought IPv6 was created for practical reasons because we were supposedly running out of IP addresses. It's been 20 years and this hasn't happened largely thanks to NAT. Is there any downside to just continuing to use NAT as a workaround for IP address exhaustion problem as opposed to a full adoption of IPv6?

The problem with a personal IPV6 block, is that the ISP would have to have a route just for you, instead of subdividing their own larger block. If many people wanted that, then the routing tables would be enormous

I’m in the same boat .. want to use ipv6 more. I have to wonder about your concept of owning a static, portable subnet though. I don’t think calling it your “prefix” is right, to me it’s a subnet. And mostly like ipv4, your subnet is just a subnet within your isp’s subnet.. they can only allocate within the ipv6 blocks they own. Getting a new IPv4 address is normal if changing ISP’s so not surprising IPv6 is the same. I mean, why not go a step further and have a single static ipv6 address for your phone or laptop that never changes even if you traverse different networks (home, then cellular, then mates wifi, or work lan, etc). It would be a technical nightmare. DHCPv6 just needs to be smart enough to see the new prefix, and only worry about the subnet portion for address allocation, and then intelligently combine the two, rather than being hard-coded. And finally, yeah. IPv6 support is dismal in terms of routers etc. i also think such routers should do ipv6 firewalling in a way that mimics port-forwarding config. Too much to type in a youtube comment… At the end of the day, the ultimate problem is that everyone is simply dragging their heels. People (ISP’s, vendors etc) might only barely dip their toes in the water but noone wants to jump in proper.

Most ISPs will give you a fixed address if you pay extra. Default settings actually mean your ISP provided address may just be reset randomly. Link local addresses will work locally, so use DHCP for local addresses, my router allocates IPV6 to clients automatically (for global addresses) - and Widows 10/11, Server 2023 etc. all actually default to IPV6 and just fall back to IPV4. Some devices on my network still do not support IPV6, and this is an industry wide problem, so basically have to run both. IPV6 is actually more efficient at data transfer so there are other benefits.

partly agree, changing prefixes should beveolved with smart dns. own prefixes you own would be a huge problem for bgp routing. imagine ipv6 full tables will all /48 routes.

Fixed public IPs (prefix portion, not the subnet portion) shouldn't be assigned by networking providers they should be independently allocated similar to domain names so it can be transfered between venders. It's one more major flaw in the standard.

If you want to use static addresses on your local network, I do wonder whether you could have every device have two IP addresses, one on a local private subnet and the other being a public address.

I've tried multiple times, but as a home user my ISP won't give me a /48 PD address. I've checked with other providers too and they say it is not an option for home users.

What about routing table size?

In my case, IPV6 hasn't taken off because no one has been able to answer me this one simple question: Why, given everything we know about how insecure most devices are, would I even want each and every device directly routed and/or exposed to the outside world in the first place?

For the testing I have done, I use a separate IPv6 on the interface for LAN traffic vs what I expose and route (based on my ISP) for external -- It took me a bit of time to realize that I am able to have multiple IPv6 on the same interface. The one for the LAN would be one you own -- as I recall these start with fd00/8. Not sure if this is in line with what you're looking for.

My isp does support IPv6 but I use hurricane electrics tunnel broker service. Worth doing a ping and bandwidth check because if you’re not near there data center it can be slow. If my isp supports a static prefix like they support a static ip then I would go to that.

I still purchase and integrate IoT type devices and shop floor machinery that has no IPv6 capabilities forcing the IPv4 NAT scenario to continue to play out.