Advantages of IPv6?

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
6 posts Page 1 of 1
by ewhac » Thu Sep 05, 2019 2:21 pm
(This oughta get the forum hopping...)

Last night, I discovered that Sonic supports IPv6 6RD. After some quick mucking around in pfSense, I successfully enabled it and was able to ping6 remote hosts from the gateway.

And then I found myself wondering: Why should I do this?

I know enough about IPv6 to know that it is much more than simply IPv4 with longer addresses. It has a bunch more options and capabilities and, with them, more opportunities for misconfiguration and network vulnerability. I have personal experience on networks whose IPv4 traffic and subnets were well managed and locked down, but IPv6 just floated right through.

I barely grok the firewall rules that let NAT and port forwarding work; there's no way I know enough about IPv6 to think about all the possible pitfalls and configure a gateway/firewall properly. So: Why should I enable IPv6? What advantages over IPv4 are waiting for me if I go to the trouble of learning and setting up IPv6 on my home LAN?
by kyle.depasquale » Thu Sep 05, 2019 3:01 pm
Currently? None, unless you need to access a service that is solely accessible via IPv6.

At some point in the future, there will be services that are available via IPv6 and not IPv4, but I don't know of any yet. A quick google search brings up this short article from February and even they only know of a handful of v6 only services.

It's really nothing more than future-proofing at this point, or for those who are working on v6 services that will be available in the future :)
by cmeisel » Thu Sep 05, 2019 11:52 pm
Eventually we will run out of ipv4 addresses. Having said this, I went to a Microsoft IPv6 seminar 15 years ago where they pushed vendors to make all apps ipv6 capable because ipv6 was going to take over the world any day now and it did not materialize. When we sell to enterprise customers these days, it is very rare that any of them use ipv6 yet. Will it come? Yes and it will have some real routine advantages and probably benefits iot a lot but most end users really don’t need it they just want it.
by tigertech » Tue Sep 24, 2019 4:54 pm
ewhac wrote:And then I found myself wondering: Why should I do this?
Enabling IPv6 on your end can double your chances of reaching sites that support both IPv4 and IPv6 (i.e., most large sites) in some cases, because your browser will try both and use whichever succeeds.

To take an example I just checked: If you connect to http://www.wikipedia.org through Sonic over IPv4, the connection goes from Sonic, to an "Internet backbone" (transit) company called Cogent, to Wikipedia. If you make the same connection using IPv6, it goes from Sonic to Wikipedia through a completely unrelated Internet backbone company, Hurricane Electric.

So if Cogent is having routing trouble and you try to visit Wikipedia with only IPv4 enabled, you'll see an error. If you have IPv6 enabled, your browser will use whichever connection works, and you won't notice any problem.

IPv6 has some other advantages, including the fact that there's not usually any such thing as NAT with IPv6. Security can be simplified in some ways as a result of that and of the much larger address space.
by ewhac » Thu Sep 26, 2019 12:28 am
tigertech wrote:IPv6 has some other advantages, including the fact that there's not usually any such thing as NAT with IPv6. Security can be simplified in some ways as a result of that and of the much larger address space.
Yes, eliminating NAT makes port forwaarding unnecessary, and all your machines can be individually accessed from the Internet.

The disadvantage is that... NAT's cheap and dirty firewalling goes away, and all your machines can be individually accessed from the Internet. While network security is no substitute for proper platform security (where it actually belongs), platform security today is still a monumental joke. There's really nothing you can do to make Windows secure against the open Internet, and IoT devices should be assumed to be wide-open. Hence, my chief reluctance to just turn on IPv6.
by tigertech » Fri Sep 27, 2019 5:44 pm
ewhac wrote:The disadvantage is that... NAT's cheap and dirty firewalling goes away, and all your machines can be individually accessed from the Internet.
Keep in mind that you can have an IPv6 firewall that works exactly like an IPv4 NAT-enforced firewall did -- it's not the NAT part, but rather the stateful firewall (that NAT happens to require) that provides the security. (Or this, for another take ;).)

An IPv6 firewall can also be set to "block all incoming traffic we didn't initiate a connection to", and can be simpler to implement without NAT being involved. And simpler security is usually more reliable security, of course.
6 posts Page 1 of 1

Who is online

In total there are 29 users online :: 1 registered, 0 hidden and 28 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot] and 28 guests