For me, it’s an additional, redundant layer 3 route between my dual stack nodes. I’ve had instances where v4 or v6 paths have broken, and I’ve not noticed until my monitoring systems explicitly notify me.
I’d also like more tools to use MPTCP which would make them more resilient.
A public, directly routable IP address which doesn’t cost a fortune for the ISPs. In fact, an incomprehensible number of public, directly routable IPs per user such that it’s an embarrassment of riches compared to ipv4 (the only important limitations are more down to the number of subnets per user, which is usually still way more than you need at 256 for /56 prefixes).
And it’s even better if all devices and networks support it, since you no longer have to rely on n layers of NAT, reducing latency and complexity.
I self host. Cgnat means my servers ipv4 is not globally accessible hence I’m using ipv6. ipv6 does also reduce network congestion and improve routing efficiency.
All the noise that happened recently with the 3G shutdown tells us just how many old phones there out there on the cell networks. Running old iOS/Android versions with a gazillion exploits. I think it’s a good thing that telcos NAT their customers. The last thing we want is for the Internet to be able to easily connect to those devices.
ipv6 does also reduce network congestion and improve routing efficiency.
Unless you are moving gigabits of data, you won’t notice the difference the smaller header payload of ipv6 offers. That’s some serious ePenis bragging bullshit I see all the time among nerds who want to say they’re on the latest and fastest technology without understanding that while they are correct (uploading/downloading a gigabyte over ipv6 will probably complete a few seconds faster over ipv6 instead of ipv4), they’re also making a big deal about nothing.
Your issue is you want to be able to access your home network over mobile infrastructure, while you are paying for a basic phone plan. Optus does offer what you want, but to business customers. Telstra will also permit you to apply a static IP to some of their plans, I managed to do this for a client about 10 years ago. It was just an add-on that Telstra offered. They were on a business plan, but I don’t remember whether a business plan was a requirement.
Having been on the other end of this situation before, I’m going to disagree with this take. On a normal network, yes - you have a firewall to block traffic except to specific IPs/ports. Once you are in the Millions of nodes realm though (and I only ever got into the hundreds of thousands), a firewall is too unwieldy. You can never keep it up to date with all your customers comings and goings. Imagine you have 10 million customer devices and 0.01% of them come or go on any given day. That’s 10,000 firewall updates per day. You’re spending a lot of tech time maintaining and updating that firewall, and you introduce a small risk of an incident with every firewall update. And for what? For the most annoying of your customers.
Sorry to be blunt, but it’s true. The tiny proportion of customers who want to be able to remotely connect to their home networks are the first to complain about any sort of network congestion (particularly uploads, which regular users don’t even notice). They make a lot of noise about every $5/month price increase. They are the most likely to be doing sketchy stuff on the network. And six months down the line when there’s some new exploit, they’re the most likely vector into the network of the latest worm as they didn’t maintain their security updates diligently. It is far easier to simply not cater to them and let them be someone else’s problem. As customers, they aren’t profitable.
You handle this by putting your static IP customers on a special VLAN and charge them for the service. And then yes: you have a manageable firewall sample.
The second one of these old phones connects to almost any WiFi network they have an ipv6 (if their device supports it which old vulnerable ones won’t). And nat should not be performing the job of a firewall.
I’m less concerned about the ipv6 throughput gain and more concerned about the fact I get an order of magnitude better ping on ipv6.
U misunderstand my issue. I don’t want ipv6 for a broadband connection. I have home internet via starlink which has ipv6 and cgnat ipv4. Hence my server is only accessible over ipv6. My phone is on a optus network meaning that when I am not on ipv6 WiFi I cannot access my server.
Unless you are moving gigabits of data, you won’t notice the difference the smaller header payload of ipv6 offers.
IPv6 headers are usually bigger anyway1, so the only advantage is more efficient routing (so infinitesimally better latency), but in my experience most routers only support IPv4 hw offload and not IPv6, so it’s only more efficient in theory.
I just like IPv6 because I get a whole /56 prefix to play with, and devices often randomise their host portion through the privacy extensions, meaning they use a new address each day or so.
1 IPv4 is usually ~20 bytes, but it can be up to 60 bytes if you stack a lot of options, IPv6 is only 40 bytes AFAIK.
Genuine question:
What does ipv6 give you that ipv4 does not? I genuinely can’t tell the difference as an Internet browser. Particularly on the phone.
For me, it’s an additional, redundant layer 3 route between my dual stack nodes. I’ve had instances where v4 or v6 paths have broken, and I’ve not noticed until my monitoring systems explicitly notify me.
I’d also like more tools to use MPTCP which would make them more resilient.
A public, directly routable IP address which doesn’t cost a fortune for the ISPs. In fact, an incomprehensible number of public, directly routable IPs per user such that it’s an embarrassment of riches compared to ipv4 (the only important limitations are more down to the number of subnets per user, which is usually still way more than you need at 256 for /56 prefixes).
And it’s even better if all devices and networks support it, since you no longer have to rely on n layers of NAT, reducing latency and complexity.
I self host. Cgnat means my servers ipv4 is not globally accessible hence I’m using ipv6. ipv6 does also reduce network congestion and improve routing efficiency.
The fact that it improves routing efficiently and that Optus does not support it explains all you need to know about Optus.
What explains it just as well is a post on the optus forum asking about ipv6. This was 6years ago.
All the noise that happened recently with the 3G shutdown tells us just how many old phones there out there on the cell networks. Running old iOS/Android versions with a gazillion exploits. I think it’s a good thing that telcos NAT their customers. The last thing we want is for the Internet to be able to easily connect to those devices.
Unless you are moving gigabits of data, you won’t notice the difference the smaller header payload of ipv6 offers. That’s some serious ePenis bragging bullshit I see all the time among nerds who want to say they’re on the latest and fastest technology without understanding that while they are correct (uploading/downloading a gigabyte over ipv6 will probably complete a few seconds faster over ipv6 instead of ipv4), they’re also making a big deal about nothing.
Your issue is you want to be able to access your home network over mobile infrastructure, while you are paying for a basic phone plan. Optus does offer what you want, but to business customers. Telstra will also permit you to apply a static IP to some of their plans, I managed to do this for a client about 10 years ago. It was just an add-on that Telstra offered. They were on a business plan, but I don’t remember whether a business plan was a requirement.
That’s the job of a firewall, not a NAT.
That a NAT also blocks connections is incidental, it’s blocking them because it just has no idea how to handle them.
Having been on the other end of this situation before, I’m going to disagree with this take. On a normal network, yes - you have a firewall to block traffic except to specific IPs/ports. Once you are in the Millions of nodes realm though (and I only ever got into the hundreds of thousands), a firewall is too unwieldy. You can never keep it up to date with all your customers comings and goings. Imagine you have 10 million customer devices and 0.01% of them come or go on any given day. That’s 10,000 firewall updates per day. You’re spending a lot of tech time maintaining and updating that firewall, and you introduce a small risk of an incident with every firewall update. And for what? For the most annoying of your customers.
Sorry to be blunt, but it’s true. The tiny proportion of customers who want to be able to remotely connect to their home networks are the first to complain about any sort of network congestion (particularly uploads, which regular users don’t even notice). They make a lot of noise about every $5/month price increase. They are the most likely to be doing sketchy stuff on the network. And six months down the line when there’s some new exploit, they’re the most likely vector into the network of the latest worm as they didn’t maintain their security updates diligently. It is far easier to simply not cater to them and let them be someone else’s problem. As customers, they aren’t profitable.
You handle this by putting your static IP customers on a special VLAN and charge them for the service. And then yes: you have a manageable firewall sample.
The second one of these old phones connects to almost any WiFi network they have an ipv6 (if their device supports it which old vulnerable ones won’t). And nat should not be performing the job of a firewall.
I’m less concerned about the ipv6 throughput gain and more concerned about the fact I get an order of magnitude better ping on ipv6.
U misunderstand my issue. I don’t want ipv6 for a broadband connection. I have home internet via starlink which has ipv6 and cgnat ipv4. Hence my server is only accessible over ipv6. My phone is on a optus network meaning that when I am not on ipv6 WiFi I cannot access my server.
IPv6 headers are usually bigger anyway1, so the only advantage is more efficient routing (so infinitesimally better latency), but in my experience most routers only support IPv4 hw offload and not IPv6, so it’s only more efficient in theory.
I just like IPv6 because I get a whole /56 prefix to play with, and devices often randomise their host portion through the privacy extensions, meaning they use a new address each day or so.
1 IPv4 is usually ~20 bytes, but it can be up to 60 bytes if you stack a lot of options, IPv6 is only 40 bytes AFAIK.