Re: And who told you I want to be measured?
And here's the megapost. I'm shooting myself in the foot by responding to everybody in a giant wall of text that nobody will ever read (except the moderators – sorry guys), but there's just so much outright wrong stuff being posted that somebody's got to do it.
> I don't see Sky turning off IPv4. They *could* decide to share public IPv4 addresses between customers, but as soon as they do that they are into a world of pain when it comes to handling police enquiries, having to log or lock down the port ranges used by each customer.
This will definitely happen. There plain and simply aren't enough v4 addresses to avoid doing this forever. It probably won't be next week or anything, but it'll happen. And yes, it'll suck -- which is why we need to be doing v6 _now_ so we're in a position to ignore the suckage when it happens.
> It seems to me there's a genuine risk of "peak IPv6" - where the majority of the marketplace rejects it
I worry about this sometimes. It's part of the reason that I'm in here trying to dispell people's misconceptions of v6 -- if too many people disable it then we'll never get to the point where random websites go v6-only, which means we'll be stuck with v4 forever. Surely that's not something we want, but a lot of people seem to be masochists when it comes to networking...
> Yes there is. The majority of users do not want inbound connections - or when they do, they want those connections very carefully controlled. At present, with IPv4, they've got that; the default is for connections to be denied
I could easily rephrase this to "the majority of people want to be capable of accepting inbound connections in at least some circumstances", and for that we're going to need v6. v4 just isn't going to cut it.
> And yet, here I am, running peer-to-peer communication through at least one layer of NAT (two for my wireless devices).
Behind CGNAT? If not then I suspect that'll be a nasty surprise for you when it happens.
Also... I'm doing this too, on v4. I know it's possible. But I'm also doing it on v6, and I can tell you that it's just easier on v6. NAT doesn't seem hard until you get rid of it, and suddenly you realize how much of a pain it really was.
> It isn't. That's partly because it's the zero-configuration option, and partly because it's how the IoT companies monetise their marks.
And partly because there's no other choice. Do you want it to be _possible_ for a company to release something that isn't trivial to spy on, or not? Not every company wants all your info (just most), but none of them will have any choice if everybody is behind CGNAT.
> Look, all everybody wanted was a larger address space. Can we planitively ask why you have just added an extra two fields to IPv4 (ie 192.168.0.1 becomes 0.0.192.168.0.1, taking the address space from (254*254*254*254) ~four point one billion addresses to (254*254*254*254*254*254) ~two hundred sixty-eight trillion, five hundred thirty-five billion addresses?
You can, and I can answer, but it's not that hard to figure out.
Adding two bytes is exactly as hard as adding 12 bytes. If you're going to add bytes, you may as well add enough bytes that you don't need to go "whoops, we didn't add enough, we need to go through all that again" later on.
(Perhaps you're thinking that 48 bits would be enough? But no, it wouldn't. It probably wouldn't even be enough to avoid NAT for more than a decade or two, let alone the thousands of years that I expect the internet to be around for. Read RFCs 1715 and 3194 for an explanation of why we need a lot more space than you'd think.)
> You could still actually memorise network addresses and layouts and talk to people about them. You can say (and remember) 10.0.1.20, you can't say (or reasonably be expected to remember) 3ffe:1900:4545:3:200:f8ff:fe21:67cf.
Okay, for starters: DNS. It's awesome and it's been around for years now and it makes your life a lot easier; I really suggest you read up on it.
For seconds: why did you pick such an awkward v6 address? If you needed to remember this address you should've picked something easier to remember, like 3ffe:1900:4545:3::2 (read that as "address 2 on subnet 3").
For thirds: it's not just "10.0.1.20" on v4, you also have your public v4 address to remember. So really, this comparison isn't "10.0.1.20 vs 3ffe:1900:4545:3:200:f8ff:fe21:67cf" but rather "203.0.113.45+10.0.1.20 vs 3ffe:1900:4545:3::2". The v6 address is actually three characters SHORTER than the v4 address pair. It's actually _easier_ to remember.
Finally, I think that if you refuse to use DNS _and_ you deliberately pick hard to remember addresses, then you can't really complain about how hard the addresses are to remember. You brought it on yourself.
> I judge the equipment manufacturers enthusiasm by the lack of cheap firewalls suitable for home users for under 50% of a users monthly takehome pay a decade on.
Most people can get appropriate hardware from their ISP for free. It does not cost you £500+ to start doing v6 at home.
> Now, because you were assigned an IPv6 netblock, your IP addresses are UNIQUE TO YOUR MACHINE, FOREVER.
Your post was good up until this line. This line is completely wrong. Your addresses aren't unique to your machine forever. Your address changes whenever you move between networks, and in fact it changes regularly even on the same network (if you have privacy extensions enabled, which is the default on most OSs).
> BUT, whenever you visit some web site, the web site knows who connected, YOUR publicly visible IPv6 address that is NOT translated.
This is true. The address will become useless after a while, because you won't be using it for long, but in that period the website could attempt to connect to you. At which point your firewall will block the connection.
Meanwhile the website served you a supercookie so it can track you wherever you go, and one of its adverts used a drive-by security vulnerability to infect you with a virus. But for some reason nobody worries about that.
> and what is more - with IPv6 packets you visited the website with digitally signed evidence
Uh, no. It's just an IP packet, it's no different to v4. No digital signatures here (unless you're using IPsec, but you could be using that in v4 too).
> IP4 addresses behind NAT are UNROUTEABLE. You cant reach them, and unless they make an outbound connection, you dont even know for sure they are there.
I do like to point out that this isn't completely true: your ISP (or anyone who can strongarm them) can connect to you even if you're behind a NATing router, unless you prevent them with a firewall.
> And even if they do, you cant be sure which internal machine is originating the connection.
The same is true in v6 with privacy extensions, which are enabled out of the box on most OSs.
> NAT is what makes consumer level broadband safe enough to do e-commerce over.
No. *Firewalls* are what make consumer-level broadband safe enough to do e-commerce over. NAT just saves you from having to set up a proxy server. (Or are you saying that Sky aren't secure enough for e-commerce now that they have v6?)
> The thought of machines with clearly identifiable unique routeable IP6 addresses on the public Internet, relying on user set up firewalls to protect them, scares me ****less.
It shouldn't. This is nothing like as big a deal as you think it is. The addresses aren't clearly identifiable (they're just random numbers that change often) and firewalls are set up automatically by ISP routers and by your OS.
> If I ever setup V6 I will still want a NAT equipped router between me and it.
You are free to do this to yourself. I accept your right to make your own life more annoying than it needs to be for no real benefit. Just don't force it on anybody else.
> The secure perimeter we now all have with ISP-supplied routers (no more USB cable modems, yay!) is the reason why the crims have now moved to the client-based penetration attempts. Take the perimeter wall away, and we're back to 1993.
IPv6 does _not_ take this perimeter away. You will still have the ISP-supplied router and it'll still be the perimeter to your network. Your network will still be yours and you'll still be in control of who gets to connect to machines on it. In fact v6 is what will let you keep that control – with CGNAT, you're going to lose it on v4.
> There is no downside to v6 if you understand networking. If you don't, Internet use will become much trickier.
This is backwards. NAT is the tricky thing to understand; things are a lot easier without it. Note that I'm basing this on actual experience, not fear of the unknown like most other people in this thread.