Posts by Nanashi

Re: I don't want to be measured!

The good reasons are that v4 is too small, and that NAT is an unnecessary headache (or would be unnecessary if it wasn't for the "v4 is too small" bit).

> I certainly don't want anyone to know how many things are on my LAN and what their addresses are. If all was IP6, for privacy and security, I'd still have a firewall / router and hide all my network.

Yeah. But you don't need NAT for this. You'll still have a firewall/router with v6. Your network will still be just about as "hidden" as it is with v4 (that is to say, not hidden at all because you connected it to the internet, but nobody can count your computers from your IPs because the IPs are constantly and randomly changing).

> There are only BAD reasons why a 3rd party would want me to have everything using public IP6.

There are good reasons too, for instance software authors won't need to add NAT traversal support if you don't use NAT. IoT widgets won't need to connect to a central server to allow for remote control. Games will benefit from both of those aspects, which frees up more money to make the game more awesome.

There are reasons you don't want NAT yourself either. Imagine a version of Skype where the calls go directly to the other party, rather than through a Microsoft server. Wouldn't that be better for your privacy? But we can't even attempt to do that without dealing with ubiquitous NAT.

Re: And who told you I want to be measured?

Oh good grief. v6 "high priest" here; let me try and call BS on some of the BS in here.

> My (on last count) 20+ devices on my home network are my own F*** business.

Yup. v6 doesn't change this; your devices on your network are still your own business.

> The v6 people should really take their end to end principle, chose a high priest of v6 of choice and make him stuff it.

Nope. This is crazy. There is absolutely no reason to make things difficult for people who do need inbound connections. If you don't want people connecting to your machine, drop the inbound connection yourself or _don't connect it to the internet in the first place_. Don't screw over everybody else just because you can't be arsed to do that.

> All the IoT devices (usually used as the primary justification for v6) SHOULD NOT be entitled to talk to anything but the gateway and I would like that gateway to be on _MY_ premises under _MY_ control. For that v4 suffices. End of story.

Damn straight. But even with v6, your gateway is still on your premises and it's still under your control. What made you think it wouldn't be?

> All the data leaching admen scum with their ideas that that they will talk to the "cloud" so they can monetize the refresh cycle of my dirty laundry can join the aforementioned v6 priest in gently buggering themselves with a chainsaw

I agree with the "don't talk to the cloud for IoT stuff". But the thing is... everything _has_ to talk to the cloud because peer-to-peer communication is so difficult on v4 with all the NAT. If you want to control something at home from your smartphone, it's difficult to just connect from the phone to the server at home because there's NAT in the way (and don't say you'll just forward the port; CGNAT makes that impossible). That's why all the IoT stuff ends up bouncing through a server owned by the company.

> At the very least, get yourself one outside IPv6 address and map it through.

This is dumb. The LAN is the easiest part of v6 deployment, just use your allocated global addresses on it. Adding NAT to the mix just adds headaches, and it doesn't actually get you anything that privacy addresses (which are enabled by default on roughly everything) don't get you on v6.

> It bugged me from day one that people were told that they "can't" use NAT with IPv6. Of course you can.

You certainly can, but as I say, it's dumb to actually do so. There is no reason to subject yourself to that in v6.

> And the easiest way to transition is to transition your NAT device to have a IPv6 address to the outside world and let it handle the conversion to your legacy IPv4 network.

This isn't the easiest way to transition. How are your v4-only devices going to specify which v6 host to connect to? Deploying v6 to your LAN is really damn simple (and, unlike "just translate to v4", it actually works), you don't need to worry that it'll be difficult. In fact it's so easy that millions of people in the UK have already done it, sometimes without even realizing.

> The use was so little that nobody noticed it disappearing.

I doubt the use was little. Most people with v6 see about 30-60% of their traffic go over v6.

You may not have noticed it disappearing though, if you weren't paying attention. There's a very good reason for that: it's because the v6 transition was designed so that you could gradually roll it out without breaking your existing network. Obviously that necessarily means that you can un-roll it out without much disruption either. (Surely these are both good things?)

But that doesn't mean you can just not do v6, because v4 is still insufficient and the internet still needs to be moving to v6.

(As a side note: ugh Sixxs and their "ban you for anything" attitude.)

> If the industry wants me to adopt IPv6, then give me a translation router that: allows my v4 network to work internally,

Don't worry, this is exactly what's happening with v6 deployment. Just that your LAN will also have v6 on it as well as the v4.

> allows me to prevent snooping backwards into my individual devices.

This is also what's happening. There's no "just" caveats here, v6 routers (or routers in general) inherently allow you to do this.

> But...but..NAT is the work of the Deviiiil! It breaks the internet. Just because every application you've ever used at home has worked just fine

What, you've never seen an Xbox gamer have trouble with their NAT type? Even when stuff does work, it's because the software author has spent time dealing with NAT-related issues -- which means less time spent fixing bugs or adding new features, so your software is worse off that it would've been even if the NAT doesn't outright break it (which sometimes it does). NAT traversal often involves running a server to bounce through, which costs money to run (which could otherwise be funneled into more development work on the software) and also is a nice easy place to monitor whatever you're doing with the software.

NAT is one of the reasons that games often don't let you run your own dedicated servers any more. Having to rely on some company keeping the servers up so you can do multiplayer kinda sucks.

> and just because it inherently improves your security is no excuse.

This is actually exactly the opposite of what NAT does; it inherently decreases your security, because the entire point of NAT is to let you make outbound connections which you otherwise wouldn't be able to make. Your machines would be a lot more secure if they couldn't connect out to the internet. It also lulls you into a false sense of security, because it gives the impression that nobody can connect to machines on your LAN, when in fact your ISP (or anyone who can strongarm them) can easily connect to your LAN machines, even with a NATing router in the path.

If you really want to prevent inbound connections, use a firewall. And firewalls have nothing to do with NAT -- they work fine on v6 too.

> There is no way that I would allow any packets from the Device to device traffinc that is going on inside my private network to reach the outside world.

A sensible position. And guess what? It doesn't matter if you're using globally-unique addresses on your LAN. LAN traffic is still LAN traffic! It's not gonna leave your LAN just because you're not doing NAT.

> for one thing, I don't want to pay my ISP for the traffic (yes, I'm a tightwad). What goes on inside my firewall is my effing business and not that of Google/Facbook/NSA/GCHQ/FSB or whatever company or agency is sniffing around.

More stuff I completely agree with. But also more stuff that's totally unaffected by v6. Local traffic is local traffic.

> IPv6 is a spooks wet dream.

No, not really. Or at least... no more so than IPv4 already is. IPv6 doesn't somehow magically reveal more of your inner secrets than your use of v4 already does.

> The fact that my PC talks to my Lathe is nothing to do with anyone but me. I ceertainly don't want Google to know that I did some NC machining last thursday morning so that they can sling ads at me for NC machines or supplies.

And again, v6 doesn't somehow cause this to happen. In fact it may help prevent it from happening, because this "IoT thing talks to Google's server" business often happens _because_ of NAT. If your smartphone could connect directly to your widgets then it wouldn't need to bounce through some company's server.

> But how would $3_letter_agency know you didn't make a bomb or a component for one? Or some kind of weapon?

This is another thing that has absolutely nothing to do with v6.

> As others have said, there seems no rational reason why a domestic - or indeed a commercial - firewall can't be v6 on the outside and NAT v4 on the inside.

Yes, there is a rational reason: there are only 32 bits in the v4 "destination address" header to specify the host you want to connect to, and a v6 address's 128 bits won't fit into it, so your LAN hosts won't have any way to identify which host they want to connect to. (Sorta the whole problem right there.)

For the sake of clarity I will just point out that your local network will have its current v4 addresses _as well as_ v6 addresses. v6 deployment won't disrupt any of your existing network, it'll just add on the extra capability of reaching v6 hosts.

For the sake of extra clarity I'll also point out the existence of privacy addresses -- basically, every v6 host periodically generates a new random address for itself. It's hard to identify a host by its v6 address because it's constantly changing and no addresses are ever reused. If you're worried about people counting the number of machines you're running by using their v6 addresses, then don't.

Worry about supercookies and browser fingerprinting instead.

Phew... I think that about covers everything.