Comment by rao-v
4 days ago
What’s the pragmatic solution to ipv6 allowing everybody in my household to be trivially and stably mapped to a unique subnet? I like the accidental semi-randomization that ipv4 and ISP NAT offered and I don’t see anything like it short of putting my entire home net on a VPN (it’s expensive and can’t keep up with my ISP’s bandwidth)
Each device gets directly addressable from WAN with v6 but it also gets a randomised privacy IP that rotates very frequently so each individual device is just as "hidden" as it was with v4+NAT.
Your v6 subnet prefix is no different than whatever WAN-side v4 your NAT had. "Accidental semi-randomization" of the WAN side IP is not something one could reliably count on. Many ISPs just hand over a static-like IP, that is, even when it's supposed to be random the pool of IPs is so constrained that it's usually the same simply through the IP lease surviving power cycling. And that was before CGNAT.
If your concern is being identifiable through your IP then counting on whatever v4 artifact is the wrong move. Use a VPN with randomised exit nodes.
I don’t know of a ISP that will randomize in anyway your v6. It’s tied to your account forever.
It’s of some practical real world value that people cannot resolve v4 IPs to individual households with certainty. It’s a shame to lose that value.
It's true that you won't get CGNAT without having CGNAT. Depending on your concern, it is possible to NAT66 to make your entire network appear as one IP.
I’d love to pay my ISP to rotate my ipv6 subnet every week. It’s not an option. My comcast IP changes every so often and that’s of some value.
It’s very unclear to me why people should be able to deterministic reach out to a specific device on my network. It has no value to me unless I run a service.
Everybody in your household is already mapped to a single IPv4 address that rarely changes with most ISPs. Mine hasn't changed in over 3 years. My IPv6 /56 prefix delegation hasn't changed, either.
It’s a little different, but you can use ULAs to have a static subnet with static device addresses.
One of the biggest changes from IPv4 when I enabled IPv6 a while back was that it’s fine and normal to have multiple addresses per interface now. ULAs are not globally routable, so I think of them as LAN addresses. Another option that comes to mind is mDNS, but I think support for that is not as widely accepted.
Global addresses can change, just as your home dynamic IPv4 probably did from time to time.
ULAs. It’s like a better version of v4’s RFC1918 addresses.
what exactly do you mean by "trivially and stably mapped to a unique subnet"?