Comment by makeitdouble

5 days ago

> > - My ISP gives me a /64, what am I supposed to do with that anyways?

> What are you supposed to do with a /8? Do you have several million computers?

The /8 was for private addresses, so "free" and uncontested, while the /64 is a public resource. Looking at it as extraneous or over provided is understandable IMHO, even if mathematically it's not supposed to get depleted.

At least it's not doing anything helpful for OP.

7 comments

makeitdouble

Reply
aragilar  5 days ago

The IPv4 10.0.0.0/8 (along with the other private ranges) runs into lots of problems when connecting two private networks (e.g. VPNs, VMs/docker, hotspotting), whereas that /64 will not conflict with anyone.

  • tass  5 days ago

    Yes, I can’t even use many 10.x subnets at home because my work VPN configures a huge routing table including many of them.

    Basically I had no choice but to redo my home network if I wanted to use my new work laptop at home (and I work 100% remote).

    • Dagger2  11 hours ago

      I'd be tempted to shove that VPN into a network namespace together with jool, and NAT64 their 10.x subnets into, let's say, 2001:db8:a:b::/96, so that their 10.1.2.3 becomes 2001:db8:a:b::10.1.2.3. Then there's no overlap as viewed from outside the namespace.

      And if you ever need to use another VPN that also clashes on 10.x, you can do the same thing but map that one into 2001:db8:a:c::/96. Then you've got 2001:db8:a:b::10.1.2.3 and 2001:db8:a:c::10.1.2.3, neither of which clash with either each other or your 10.1.2.3.

    • simoncion  4 days ago

      I "solved" this by running a separate VLAN for work machines that provides addresses in a slightly weird /24 carved out of the 172.16.0.0/12 [0] range. Is it as collision-resistant as a ULA address? No. But -sadly- I've yet to see an Enterprise VPN that wasn't run as an IPv4-only thing, so it's the best I can do.

      [0] Or whatever the netmask actually is. I'm never sure about the 172.16.x.x space.

  • everdrive  4 days ago

    The vast majority of people are not VPNing into networks they don't know and accidentally having arcane IPv4 collisions. This is not a real problem that needs to be solved.

    • aragilar  3 days ago

      No, I only went to a hotel and I got random failures with the captive portal, far more fun...

  • solarkraft  4 days ago

    I hadn’t really thought about that. That’s an actual, real (though still fairly minor) benefit.