Comment by jeroenhd

5 hours ago

I've seen plenty of discussions here on HN where people have made that claim. Even more elsewhere on the discussion side of other news websites by sysadmins that disable IPv6 because one of their industrial routers didn't come with a default deny rule that one time which made them think that's normal.

The people who are supposed to know IPv6 never seemed to have learned it and many of them don't seem to be open to the idea of learning something new. Of course half the world runs on IPv6 now so they'll have to get with the times eventually, but the prevalence of statements like these is quite depressing.

6 comments

jeroenhd

Reply
nottorp  4 hours ago

> many of them don't seem to be open to the idea of learning something new

To the idea of learning something designed by commitee, over complex and stinking of enterprise and that you simply can't deploy "by hand".

One of the advantages of NAT by the way is that your "outside" configuration and "inside" configurations are completely independent with the exception of the snat rule.

  • jeroenhd  3 hours ago

    The "inside" is your /56 or /48. You can add more local-only "inside"s if you'd like, which is useful for terrible ISPs with rotating network prefixes. The "outside" is everything on the internet.

    If you can make your way through the absolute slog that is ARP+DHCP, you can get through NDP+SLAAC. Or even NDP+DHCPv6 if you're a control freak.

    > One of the advantages of NAT by the way is that your "outside" configuration and "inside" configurations are completely independent with the exception of the snat rule.

    If you want NAT, then set up NAT. Your fdb6:fc49:f5ae::/48 ULA is your 192.168.x.y address. Set up DHCPv6 if you'd like to pretend you control your address space. You could even just ignore the spec and use fdfd::/48 as your ULA so you can memorize addresses (fdfd::1, fdfd::2, that's even shorter than 192.168.1.2!). Use fe80::1 (a perfectly valid address) on your router as a standard gateway and have it do NAT to the outside world.

    Even though it's heavily discouraged (because NAT is a massive hack after all), you can do NAT on IPv6 without any special tooling.

    • nottorp  3 hours ago

      > The "inside" is your /56 or /48.

      No it's not mine. It's the ISPs.

      > which is useful for terrible ISPs with rotating network prefixes

      ... which is what you said :)

      > If you can make your way through the absolute slog that is ARP+DHCP, you can get through NDP+SLAAC. Or even NDP+DHCPv6 if you're a control freak.

      Oo enterprise. I believe you missed another 5 or 6 acronyms that are also required for having ipv6 internally.

      3 replies →