Comment by torginus
1 month ago
I think there's a philosophical difference between IPv4 and IPv6.
IPv4 is from the era of local computer networks, which feature clients and servers. Clients talk to servers, but servers are not supposed to care or even know about clients unless clients decide to reach out to them. Client-to-Client communication is generally discouraged. The IP address is just a technicality and outside of local networks, just a part of the routing strategy.
IPv6 on the other hand is like an URL - an address you can use to find any device from anywhere on the planet. It makes no distinction between client and server. Which is why its pushed in places like IoT and smartphones - a voip call has no conceptual client and server.
One could make ones smartphones Ipv6 address openly available, and anyone could initiate a voip call to their phones. Would this be wise? I'd argue there's no scenario under which this doesn't cause an unacceptable level of risk, as even if the software is perfect, they'd be still vulnerable to DDOS attacks.
This means that NAT-equivalent firewall rules are necessary, which makes the whole discussion kind of moot, but it's not a good portent for Ipv6 that it makes previously unfeasible kinds of attacks potentially practical.
NAT also allows for other neat tricks, like IP level load balancing.
I'd say one huge and unambiguous advantage of IPv6 is that it makes UDP trivial.
> IPv4 is from the era of local computer networks, which feature clients and servers.
IPv4 on the ARPANET 'went live' in January 1983,[1] but the concept of a firewall didn't really happen until about a decade later (with some protocols having to be altered[2]):
* https://en.wikipedia.org/wiki/Firewalls_and_Internet_Securit...
Some of us still remember open (SMTP) relays and the openness of the early Internet:
* https://en.wikipedia.org/wiki/Open_mail_relay
IPv4 has always not been only about local computer networks: end-to-end connectivity was there at the start and only got choked off later.
[1] https://en.wikipedia.org/wiki/Flag_day_(computing)
[2] https://datatracker.ietf.org/doc/html/rfc1579
> IPv4 is from the era of local computer networks, which feature clients and servers. Clients talk to servers, but servers are not supposed to care or even know about clients unless clients decide to reach out to them. Client-to-Client communication is generally discouraged.
No, it was meant to be a global address space where anything could talk to anything. That became unworkable due to scale and the limit inherent in using only 32 bits for the address space.
Some older protocols (ftp) don't play nice with NAT and need special handling, because address multiplexing was never intended to be a thing.