top | item 41924087

(no title)

The resistance to switch to ipv6, or the comfort with the ipv4-born address exhaustion remedies, only helps an internet of consumers, not an internet of peers that create and share. If you are behind NAT or CG-NAT, you can only consume, not create. You can't host a server, expose a port. You are at the mercy of the big fish.

discuss

vetinari|1 year ago

It is the ISPs, that pretty much killed the IPv6 with their mishandled transition.

Where I'm, I can choose 1 out of 1 broadband provider available in the area. With this provider, I can either have a public IPv4 address (or several) with their CPE in bridge mode, or DS-Lite, with IPv4 CGNAT without PCP and /64 for the IPv6 addresses (i.e. no address space for subnets, no prefix distribution) AND having to use their router with the limited settings they allow.

With offers like these, is it any wonder that I stick with IPv4?

whatwhaaaaat|1 year ago

Are you sure about this? It’s in the rfc from like 1998 that ISPs should allow customers to sla for larger prefixes. I don’t know a single US isp that doesn’t allow at least a 56.

IPv6 is pointless and still a security risk but I’m guessing you’re misconfiguring something.

umanwizard|1 year ago

99.99% of people who create and share things via the internet do so via centralized social media providers, and that would continue to be true if the whole world were magically IPv6-only.

I think it’d be nice to self-host things to, but it’s inaccurate and even a bit insulting to claim that the millions of people creating content on the internet today don’t exist.

throw0101b|1 year ago

> I think it’d be nice to self-host things to, but it’s inaccurate and even a bit insulting to claim that the millions of people creating content on the internet today don’t exist.

It's not just about self-hosting, but peer-to-peer clients as well.

When Skype originally came out it was P2P, but because of NAT they created (ran?) "super-nodes" that could do things like STUN/TURN/ICE. Wouldn't it be nice to be able to (e.g.) communicate with folks without a central authoritative server that could be warranted by various regimes?

JohnFen|1 year ago

And then there are people like myself who host publicly-available internet services from my home internet service that's absolutely behind CGNAT. That makes things a bit more hassle to get working, but it's certainly possible.

gmuslera|1 year ago

And there are different kinds of big fish. You may be in a bad neighborhood, sharing IP with misbehaved actors on the digital or real world. You may get blocked, banned or snooped because there is or was a target, an attacker or someone with bad digital hygiene.

wpm|1 year ago

My ISP is IPv4 only and I host plenty of shit and punch plenty of holes. That’s a function of my firewall not how many bits are in my IP address.

throw0101b|1 year ago

> My ISP is IPv4 only and I host plenty of shit and punch plenty of holes. That’s a function of my firewall not how many bits are in my IP address.

Not wrong, but if you want multiple servers of the same service, you're now doing custom ports (myhost:port1, myhost:port2, etc) which isn't the end of the world, but is kind of sucky.

And if we're not talking just about servers running services, but clients that want to do peer-to-peer stuff, you also have to use things like STUN/TURN/ICE which is more infrastructure that is needed (as opposed to 'just' hole punching since your system already knows its IP(v6) address).

Given the prevalence of these technologies (kludges?) they've kind of been normalized so we think they're "fine".

ReK_|1 year ago

That's only true if you aren't behind CG-NAT. If you are, your firewall can port forward all it wants but it won't matter, the ISP would have to also port forward to you.

akdev1l|1 year ago

You can’t punch any holes through carrier-grade NAT (CGNAT).

fooqux|1 year ago

Did you miss the part about CG-NAT? Once your ISP runs out of their IP4 addresses and puts you behind a CG-NAT, you can punch all the holes you like; nothing is going to get to you.

At least not without doing fancy stuff like using an externally-hosted VPN to shuttle connections to you.