(no title)
elsjaako | 3 months ago
It's great that your ISP does that. Mine doesn't, maybe it would for an extra charge if I got some kind of business account. Which makes sense, as the IPv4 addresses your ISP own are a valuable resource.
At the hacker space I'm part of we need to use a reverse proxy to run all our services on a single IPv4 address we get from our ISP.
> I have to put firewall rules in anyway (as I don't want a random device on the internet to be able to talk to my bathroom speaker), so what's the difference?
If, for example, two friends want to play a FPS game with each other they could connect directly. They still need to "punch" out to get the firewall open, but you lose the step where you have to guess at which port the message may end up. Right now I hear that with some ISP's you don't even get a public IP on your router, so even NAT hole punching doesn't work.
Not a lot of games currently provide the option to connect directly, but that's because it often doesn't work well behind NAT on IPv4 networks.
> I get an RTP stream pushed from a source
This sounds like a pretty niche application, but sure. I don't have the immediate best Ipv6 solution for you. Maybe you could switch which device has the RTP-receive IPv6 address (one device can have multiple IPs), you could do NAT on IPv6 for this application.
Right now you're using the NAT as a kind of forwarder to send the data to different hosts, so if you have a router you can run software on you could just have it forward to both devices on the local network.
> I also have the advantage of being able to steer outgoing traffic via either my DSL or via my 4g depending on various rules
Aren't these features of your router, not of your IP stack?
> In any case I still have to maintain an ipv4 network as some services still won't work on ipv6 only subnets.
You're right, it doesn't always make sense for an individual to switch. That's why we're still stuck on old technology.
But prices for IPv4 addresses are going up. There are already VPS's that charge less if you don't need IPv4. Availability of IPv6 for consumers is going up; In India it's near 80%. At some point, some kind of service in India is going to not bother to get IPv4.
iso1631|3 months ago
If your firewall randomises your source ports then sure, you have to use the birthday problem style tricks that tailscale uses, it's not onerous though.
> Aren't these features of your router, not of your IP stack?
Yes, and that's where I want them to stay. Which means NATing depending on which direction I want to send the traffic (and get return traffic) -- even if I have a BGP handoff upstream. So ipv6 doesn't get rid of NAT's use, just changes it to a 1:1 mapping which is a minor benefit (and renames it to NPT)
> This sounds like a pretty niche application, but sure.
The internet has two sets of people
1) Consumers who just want to establish https connections to server, in which case they don't care about NAT, CGNAT, etc
2) People with niche applications
NAT is a very useful tool, and the ipv6 fanboys that go on about how evil it is just want to take that ability away from people because they don't understand it. Most of the arguments against NAT stem from a time when stateful firewalls were not a thing.
> Right now you're using the NAT as a kind of forwarder to send the data to different hosts, so if you have a router you can run software on you could just have it forward to both devices on the local network.
Yes, this software runs at a layer 4 level and forwards the selected traffic by translating the address. That's exactly what NAT is, it's great.
I'd be quite happy running an ipv6 network with network translation but given that far too many things simply don't work on an ipv6 only network (tv, nintendo switch, zscaler laptop), and those that do require 64 translation (github)
IPv4 addresses are not increasing in cost by the way - in nominal terms let alone adjusted for inflation. In real terms they're 20% cheaper than 2019
https://auctions.ipv4.global/prior-sales