I spent a week without IPv4 (2023)

Posted by mahirsaid 3 days ago

I spent a week without IPv4 (2023)(www.apalrd.net)

164 points | 352 commentspage 3

1970-01-01 3 days ago|

I have firsthand experience doing that experiment about 3 months ago. Completely removed my IP4 DHCP lease from my ISP at the router. About 50% of the public sites I tried to visit didn't resolve. So many public sites, that I gave up and went back to dual stack after just a day. Google, ChatGPT, and a few other popular sites were fine with pure IPv6 traffic, however sites like eBay and even HN did not resolve. IPv6 simply is still not ready for everyone to just transition into overnight.

whatevaa 2 days ago|

A bit ironic that HN did not resolve.

daft_pink 2 days ago||

I feel this doesn’t really address whether we are losing something privacy or security related by not having NAT. I think my main devices are always updated Mac iPhone or iPad and can handle it, but do I really want my thermostat or doorbell or lock or garage door opener or light switch directly accessible on the Internet or is the nat serving a useful purpose? I don’t feel like this is addressed in this article.

yjftsjthsd-h 2 days ago|

> but do I really want my thermostat or doorbell or lock or garage door opener or light switch directly accessible on the Internet or is the nat serving a useful purpose?

You should have a firewall, regardless of v4/v6.

mzajc 2 days ago||

You should, but the exposure from having no firewall is much higher without NAT. Packets with private network IPs are martians on the internet and will not find their way to your device unless they come from the same network and the ISP's infrastructure doesn't drop them. IPv6 addresses are routable across the internet so the packets will most likely get to your router, meaning anyone on the internet can talk to your LAN in the absence of a firewall.

The reality is that consumer router firmware is horrible in every aspect, especially security, and this isn't going to change with IPv6 rollout. I fear the most likely scenario is that ISPs will set up inbound firewalls on their end, and then we'll be even worse off than we are right now.

jcgl 9 hours ago||

Those naughty incoming packets can hit your private devices even with NAT-without-state full-firewall. The details depend on how your NAT actually implements the translation, but it’s perfectly possible for $randomHighPort to send all its incoming traffic straight to some device. Said another way, a NAT is not guaranteed to do something like match entries based on the layer 4 4-tuple.

tlogan 3 days ago||

As a normal user: why do I need IPv6?

As far as I know, the majority of websites (about 70%) do not support IPv6.

badgersnake 3 days ago||

I don’t think that’s true. But of course it depends how you’re measure the majority of websites.

Most of the figures I see show 60-70% of the top 100 sites do support it. But maybe that does not reflect your usage.

Why do you need it? Maybe you don’t right now since ipv6 only sites are niche. The most tangible advantage I’ve seen is avoiding CGNAT. Gamers in particular don’t like that because it introduces latency. Services like Xbox live definitely do support ipv6 for this reason.

jeroenhd 2 days ago|||

Depends on your ISP. If you live in a place where there aren't many IPv4 addresses available, CGNAT is the reason you're seeing a lot of Cloudflare/Akamai/Google CAPTCHAs everywhere, and IPv6 fixes that.

calvinmorrison 2 days ago||

same reasons northern europeans had to invent all sorts of fancy food preservation and complex power struggle societies revolving around crop limitations and war.

Meanwhile closer to the equator, much less progress was needed to live and let live.

In short, Americans are native tribes. we have plentiful IPV4 and couldnt care less about SLAAC or whatever other complex moon sun and seasonal tide gods, salted codfish and salt mining operations. we just dont need to care about long addresses, they're plentiful here.

paulddraper 3 days ago||

You need it because there aren’t enough IPv4.

If you have a mobile device with data, you’re likely already using it.

sethops1 3 days ago||

Do we really need all the mobile phones and IoT devices of the world to be publicly addressable? Is that even a good thing?

paulddraper 3 days ago||

If you want to use the internet, you need an IP address.

You can share that IP address by putting multiple hosts on the same local network and using parts of the transport later. NAT was invented because of lacking enough addresses.

buggjenrmf 2 days ago||

CGNAT is a guarantee that you have plausible deniability on the internet. NAT is also a guarantee that you are not addressable from the internet.

It’s a feature.

paulddraper 23 hours ago||

Until it isn't.

If I want to send you a message (an email), I have to go through some other party.

If I want to see what my home security cameras show, I have to go though some other party.

topranks 2 days ago||

Dual-stack with a public IPv4 address is by far a preferable way to access the v4 internet than being stuck behind a provider NAT64 box.

Totally understand why carriers may want IPv6 mostly and a v4-free core. But as an end user dual stack just seems simpler.

jcgl 9 hours ago|

Providers can do v6-only in their core while still providing public v4 to users. SIIT if they can still afford a public IP per customer, and MAP-T if they can’t.

jcgl 9 hours ago||

Misspoke: more like a CLAT thing/464XLAT, rather than SIIT, I think

beAbU 2 days ago||

My previous fibre provider in Ireland was Virgin, and as far as I could tell, it was fully IPV6. Every device in my network got a public address, and self hosting stuff from home as was easy as setting up an A record at my DNS host. No faffing around with port forwarding, proxying, nat bullshit or whatever. My memory is hazy, but there might have been some firewall stuff I had to do on the virgin supplied router.

martinald 2 days ago||

Interesting. I did finally find a use for IPv6 which I wrote up here: https://martinalderson.com/posts/i-finally-found-a-use-for-i...

Tbh though the docker problems are very serious and extremely painful to work around. Everything works great apart from Docker which has so many issues - it does not handle IPv6 inbound but IPv4 out well at all (at least as far as I can tell!).

jyscao 3 days ago||

I need to switch my home network to at least use IPv6 externally, because my ISP recently deployed CG-NAT, which made my SSH server that used to work no longer reachable from outside of my LAN.

bakugo 3 days ago|

You can use a NAT-traversing VPN like tailscale to work around this.

self_awareness 2 days ago||

My ISP has IPv6 since years and I'm on 6 as well.

NAT-less network is really cool, I can serve content directly from anything from my LAN.

We should really leave IPv4 and move on.

layer8 3 days ago||

If Google would announce that Chrome is dropping IPv4 support in n months, that would probably get things moving. ;)

stevekemp 3 days ago||

I guess it would, but remember there are more services out there than just HTTP(S).

For example the last time I had an IPv6-only host I had issues cloning things from github, as "git clone git@github.com..." failed due to github.com not having IPv6 records.

A quick search revealed this open 3+ year old discussion - https://github.com/orgs/community/discussions/10539

Dagger2 10 hours ago|||

A quick workaround for that is to use one of the DNS servers from https://nat64.net/. There are also people running reverse proxies specifically for GitHub, e.g. https://danwin1210.de/github-ipv6-proxy.php.

(Ideally your ISP would be running NAT64 for you, especially if it's a VPS provider only giving you v6, but for whatever reason few of them do...)

buggjenrmf 2 days ago|||

You’re in luck, github is in the process of moving to azure!

lostmsu 2 days ago||

Would have to be ChatGPT these days.

torcete 2 days ago|

I wonder about the possibility of running your own email server behind a domestic IPv6 address.

Most of the domestic IPv4 networks have port 25 blocked for incoming connections. Maybe in the IPv6 realm things are bit more relaxed.

More comments...