Now currently I’m not in the workforce, but in the past from my work experience, apprenticeship and temp roles, I’ve always seen ipv4 and not ipv6!

Hell, my ISP seems to exclusively use ipv4 (unless behind nats they’re using ipv6)

Do you think a lot of people stick with the earlier iteration because they have been so familiar with it for a long time?

When you look at a ipv6, it looks menacing with a long string of letters and numbers compared to the more simpler often.

I am aware the IP bucket has gone dry and they gotta bring in a new IP cow with a even bigger bucket, but what do you think? Do you yourself or your firm use ipv4 or 6?

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    With modern IPv6 (say, Windows 7 or later?) IPv6 privacy extensions solve this problem. Basically, you get a whole bunch of addresses. One based on your MAC address so you can port forward/allow incoming connections in the firewall, and then a bunch of rotating random addresses used for outgoing connections. People that know your prefix and MAC address can find your listening PC, but websites won’t get your MAC address.

    As for fingerprinting, thanks to NAT slipstreaming you can choose between “video calling software breaks” and “every malicious ad can access any port on your device” or in some extreme cases “every malicious ad can access any device in your network”. Some websites have also been caught scanning IPv4 networks to figure out where your router lives using standard Javascript, so your IPv4 network isn’t any better protected. At least with IPv6 a website can’t take ten seconds to scan 255 addresses and figure out how many devices are on your network!

    • just_an_average_joe@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Noobie question, wouldn’t the ISP decide what your outgoing IPv6 address is? Like they do with IPv4? I mean no matter how many times I restart my router, my public IP remains the same so I always thought it was assigned by them.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        3 months ago

        They assign a prefix. For IPv4 this is usually a /32, or 1 single address, though it’s possible to assign larger ranges. I’ve seen businesses with a /28 on IPv4 for example.

        The end device picks what IP addresses within the prefix are used for what. For instance, the server rack may use three IP addresses, the office one, and maybe the IoT network also gets one.

        With IPv6 you should be getting a /56 or a /48. In other words, they pick the first 48 to 56 bits of your IP addresses, basically leaving 80 to 72 bytes for the end device to distribute amongst itself. You could give the first device address one and start counting up if you wanted to, but that’d come with the annoying edge case of needing to track what numbers are already in use. If you like a false sense of control, DHCPv6 is what manages this.

        SLAAC (the “everything works by default” approach) requires a /64 (64 bits of local address space), so if you want to do routing (say, attach a wireless access point or a second router) and you don’t want to do IPv4 hacks that hide IP addresses from each other, you need a few networks. That’s why you get 8 to 16 bits of network space, so you can assign 256 to 65536 networks yourself in case you have weird requirements.

        If your ISP assigns you 2003:123:def:abc::/48, then you can pick whether you want to assign 2003:123:def:abc::beef:cafe or any random address that starts with the ISP prefix. You have enough space to give every connection of every device on every WiFi network its own IP address every second of the day, but usually addresses are rotated only once per day.

        The ISP picking the address range does come with a huge downside, and that’s that you can’t really use internal IP addresses anymore. To fix that, you can set up a so-called ULA. That’s basically a service anywhere on the network that shouts “hey, if you can’t, you can pick any address from fdef:abc:abc:abc::/96”. By default, devices will pick two addresses (one based on the MAC address and a temporary one), and you can use the one based on the MAC address to plug into your local DNS server.

        That way, even if you switch ISPs to one that only does IPv4, you can still use a Pi-Hole at fdef:abc:abc:abc::123:456:789 as your DNS server. These ULAs are completely local, so they can’t be reached from the internet.

        Though, just to be sure, you should generate a random ULA prefix (there’s an algorithm in the standard, but there are sites to do it for you) just in case you have bad luck and connect to someone else’s wifi who also thought it’d be funny to use fdef:cafe:babe:b00b::/96 as the local prefix. Completely optional, but best practice.

        • saiarcot895@programming.dev
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          For reference, in the US, Comcast only gives up to a /60 for residential connections. It’s still fine for most use cases, but it does feel a bit like doing a bit of penny pinching when you’re wondering if you have enough /64’s for how your network is going to be set up.

          • Skull giver@popplesburger.hilciferous.nl
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            The standards bodies used to recommend /48 as a default and have scaled down to /56. Anything smaller makes sense for stuff like servers but there’s no good reason to do it. I guess penny-pinching is a reason, but it’s not the norm.

            If all else fails, hurricane electric will hand out /48s for free, you just can’t use them to watch things like Netflix.