/r/ipv6
Welcome to the IPv6 community on Reddit. Here we discuss the next generation of Internetting in a collaborative setting.
We also support the protest against excessive API costs & 3rd-party client shutouts. Check out r/save3rdpartyapps for more info.
Internet Protocol Version 6
The reddit for the discussion of the future of the Internet
If you're new to IPv6 or never heard of it, try reading our faq.
All links related to IPv6, IPv4 address exhaustion, and IPv6 help requests are welcome. Linkjacking is prohibited.
More discussion over at #ipv6 on Freenode.
/r/ipv6
IPv4aaS feels like the latest buzzword making the rounds. But does anyone know any providers that actually offer IPv4 connectivity services to IPv6 hosts as a service? Like can I now go and purchase ipv4 service somewhere?
Of course traditional ISPs are still providing some IPv4 connectivity to their own customers. But I'm interested in separate stand-alone ipv4 services, is that yet a thing?
For my IPv6 workshop tomorrow 😀
I'm working on deploying IPv6 traffic through WireGuard tunnels. IPv4 has been working a long time, and in the meantime, we avoided problems by switching off IPv6 for servers that had to be reachable by WireGuard clients, since only IPv4 was routed through tunnels.
For IPv6 enabled hosts, they now currently have three entries in DNS (everything is Windows-based): IPv4 address, IPv6 GUA and IPv6 ULA.
When a client tries to ping hostname it will not only prefer IPv6, but also prefer the GUA, which a) leads to the packet not going through the WireGuard tunnel, and b) failing to get delivered through the firewall. The question now is, what is the correct way to make clients that are connected via WireGuard tunnels prefer the ULA of hosts/servers? I see the following options:
What is the right idea here? To me, 4) seems like the right idea, but obviously clients don't actually know that only the connection via ULA would be routable, and it's certainly the right decision to try the GUA instead.
Using GUAs only isn't an option, since half of the clients have dynamic prefixes, which would need constant changes in the routing tables then, plus some of the devices involved wouldn't even allow the AllowedIPs section of the WireGuard configuration to contain anything but ULAs.
I'm also aware that the IPv6 consortium had envisioned IPSec to solve this problem, completely without any use of tunnels or private network prefixes/ULAs. That's also not really an option, or at least not a preferable one.
Edit: both u/Swedophone and u/heliosfa gave the necessary pointers towards changing the prefix policies that will cause clients to prefer ULAs if available, as such solving the issue for the most part, as long as such policies can be deployed to the client.
Pointers towards DNS views have also been given, as well as the (obviously favorable) idea to completely rely on GUAs, neither of which are practical for the moment. Especially DNS views are very flawed, since they rely on ULA-to-ULA connectivity in the first place to distinguish client access.
A few months ago I noticed my ISP has finally started giving out v6 prefixes! So naturally I deployed it everywhere. So much easier to work with than v4! At home I got a dual-stack main LAN, dual-stack VPN and dual-stack VM network all taking their own little slices of my assigned /56. ❤️
No NAT anywhere on the v6 side, just pure routing and firewalls. There’s something beautiful about that. 🥹
Before it was only Telstra with this (they have had it for years, including NAT64 on their mobile network). Up until recently, Vodafone was not giving me IPv6 - and I would have quickly noticed if they had. And it seems like suddenly they have since the last time I used my hotspot to my laptop. I hope this is not some cruel trick like Reddit deploying IPv6 as perpetual A/B testing.
Hello there :)
First of all - english isn't my native language but I will do my best.
Three months ago I've made a post about my dilemma regarding using public IPv6 while having CGNAT'ed IPv4 or only public IPv4. Here's link to my post - https://www.reddit.com/r/ipv6/comments/1fbdb4p/native_public_ipv4_or_ipv6_dslite/
Nowadays I'm kinda happy IPv6 + IPv4 CGNAT user but I fell like I'm missing something.
I was worried that I'm gonna have NAT Type 3 on PS5 in this scenario but that's not the case. I don't have any ports open, be it IPv4 or IPv6, I even have UPnP disabled. Yet still my PS5 reports that I have NAT Type 2 and everything seems to work OK. I can even use Remote Play and play on my PS5 while being far away from home.
I thought that this will be impossible while being behind CGNAT but since that's not the case - what am I missing and what I should (and want) learn about IPv6? :)
The allure of Fiber in my area by Kinetic was too strong to resist, however they do not have IPV6 in 2024. I was running HE.NET tunnels fine for a while, but lately the Cloudflare protection that most sites offer has begun to block the v6 addresses I have been issued. It is not possible for me to predict this well, recently today videocardz.com/ blocked me, and even Reddit blocks me until I sign in.
I will certainly miss the simplicity of no NAT ;) I have a few local hosted services and referring to the same address regardless of location has been amazing (I guess I am back to NAT reflection or split DNS). However on an IPV4 only stack, I am sure I will survive fine.
TLDR: If my ISP is not natively providing IPV6, and HE Tunnel is being targeted and blocked, is there anything else obvious to retain IPV6 before I just turn it off?
Great news, just noticed, that Windows 11 now supports RDNSS without any hacks. Previously, I had to disable IPv4 to make RDNSS work, but recent updates fixed it. "[Version 10.0.26100.2454]"
Setting aside the question of which routers actually support it, how is link load balancing technically supposed to work when there is no address translation on the router?
Edit: To be clear, I'm talking about having two internet lines, let's say one with 50 Mbps and one with 16 Mbps, with prefixes assigned by the ISP and the router somewhat proportionally dividing connections between the two lines to get a total of about 66 Mbps.
I think I know the answer, but I'm checking with the smart people....
If I have three ISPs, all giving me different V6 prefixes (I don't, we have ARIN assigned BGP managed address space but...). Each router has an RA, so my host gets three addresses, one from each RA.
When a packet has to go out, how does it know which router to use? I would assume it doesn't. It's not that the host looks at each prefix and chooses a default route. Yes, we can make it do it by source-based routing, but what's the right way?
(Crossposted from r/homenetworking)...
I'm well aware that unless you pay for a static IP, the assigned IPv4 address you get with Xfinity internet service can change, although it rarely changes in practice. For devices on my home network, this is fine, as their RFC1918 IPv4 addresses won't change if the public IP does. However, the IPv6 assignment is a /64 PD from the global scope, and I'm hesitant to assign those addresses statically to devices (in this case, a NAS and a Plex server that need to whitelist each other's addresses) if the network can change without warning. Does anyone know if the IPv6 PD assignment can be assumed to be stable, or should I just give them both ULA (I know, ew) addresses instead? Any other solutions to this?
Not trolling, will attract some bikeshedding for sure... Just casting my thoughts because I think people here in general think that my opinion around keeping v4 around is just a bad idea. I have my opinions because of my line of work. This is just the other side of the story. I tried hard not to get so political.
It's really frustrating when convincing businesses/govts running mission critical legacy systems for decades and too scared to touch them. It's bad management in general, but the backward compatibility will be appreciated in some critical areas. You have no idea the scale of legacy systems powering the modern civilisation. The humanity will face challenges when slowly phasing out v4 infrastructures like NTP, DNS and package mirrors...
Looking at how Apple is forcing v6 only capability to devs and cloud service providers are penalising the use of v4 due to the cost, give it couple more decades and I bet my dimes that the problem will slowly start to manifest. Look at how X.25 is still around, Australia is having a good time phasing 3G out.
In all seriousness, we have to think about 4 to 6 translation. AFAIK, there's no serious NAT46 technology yet. Not many options are left for poor engineers who have to put up with it. Most systems can't be dualstacked due to many reasons: memory constraints, architectural issues and so on.
This will be a real problem in the future. It's a hard engineering challenge for sure. It baffles me how no body is talking about it. I wish people wouldn't just dismiss the idea with the "old is bad" mentality.
I'm trying to access a test site through IPV6. I went to https://www.ipvoid.com/ipv6-ping-test/ and I can ping the IPV6 of my machine. I tried to access the site http://[xxx:xxx:xxx]:1234 and it works on the same machine and also from another machine in the network, but when I try from my phone through 4g, it doesn't work.
I have a TENDA TX3, AX1800, in the firewall section has only toggles for flood, nothing more.
Do I need a new router that supports more functions for IPV6 or is it something else?
Have now also checked here https://port.tools/port-checker-ipv6/ and says port 1234 says is open
I am using systemd-networkd to test the router. It is currently under a private IP address in the home and has two levels of IP masquerading.
No major issues with IPv4; IP masquerade and DHCP servers were easy to configure. For some reason, the DNS server address to be delivered by the DHCP server cannot be obtained automatically and is set manually, but I will leave this issue aside for the moment.
The problem is that IPv6 RA cannot be propagated from upstream to downstream. If DHCPv6 was configured in addition to RA upstream, RA could be distributed downstream. However, if I only have RA upstream, I cannot deliver RA downstream.
The environment is Debian 12, but I am running it as a virtual machine on Proxmox, so I am using the cloud image “debian-12-backports-genericcloud-amd64.qcow2”. Netplan is included by default, but I uninstalled it and use systemd-networkd.
Here is my configuration Any help would be appreciated.
sudo apt-get purge -y netplan.io cloud-init &&
sudo rm -dr /etc/netplan &&
sudo tee /etc/sysctl.d/20-net-forwarding.conf << EOS > /dev/null &&
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOS
sudo sysctl -p /etc/sysctl.d/20-net-forwarding.conf &&
sudo tee /etc/systemd/network/00-eth0.link << EOS > /dev/null &&
[Match]
MACAddress=bc:24:11:ce:40:be
[Link]
Name=eth0
EOS
sudo tee /etc/systemd/network/00-eth0.network << EOS > /dev/null &&
[Match]
Name=eth0
[Network]
DHCP=yes
EOS
sudo tee /etc/systemd/network/00-eth1.link << EOS > /dev/null &&
[Match]
MACAddress=bc:24:11:78:3a:45
[Link]
Name=eth1
EOS
sudo tee /etc/systemd/network/00-eth1.network << EOS > /dev/null &&
[Match]
Name=eth1
[Network]
Address=10.112.0.2/16
DHCPServer=yes
IPMasquerade=ipv4
IPv6SendRA=yes
DHCPPrefixDelegation=yes
[DHCPServer]
PoolOffset=10
PoolSize=10
EmitDNS=yes
DNS=192.168.1.1
#[IPv6SendRA]
#UplinkInterface=eth0
#EmitDNS=yes
# Currently it is commented out because there is DHCPv6 upstream, but when the upstream is RA only, commenting it out does not work.
EOS
sudo systemctl daemon-reload &&
sudo systemctl restart systemd-networkd.service
Basically my Wi-Fi keeps turning on and off and I think it’s the Ipv6 but know absolutely nothing about how to fix it does anyone know how to fix it Virgin media couldn’t help
Hi.
Im currently studying the book "IPv6 Fundaments" by Rick Graziani and im interested in how is the best way to implement IPv6 to evolve in a dual stack network. I want to know if someone has some expreience in a IPv6 real world enviorment (or dual stack) and how is the correct way to manage P2P links, address allocation (you use ULA?, only GUA?), IPv6 on sdwan enviorment? you use some technique to address translation? etc.
Hey everyone,
I'm currently encountering some significant challenges with setting up IPv6 in my network due to my ISP providing only a dynamic IPv6 address. This dynamic addressing creates several problems, particularly with my firewall and internal DNS server.
The main issue arises from the fact that the external IPv6 address changes at unpredictable intervals. This makes it so far impossible to configure firewall rules, as I need to constantly update the rules to reflect the new address.
Additionally, managing my internal DNS server has become problematic. With the dynamic IPv6 address, I can't find a way to promote its IPv6 address to the individual hosts on my network.
I’m currently using different VLANs and have a dual-stack setup, but if possible I would like to transition to a single-stack IPv6 environment in the future. If anyone has faced similar issues or has suggestions on how to effectively manage these problems, I would greatly appreciate your insights. Thanks!
Obviously, the step 4 is painfully slow. It will someday have to be migrated over to BGP(or remove the whole involvement of DNS altogether, as the original RFC authors intended). Special unicast address blocks will have to be assigned for the purpose. Well, it has to start somewhere.
Yes, it's basically another version of NAT64, but the responsibility is shared between ISPs and endpoint operators(web services, CDN).
This is how I would design the E6T. I can probably spend couple days to cook up a userspace daemon that receives the traffic marked with Netfilter and sends back crafted NAT packets via a raw socket as a quick and cheap POC(because jumping straight into coding the kernel is not a bad idea).
Just puting my thoughts out here. Dunno how many people reading this can understand this, but I gave it a try. Your comments would be much appreciated!
Was looking at ths post. Got me thinking: how many addresses do we need for the existing service endpoints? Is the reserved E class range enough or would it be such a waste?
My educated guess is that the majority of the IP addresses are announced by ISPs around the world. But it still begs the question of how many v4 addresses are required for publicly open endpoints like web servers for 4 to 6 translation.
All the data needed is out there. I think I can write up some scripts to count all the addresses in all the route objects from ISPs.
Just wondering if anyone has done it already.
I've started a journey to get my CompTIA network plus, and I am trying to ingest IPv6 from the get go. I see too many network guys that never touch it because its "scary" or "not really needed".
I have a couple questions.
I understand that one benefit is the sheer size of the IPv6 range makes "port scanning" a lot less viable than IPv4, but it really seems to me that you can't turn off IPv4, practically speaking.
Explain to someone who knows a thing or two, but is far from an expert. How feasible would it be for me to make my home network 100% IPv6, or an office network for that matter.
Am I even right in thinking that it's safer? Lets say I have several services I want to open to the internet. Every port i open for IPv4 puts a target on my IP address. I'm still learning things, but i understand that every device basically has its own unique IPv6 address. I assume consumer grade routers don't allow inbound traffic by default, but the equivalent of IPv4 port forwarding is just allowing inbound traffic via the firewall.
Correct me if I'm wrong, but it seems like its more or less the same thing with less steps. you still want to secure that inbound connection with best practices, but you have the added benefit of the larger scope making your needle a lot harder to find in the haystack so to speak.
TL:DR: 1. can you turn IPv4 off and use 6 exclusively?
Whilst in most LAN environments IPv4 is still the most commonly used Protocol, I was questioning how one would go about managing an IPv6 Network.
Lets assume one has a Network with 200 devices. Then one could simply assign 192.168.3.1-201/24 IPs to the devices. If an additional device is added it is simply added in the range and the documentation is pretty straight forward, without giving it much thought.
How is this accomplished under IPv6 or how would one see the defined range of the Network without giving it much thought/calculating the hexadecimal?
So I have a VPS, currently running Fedora 41. A /64 subnet is assigned to it. but the hoster does not offer DHCP.
IPv6 works perfectly with the address in the subnet that I gave to the VPS itself, but I want to use other addresses for nested VMs on that VPS and ideally also to tunnel to a VM running at home (the tunneling will have to be with IPv4, home IPv6 does not work).
But there is no route on the provider. If I add another address from the subnet to the external adapter, it immediately pings fine, but if the address is not presented on that interface the packets don't go to my VPS. I asked the provoder to add a route but I don't know if they will agree, so I'm looking for another option.
It is easy to add an address to the external adapter. But I'm at a loss as to how to bridge such an address to a VM (or through a tunnel) without some weird NAT, and using NAT kinda sorta defeats the point of IPv6?
I have two WANs at home with dynamically assigned prefixes. One of them acts as a failover for the other. Failing over IPv4 is pretty simple in this case because NAT exists, but IPv6 is a little bit difficult.
Right now I am using NPT to translate from a ULA block using DHCPv6 to my WAN IPv6 blocks depending on which is active. It seems to work properly with the exception that Windows devices on my WAN prefer IPv4 over ULA IPv6 addresses (which is, to my understanding, what spec currently says is correct). IPv6 gets used if IPv4 isn't an option in this case.
I understand that this is against the "spirit" of IPv6, but I'm not sure what other way to get IPv6 to work with this dual WAN setup.
If there's no alternative, is there anything inherently wrong with this use case?