IPv6 home network

Do you run IPv6 in home network


  • Total voters
    22

Max212

Member

Reaction score: 18
Messages: 48

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech :)
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you
 

drhowarddrfine

Son of Beastie

Reaction score: 2,417
Messages: 4,371

Because I have Google wifi at home and it was an option I wanted to explore. So I turned it on, got distracted, and never look into it any further.
 

Geezer

Aspiring Daemon

Reaction score: 454
Messages: 778

At home, I would like to. My ISP does not provide IPV6. It would be a can of works to ask them.

All other machines have been V6 for a while.
 

ct85711

Member

Reaction score: 64
Messages: 95

My old ISP provided an IPv6, but my new one doesn't. Beyond that, my local network does use ipv6; I even had my server's sshd listen only to the ipv6 link local address for added security.
 

Zirias

Son of Beastie

Reaction score: 1,702
Messages: 2,870

Do you run IPv6 in your home networks?
Of course I do.
If yes, why?
  • I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
  • With IPv4, I'm lucky to get a single public address. With IPv6, /64 and even /56 prefixes are more or less for free.
  • I'm prepared. ISPs employing NAT themselves (CGNAT) because they don't have enough IPv4 addresses for all their customers any more, is probably the last escalation step in an astonishing history of keeping something alive that doesn't fit any more since many many years.
  • I can reach IPv6-only services (e.g. FreeBSD's official package builders are interesting from time to time).
  • With a tunnel offered by HE, I even get a static prefix and reverse DNS delegation (that's why I prefer that over the dynamic prefix offered by my ISP).
  • Well, I need no stinking NAT… 😏
Also do you run dual stack
Yes. Of course, the IPv4 network uses private addresses and therefore does need NAT. But as IPv6 is preferred, this is only a clumsy fallback when connecting to IPv4-only services.
 
OP
M

Max212

Member

Reaction score: 18
Messages: 48

Thank you for your answers :)
I will deploy IPv6 in a small lab. After that I will decide, will I run it in whole network.
 

sko

Aspiring Daemon

Reaction score: 421
Messages: 728

At home - yes
At work - for all infrastructure and 'external' services, but not for client networks, because half of our applications still doesn't support IPv6 and one of them will just crash & burn if it gets AAAA records returned from its malformed DNS queries (because rolling your own buggy DNS resolver with your application is what you did back in the 90s where this vendor is stuck... same goes for the custom, buggy and mostly non-working crypto...)
 

Blue|Fusion

New Member


Messages: 4

Do you run IPv6 in your home networks?
Yes, for about a year now.

If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?
Dual stack.


I've learned a ton about IPv6 configuring my homelab with some Brocade ICX switches and routing my home VLAN subnets on the switch. SLAAC works well with a few caveats for getting consistent IPv6 addresses (random MAC addresses in virtualization, for example). For home network DNS, I use static assignments and update as required.


The technical benefits of IPv6 are numerous but the global rollout is still taking forever so whenever you can, participate in IPv6 usage. If you're looking to max out 10, 25, 40, 100Gbps NICs with data traffic without NAT/PAT in between devices and without jumbo frames, stick to IPv4 for a slight increase in throughput. IPv6 use 40 byte headers whereas IPv4 uses (generally) 20 byte (variable size).
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 227
Messages: 752

Of course I do.

  • I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
  • With IPv4, I'm lucky to get a single public address. With IPv6, /64 and even /56 prefixes are more or less for free.
  • I'm prepared. ISPs employing NAT themselves (CGNAT) because they don't have enough IPv4 addresses for all their customers any more, is probably the last escalation step in an astonishing history of keeping something alive that doesn't fit any more since many many years.
  • I can reach IPv6-only services (e.g. FreeBSD's official package builders are interesting from time to time).
  • With a tunnel offered by HE, I even get a static prefix and reverse DNS delegation (that's why I prefer that over the dynamic prefix offered by my ISP).
  • Well, I need no stinking NAT… 😏

Yes. Of course, the IPv4 network uses private addresses and therefore does need NAT. But as IPv6 is preferred, this is only a clumsy fallback when connecting to IPv4-only services.
So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.
Having the public IP address - I see the value in this. You could have a public IPv4 too though, I believe every reputable ISP should offer you a public IPv4 if you need one (some of them cost extra however).
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 227
Messages: 752

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech :)
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you
I do not use IPv6 in my home network, mostly because I have been intellectually lazy and I have not learned how the address allocation works.
My life is totally fine when confined to IPv4, I manage around 200-300 nodes at home with ~20-30 subnets and it works fine. For my external connection I use NAT and 1 external IP address.

In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.
Thinking that every ISP will configure their firewalls perfectly, I think it's wishful thinking. We'll see how it unfolds.

In my honest opinion, IPv4 will still be dominant for the foreseeable future, unless everybody gets like 500 IoT devices at home (which could happen)...
 

Zirias

Son of Beastie

Reaction score: 1,702
Messages: 2,870

So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.
There's no escape from NAT with IPv4 of course, there just aren't any addresses left. Of course IPv6 solves this problem. While there are very few v6-only services, there are a LOT of dual-stack services, and using v6 with them, no NAT is involved.
In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.
NAT doesn't protect anything. A somewhat "good" NAT implementation tries to route as much traffic as possible, this includes remembering outgoing ports and route back there even from other peers, helping online games, telephony, etc.

The times when home users connected Windows boxes directly to the internet are long gone. Plastic routers typically default to reject anything incoming, there's no reason this would change with IPv6 (actually, they already support IPv6 and, of course, have the same defaults). NAT has nothing to do with that.
 

Alain De Vos

Son of Beastie

Reaction score: 800
Messages: 2,605

When you PPP through your router nothing is filtered, &why would you need filtering if you make sure you don't run services ?
 

Zirias

Son of Beastie

Reaction score: 1,702
Messages: 2,870

When you PPP through your router nothing is filtered
Then you don't use it as a router but merely as a modem. That's btw what I do, cause I prefer my own firewall over the one built into such a device. But it isn't the default configuration and it isn't what average Joe will do.
&why would you need filtering if you make sure you don't run services ?
It's always a good idea to expect own errors and have more than one line of defense when it comes to security.
 
Top