IPv6 home network

[Max212]

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you

 

[drhowarddrfine]

Because I have Google wifi at home and it was an option I wanted to explore. So I turned it on, got distracted, and never look into it any further.

 

[Geezer]

At home, I would like to. My ISP does not provide IPV6. It would be a can of works to ask them.

All other machines have been V6 for a while.

 

[ct85711]

My old ISP provided an IPv6, but my new one doesn't. Beyond that, my local network does use ipv6; I even had my server's sshd listen only to the ipv6 link local address for added security.

 

[zirias@]

Do you run IPv6 in your home networks?

Of course I do.

If yes, why?

• I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
• With IPv4, I'm lucky to get a single public address. With IPv6, /64 and even /56 prefixes are more or less for free.
• I'm prepared. ISPs employing NAT themselves (CGNAT) because they don't have enough IPv4 addresses for all their customers any more, is probably the last escalation step in an astonishing history of keeping something alive that doesn't fit any more since many many years.
• I can reach IPv6-only services (e.g. FreeBSD's official package builders are interesting from time to time).
• With a tunnel offered by HE, I even get a static prefix and reverse DNS delegation (that's why I prefer that over the dynamic prefix offered by my ISP).
• Well, I need no stinking NAT… ?

Also do you run dual stack

Yes. Of course, the IPv4 network uses private addresses and therefore does need NAT. But as IPv6 is preferred, this is only a clumsy fallback when connecting to IPv4-only services.

 

[Max212]

Thank you for your answers
I will deploy IPv6 in a small lab. After that I will decide, will I run it in whole network.

 

[sko]

At home - yes
At work - for all infrastructure and 'external' services, but not for client networks, because half of our applications still doesn't support IPv6 and one of them will just crash & burn if it gets AAAA records returned from its malformed DNS queries (because rolling your own buggy DNS resolver with your application is what you did back in the 90s where this vendor is stuck... same goes for the custom, buggy and mostly non-working crypto...)

 

[Cath O'Deray]

My ISP does not provide IPV6.

Ditto.

I use Hurricane Electric Free IPv6 Tunnel Broker with my router, but I don't class this as IPv6 home networking.

 

[Alain De Vos]

The services rtsold & ip6addrctl do the heavy lifting for me.

 

[Blue|Fusion]

Do you run IPv6 in your home networks?

Yes, for about a year now.

If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Dual stack.


I've learned a ton about IPv6 configuring my homelab with some Brocade ICX switches and routing my home VLAN subnets on the switch. SLAAC works well with a few caveats for getting consistent IPv6 addresses (random MAC addresses in virtualization, for example). For home network DNS, I use static assignments and update as required.


The technical benefits of IPv6 are numerous but the global rollout is still taking forever so whenever you can, participate in IPv6 usage. If you're looking to max out 10, 25, 40, 100Gbps NICs with data traffic without NAT/PAT in between devices and without jumbo frames, stick to IPv4 for a slight increase in throughput. IPv6 use 40 byte headers whereas IPv4 uses (generally) 20 byte (variable size).

 

[D-FENS]

Of course I do.

• I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
• With IPv4, I'm lucky to get a single public address. With IPv6, /64 and even /56 prefixes are more or less for free.
• I'm prepared. ISPs employing NAT themselves (CGNAT) because they don't have enough IPv4 addresses for all their customers any more, is probably the last escalation step in an astonishing history of keeping something alive that doesn't fit any more since many many years.
• I can reach IPv6-only services (e.g. FreeBSD's official package builders are interesting from time to time).
• With a tunnel offered by HE, I even get a static prefix and reverse DNS delegation (that's why I prefer that over the dynamic prefix offered by my ISP).
• Well, I need no stinking NAT… ?

Yes. Of course, the IPv4 network uses private addresses and therefore does need NAT. But as IPv6 is preferred, this is only a clumsy fallback when connecting to IPv4-only services.

So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.
Having the public IP address - I see the value in this. You could have a public IPv4 too though, I believe every reputable ISP should offer you a public IPv4 if you need one (some of them cost extra however).

 

[D-FENS]

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you

I do not use IPv6 in my home network, mostly because I have been intellectually lazy and I have not learned how the address allocation works.
My life is totally fine when confined to IPv4, I manage around 200-300 nodes at home with ~20-30 subnets and it works fine. For my external connection I use NAT and 1 external IP address.

In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.
Thinking that every ISP will configure their firewalls perfectly, I think it's wishful thinking. We'll see how it unfolds.

In my honest opinion, IPv4 will still be dominant for the foreseeable future, unless everybody gets like 500 IoT devices at home (which could happen)...

 

[zirias@]

So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.

There's no escape from NAT with IPv4 of course, there just aren't any addresses left. Of course IPv6 solves this problem. While there are very few v6-only services, there are a LOT of dual-stack services, and using v6 with them, no NAT is involved.

In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.

NAT doesn't protect anything. A somewhat "good" NAT implementation tries to route as much traffic as possible, this includes remembering outgoing ports and route back there even from other peers, helping online games, telephony, etc.

The times when home users connected Windows boxes directly to the internet are long gone. Plastic routers typically default to reject anything incoming, there's no reason this would change with IPv6 (actually, they already support IPv6 and, of course, have the same defaults). NAT has nothing to do with that.

 

[Alain De Vos]

When you PPP through your router nothing is filtered, &why would you need filtering if you make sure you don't run services ?

 

[zirias@]

When you PPP through your router nothing is filtered

Then you don't use it as a router but merely as a modem. That's btw what I do, cause I prefer my own firewall over the one built into such a device. But it isn't the default configuration and it isn't what average Joe will do.

&why would you need filtering if you make sure you don't run services ?

It's always a good idea to expect own errors and have more than one line of defense when it comes to security.

 

[mumu]

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you

I've been running dual-stack with addition of ULA addressing, NAT64 and DNS64 for almost a year now. Works well.

 

[Sebastian]

I've been running dual-stack with addition of ULA addressing, NAT64 and DNS64 for almost a year now. Works well.

Which resources did you use to set it up ? I had weird issues with v6 in the past . My main problem was that after some time the v6 gateway was not reachable anymore from my jails which always broke a lot of stuff.

 

[lgrant]

At home, I would like to. My ISP does not provide IPV6. It would be a can of works to ask them.

All other machines have been V6 for a while.

I used a free Hurricane Electric (tunnelbroke.net) IPv6 tunnel for about a decade before I found a dual-stack ISP. I highly recommend them.

 

[PMc]

Yes it can have weird issues. Only thing that really helps is to precisely debug it and see what is [not] happening, so then it is no longer weird.
There is no ARP, and the substitute (neighbor discovery) runs in-band in icmp6. So if some netif gets into a bad mood and buffer stalls, then the network may quickly fall apart.

In my case, a cu command to listen to the (emulated serial) console of a bhyve guest, which gets then sent onwards via ssh, produces write()'s of 11-13 byte size (as the emulaterd 16550 serial controller fifo is just that big), and ssh sends this on as myriads of packets of that same small size! This then can flood a netif and produce a buffer stall - which then will also block the neighbor discovery, and voila, network falls apart.
This then led, after some reading-the-source, into the sysctl net.isr.* and net.link.ifqmaxlen - the latter defined as 50 is fine for a 1GbE netif at kern.hz=4000. If the interface runs more bandwidth and/or the kernel has reduced HZ for power savings, then a bigger buffer may be necessary.

This is just an example for how such issues may need to be debugged.

 

[Sebastian]

Yes it can have weird issues. Only thing that really helps is to precisely debug it and see what is [not] happening, so then it is no longer weird.
There is no ARP, and the substitute (neighbor discovery) runs in-band in icmp6. So if some netif gets into a bad mood and buffer stalls, then the network may quickly fall apart.

In my case, a cu command to listen to the (emulated serial) console of a bhyve guest, which gets then sent onwards via ssh, produces write()'s of 11-13 byte size (as the emulaterd 16550 serial controller fifo is just that big), and ssh sends this on as myriads of packets of that same small size! This then can flood a netif and produce a buffer stall - which then will also block the neighbor discovery, and voila, network falls apart.
This then led, after some reading-the-source, into the sysctl net.isr.* and net.link.ifqmaxlen - the latter defined as 50 is fine for a 1GbE netif at kern.hz=4000. If the interface runs more bandwidth and/or the kernel has reduced HZ for power savings, then a bigger buffer may be necessary.

This is just an example for how such issues may need to be debugged.

Now I just have to learn how to read freebsd source code

 

[PMc]

Doesn't work that way, usually.

Systems administration 1st grade: get yourself some interpreted language tool - could be sed+awk (very old-fashioned), or perl (most common), ruby, python or such. With these you can utilize all the commands in chapter 8 ( man 8), parse the output and configure something in response.
Systems administration 2nd grade: there is still all the entries in chapter 2+3, and these can only be invoked from C language, So to utilize these functions (which can achieve a lot more), you need to learn C language. (the compiler is included anyway, so it would be a waste if you didn't)

And then, as you can write C, you can also read it.

 

[mumu]

Which resources did you use to set it up ? I had weird issues with v6 in the past . My main problem was that after some time the v6 gateway was not reachable anymore from my jails which always broke a lot of stuff.

I've since made a redesign and am running an IPv6-mostly LAN at home. I use Jool for NAT64 on a separate box and Unbound for DNS64. I also have DHCPv4 turned off and it's been working fine for a month+ now..

 

[judd]

Which countries have IPv6?
In terms of global IPv6 adoption, the countries leading the way in this transition are France (over 72%), India (67%), Germany (66%), Belgium (65%), Malaysia (61%), Saudi Arabia (60%), Greece (59%), the United States (54%), Uruguay (50%) and Hungary (50%).

This is Internet Protocol version 6 (IPV6), which in South America is used by only 18% of operators.

Third world, that's the way it is ..

 

[Argentum]

Which countries have IPv6?
In terms of global IPv6 adoption, the countries leading the way in this transition are France (over 72%), India (67%), Germany (66%), Belgium (65%), Malaysia (61%), Saudi Arabia (60%), Greece (59%), the United States (54%), Uruguay (50%) and Hungary (50%).

Another map - https://stats.labs.apnic.net/ipv6/

Seems that India is leading. This is logical because they have the largest population and IPv4 address space is exhausted already.

Personally I have a direct fiber and full IPv6 capability. Probably many people have it without knowing. Another thing is public open networks which usually do not support v6 because of access point configuration.