We mainly use ipv4, but recent laws that all public sector websites are to use IPv6, we have had to update our stack.
Now we can do IPv6 public endpoints with ipv4 backends.
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
We mainly use ipv4, but recent laws that all public sector websites are to use IPv6, we have had to update our stack.
Now we can do IPv6 public endpoints with ipv4 backends.
In next 10-20 years everyone will use IPv6
You can pry my v4 addresses from my cold dead hands.
We disable IPv6 often when troubleshooting a network issue. Nothing that I have seen requires IPv6, and turning it off solves more issues than we would expect even today. It’s not the first thing I’m going to try, but I’ll often do it if I have to reboot anyway.
I also uninstall Dell Optimizer and Dell Optimizer Service on sight regardless of the issue because that evil will cause problems eventually. Best to just eradicate it on sight.
We are going full v6 with SIIT-DC (rfc7755) with our next hardware refresh. Our mother site doesn’t but we don’t care what they do as that’s not our problem
IPv6 after so many years still is a victim of the chicken-egg-problem. People don't need it because services don't support it because people don't need it because ... and so on and so forth. I try to enable IPv6 wherever I can and I didn't have a propblem for ages. Dual stack is stable and there are actually a good amount of services that support it.
I think we should all push to implement IPv6 so that IPv4 can finally be laid to rest. Using IPv4 makes everything a bit more expensive because it is so damn expensive to get a stupid number. If someone is really scared that every computer has a publicly routable IP, and if you really think you can not configure a firewall, there is a private IPv6 space and you can use NAT with IPv6. It's not recomended but it's possible. I'd still say using a firewall is not harder and just as safe.
And there is the fact that you can make so many subnets which can make your internal network so much safer. You can controll better how packages are sent to groups because broadcast was dropped in favor of multicast. There is IPSec Support built in. Secure Neighbor Desicorvery to prevent attacks like ARP spoofing. There are a lot of reasons to implement IPv6 and even to switch to IPv6 only if possible.
Why should I use IP6 in my small home network?
Or in an SMB where there are less than 100 IP's used on a daily basis?
First I have to pay the cost of transition, along with the risk of things not working while I do this, and then the risk of something new being added and not working.
There's simply no value in these environments to switching, and a lot of risk.
Now let's look at Enterprise, where you have thousands of desktops, probably thousands of servers, extensive networking that already works (along with many, many devices that don't support IP6, like printers, scanners, access control devices, surveillance hardware, etc, etc). Are you going to pay the tens of millions to transition, and assume the risk?
IP6 is good for backbone right now. It will slowly transition into LAN for larger environments (think Enterprise when they setup new network segments, since they're buying new hardware anyway. But only after extensive testing.
But IP4 is just fine for small networks, and I don't see any reason for IP6, ever, for home and SMB LAN.
ipv6 isnt real.
On my local network I want governance over my devices. I want specific firewall rules per device, so I can, for instance, block YouTube only on the kids devices. I want this to be centrally managed, so configured on my opnsense router. I want all devices to use IP6. Unfortunately none of this is possible.
To setup firewall rules I need DHCPv6, not SLAAC so my IPs on my local network that I manage are well known and fixed. Android devices don't support DHCPv6. And the designers of IP6 were daft enough to set the priority of IPv4 above that of their new protocol. So basically if you have any IPv4 addresses on a device, they'll be preferred by basically all operating systems - because that's what the spec says. So you can't run dual stack in a meaningful way.
TL;DR: IPv6 on a local network has not been thought through at all even though it's incredibly old, it's really immature.
Trash