this post was submitted on 26 Jun 2024
66 points (73.2% liked)

Unpopular Opinion

7834 readers
80 users here now

Welcome to the Unpopular Opinion community!

How voting works:

Vote the opposite of the norm.

If you agree that the opinion is unpopular give it an arrow up. If it's something that's widely accepted, give it an arrow down.

Guidelines:

Tag your post, if possible (not required)

  • If your post is a "General" unpopular opinion, start the subject with [GENERAL].
  • If it is a Lemmy-specific unpopular opinion, start it with [LEMMY].

Rules:

1. NO POLITICS

Politics is everywhere. Let's make this about [general] and [lemmy] - specific topics, and keep politics out of it.

2. Be civil.

Disagreements happen, but that doesn’t provide the right to personally attack others. No racism/sexism/bigotry. Please also refrain from gatekeeping others' opinions.

3. No bots, spam or self-promotion.

Only approved bots, which follow the guidelines for bots set by the instance, are allowed.

4. Shitposts and memes are allowed but...

Only until they prove to be a problem. They can and will be removed at moderator discretion.

5. No trolling.

This shouldn't need an explanation. If your post or comment is made just to get a rise with no real value, it will be removed. You do this too often, you will get a vacation to touch grass, away from this community for 1 or more days. Repeat offenses will result in a perma-ban.

6. Defend your opinion

This is a bit of a mix of rules 4 and 5 to help foster higher quality posts. You are expected to defend your unpopular opinion in the post body. We don't expect a whole manifesto (please, no manifestos), but you should at least provide some details as to why you hold the position you do.

Instance-wide rules always apply. https://legal.lemmy.world/tos/

founded 2 years ago
MODERATORS
Rooki@lemmy.world
JonsJava@lemmy.world
lemann@lemmy.world
ptz@dubvee.org
technopagan@lemmy.world
66
Don't bother promoting IPv6 as "the future". It's never going to be the default. (feddit.nl)
submitted 1 year ago* (last edited 1 year ago) by neidu2@feddit.nl to c/unpopularopinion@lemmy.world
51 comments fedilink hide all child comments
 

Basically what the title says. Here's the thing: address exhaustion is a solved problem. NAT already took care of this via RFC 1631. While initially presented as a temporary fix, anyone who thinks it's going anywhere at this point is simply wrong. Something might replace IPv4 as the default at some point, but it's not going to be IPv6.

And then there are the downsides of IPv6:

  • Not all legacy equipment likes IPv6. Yes, there's a lot of it out there.
  • "Nobody" remembers an IPv6 address. I know my IPv4 address, and I'm sure many others do too. Do you know your IPv6 address, though?
  • Everything already supports IPv4
  • For IPv6 to fully replace IPv4, practically everything needs to move over. De facto standards don't change very easily. There's a reason why QWERTY keyboards, ASCII character tables, and E-mail are still around, despite alternatives technically being "better".
  • Dealing with dual network stacks in the interim is annoying.

Sure, IPv6 is nice and all. But as an addition rather than as a replacement. I've disabled it by default for the past 10 years, as it tends to clutter up my ifconfig overview, and I've had no ill effects.

Source: Network engineer.

you are viewing a single comment's thread
view the rest of the comments
[–] Coelacanthus@infosec.pub 0 points 1 day ago* (last edited 1 day ago) (1 children)

If I go for SLAAC with privacy extensions and I keep paying for a static IP (v4 & v6) to my ISP then I can't implement any firewall rules for specific devices as devices will change their IP regularly. And its even worse if I don't pay for a static IPv6 prefix.

I don't know which firewall software you used. But if you use nftables, which support suffix match and conntrack for TCP/UDP, you can block all new (identified by conntrack) income (since privacy extension design for outcome) and allow income with specific suffix (for SLAAC with EUI-64, it will stable), needn't care about which prefix was used.

[–] blackstrat@lemmy.fwgx.uk 1 points 16 hours ago (1 children)

I'm using opnsense. Can't day I followed your description. Sounds far more complicated than "use NAT", which would solve almost everything.

[–] Coelacanthus@infosec.pub 1 points 15 hours ago

Actually it's simple than "NAT", technically. Normally when we said "NAT", it's not just NAT (Network Address Translate), but a NAT plus a stateful firewall (see documents below). The conntrack here is a stateful firewall as in "NAT". And compare to create a map from (paddr, pport) to (iaddr, iport) and match the later, it's more simple to just match suffix of address.

https://datatracker.ietf.org/doc/html/rfc4787

https://tailscale.com/blog/how-nat-traversal-works