I’m hardly a “networking” or system admin expert. Even still, I’ve always been interested in the concept of building out my own home router with OpenBSD. It seemed so “hacky” and cool! The problem is that most of the tutorials I stumble across on the internet seem so daunting. I normally read through the guides (maybe even poke around the core
mandocs for a bit as well) but always end up returning to my default ISP setup.But that all changes today! Best of all, you can come along for the ride!
↫ Bradley Taunt
Exactly what it says on the tin.
“Exactly what it says on the tin.” -> I’d expect IPv6 nowadays, but the article’s author considers that a “fancy service”. The guide only deals with IPv4.
You never know what’s behind it…
I have two providers at home. One has working IPv6, the other one has broken IPv6. I pay for fixed IP addresses for both and for years they’ve only managed to properly get reverse dns lookup support for customers on IPv4, and it’s been years. I self host all my stuff (including email) and, unfortunately, due to their incompetence, I can still only support IPv4. =(
Although, to your point, it seems that the author never bothered to try and check.
I doubt IPv6 is going to come anytime soon as IPv4 with NAT is good enough. Instead of extending IPv4 to e.g. IPv4.5 (from 4 bytes to 5 or 8 bytes) they redesiged entire protocol stack while making configuration annoying and added another layer of complexity by requiring users/admins to le-learn yet another set of commands and specifications.
pikaczex,
You are right.
They assumed everyone would use high level tools, and nobody would actually directly type in IP addresses.
It makes configuration debugging almost impossible. You basically get a random 128 bit string, which cannot be deciphered by average IT people.
The broke the long held tradition of being able to edit hosts, or similar configuration files manually,
It’s pain.
One problem I have is the following:
I have 3 VLANs. One for my servers, one for my workstations and one for the IoT crap.
With IPv4, it is easy. Each subnet gets its own range, NAT, all good.
With IPv6, I need the provider to give me a range for each one of my VLANs. I couldn’t figure out how to split a subnet in two or three in my router (pfsense) and keep it working. So, for one of my providers, I managed to convince them to give me two prefixes, which I assigned to my server and workstation VLANs. (iot is blocked from the internet directly and I don’t care – it’s all self hosted). But the other provider only gives me one prefix.
Now the problem is… it breaks my HA setup and I can’t load balance. I assign the prefix from the provider that gives me a single prefix to my servers, and then the devices on the workstation VLAN will never use that connection because they don’t have an IP from that range. And, in case that provider goes down, they will not failover seamlessly. So the only way I managed to fully load balance and HA both my providers is to stay on v4. I enabled v6 only for the server VLAN and even then, email only comes via v4 because of reverse DNS.
I hope one day I will figure out how to split the prefixes I get from the carriers between my 3 VLANs and I hope one day my providers will offer proper reverse fqdn for my IPs. As of now, it is simple. I get 1 IPv4 from each carrier, they reverse name it to the fqdn of my choosing, all good. Now they give me the whole prefix and they don’t seem to have the tooling to support my request to set up reverse for the IPs I choose.
So meh, probably a lot of it comes to my stupidity, but they also don’t seem really ready to support v6 properly.
You can also do NAT with IPv6. See for instance: https://openwrt.org/docs/guide-user/network/ipv6/ipv6.nat6
Usually ISPs provide a /48 or /56 and this is not needed, but if they only provide a /64 you need to choose between supporting SLAAC plus using NAT for the other networks or DHCPv6 with smaller subnets.
Z_God,
Yes, but my god why? NAT is what we’re trying to get away from with IPv4! (The why is a bit rhetorical, google makes NAT a requirement if you want to subnet your /64)
Many (if not most) ISPs don’t provide more than a /64, unless you pay for more.
2^64 IP addresses is still an ungodly amount of IP addresses, but SLAAC was designed not to be able to subdivide them and furthermore google stands alone in not supporting IPv6 subnetting beyond /64. It’s asinine that IPv6 can offer /64 to customers only to have subnetting prohibited by corporate decree. I’ve partook in enterprise environments where google’s refusal to embrace DHCP6 justified sticking with IPv4. Every other platform natively supports DHCP6 subnets except for google dragging their feet holding IPv6 back. Ugh, *facepalm*.
IPv6 is a great idea, and is widely used. However that “widely used” is generally on the ISP side of things.
For private networks, IPv4 with NAT is absolutely sufficient. There is zero reason to use IPv6 on a private network, when the 10.x.x.x will cover even the largest of organisations for IPs. IPv6 brings essentially zero benefits to a private network, and in fact just makes life much harder to manage if it’s used in such a setting
It’s like ma lot of things in tech, as technology progresses and needs increase, the old tech doesn’t disappear, it just fills a different niche. Most OSes still ship with a VT100 emulator. RS232 serial is still endemic in industrial and sysadmin spaces. Intel kept manufacturing 286’s until about a decade ago.
No, none of those pieces of technology are in daily use by the majority of computer users, like they were in their heyday, but just because newer technology has superseded them in most use cases, doesn’t mean they don’t still have their niche, just like IPv4.
IPv4 is dead, long live IPv4.
I’m probably in another universe 🙂
My ISPs have provided me with working IPv6 for over 22 years now (more than half of my life) and it’s handling most of my traffic for a long time now as typically high traffic things are on IPv6.