I spent a WEEK without IPv4 to understand IPv6 transition mechanisms

Поделиться
HTML-код
  • Опубликовано: 19 ноя 2024

Комментарии • 520

  • @juliannesermon8057
    @juliannesermon8057 Год назад +292

    I have yet to encounter a network where this wouldn't cause problems. The fact that this is being done as a daring experiment speaks for itself.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +79

      IPv4 literals in protocols / old software still using IPv4-only sockets (Steam was brought up for perpetuating this problem across their platform) is really the problem, OS support is excellent for clients at least. So at least we're getting closer.

    • @AndersJackson
      @AndersJackson Год назад +16

      That you think this, is just because when this happens, you only notice when IPv6 has been misconfigurated.
      You are probably running more IPv6 then you think. At least in when using your mobile phone.

    • @lamjeri
      @lamjeri Год назад +27

      This kind of thinking is the reason IPv6 is not getting adopted. People are afraid of the change, or they are lazy to do the work, do the research and actually try and troubleshoot the things. IPv6 is ready for mass adoption. The network admins pulling their weight and actually using it is the only things it's keeping it back.
      Over the years, people got somewhat used to the hack-and-slash of NAT and now they don't even realize how simple and beautiful would the network troubleshooting be, if you suddenly didn't have 6 NATs in a row and you could clearly see both source and destination from any point on the network.

    • @petevenuti7355
      @petevenuti7355 Год назад +2

      ​​@@lamjeri what if I want to hide behind 6 nats , With all kinds of funky manually addressed subnetting in between‽ ...
      I also miss jumpers and being only one or two layers of abstraction from the hardware...
      Seriously though, if I don't want a public accessible IP address (as in, it don't exist, not relying on a third-party firewall) how is that done?

    • @Kilraeus
      @Kilraeus Год назад +4

      ​@Pete Venuti Unique Local Addesses are a range in IPv6 for not having internet access. Specifically it is designed to be black holed not translated.

  • @roaridse
    @roaridse Год назад +342

    Finally someone having IPv6 as a topic. Not many tech-youtubers do! Interesting topic on going v6 only, I have not tried this - just dualstack. Another important topic will be the ipv6-support on network devices. It's a bit ironic that at lot of them does not support management on v6....

    • @apalrdsadventures
      @apalrdsadventures  Год назад +33

      I've started to go IPv6-first in my tutorials, hopefully it raises some awareness of how it's not hard to deploy on your own devices.
      Currently none of my APs and only one of my switches supports IPv6 for management, but the APs are all between 3 and 8 years old at this point (mix of 802.11AC wave 1 and wave 2), so I guess I'd expect anything new to support IPv6 management. I'm not really happy with a lot of APs available anyway, though.
      The NAT64 server is also useful to connect to legacy devices, typing [64:ff9b::192.168.1.1] totally works as long as the routing can handle it.

    • @ai_university
      @ai_university Год назад

      The main issue I have in my network

    • @joergsonnenberger6836
      @joergsonnenberger6836 Год назад +1

      @@apalrdsadventures I've been lazy so far and not enabled IPv6 on the APs and switches here. I've been updating all hardware over the last three years with the goal of having at least SSH and TLS support on everything, IPv6 is easy in that regard.

    • @remty516
      @remty516 Год назад +4

      @@apalrdsadventures I'm sad to see that 3-8 years old devices are considered old an therefore not blamed for not having v6 support, since ipv6 has existed for so longer... I wasn't even born when ipv6 was made and now I'm old enough to understand what it is and it's only starting to get adopted. A shame.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +3

      There's definitely a huge difference between networking equipment with no / broken v6 support and not having v6 support on the management interface but passing traffic correctly. In my case, my oldest AP seems to improperly handle VLAN segmentation for IPv6 RAs, but the rest of them are /just/ lacking IPv6 on the management interface.
      All of my Mikrotik hardware has great IPv6 support, if only they made good radios as well.

  • @varnull6120
    @varnull6120 Год назад +116

    obviously we're gonna move to IPv6 sooner or later, but I'm gonna be honest, I've been hearing about IPv6 for so long, I can't ever imagine us finishing the transition. IPv6 is IT's nuclear fusion.

    • @tildey6661
      @tildey6661 Год назад +8

      Reminiscent of the python 2 -> 3 transition in a way. Or carbon nanotubes…

    • @BrianThomas
      @BrianThomas Год назад +5

      I agree with you. As I'm watching the video at the end. I'm thinking to myself. OK, but why? I understand the benefits that IPv6 brings, but if in your home network. Why go to all of the trouble and time when IPv4 works.

    • @dgpsf
      @dgpsf Год назад +4

      @@BrianThomas If I understand it correctly, and I'm a noob with ipv6 really so forgive me, but anyway, if you use ipv6 for everything you don't need NAT. Which means you could access all the devices in your home each on its own dedicated routable IP. Whether you're in the home or not. Obviously you would need firewall rules to specify that they only accept traffic from say, your office's IP. Yes, a VPN would allow this and be safer. But this is just an example.
      Or you could run tons of separate servers on ports 80/443 all within your house.
      Anyway really the primary reason is actually to learn! Because we are at least already at a point where *some* devices don't and won't have v4 addresses, and we should understand how this actually works.

    • @BrianThomas
      @BrianThomas Год назад +1

      @@dgpsf Roger that. You're right. It does remove NAT and the need to open ports. I don't mind that so for me learning is the only benefit I can see. NAT or really PAT is only used for inside outside translation, so you don't really need it for network traffic translation inside a home network. Unless you're super wealthy and you have a massive home network that span's from state to state, which I have seen by the way.
      I know this might sound kinda goofy but I actually enjoy ipv4 over ipv6. I've spent so much time doing network segments by hand that it was fun. I tried ipv6. It gives me a headache 🤣. I think I need some whiskey and a little time before ipv6 starts to look good to me.

    • @Sammysapphira
      @Sammysapphira Год назад

      Sooner than later*

  • @eliotmansfield
    @eliotmansfield Год назад +82

    I learnt (and subsequently forgot) ipv6 more than 10 years ago because ‘we have run out of ipv4’ - yet 10 years later, we still have ipv4 and ipv6 still has issues and not really widely adopted.
    The only thing that will force widespread adoption will be some killer application or game that requires you to have a real non natted address which or course can only be done on ipv6

    • @joergsonnenberger6836
      @joergsonnenberger6836 Год назад +20

      In Germany, the last of the big ISPs has finally started to offer IPv6 by default in 2021. Many of them have also migrated to native IPv6 for their backbone, so IPv6 actually gives you a better network experience than IPv4. The more CGNAT is pushed to customers, the more it is noticable. Already, IPv6 is the easiest way to actually get access to your home network and just working without tricks as long as you don't use some random guest Wi-Fi.
      There will be no killer application for IPv6 because there is just way too much legacy compatibility equipment in place. That doesn't mean that a well-designed application won't try a direct connection in place of going via the usual proxy servers, just to name one example.
      Concerning the running out of addresses: the pain is real, and the cost is growing. It's just not something a regular end user will see, as they have mostly been moved to CGNAT already. Various hosting companies have separate (lower) tariffs for IPv6-only deployment, just to name one example.

    • @FlaxTheSeedOne
      @FlaxTheSeedOne Год назад +5

      The thing is, it starts with you. You are a part of the Internet. Everyone and their homelab is part of it. If we all move this can be done, but with the mindset of: Yall have to do it first, before I do it is uttterly backwards.

    • @espi742
      @espi742 Год назад +27

      IPv4 has been exhausted for a while now. The IPv4 internet is held together by NAT and evermore double NAT.
      To be honest, NAT is fine, but it essentially killed most P2P and shaped the entire internet as client -> server.

    • @joergsonnenberger6836
      @joergsonnenberger6836 Год назад +16

      @@espi742 It's worse. It forces centralization of services, it helps new oligopolies by increases the barrier of entrance for new services, it wastes tons of resources.

    • @BrianCroweAcolyte
      @BrianCroweAcolyte Год назад

      @@espi742 P2P is alive and well. If it is killed, it's probably only be the case in third world countries that got the internet late. In America, the only time I've ever encountered CGNAT in the wild is on phone networks and newer Satellite internet providers like Starlink.

  • @TheDark0rb
    @TheDark0rb Год назад +139

    I guess part of the reason for the Apple devices working so well is that Apple actually has it as a hard (must) requirement for Apps in the App Store to work correctly in IPv6 only networks since 2016. They even point out that the testing should be done without cellular data enabled (WWAN) and should be done on WiFi only - makes sense that the underlying OS would behave well too as a result :) Nice video, guess I should revisit this on my own network some day.
    As I'm sure you know, the chicken/egg problem is made worse by ISP's not giving IPv6 to end users. Here in NZ our largest telco is ¯\_(ツ)_/¯ about it. Pretty much the rest of them support it and some even give static /56's for no cost which is nice.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +19

      Apple's IPv6 support is really excellent, I wish other OSes cared this much.
      I get a dynamic /60 but it hasn't changed in 2 years so it's basically static. I do wish it was a /56 though, but apparently the ISP who owns half of the US can't afford that.

    • @mytech6779
      @mytech6779 Год назад +5

      The OS really has nothing to do with IP addresses, networking is a separate service in general purpose computers.(Though the software is often bundled with the OS) The app store requirement is purely about customer service and has no relation to the OS.
      (Networking could be compiled directly into an OS kernel but it's not good practice outside of task specific embedded appliances like a router.)

    • @apalrdsadventures
      @apalrdsadventures  Год назад +26

      The networking stack is deeply embedded in most modern OSes, Linux for example has a massive amount of kernel infrastructure for Netfilter and IP routing.
      Apple's commitment to IPv6 led them to implement a very good CLAT system that is able to detect IPv6-only and IPv6-mostly networks and route IPv4 traffic over IPv6 transparently to applications. That's definitely not app-level code.

    • @dannestrom
      @dannestrom Год назад +3

      Same chicken and egg problem here. There is essentially no ISPs in Sweden that offer IPv6 connectivity. I am all in on Apple products, and could use IPv6 on my local network, but I really don't see the point, since all ISPs have IPv4 only addresses on the outside of the router. I don't have so many Apple devices either. Just a Mac, an iPhone, an iPad, an AppleTV and HomePod minis.
      The real benefit would come if some ISP would support IPv6 on the WAN side. Then I would switch immediately. Not to end users. I've been complaining to my ISP about this for the past 15 years or so. I have been wanting IPv6 for a long time.
      There are some ISPs that offer IPv6 in Sweden, but only to national authorities and big corporations.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +8

      Here in the US virtually all home ISPs support IPv6 to some extent, and it's the businesses which are behind the times on updating. But you're right - RIPE called out Sweden specifically for having awful IPv6 deployment ( labs.ripe.net/documents/295/RIPE_NCC_Internet_Country_Report_IPv6_in_Sweden_May_2022.pdf and a map of the Nordic region labs.ripe.net/documents/320/RIPE_NCC_Internet_Country_Report_2022_The_Nordics_December_2022.pdf )
      So... big oof for Sweden I guess

  • @Vipervire
    @Vipervire Год назад +73

    This is a very under appreciated topic. Glad to see someone in the Homelab YTer space playing around with it!

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Glad you enjoyed it!

    • @James_Knott
      @James_Knott Год назад

      The problem is those with their head in the sand, who refuse to see the problems caused by IPv4.

  • @jeffbrl
    @jeffbrl 9 месяцев назад +3

    Network engineer/infra guy here. Your knowledge of advanced networking concepts is very impressive. I found your observations on the state of IPv6-only in a home environment (albeit a power user) to be very insightful. Sub earned!

  • @toxicbubble5
    @toxicbubble5 Год назад +7

    25 years later and it almost works if you do a ton of effort and your ISP supports it and you manage your hardware and software end to end, and hold your tongue right and the stars align. Not a bad technology, but seems like support and will and migration effort is near zero at this point.

  • @emu071981
    @emu071981 Год назад +52

    Ah, IPv6. Twenty years on and it is still barely supported on the internet at large. I remember setting up IPv6 on my internal network many many years ago (~2005) and eventually giving up on it because I had no external IPv6 access which meant that I had to run a dual stack which caused a lot of hassles like DNS lookups taking forever because the OS would wait for the IPv6 to timeout before trying IPv4.

    • @oshavlfarms7239
      @oshavlfarms7239 Год назад +3

      25 at this point... Or close to it

    • @espi742
      @espi742 Год назад +2

      Nowadays with Happy Eyeballs running dual stack is basically painless.
      IPv6 only is a load of trouble still. Mostly because so many websites, services and apps don't support it.

    • @ReinierKleipool
      @ReinierKleipool Год назад

      Hurricane Electric tunnels to get IPv6 into your router without ISP support.

    • @catchnkill
      @catchnkill Год назад +7

      No one come out and admit that IPv6 has been a failure. It does not replace IPv4. The engineering team designing IPv6 made a fundamental mistake. They did not design the IPv6 to be backward compatible. Implementation of IPv6 is an add-on. You need dual-stack. You can never take away the IPv4 support. IPv4 has been so pervasive that dual stack will be there forever. Since IPv4 is always there, there isn't very strong incentive to change to IPv6 only.

    • @oshavlfarms7239
      @oshavlfarms7239 Год назад

      @@catchnkill 👆👆👆

  • @digital_sorceress
    @digital_sorceress Год назад +19

    Interesting - I've been a IPV4 nerd for a long time - and I'll admit I struggle with 6 - in theory if you understand one you should understand the other but yeah - lots of little practical gotchyas here and there. Seeing your success and the troubles you had here is helpful - Still I just - it's hard to go from "I am confident I can handle any network issue I run into in my v4 network" to having that new stuff plus all the translation going on to troubleshoot - like .. I guess if I were still doing sysadmin/networking for a living (long since moved into an adjacent field) so my hobby mode network at home is .. a little "get off my lawn" :)

    • @apalrdsadventures
      @apalrdsadventures  Год назад +4

      I started a few years back with IPv6 for clients only - they can go out to the internet via v6 and nothing else - and that was a pretty easy middle ground to have IPv6-web accessibility without redoing my network.
      So now I'm at the redoing my network point anyway (for other reasons).

    • @catchnkill
      @catchnkill Год назад +1

      I shall stick to IPv4 forever. There is really no incentive to use IPv6. The biggest ISP of my city does not assign IPv6 addresses to its subsribers. The largest mobile phone network also does not assign IPv6 addresses. Thus IPv4 can hang on forever. The largest stake holders do not assign IPv6 to their customers. They do not have any explanation on not assigning IPv6 addresses to their customers. Their action means a lot. IPv6 will never replace IPv4, never.

    • @iSkyLiTz
      @iSkyLiTz Год назад +3

      @@catchnkill Famous last words.

  • @WobblycogsUk
    @WobblycogsUk Год назад +4

    In the late 90's I was studying at a computing department doing a lot of research into IPv6. The guys working on it thought it would be widely adopted within a few of years. With hindsight that seems silly but it's shocking we've not made more progress.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      It's really unfortunate, but NAT became the way of doing things and we got used to all of the problems it causes

    • @catchnkill
      @catchnkill Год назад +2

      Those IPv6 designers have made a fundamental mistake. They assume that all users will migrate to IPv6 within a few years. They threw out backward compatiability in IPv6. Due to no backward compatiability devices must be dual stack. Since every computing devices, OS are dual stack nowaday, there isn't any real strong incentive to migrate to IPv6. IPv4 will work forever. As long as IPv4 still works, there will not be a complete migration to IPv6. IPv4 will co-exist with v6 forever.

  • @theshemullet
    @theshemullet Год назад +12

    Do you think you could do a fuller video on how you set up nat64 and dns64 on opnense? A start-to-finish video would be great.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +5

      It's a bit of a struggle on OPNsense since FreeBSD's pf doesn't natively do NAT64, and there's no out of tree module for it on FreeBSD like Jool on Linux.
      The only method on OPNsense is Tayga via a plugin, but Tayga doesn't do the full process - it just does 1:1 stateful NAT address translation from an IPv6 pool to a smaller IPv4 pool and relies on the kernel to further normal masquarade address + port translation. You end up translating the entire IPv6 internal space into an RFC1918 private IPv4 space and then relying on the kernel to translate those IPs to a public IP/port, and doing it via a fake tun interface. Makes it easier on Tayga but is a bit of a hack imho. Tayga is also fairly abandoned, although it appears to still work fine.
      Jool does the full process (IPv6 address pool -> single IPv4 public address) and also has a lot more features (like static translation entries for 4->6 port forwarding and per-user assignments for CGNAT), so I installed Jool on a VM for this. That also gave me an easier way to setup logging without interrupting everyone else who relies on the network. Unfortunately it means I don't have a feel for how well Tayga works.
      I feel like OPNsense is a bit held back by pf vs netfilter on Linux. I like OPNsense a lot, but also wish it could do things that Netfilter can do.

  • @dono42
    @dono42 Год назад +7

    The major problem that I have with IPv6 is that my ISP only gives me a /64 address. I have multiple VLANs so need prefix delegation, but that is not possible with a /64 address. There are of course other options available, but none of them are very appealing to me. For example, I could manually set private IPv6 addresses for each VLAN and then NAT64 them to the global /64, but that largely negates the reason for IPv6.

    • @SJohnsoninc
      @SJohnsoninc Год назад +1

      you can do DHCPv6 with less than a /64. Caveat: Android doesn't support DHCPv6. Android only uses SLAAC. And SLAAC doesn't work with anything other than a /64.

    • @codyrobinson6094
      @codyrobinson6094 Год назад

      You can create subnets still, it's just "recommended" to do that

  • @RobertPendell
    @RobertPendell Год назад +5

    Yea. I was on T-Mobile's ISP connection and it used 464 XLAT which worked wonderfully. 99% of the time sites were fully unaware of the network oddities. Consoles saw double-nat but was functionally unhindered except for Nintendo consoles and handhelds when they were doing direct P2P multiplayer gameplay.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +4

      if only Nintendo supported ipv6 natively they wouldn't have to worry about NAT getting in the way

  • @CosmicJoeK
    @CosmicJoeK 15 дней назад +1

    Thank you very much for sharing your experience and knowledge! 🙏 ipv6 is soo overdue. i will try your configuration. subscribed 👍

  • @YoshiLightStar
    @YoshiLightStar Год назад +4

    I remember being stuck with only a mobile hotspot and it only had working IPV6 which made many things a pain to use since stuff like Steam and some communication applications only support IPV4 for some reason despite IPV6 existing for ages now. Luckily something known as clatd ended being pretty useful and it made everything work quite well and smoothly after running it as if I was using a regular connection.

  • @AlexBraunton
    @AlexBraunton Год назад +17

    This was a really great experiment. Next it would be good to move it to the rest of the house and see how your family cope! Can I ask, how did you get your network data into the Grafana dashboard? I'm guessing Prometheus but what actually generates the metrics data to get things like bandwidth and ipv4/ ipv6 segments?

    • @apalrdsadventures
      @apalrdsadventures  Год назад +5

      It's part of my existing monitoring using Telegraf and InfluxDB. I also use ntopng, but I didn't enable ntop on the vlan I used for this test.
      To separate IPv4 and IPv6 traffic, I had an intermediate Linux router (running Jool) which sits on the test vlan, and two additional vlans back to OPNsense. By logging the byte counters on the two vlan interfaces in OPNsense and using one for IPv4-only and one for IPv6-only, I got a separate log of IPv4/6 traffic.

    • @James_Knott
      @James_Knott Год назад

      Apparently bitcoin really likes it.

  • @jmlemmi
    @jmlemmi Год назад +10

    Very cool. I just started with an IPv6 only subnet as well and am planning to transition my homelab into it piece by piece.
    I too was surprised when IPv4 literals worked on my Android phone, because it automatically did CLAT.
    Currently I'm running Jool on a VM, because neither Unifi nor Mikrotik have NAT64 in their routers, which is very sad.
    Got a new subscriber from me and I'll be following along on the journey. :)

  • @eDoc2020
    @eDoc2020 Год назад +14

    At the time I last seriously considered using IPv6 my ISP was showing no signs of supporting it, I have plenty of legacy devices, and it just seemed too much to handle. More recently I was using my laptop at my old workplace and asked Google for the public IP address and was super surprised to see an IPv6 number. It just worked with Comcast and Windows 7. It's probably time for me to recheck my home ISP and try to go dual-stack.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +6

      Dual stack tends to 'just work', since most client software and OSes will transparently find out if a given server should use IPv6 or IPv4 with basically no delay to the user. Old devices will stay IPv4-only and new ones will prefer IPv6.
      Going further than dual stack is where you start to see issues with clients who can't handle IPv6.

    • @AndersJackson
      @AndersJackson Год назад

      Old devices usually only be used internally in your local network. They can use a private network, but not reach Internet.

    • @MINIMAN10000
      @MINIMAN10000 Год назад

      I paid for a IPv6 vps and honestly that was no problem because cloudflare is able to handle the IPv4 side of things, you just run the webserver and connect it up with cloudflare and it all just worked.

    • @James_Knott
      @James_Knott Год назад +1

      If your ISP doesn't provide IPv6, you can always use a 6in4 tunnel from Hurricane Electric. They provide a /48 for free.

    • @eDoc2020
      @eDoc2020 Год назад

      @@James_Knott For some reason I was under the false impression that they had discontinued that service. I played around with it on my microserver years ago but IIRC it stopped working and I never investigated. My biggest problem with the service is they provided your personal info in the public WHOIS for the block. Lying is an option but I'd rather not do that.

  • @Darkk6969
    @Darkk6969 Год назад +10

    I use IPv6 on the WAN for Wireguard clients. Works pretty well for T-Mobile devices. My internal network is still IPv4 only but once WG connects to the WAN I can still see my internal network just fine. I've tried dual stack IPv6 / IPv4 for my internal network and servers which created weird connectivity issues. I will go back and revisit this at some point. Have to find a good solid configuration setup in pfsense to support both IPv4 and IPv6.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +4

      If your home ISP is T-Mobile, you might have issues with a small prefix (or only one subnet).
      In general, since IPv6 is entirely publicly routable with no NAT, we need to get a routing prefix from someone who owns public address space. It's dirt cheap to buy your own /48 prefix directly compared to buying a few public IPv4s yourself, but residential ISPs won't peer with you over BGP to advertise your own prefixes (or public IPv4s). Instead, they will give you a block of their public prefix space using DHCPv6-PD. Usually they give you something from /60 (16 subnets) to /56 (256 subnets) for you to break up into individual subnets as you choose, and pfsense/opnsense both support this well.
      Mobile ISPs though tend to not support DHCPv6-PD and are designed for clients to directly connect to the radio / baseband processor without an intermediate router, so they usually provide a single /64 (one subnet). OPNsense can pass this along to a single LAN subnet, but then you can't do further subnetting.

    • @Darkk6969
      @Darkk6969 Год назад

      @@apalrdsadventures I have Comcast residential ISP so pretty much limited to what I can do without going commercial. I did setup DHCP6 in pfsense with /56 prefix so I can assign IPv6 to my VLANs. That was a fun learning experience on how to make it all work. It mostly did work but had weird routing issues.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      In general, the DHDP6-PD you get from Comcast should be all you need. Plenty of space for subnets, no need for BGP or owning your own prefix.
      The only downside is you're tied to their prefix, so moving or switching ISPs means renumbering any static addresses.

    • @eDoc2020
      @eDoc2020 Год назад

      ​@@apalrdsadventures There's a solution to changing IPv6 prefixes on your local network: unique local addresses (fd00 range). It's pretty much the same as IPv4 private addresses. Give your hosts public addresses so they can talk with the outside world and use a ULA for everything within your network.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I've used ULAs a lot, but there are some quirks about multiple IPs on the same device that some software isn't ready for, even if it's otherwise IPv6-ready. Proxmox for example has no issues running with many IPv6s on one interface, but the network configuration GUI will keep reverting that bit every time you edit any network configuration from the GUI. Other software just has a textbox for IPv6 address along with IPv4 address.
      I was trying to see how OS support for route advertisements is to see if I could reliably have two routers (one for GUAs and one for ULAs) on the same L2 domain, and only macOS, Windows, and iOS picked up the fd...::/48 advertised route in addition to the local subnet's fd...::/64 on-link route and added it to their routing table. Everyone else went to the GUA default gateway, which means it's not reliable to have two routers for GUA/ULA and all of the traffic still needs to go via the default router or on-link. I was hoping to push ULAs to a managed switch (which has much more limited firewall ability) and GUAs via OPNsense, but inconsistent routing would break stateful firewalls along the path.

  • @msinfo32
    @msinfo32 Год назад +5

    Would love to see a video looking on how to document a homelab.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +5

      Still working on testing different software for documentation, but I'll probably have it figured out in the next month or so

  • @donaldduck7268
    @donaldduck7268 Год назад +3

    I asked the question to someone yesterday is it possible to have a home network work entirely on ipv6. Had a look on RUclips and like magic someone like yourself did it. Interesting vid. Thanks 😊

  • @WilliamSwartzendruber
    @WilliamSwartzendruber Год назад +4

    I did this to my apartment in 2012. NAT64+DNS64 was brand new back then. As I recall, FTP had to be passive, and Skype just didn't work at all. Aside from that, everything functioned well. My family had no idea.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +3

      FTP has problems even with normal IPv4 NAT already lol

    • @enochliu8316
      @enochliu8316 Год назад +1

      FTP passive is already needed in many IPV4 networks, and they simply did not bother adding active mode to IPv6.

    • @AlexanderRay92
      @AlexanderRay92 Год назад +1

      FTP is among the absolute worst protocols IMO

    • @James_Knott
      @James_Knott Год назад

      FTP has to be passive with NAT too. I learned this back in the 90s, when I got a cable modem and put a firewall on it.

  • @ikerstges
    @ikerstges Год назад +7

    IPv6 to the masses!.. 🙂 Great video, I liked the format with the daily updates! I will stick around to find the 'nuggets' here, need to learn managing the routing with IPv6, figure out how I can choose my IPv6 addresses.. Thanks!

  • @landybible2604
    @landybible2604 Год назад +5

    This is great information! I'm glad to see someone digging into IPv6. Many large ISPs are moving to IPv6-only core networks due to the lack of available IPv4 space, and are doing all sorts of tricks to get IPv4 "as a service" over top of those networks. Enterprises and ironically the more technically inclined home users are the main people lagging behind by disabling IPv6. Most home users never even notice when it gets enabled by their ISP because it just works.
    As a network engineer, I'm currently designing IPv6-only data center deployments because it's just too expensive to buy IPv4 space for everything and I don't want to deal with the pain of dual-stack everywhere. It's much simpler to just translate at the edge for the customers who can't access us over IPv6 yet.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +6

      I'm always mad when I see tech tutorials disable IPv6 because they don't want to deal with it, or they feel like NAT is a security method. Enterprise and tech users included. It should be the default at this point!

    • @bellabear653
      @bellabear653 Год назад

      ​@@apalrdsadventuresI have wondered the same thing, I would like to actually know once and for all what to do with it. 😂

  • @nothingiseverperfect
    @nothingiseverperfect Год назад +2

    This is actually really interesting. Thank you for the experiment! Was able to learn a lot and learn that there’s a bunch of stuff I don’t know about 😂! Great vid!

  • @lepatenteux592
    @lepatenteux592 Год назад +1

    Interesting video!
    I have spent my time avoiding ip v6 for the latest years! Same goes for most ITs I know...Fun to see someone try it for real!

  • @TheIronPI
    @TheIronPI Год назад +3

    I did the myself too a while and went back to dual stack. I came to mostly the same results, but some things you overlooked.
    The VLAN issue you have is a known Windows bug when an interface receives dotq tagged ipv6 packets, it assigns each prefix received to that interface. Realistically, probably shouldn't have a device handling multiple VLANs. The problems it causes far outweighs any benefits.
    Android can do XLX464, it just doesn't over WiFi. Sometimes it isn't IP literals, but the programs client socket isn't configured to IPv6 or IPv4v6 meaning even if you did DNS64 the ipv6 address wouldn't work.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      I don't think it's a Windows bug since I'm using macOS. I did make sure the switch isn't configured to pass any VLAN traffic to devices which shouldn't be handling VLANs, so it must be caused by a device on the network which is expected to handle VLANs. That leaves OPNsense itself, Proxmox, and my WiFi APs.
      The built-in CLAT on macOS is wonderful, I don't see why Android (and Windows) can't enable it for all interfaces.

    • @James_Knott
      @James_Knott Год назад

      @@apalrdsadventures Any TP-Link gear? They had a problem with multicasts.

  • @Maleko48
    @Maleko48 Год назад

    my man, your content is on point and thorough. thank you for all that you have produced and shared for us

  • @ABUNDANCEandBEYONDATHLETE
    @ABUNDANCEandBEYONDATHLETE Месяц назад

    Network Engineer here, subscribed!

  • @esra_erimez
    @esra_erimez Год назад +1

    IPv6 scares me. Thanks for this video, it really helped demystify it for me.

  • @egodamonra
    @egodamonra Год назад +8

    "Hello everyone, my name is Bill and I have been clear of IPv4 for 2 days now." - Applause
    "I have had a few hard moments so far where my Video streaming would connect and I really wanted to USE again."
    "But I stayed strong and go through the moment".

  • @fbifido2
    @fbifido2 6 месяцев назад +1

    Keeps us posted on your IPv6 only network !!!!

  • @arranmc182
    @arranmc182 Год назад +3

    When I did my CCNA back in 2009 they said IPV6 is best for WAN use and |IPV4 for Lan use as IPV6 can be a pain im the ass as some times diffrent brands of gear dont play nice on IPV6 so if you do go IPV6 try to get all the same brand when possible.

  • @karlranseyer
    @karlranseyer 3 месяца назад

    A lot of effort you put in this! Chapeau! But dispite all the videos one finds around the IPv6, no one shows a real recipe on howto "convert" an existing Proxmox server with all it's VMs, virtual networks (without VLAN) and maybe stacked networks through a gateway VM to integrate them (and the VMs behind the gateway) to the IPv6 prefix the router supplies. Of couse it works with the VMs connected to the router network, but then... millions of questionmarks... Maybe you could make a video covering this. The OSs are Windows Server 2022/Windows 10/11, Debian, Arch/Manjaro, sometimes Ubuntu...

  • @AIParadigmSolutions
    @AIParadigmSolutions Месяц назад

    hey thanks for the video! I am creating a company that provides the service you are making yourself. I am located in the Philippines and the government is really pushing for IPV6 implementation. Your insights helped me confirm my idea to do this service and provide a way users can benefit from IPV6 and for free. Thats right my service is free, not only for Filipinos but also the tourists. I dont know if you know about IPV6 ipsec or easier header read for a faster internet but these are also reasons to use IPV6.

  • @ShinyTechThings
    @ShinyTechThings Год назад +2

    I've ignored IPv6 pretty much forever, especially since IBM WebSphere with CICS and TS Series don't work right with IPv6 but I guess I should start in certain environments sooner rather than later.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      In general if software uses the name-based protocol agnostic APIs then it shouldn't care, unless it's extremely old or poorly written. Some programs have poor string processing (looking for a.b.c.d instead of passing IP validation to the OS, for example) but it's improving a lot.

    • @joergsonnenberger6836
      @joergsonnenberger6836 Год назад

      @@apalrdsadventures A surprising number of programs can't properly handle multiple addresses for a given DNS entry and properly fallback to the 2nd or 3rd entry on connection failures. That's what is hurting dual stack networks worst. Ironically, it also means that those programs generally are a lot more fragile.

  • @graealex
    @graealex Год назад +1

    Super-interesting. Currently researching NAT64 to run as a container, to bring the office to Ipv6 only.
    Btw IPv6-only (not even DS-lite) seems to be a common thing in certain mobile networks.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I'm not sure of any open source options that can run as a container since all of them are pretty tightly integrated to kernel networking, even Tayga which isn't in-kernel still depends on creating kernel tun adapters.

    • @graealex
      @graealex Год назад

      @@apalrdsadventures Target is mostly to run it on Mikrotik routers. Although you're right, and I am skeptical whether that's actually possible.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I'm not sure if Mikrotik will let you configure a tun interface for the container to use with Tayga, it's a bit more complex than just setting it up on a normal Linux system. Although I agree it would be nice if Mikrotik supported Jool natively.

  • @nickjongens2169
    @nickjongens2169 7 месяцев назад +1

    Recently discovered the need for ipv6 when using Matter (can create its own ipv6 stack). Might speed along ipv6 deployment.

    • @apalrdsadventures
      @apalrdsadventures  7 месяцев назад +1

      Matter hubs will act as v6 ULA routers if there isn't functional v6 already, but eventually the devices will just stop doing v4 entirely and at least your LAN will need v6 to talk to everything.

  • @FritzCopyCat
    @FritzCopyCat Год назад +1

    Nice work! I'd be keen to watch a video specifically on configuring NAT64/Jool.

  • @JohnOBrien-hg8wm
    @JohnOBrien-hg8wm Год назад

    This is great work! Thank you for making this video. You managed to sum up the essential state of IPv6 deployment.

  • @paulstubbs7678
    @paulstubbs7678 Год назад +2

    It'd be good to see a good intro to IPv6, on v4 I have no real issues with addresses etc, however v6 looks more like a core dump. How does it work?. A bit ago I was trying to use IPv6 to telnet into a box, it didn't go well.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      In general if you just put everything in DNS clients will pick and use IPv6 automatically, typing the addresses manually has a few quirks (especially in Windows)

  • @lepsycho3691
    @lepsycho3691 Год назад +1

    Thx for the deep dive on the practical usage of ipv6! I think I will hold out a little bit longer on it as so far, I don't see many benefits for my network!
    If you are interested in deeper dive of this subject, I would love to see you do further testing on performance compared to ipv4 (latency in gaming or cloud application) and maybe an exploration on the implication of ipv6 in a GCNAT setup (only the theory if this is not your case).
    Cheers!

  • @MrNoze007
    @MrNoze007 Год назад

    Amazing video man, keep making tests and reports I was having a debate with a friend about the way IPV6 operates.

  • @vincentschumann937
    @vincentschumann937 Год назад

    had an issue with my laptop where ipv4 broke, not even 127.0.0.1 was reachable, taught me how much of the internet is still living in the past

  • @mytech6779
    @mytech6779 Год назад +71

    IPv6 is a lesson in how not to create and rollout a new standard. First off they have this massive address space and didn't researve any of it to directly map to ipv4 which would have made the transition super slick. Another big part of the problem (aside from some needless complications and the long lifespan of network devices), is that by the time v6 was standardized everyone had fully adapted to NAT[most anti-nat arguments are 30 years old], then the copyright lawsuit abuses and mass data collection spiked and people realized that having many nodes anonymised behind one address actually has some value. (And no I'm not saying nat is security against targeted attacks or fools freely posting their info. That is a separate security issue from semi-anonymity and reasonable doubt provided by open guest wifi.)
    An equivilent to nat anonymity could be created with the v6 address space via some rotating subnet dynamic address allocation solution but its not clear how venders are setting up defaults.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +28

      With V6 you get random privacy addresses which give you as much anonymity as NAT did (you'd previously have a single outgoing IP for NAT, now you have a single outgoing prefix for the router and the suffixes are random).

    • @xpehkto
      @xpehkto Год назад +4

      @@apalrdsadventures you are assuming a private NAT here, while privacy arguments are usually about carrier grade NAT.

    • @paulschmidt7473
      @paulschmidt7473 Год назад +1

      It should have been simple math, for example we assign a block to IP4 say:
      100:0
      so for example if we have an IP4 address of 192.168.2.5 then we convert each to hex: 192 = C0, 168 = A8, 2 = 2, and 5 = 5 and we mash these together in sextets leaving us with: C0A8 and 0205 giving us a translated address of 100:0:C0A8:205
      A piece of equipment can then just take the address, shove the bits into the right places, and you don't need to fix what doesn't need fixing. Now as the assigning authorities allocate new addresses, they would just need to avoid that 100:0 block, and it would take less then 1 hour for network software developers to write the translation block. Now you could also allocate a fixed block, say 100:1 for NAT.
      Because they made it so hard to do, and confusing, many networks have not moved to it.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +7

      That translation prefix exists - 64:ff9b::/96 - for IPv6 to IPv4 translation. Software usually allows you to write it as 64:ff9b::192.168.1.1 even. It's not allowed to be used for RFC1918 addresses since it's presumed to only route to the public internet. However, networks can also designate their own prefix for this purpose.
      It's one-way though, 6->4, you can't map the entire IPv6 internet into IPv4 space.

    • @graealex
      @graealex Год назад +3

      @@paulschmidt7473 I recommend researching IPv6 a bit more. There are multiple prefixes and ways to map IPv4 into IPv6, however, a host that doesn't have an IPv4-address still can't talk to another IPv4-host, solely because he wouldn't have a source address to provide to the recipient, which in turn couldn't answer the connection. Should be logical.
      That's where NAT64 comes into play, it provides a valid IPv4-address and bridges between the host.
      In addition, routing for both protocols is completely independent. It's not just a few more bits in the address, it's a whole new protocol, otherwise some of the drawbacks couldn't have been fixed.

  • @XtrAMassivE
    @XtrAMassivE Год назад

    Thank you for going into this! Very useful information. I see you have lots of great stuff, instant subscribe! :)

  • @jsalsman
    @jsalsman Год назад

    Comcast finally stopped giving my external NAT an IPv4 address and I couldn't be happier. The fact it was essentially static was a huge privacy issue, for one thing. There are absolutely zero sites I can't access with IPv6.

  • @ABUNDANCEandBEYONDATHLETE
    @ABUNDANCEandBEYONDATHLETE Месяц назад

    I would add, maybe I missed it, but I'm an enterprise environment transitioning to ipv6 is an undertaking to day the least. Especially if you have 5000+ users and many applications all needed to be planned out. Prob take a 6-12mo and 2-3 people working on the project minimum.

  • @wskinnyodden
    @wskinnyodden Год назад +1

    Quick question, does OPNSense support WiFi adapters and more specifically to be an WiFi ISP Client and also be an Access Point?

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      OPNsense is BSD based, which honestly has pretty terrible network adapter support in general (not just wifi). OpenWRT is probably what you are looking for, it's designed to replace firmware on WiFi hardware, although it's not quite as easy to use as a firewall/router as OPNsense it's certainly capable of it.

  • @ScottAshmead
    @ScottAshmead 3 месяца назад

    would be interesting to know how ads were effected by any of these configurations

  • @FlaxTheSeedOne
    @FlaxTheSeedOne Год назад +3

    My problem is I only get a /64 and sometimes not even that, I sometimes have to pull a dynamic 2002:...::/64 from the 4-6 tunnel prefix. And further subdividing it creates its own set of problems. Which kinda sucks that noone implementes ipv6 in a way thats easily usable. I would be so jellous of the /60 net :DD

    • @Yggdrasil42
      @Yggdrasil42 Год назад

      That sucks. All providers I've used (in The Netherlands) have provided /48 to their customers as recommended by the IPv6 RFCs. Even getting a /56 would be acceptable, but a /64?! Which exec thought that was a good idea?...

    • @FlaxTheSeedOne
      @FlaxTheSeedOne Год назад

      @@Yggdrasil42 sometimes not even that. If you want an ipv4 with that isp they drop v6 entirely and you have to do 6to4

  • @jamescobban857
    @jamescobban857 Год назад +2

    It is frustrating that this is still controversial. I participated in the original architecture discussions *twenty-five years* ago on IPV6 at IATA and IETF. It is problematic, for example, that I cannot instruct the administration of my website that the IPV6 address of my computer is the *only* address from which root administration can be performed. I must give it a list of every possible IPV4 address my local ISP may assign.
    Note that in IPV4 the address is assigned to an interface. If a computer has multiple links to the Internet then it has multiple IPV4 addresses. But IPV6 addresses are assigned to processes in a computer so no matter how many interfaces a computer has to the Internet, for example Ethernet, WIFI, and mobile phone, it can use the same IPV6 address.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I think there's a huge population of network administrators who are either scared of change or see no reason to change because NAT works well enough for them, and therefore don't learn and disable IPv6 on their networks. I've definitely gotten that sentiment from a lot of small and medium business admin types, the 10/8 space is big enough for them so why should they change.
      On the flip side, a lot of regular people are starting to look at IPv6 now as a way to bring back peer to peer connectivity (especially for gaming) where NAT has already broken it and CGNAT without port forwarding has broken it even more. But smaller applications and sites aren't IPv6-ready since the corresponding businesses didn't consider IPv6 deployment and never tested their apps with it (or made rookie mistakes in socket programming).
      So as long as we keep bending over backward to keep IPv4 relevant the medium businesses won't bother changing and everyone else will be worse off. Apple has really done a lot to push this by mandating IPv6 compatibility to be listed on the app store, hopefully this trickles down into more industries eventually.

  • @RandomKSandom
    @RandomKSandom Год назад

    This was really interesting, thank you. I really, really need to get on to playing with, and understanding, IPv6. I've only been meaning to, for like, 20 years.

    • @_mnejing
      @_mnejing Год назад

      You and literally everyone else.

  • @neoney
    @neoney Год назад +1

    this video inspired me to add an ipv6 address to my server, and AAAA entries to my dns
    thanks

  • @IbilisSLZ
    @IbilisSLZ Год назад

    Good video.
    I myself tried IPv6 (dual-stack) when my provider (UPC, Poland) offered it. From within my network I had no problems. However (as I self host VPN to connect to my network from outside) it was only reachable from IPv6 networks (and network at my University or at work is IPv4 only) which made me switch back. Provider giving only /64 prefix wasn't encouraging ether.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      A lot of ISPs are going to CGNAT on IPv4, which means that you can't do inbound connections over IPv4 at all (other than via NAT hole-punching). IPv6 completely fixes this, but as you've seen there are a lot of businesses that aren't IPv6-capable on their WiFi even though they should be by now

  • @aarcaneorg
    @aarcaneorg Год назад

    can you share some more info on which access points work fine and which are misbehaving?

  • @LampJustin
    @LampJustin Год назад

    Android actually has had Xlat since 4.2. something ;) but dunno about how good it works on wifi. Great video btw! There's so little ipv6 out there, it's a shame....

    • @apalrdsadventures
      @apalrdsadventures  Год назад +4

      From what I can tell, there are 3 different methods that can be used on IP networks to identify when 464xlat should be used - a RA flag, a DHCPv4 server which responds basically 'don't look here', and the well-known dns name ipv4only.arpa returning a quad-A record of a well-known IPv4 address in the NAT64 prefix. I setup the last one, and that seemed to please macOS. Windows (and possibly Android also) enables 464xlat on wwan interfaces only, so you can't force it on other interface types, which seems like a bare minimum kind of implementation to me.

    • @danoachs987
      @danoachs987 Год назад +2

      @@apalrdsadventures Yep, Android will happily use the 464xlat if you configure an "IPv6 mostly" network. I forget exactly which option is necessary to enable it. But we have a building on campus setup for IPv6 mostly which has the DHCP ipv6 only option enabled, DNS64, NAT64, and the RA flag all enabled. That seems to cover all devices that support it, such as the last two Mac OS versions, all recent iphones and android phones.

  • @Felix-ve9hs
    @Felix-ve9hs Год назад +1

    Can't wait to see the thin Client IPv6 video :D (and all other IPv6 content)

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      It's the next part in the hyperconverged cluster video, with a focus on networking, migration, ...

  • @errorsofmodernism7331
    @errorsofmodernism7331 11 месяцев назад

    Good info, thanks for not playing music

  • @EwanMarshall
    @EwanMarshall Год назад +1

    IPV6 UNC literals are possible with a transcription method listed on the wikipedia IPV6_address page. That said, I do not like the method being that MS did not keep the domain for it which now has special internal coding attached to it in windows.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Yeah, definitely a pretty awful solution by MS, but just using DNS names is the way to go really. Even mdns names for home networks.

  • @Dygear
    @Dygear Год назад

    This is a great video. Very, very, very cool. I do have some WebServers that don't yet have an IPv6 address assigned to them because of my ISP doesn't assign them.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      What's really sad to me is when public servers don't have IPv6 assigned because someone didn't care to assign it. Some cloud providers now have more nodes than they can fit in the entire RFC1918 10/8 block, so they have to be all-IPv6 on their network (even if they tunnel / transit IPv4 for customers), so running your stuff in AWS and not having IPv6 is definitely not an ISP problem.

  • @DrRChandra
    @DrRChandra Год назад +1

    not sure I can do this. Roku and HD Homerun do not support IPV6 at all, and not sure I can glue them to the LAN at all, with for example a Linux router.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +3

      dear god I just read the Roku forums and it's absolutely wild that they are running a Linux based thing and don't support IPv6 sockets on their devices. What is wrong with them??
      It looks like HDHomeRun added support for IPv6 on their end in a firmware update some time last year, covering the last 2 generations of devices, so it's not great but they've also fixed the issue already going forward.

  • @mx338
    @mx338 Год назад +1

    Discord BTW does not use P2P, they use WebRTC as a technology but the clients still only connect to Discords servers to do voice communication.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Very unfortunate that they can't use DNS names for their own servers then

  • @jagdtigger
    @jagdtigger Год назад +2

    Sadly many tech youtubers do the opposite, disable ipv6 "because its a pain".....

    • @apalrdsadventures
      @apalrdsadventures  Год назад +4

      It's very unfortunate really, especially when they are IT professionals doing it for major client networks

    • @jagdtigger
      @jagdtigger Год назад +3

      @@apalrdsadventures Yup, to make matters even worse there are a lot of idiots running around spreading their BS about "ipv6 insecure because it lacks nat so everything is globally reachable!"..... 🤦‍♂

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      Oh they've been sliding into my comments section too....

  • @autohmae
    @autohmae Год назад

    What many people don't realize is that IPv4 NAT isn't stateless, but NAT64 is stateless which means it's a lot easier to scale. No complicated fail over scenarios, etc.
    I think Multipath-QUIC adoption could help IPv6 adoption, because no special configuration is needed if you want to have multiple WAN connections for your home or office. It will just add more bandwidth.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      In this case, it's actually not stateless either, and I don't think most implementations are - since it has to do both 6->4 translation as well as source address and port translation. If you were purely going from a pool of servers to a pool of IPv4s 1:1 you can do that statelessly, it's called SIIT.
      Tayga implements by only doing the 6->4 translation nearly-statelessly (they keep a table of IPv6 to IPv4 hosts, and randomly assign IPv6 hosts to an RFC1918 intermediate address) and relying on the Linux kernel to do the NAT part using normal SNAT / masquarade. Jool implements this statefully by doing the whole transition process at once - mapping an IPv6 + port pair to the public IPv4 + port. Jool's method also allows you to insert manual entries into their mapping table for IPv4 -> IPv6 'port forwarding', and is also significantly faster than Tayga's approach.

    • @autohmae
      @autohmae Год назад

      @@apalrdsadventures ahh, yes, silly mistake, stateless is basically datacenter only. I had a look around and didn't see much complaining about Windows AD/etc. with IPv6-only, that's a good sign.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      Microsoft recommends IPv6 dual stack for most of their products, and they run IPv6-only on many of their own networks now as well

  • @johnmanderson2060
    @johnmanderson2060 Год назад

    Thanks a lot for the ride ! Very informative 👍🏻

  • @byrd203
    @byrd203 Год назад

    to prevent routewr advertisements enable Vlan islation this will stop the advertisements and if you want to talk it needs to talk to the router and not the switches enable vlan isolation on switches and routers

  • @Gazelle8
    @Gazelle8 Год назад

    This was real cool as someone interested in networks

  • @Althemor
    @Althemor Год назад

    What I've learned is that my DSLite connection prevents me from setting up most game servers. Minecraft works fine, but stuff like Valheim and V Rising only lets you enter IPv4 adresses to connect to.
    I guess I could use one of my router's functions to set up VPN connections to my home wifi, so others could connect to my network and then join the server via a local address, but I'm pretty sure my friends wouldn't want to bother with that.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      Unfortunately it's an issue a lot of games (and other peer-to-peer programs) have. Sometimes it's an easy fix for the devs and they don't care, sometimes it's not. Sometimes the devs are just dumb. Any devs that have mobile versions should have already solved this by now, since Apple forces them to.
      -Frontend UI assumes 1.2.3.4 notation and doesn't understand [::] or :: notation so it rejects it as invalid, even if the rest of the code would work fine with an IPv6 address
      -Backend code stores IPs as 32-bit numbers, where it should use a string to properly deal with DNS names or ascii-typed IPs. If they passed the string typed by the user straight to the OS, the OS would deal with IPv6 and they would never know.
      -Backend code is forcing AF_INET sockets inetead of AF_UNSPEC (Steam did this for a long time, even for DNS-resolved names, causing DNS64 to break for no good reason)
      -Matchmaking code is passing 32-bit numbers around to do NAT traversal, something that IPv6 doesn't need but legacy code be legacy (Steamworks does this *still*, so anything that relies on Steam's matchmaking will be stuck with IPv4 even if the game supports IPv6 via manual addressing)
      Overlay networks like zerotier / VPN are the most commonly deployed way, but if both sides support 464xlat it's possible to setup static routes between each other in a way that creates the appearance of an RFC1918 private IPv4 network without any networks in between carrying IPv4 outside of the local hosts

  • @autohmae
    @autohmae Год назад

    On the blogpost for this video you forgot to add the URL to RUclips, it just linked to TBD

  • @forbiddenera
    @forbiddenera Год назад +3

    I wouldn't call IPv4 legacy though. If it was, then everything would do IPv6 and you'd see few devices with IPv4 support if any - many, many, many ISPs don't even properly support IPv6, I can only get 1 /56, asking for a /64 doesn't work so I can't split up that /56 that way, nor can I seem to get an IPv6 address on my secondary WAN interface even though it takes my 2nd v4 address and RA and delegation works perfect for anything in the LAN side (this is one annoying thing I haven't been able to figure out).. Also, there's not really (m)any good reason(s) to use IPv6 on a local network unless you really think you're gonna use more than a /8 locally or you really need internet stuff where NAT isn't an option, which no one is going to do at home.
    That said, increasing awareness is good and it should definitely be used and implemented more and more on the internet.
    I think the biggest challenge for most people adopting IPv6 is not fully understanding how internet ingress/egress routing works without NAT, I know that was the one thing that didn't immediately click for me - at first I was really apprehensive about the idea of all my internal machines having publicly routable IPs. But people also tend to treat devices behind a NAT that aren't port forwarded as firewalled, which while for most intents this is kind of true, is not actually accurate or the proper way to handle it anyway - not like NAT punch through and bypass methods don't exist! You just need to use a proper firewall, regardless of NAT or IPv4/IPv6 use instead of relying on NAT to block stuff. It's literally the equivalent difference of having a receptionist at the front desk of an office building telling a visitor "I don't know what floor or office the person you're looking for is at, because that person never told me" (NAT) vs having a security guard saying "You're not allowed to be here, leave." (Firewall) - it's a lot easier to just walk past a receptionist and look for the person (eg. NAT 👊through methods), they may yell or say something but security is going to try and tackle you, log the event, ban you from the building, sure maybe you can still get past them but you should have that security guard (firewall) whether or not you're using NAT (a receptionist directing people) or not or using IPv6 (which would perhaps be akin to a public directory at the entrance instead)

    • @JivanPal
      @JivanPal Год назад

      > I wouldn't call IPv4 legacy though. If it was, then everything would do IPv6 and you'd see few devices with IPv4 support if any
      Telnet, FTP, and many other old protocols are still in use, but they are still considered legacy today. The developing world very much considers IPv4 to be a legacy technology.
      > I can only get 1 /56, asking for a /64 doesn't work so I can't split up that /56 that way
      Either you have the numbers (/56 and /64) mixed up, or you don't understand: A /56 is _bigger_ than a /64; it consists of 256 /64s.. You _want_ a /56. Your home router will then typically only use one of these /64s by default in order to assign a /64 prefix to your LAN. If you want multiple subnets in your home, you configure your router to use more than one of the available /64s.
      If you meant to say that your ISP is assigning you a single /64, then that's a different matter, and your ISP doesn't know how to follow standards.
      > secondary WAN interface
      Are both of your WAN interfaces connected to the same ISP? If so, why? If not, what are you expecting to happen, and what is actually happening?

    • @forbiddenera
      @forbiddenera Год назад

      @@JivanPal I still feel like the protocols you mentioned are a lot more legacy than IPv4. Eg. Telnet vs SSH, almost everything migrated to SSH whereas the adoption of IPv6 over IPv4 is way less.
      Yes, I probably mis-spoke but I do get a /56, however I can't seem to get any addresses assigned to the secondary WAN interface even when trying to delegate from the first, but anything internal gets their addresses from within that 5y just fine. The reason for having two interfaces on the same WAN is because that's the only way to get multiple IPv4 addresses with my ISP and one would expect that IPv6 should still work fine in this situation as it's no different than if you had two systems hooked up instead (which is what they expect you are doing when you "need" multiple IPv4 addresses)
      This also allows me to direct traffic in different ways, for example a guest VLAN (where guest wifi goes) can be directed out the secondary interface, further logically isolating the guest VLAN

    • @JivanPal
      @JivanPal Год назад

      @@forbiddenera > One would expect that IPv6 should still work fine in this situation
      Expectations are often misleading. It does indeed sound like it's working fine, but you're incorrectly expecting to receive two prefix delegations when you aren't paying for that. You've paid for an additional IPv4 address, not an additional IPv6 prefix, and that's exactly what you're getting.
      The question now becomes: if you _were_ receiving two prefix delegations, what would you be doing with them, and how would that differ from splitting your existing single delegation between the two interfaces?
      In fact, what you should do is simply expect your router to use its single delegated prefix on the LAN side, and be assigned two IPv6 addressed outside of that range to use on the WAN side; one such address for each WAN interface. Alternatively, if your WAN interface's are both connected to the same other equipment (e.g. an ONT for a FTTP connection), that device may be automatically performing logical link aggregation for the IPv6 connectivity, and thus treating both links as a single link with a single address.
      If any of that is confusing to you, consider how it would work in an IPv4-only context if you were a business that was assigned an entire /24 or Class C network for your LAN. What would you expect the situation to be regarding your two WAN interfaces then? The expectation in IPv6-land is much the same.
      > This also allows me to direct traffic in different ways
      What you're looking for there is source-address-dependent (a special case of policy-based) routing, a.k.a. SADR. Your desire to do this has no practical benefit; at the end of the day, routers are routers, and they're gonna route your packets through the public internet using whatever links are available to them. You can try to micromanage it all you like, and in some cases there are good reasons to (e.g. VPN connections), but in your stated example, I'm afraid I don't see the point.

  • @ehink2716
    @ehink2716 Год назад +1

    where did you get public internet routable IPv6 space to use on your home network devices? I thought most ISP's were assigning IPv4 addresses to customer routers, so how would you route IPV6 over the internet?

    • @apalrdsadventures
      @apalrdsadventures  Год назад +2

      A lot of ISPs provide both IPv4 and IPv6 connectivity, so I get a prefix via DHCP6-PD from my ISP. At this point they *should* all provide IPv6, the larger ones tend to be IPv6-focused (i.e. mobile ISPs were very quick to go all-IPv6 and make phones do 464xlat) and small ones tend to be behind the times.

    • @ehink2716
      @ehink2716 Год назад

      @@apalrdsadventures do you run this on a residential service or you purchase through like level3 or something. I believe cox and Comcast do ipv4

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      Comcast definitely does IPv6 if your router supports it

    • @ehink2716
      @ehink2716 Год назад +1

      @@apalrdsadventures okay thanks I will look into this, do they support both ipv4 and ipv6 on the same device?

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      Yeah, it's very common to run both IPv4/IPv6 together. That would be a 'dual stack' configuration, but you have to manage both, hence the desire to get to IPv6-only eventually.

  • @SJohnsoninc
    @SJohnsoninc Год назад

    For the "static leases" you can try using private VLANs. That problem is happening because all of the local addresses are within the same network layer (layer 2), and layer 2 doesn't care about IP addresses at all, i.e. the packets are switched, not routed, so there's nowhere for the NAT64 to even sit between them.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      In this case, they aren't on the same L2 since I have a separate VLAN for IPv6-only LAN vs my normal LAN. So clients on the IPV6-LAN should be able to go through the NAT64 server to the normal LAN, which does work correctly if I type the address in with the prefix.
      Even on the same L2 though, the 64:ff9b prefix goes to the default v6 route -> NAT64 server -> normal IPv4 routing tables, so it can make its way back to the LAN even if the request originated from the LAN via v6. NAT64 doesn't need to physically sit in-between, since a v6-only client can't talk to v4 clients even if they are on the same L2 network, it will route packets via v6 to the NAT64 and the NAT64 will separately route packets via v4.
      The only issue is that Unbound is not synthesizing quad-A's for static leases and host overrides which result in only A-records, only synthesizing external addresses which result in only A-records. I'm not sure if other DNS resolvers / forwarders do the same, but I'm going to try CoreDNS going forward and see how that goes.

    • @autohmae
      @autohmae Год назад

      @@apalrdsadventures Easiest is probably to just run 2 Unbounds or any other DNS resolver combination.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      I've been playing with CoreDNS and it does quad-A synthesis further down the processing chain that local lookups (via zone files or hosts files), so they get DNS64'd as well. It's just a quirk of Unbound I guess.

  • @tea1567
    @tea1567 10 месяцев назад

    mmm What would be the issue for isps to provide dns64 or a "dns46"(for legacy systems~) what are the issues with map-t/map-e protocols in terms of stability and.. translation speed

    • @apalrdsadventures
      @apalrdsadventures  10 месяцев назад

      Using DNS64 requires NAT64 to function, which has roughly all of the issues with latency, stability, single point of failure, speed, etc. that CGNAT gatways have in IPv4.
      So if an ISP isn't doing CGNAT (they are doing public IPs all the way), it's a box in their network that stores a lot of state and becomes a single point of failure (but only for v4 traffic, not all the traffic).
      If they are already doing or planning on going to CGNAT, there are no downsides, and using NAT64 for the CGNAT function (464xlat / map-t to translate back to v4 at the client) means their core can be v6-only, using the NAT64 function both as a v4 cgnat and v6 nat64. This is the preferred model for mobile devices, who can rely on the phone to do NAT46 ('CLAT'). For fixed providers it depends on if their network vendor can do CLAT on the customer modem / router and if this means customers can't use their own router, or they have to do CLAT on their provider edge routers (cable modem headend / fiber OLT).

  • @Henrix1998
    @Henrix1998 Год назад

    Finally I found a tech channel where I really don't get what and why you are doing any of this

  • @vladislavkaras491
    @vladislavkaras491 Год назад

    Great experiment!
    Thank you!

  • @OscarCarlsson1986
    @OscarCarlsson1986 Год назад

    Great, now I had to write down new stuff to learn and experiment with, so I can try this myself. :(
    Great experiment btw! :D

  • @Daniel15au
    @Daniel15au Год назад

    Can you do a followup where you use 464XLAT on other OSes? Some ISPs use 464XLAT on their end so I imagine there's some way to do it via server even on OSes that don't natively support it.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      I'm working on a video showing both sides of my setup, Jool (the NAT64) and clatd (a CLAT daemon for Linux), but Jool can also be setup as a 464xlat CLAT and it's possible to make OpenWRT do this.

  • @pfcrow
    @pfcrow Год назад

    You covered Mac, Windows, Linux, iOS, and Android, but didn't try any smart home devices. I expect about none of them would work if I turned off IPv4 in my house. I've heard that Roku doesn't, so there goes my TV. A quick search indicates that my light switches won't work. I'm guessing my smart plugs won't, either, as well as one or two other devices. I would expect my smart speakers and Nest thermostats would work. I've heard that IPv6 is a requirement for government contracts (or perhaps it was just DoD), but they probably don't care much about that for consumer smart devices.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      It looks like the smart home stuff I have is a mixed bag, but the video was already too long to get into every single thing I own. But it's a good idea for a follow-up.
      A lot of devices are using IPv6 link-locals + multicast discovery or mDNS to communicate with their own ecosystem (i.e. Nest does this, Apple will also auto-discover things over IPv6 a lot)

  • @richardbates6311
    @richardbates6311 Год назад

    Thanks for the hard work.

  • @lfjvs
    @lfjvs 9 месяцев назад

    I set my network to ipv6 once an there were so many addresses that when doing ARP to search for host in network it took for ever. Next time I do this I need to set a reasonable subnet mask

  • @KangJangkrik
    @KangJangkrik 7 месяцев назад

    Expected discord to has nice end-to-end connection for IPv6, unfortunately the discord devs are not utilizing the STUN server properly so most of us need to talk through TURN server even though the IP address is accessible

  • @DxCBuG
    @DxCBuG Год назад

    i did ipv6 prefix dispatching to a raspberry pi that then acted as a DHCP Server / Router and used a notebook behind it for a while.
    It mostly works fine for the standard web stuff until it doesn't (ubuntu updates, smaller websites i consume). It was really 50:50
    For a lab environment good, for daily use ... still would not recommend.

  • @AndersJackson
    @AndersJackson Год назад +2

    This IPv6 experience will be the single reason that I will subscribe to your channel within 45 seconds.
    NAT is a bottle net in any network. IPv6 doesn't have that, but still have better privacy then IPv4. NAT is not a solution on anything else then running out of public addresses.

  • @MatthijsvanDuin
    @MatthijsvanDuin Год назад

    12:20 Fun fact: it seems blocking access to the IPv6 addresses of google's DNS servers typically* causes Chrome to conclude there's no working IPv6 internet access and therefore that resolving AAAA records is pointless and should not even be attempted, which also completely ignores the possibility of having local DNS for an internal IPv6 network. (Chromium issue 530482)
    (* for some reason it doesn't do this on my linux laptop, but it does on other linux and windows systems here at the office. I guess there's just something unusual about how my laptop is configured but I'm not sure what)

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Well that's an oversight on their part, not surprised they refuse to fix it though.

    • @MatthijsvanDuin
      @MatthijsvanDuin Год назад

      @@apalrdsadventures An even bigger mess is trying to use mDNS hostnames that resolve to link-local IPv6, i.e. the dream of plug-and-play IPv6 networking without a router. I'd written a longer comment about the many wonderful ways in which this is broken (mainly in Chrome) but it seems youtube didn't like the comment and silently shredded it.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Not sure how Firefox deals with mDNS on link-local addresses either, but it shouldn't be a terribly difficult problem to solve...

    • @MatthijsvanDuin
      @MatthijsvanDuin Год назад

      @@apalrdsadventures It shouldn't be, and it works fine in programs that use getaddrinfo() in a straightforward way. The problems occur
      1. when programs try to be clever (chrome, nodejs) and use a custom representation of socket addresses that fails to consider the scopeid of link-local ipv6
      2. when you run into the decade old glibc bug 16826 that causes scopeid to be missing when doing IPv6-only resolution (AF_INET6 instead of AF_UNSPEC) because the latest version of the internal name resolution call (the only version that supports scopeid) inexplicably omits the address family parameter, so when people complained that it was always doing both A *and* AAAA lookups even when only one family was requested (glibc bug 14505) they fixed it by downgrading to the previous internal api for family-specific lookups.
      3. when Windows 11 decided to classify routerless ethernet networks as "Public Network" causing it to disable mDNS resolution in the exact situation where it is most critically needed

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      If only everyone used getaddrinfo() and stopped being smart. There are a few programs (Steam) that restrict themselves to AF_INET sockets, which breaks NAT64 / DNS64 for no good reason. Pass the user input with AF_UNSPEC and use what it returns, in order.

  • @jhoughjr1
    @jhoughjr1 Год назад

    ive been thinkiing of this to see if it helps performance,

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      Depending on your ISP, if they are carrying IPv4 as a service (over an IPv6 core) you should have lower latency since it avoids the NAT64 service. If they are not carrying IPv4 as a service it won't make a difference.

  • @RamBoZamBo123
    @RamBoZamBo123 Год назад

    My ISP only has DS Lite, so full IPv6, but on IPv4 I share an ip with the entire neighborhood. This works for must stuff as a user, since if you request a package from the internet via IPv4, the ISP knows it has to be routed to you. But this setup sucks ass if you want to operate a NAS or a server. Requests to the server from the internet just get dropped, because the ISP doesn't know which router to route it to. And that's when you start to notice that a lot of software still does not support IPv6.

  • @pauliusnarkevicius9959
    @pauliusnarkevicius9959 Год назад

    There are Softwire Mesh Framework suggested by Network Working Group. Do You just put in everything to Trash Can? Genius.

  • @redcrafterlppa303
    @redcrafterlppa303 Год назад

    I have a private home server but my isp only provides unique ipv6 addresses and ipv4 is shared. Is there any service or tool to allow ipv4 clients to connect to my ipv6 server? Thanks in advance.

    • @apalrdsadventures
      @apalrdsadventures  Год назад

      If you have a single public IPv4, you can 'port forward' using NAT64 - Jool supports a method of port forwarding where a public IPv4+port maps to an internal IPv6+port. As to actually setting up Jool.... I'm working on a decent tutorial for that, it's Linux only and the options for open-source firewalls tend to be BSD based.
      If you have no IPv4 (CGNAT), I'm not sure exactly which companies offer this, but a layer 4 load balancer *should* work for most TCP based applications - they will terminate the TCP socket, open a new one to you, and pass bytes between. Not quite the same as port forwarding, but for most applications that use TCP it should be acceptable. If you're doing HTTP(S) in particular this is an easy option.
      A last option is to run a generic virtual private server to get public IPv4, then run NAT64 on the VPS to port forward back home. No need for a VPN to be involved, the server would purely do NAT to the publicly exposed IPv6. This would be similar to you running Jool on your own router, just not on your own router. I'm sure it'll come up in a video of mine eventually, but not soon.

    • @joergsonnenberger6836
      @joergsonnenberger6836 Год назад

      You could try to use Teredo, which is a IPv6 tunnel protocol supported e.g. by Microsoft out of the box.

  • @mikeekim242
    @mikeekim242 Год назад

    I have to disable my IPv6 on my T-mobile hotspot for the internet to work. It's an mvno, so I wonder if T-mobile is blocking IPv6?

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      T-mobile is purely IPv6, so they definitely wouldn't be blocking it. But they'll end up passing traffic to the MVNO for egress to the internet, so maybe they are the ones who don't support IPv6 properly?

    • @mikeekim242
      @mikeekim242 Год назад +1

      @@apalrdsadventures The MVNO is Calyx who goes through Mobile Citizen. I have no idea how much control they have over how the traffic is handled. It's the only reasonable internet I can get in the rural area I'm in. Thanks for the reply. Your channel is interesting, and seems like you're touching on topics few seem to really address.

  • @produKtNZ
    @produKtNZ 11 месяцев назад

    Holy shit I just learnt a craptonne of info on ipv6 - previously i've treated it like the plague simply based on the immemorabilty of the octet's/hex

  • @bobingabout
    @bobingabout Год назад

    I'm fairly sure our ISP doesn't even provide IPv6 support.
    It makes sense if you look at the big picture...
    I live in the UK. Most landline internet hardware is based on the BT Network, 3rd party ISPs rent hardware from BT, and in some cases may have some of their own between you and the exchange.
    Our local monopoly ISP is one of the exceptions, it's part of KC, which owns it's own hardware as a full competetor to BT, rather than a competetor to one of the ISPs that rent from BT.
    As such, we can't get any landline ISPs other than theirs. Their hardware also only needs to serve themselves and connect to the larger grid, so while there may be some newer IPv6 capable hardware in there, their much smaller scale network likely contains a lot of older IPv4 hardware that hasn't been replaced, so it's easier for them to just not offer an IPv6 service for the time being.

    • @JivanPal
      @JivanPal Год назад

      UK ISPs that provide service over DSL using the Openreach infrastructure are only sharing the copper PSTN cables. The rest of the infrastructure that a given DSL ISP uses is largely their own; all such ISPs have their own distinct IPv4 allocations and ASNs.
      BT and Sky both do dual-stack just fine on Openreach on both their ADSL and VDSL2 (FTTC) plans, and yet the likes of Plusnet (subsidiary of BT) and TalkTalk for some reason do not (thought Plusnet briefly rolled out IPv6 before BT did, then did a U-turn). Why? Beacuse they each have their own hardware; it's not shared despite it all being served to the home using Openreach's infrastructure.
      The FTTP altnets (Community Fibre in London, CityFibre outside of London, which operates under many local brandings; and other networks) pretty much all do dual-stack IPv6, with an array of transition mechanisms.
      Virgin Media (DOCSIS3) insists on saying "we'll get around to IPv6 eventually" with no actual forecast date, despite them being in basically the same position as the true-fibre altnets that do dual-stack using NAT or CGNAT for IPv4 connectivity (such as Community Fibre).

    • @bobingabout
      @bobingabout Год назад

      @@JivanPal I live in Kingston Upon Hull. Our local monopoly is Kingston Communications, and they use all their own. It's about as disconnected from BT as you can get, because KC had been their own rival company for over a hundred years.
      Their current move is to go copper-free, even the phone lines will be over fibre.
      More recent developments have seen new telegraph poles going up all over time as Connexin and somebody else, Open Fibre I think, are also offering Fibre services over most of the city.

  • @TatharNuar
    @TatharNuar Год назад

    My ISP won't even assign me IPv6, and I'm not aware of any others in the state doing different. I hate it.

  • @elalemanpaisa
    @elalemanpaisa 3 месяца назад

    What about WhatsApp calls if the other side only has v4?

  • @Wormetti
    @Wormetti Год назад

    If google or amazon or any of the big names just announced a deadline for ending their IPv4 services then the world would adopt IPv6 real quick.

    • @apalrdsadventures
      @apalrdsadventures  Год назад +3

      Meta has been IPv6-only inside their network since ~2017 and only does IPv4 translation on their layer 7 load balancers. Microsoft seems to have been going IPv6-only on their internal corporate network as of 2019, but I didn't hear about Azure.
      There's an interesting trend in IPv6 where the (companies, ISPs, countries) who got in really early and got massive IPv4 allocations are some of the slowest to adopt IPv6

  • @smith3244
    @smith3244 Год назад +1

    What was said @15:53?
    "On the Linux side we have {{ jewel/joule/dual? }}, which works fantastic[...]"
    Thanks for sharing this!

  • @butterize
    @butterize Год назад

    as a vex student i couldn’t help but point out that vex trophy at 6:45

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I actually explain that one here - ruclips.net/video/nVi8g2fGNTw/видео.html

    • @butterize
      @butterize Год назад

      @@apalrdsadventures LOL that’s pretty funny - deserved!!

    • @apalrdsadventures
      @apalrdsadventures  Год назад +1

      I've been mentoring VIQC / VRC for nearly a decade now, and also run events in the SE michigan region

  • @BrianThomas
    @BrianThomas Год назад

    Great video, but why go to all of the trouble and time when IPv4 works?

    • @JivanPal
      @JivanPal Год назад

      Because IPv6 works more easily for anyone trying to host services.

  • @rafaelmanochio6990
    @rafaelmanochio6990 Год назад

    Amazing content!