Why?
IPv4 works. IPv6 often doesn't. I'd love to see a benefit in ipv6, I see no benefits at all, I can't run an ipv6 only network, so I have to run ipv4, and everything I need runs on ipv4, why do I need to double my workload to run ipv6 and ipv4.
My ipv6 only ssid at home sits idle other than a test vm because when I reach a problem I just move onto my ipv4 only ssid and everything works.
You can host stuff on your network that is accessible outside of it without port forwarding.
You can have zero configuration address discovery in a way that is simpler than IPv4.
You don’t need to worry about what happens when you get to over 200 devices on your local network (not unheard of in at home networks when you start adding IoT devices.
You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
You save money by not renting IPv4 addresses.
You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
This is before you get into P2P networking without having to rely on a third party relay.
> You can host stuff on your network that is accessible outside of it without port forwarding
Why is this an advantage? As in, what's the downside to having to port forward?
Because port forwarding is done in addition to firewall rules. So it is extra work. And because a lot of devices can’t do UPnP. And because port forwarding at a “large” scale is not good. There are only so many ports.
> So it is extra work
It really isn't, it's the same declaration in your config, and then your automation makes your devices make it happen.
Depends on what you are using for your router and your firewall. Not everything runs on an Asus router from Best Buy.
My fortigate clusters do both natting and session based firewalls. I configure them via a pull request into git which is approved by a second person and applies the config automatically.
I assume that Palo Alto have similar APIs.
My routers don't do anything at layer 4, the fortigates advertise default routes via BGP into the core switches, which route everything.
Now of course you need to make sure that your traffic going out of one firewall comes back via the same firewall, that's trivial to handle though, and is required for session based firewalling.
Plesae don't tell me that "ipv6 is better" because you are still logging into network devices and making changes like its 1999?
You can set up p2p connections using a server only to do connection setup/firewall punching instead of relaying all traffic (e.g. for voice/video calling or hosting a game). You can also have more than 1 computer using the same port on a network.
I get most of your points but from experience it just doesn't work out very well. For example I get a different /64 (or was it /60?) prefix every day from my ISP. I complained about it and the reply was that they don't offer a stable prefix for non-business customer. Your point with email is something I didn't experience. I could never get email on ipv6 only to work because the mailservers I wanted to send mail to were ipv4 only...
That is very unfortunate and where pressuring the ISP becomes necessary for a bit. You can always route your IPv6 traffic through a relay of your choice to get a stable prefix but I 100% agree that it isn’t fun.
> You can have zero configuration address discovery in a way that is simpler than IPv4.
SLAAC is great, unless you want to be able to be able to register devices ex. so you can add them to DNS, at which point it becomes a liability.
> You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
I do really like that, yes. Being able to do a VPN and not worry about colliding with other RFC 1918 users is great.
> You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
Anyone doing blacklisting by IP just blacklists subnets or ASs, so I really doubt that this is better.
Making v6 a separate network from v4 was a mistake in hindsight. They needed to roll this out in steps, first one being you keep the same IP address and all except you're just using v6 instead of v4, with a NAT etc like before (which ofc you could turn off if you want). People only needed more addresses, not everything different.
You can't fit 128bit number in 32bit field. All suggestions I have seen are missing something or reinventing network address translation, poorly.
Expanding the address size did require a larger field but didn't require wiping out the existing addresses or anything else. We got the new packet header and near ubiquitous support for it, but that's not everything.
I made a deliberate choice to see if ipv6 was ready. I don't need ipv6, I do need ipv4. ipv6 doesn't work, ipv4 does.
The alternative (dual stack) is more work for no reason.
If ipv6 ever works then great.
I built a test ipv6 network for work but a lot of equipment simply didn't support it, and of that which did our suppliers said "well it might work but nobody actually uses it so we don't know"
It's a solution to a problem which was solved in a more backwards compatible way decades ago. It would be lovely if it worked, but it still doesn't.
IPv6 works just fine. I'm by no means a talented network engineer (I'm not even a network engineer at all), but it's really easy to set up a network to have dual-stack v4 and v6. While it's technically more work, it's more work on the magnitude of spending two hours rather than one hour on setting up the network. Not exactly a meaningful increase in how much work it took.
As for "why", because I don't have to faff about with NAT or port forwarding, both of which are terrible. I just put addresses into a AAAA record and open a firewall rule, the way it should be. Meanwhile with v4 I have to port forward all web traffic to one server, then reverse proxy it to its final destination. It's more complicated and fragile to set up, whereas v6 is simple and pleasant to work with.
Ipv4 and ipv6 only work on the Internet because of constant maintenance by many people working in many different organisations. Ipv4, being effectively mandatory, gets most of that attention. Ipv6, being a nice-to-have future- proofing option, gets less. And so you are far more likely to encounter issues, in the general internet, where connectivity is not working properly, and even if you have the energy to debug it, you are likely to find the problem is not on your end and the only option is to fall back to ipv4 and wait for it to be fixed.
> but it's really easy to set up a network to have dual-stack v4 and v6
Why do you need v4? because v6 doesn't work.
> NAT or port forwarding, both of which are terrible
Why? I assume you're still using a stateful firewall, so what difference does it make.
Normal source-nat has many benefits too, for example when you want to send some traffic via ISP1 and some via ISP2, controlled at the network layer, and you aren't BGP peering with them.
> Meanwhile with v4 I have to port forward all web traffic to one server, then reverse proxy it to its final destination
Or just use two IPv4 addresses. Personally I reverse proxy my servers anyway to have a single (well dual) point of control on entry at an application layer, ipv4 or ipv6 doesn't matter.
You do have to mess with the port forwarding etc if you're dual stack.