I’m surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing.
In my direct experience, in the USA, at least Spectrum, AT&T, and Xfinity (Comcast) still run IPv4, of course, but they also have IPv6 working and on by default on their home internet offerings.
All mainstream computer and mobile OSes support it by default and will prefer to connect with it over IPv4.
‘Everyone’ in many areas is using it. For many of us, our parents are using Facebook and watching Netflix over it. Over 50% of Google’s American traffic is over it. It just works.
T-Mobile, a major phone provider, runs an ISP which is IPv6 only. That is, your phone never gets an IPv4, unless connected to WiFi. They offer home access points with a 5G modem and a router; the external address is also IPv6 only.
It works plenty well. I access everything accessible via IPv6, and the rest through their 464XLAT, transparently.
My LAN still has IPv4, because some ancient network printers don't know IPv6. OpenWRT on my router supports IPv6 just fine. Of course I do not expose any of my home devices to the public internet, except via Wireguard.
Ironically there's T-Mobile Business which is static IPv4 only.
Not here in Germany - our T-Mobile Business access only gets a static IPv6 and our main fiber uplink from Telekom (same provider) gets both.
I suspect it's an acquired property with a sufficiently separate network.
If the service area is the same, it's probably tunneled. You'd be surprised how much tunneling ISPs use. They're not connecting your network directly to their network.
Well, for some value of "just works".
For example, I recently attended the IETF meeting in Montreal, which offers a by default v6-only network. My Mac worked fine, but my son's school-issued Chromebook had glitchy behavior until I switched to the network that provided v4.
Sounds like exactly the sort of thing the IETF's IPv6-only network is trying to shake out.
I went to IETF a few years ago and ran into issues on their IPv6 only network because I host some stuff from home, and my residential ISP doesn't support IPv6 at all. It made me really want to get all that fixed.
My problem with IPv6 is that my ISP (Xfinity) won't give me a static prefix, so every now and again it changes.
Unlike IPv4, my LAN addresses include the prefix, so every time they change it, all my LAN addresses change.
Combined with the lack of DHCP6 support in many devices, this means reverse DNS lookups from IP to hostname can't be done, making identifying devices by their IP essentially impossible.
I think you’re conflating multiple things there. There’s nothing magical about IPv4 that gives your LAN addresses stability when your ISP changes your IP prefix. That’s provided by your router doing network address translation. You send a packet from your address which is 192.168.0.42 (a local address), and your router changes the bytes in the packet so that it comes from X.Y.Z.W (your router’s public address). If you really wanted it to your router could do the same thing for IPv6.
IPv6 also has local addresses, but a lot more of them. Anything starting with fd00::/8 is a local address with 40 bits available as the network number. So you can set up your local network with the prefix fdXX:XXXX:XXXX::/48 (where the Xs are chosen randomly) as the prefix and still have 16 bits left over for different subnets if you want. These addresses do not change when your ISP changes your public prefix.
And if you want to add reverse dns for SLAAC addresses then just have your router listen for ICMPv6 Neighbor Announcement addresses and use them to update your DNS server as appropriate. Or configure your servers to use stable addresses based on their MAC address rather than random addresses (which are better for privacy), and then just configure the DNS as you add and remove servers.
Keep in mind the WAN AND LAN preferences associated.
what servers?
The things on your LAN that you're connecting to via DNS and IP, which cause the desire to have stable LAN IPs in the first place.
That's what DNS is for... to not need to remember or know numerical addresses.
And DNS is easier to set up if the IP doesn't change constantly.
This conversation is going in circles.
If you're doing your DNS properly it's not really that difficult. If you're statically definining all your DNS you're doing it wrong.
Okay, how do I properly set DNS so it tracks the changing public addresses of my desktop and printer? And I'd better still be able to use SLAAC.
You register addresses based on Router/Neighbor Advertisements in NDP. In your RA, you'd point it to your DNS server, which would then handle registration when hosts check in with their new IP addresses.
Which dns server supports this kind of dynamic dns in practice?
Wow look, DNS has the solutions!
How, exactly, pray tell, is "properly"?
> Unlike IPv4, my LAN addresses include the prefix, so every time they change it, all my LAN addresses change.
Yes, a topic of active discussion at the IETF. See perhaps BCP RFC 9096, "Improving the Reaction of Customer Edge Routers to IPv6 Renumbering Events":
* https://datatracker.ietf.org/doc/html/rfc9096
And informational RFC 8978, "Reaction of IPv6 Stateless Address Autoconfiguration (SLAAC) to Flash-Renumbering Events":
* https://datatracker.ietf.org/doc/html/rfc8978
A few drafts, like "Improving the Robustness of Stateless Address Autoconfiguration (SLAAC) to Flash Renumbering Events":
* https://datatracker.ietf.org/doc/html/draft-ietf-6man-slaac-...
Using ULA seems to be what a lot of folks recommend:
* https://en.wikipedia.org/wiki/Unique_local_address
you should advertise a local prefix (anything in fd00::/8) in your network and it should just work. no need to use the isp-provided prefix for lan.
There are some address source selection problems if you're still using any ipv4 for the local services https://blog.ipspace.net/2022/05/ipv6-ula-made-useless/
Are those problems? If either addressing method works and is reachable, who cares which one end up getting used first?
For IPv6, multiple addresses on an interface is the norm: an interface has both a public address from your ISP (replacing IPv4 NAT) and a unique local address (replacing stable IPv4 RFC 1918 LAN addresses).
My ISP will route as many /64s to me as I want (I think I get a /48 by default, I guess if I want more than 64k subnets I’d have to justify it)
So I don’t have the changing ip issue. I do however have an issue if I want to change ISP as it’s a whole mess of rules to update rather than a couple of dns entries and two dst nat rule (one per public IP)
I believe the idea in v6 if you have multiple prefixes on the same network - including a local fc00::/7 one for local services. Layers and layers of things to break.
Odd.
Using Openwrt which pretty much all home routers are built on, all I have to do is tell my router which offset to give my subnets from the prefix and it does the rest.
Both for subdividing up the prefix from the ISP and my ULA prefix I use for internal devices.
I have changed ISPs I think 3 times with no ill effects. Plus it works when my ISP occasionally gives me a new prefix.
The only tweaking I had to do was when I went from an ISP that game me a /48 to one that only gave me a /56. I had been greedy and was handing a /56 to my internal router. I changed that to a /60 and updates it's expectations about which subnets it could hand out and all was good.
But I expect two layers of home routers without NAT is a bit of an exception.
Use a ULA (unique local address) for everything internal that you want shorter. It's just like rfc1918 addresses except you don't need NAT.
Well.. that's because with ipv6 you're not technically on a lan everything is exposed by default unless you set it all up differently.
Nope, you're on a LAN, and usually the router has a firewall that blocks inbound connections by default. Some OSs (like Windows) also have their own by-default firewalls that block connections from hosts on different networks out of the box.
Is reverse dns even a thing outside of irc and forgetting to give command line tools the "don’t be slow" flag?
If you run a traceroute with DNS on, that is referencing DNS PTR records of those IP addresses.
(same for ping)
Urgh I wish it were like that here in Australia! We have a fast, modern fiber internet connection in inner Melbourne. But my ISP still doesn't support IPv6 at all. I file a ticket about once a year, and I'm always met with more or less the same response - essentially that there's no demand for it.
I'd love to test all the internet services I host to make sure everything works over IPv6, but I can't. At least, not without using a 4to6 relay of some sort - but that adds latency to everything I do.
I just checked - apparently my ISP is "evaluating IPv6" because they're running out of IPv4 addresses and want to use CGNAT for everyone. I suppose its not the worst reason to switch to ipv6. But they've been making excuses for years. I really wish they'd get on with it.
Myeah... I've had weird issues on my network that I could only resolve by disabling IPv6. Granted, it's probably my fault, but if everything still works fine with ipv4 that's fine to me. One day I will get into it and learn how it work and maybe I'll get it figured out... One day...
Random guess: PMTUD? Like on v4, some people fuck up their PMTUD and are incapable of realizing or fixing it, so you have to have some kind of workaround.
If setting your client machine MTU to 1280 (`ip link set mtu 1280 dev eth0` or equivalent) magically fixes it, that's your problem.
Corporate laptop won’t work (their version of windows seems to require an ipv4 adddess on an interface, not sure if that’s a windows thing or a them thing)
Doesn’t remove the need for nat - my wired IsP might be able to bgp with me, but my backup 5g won’t, and when I want to choose which to send my traffic through with PBR that means natting.
My router doesn’t support 64, so I have to use my isp’s which is speed constrained compared with native 4. Ok that’s on my setup. Haven’t tested my 5g provider and where 64 occurs, I’d hope in their network, but how do I configure my dns64.
Still need to provide v4 at the edge and thus 46 nat so I can reach internal v6 only servers from v4 only locations
Perhaps lost of that is because my router doesn’t do 64, but again that just shows that v4 is still essential. I haven’t found a single service that’s v6 only, so if I have to run a v4 network (even if only as far as a 64 natting device) why bother running two networks, double the opportunity for misconfiguration and thus security holes. Enabling dual v6 on my IoShit network would allow more escape routes for bad traffic, meaning another set of firewall rules to manage. Things like SLACC make it harder to work out what devices are on the network, many end user devices are user hostile now and keeping control of them on v4 alone is less work than in v4 and v6.
> Doesn’t remove the need for nat - my wired IsP might be able to bgp with me, but my backup 5g won’t, and when I want to choose which to send my traffic through with PBR that means natting.
Yes, it does. You just have each of your routers (wired and 5G) advertise the /64 prefix delegated by each of your ISPs. Your hosts will self-assign a v6 address from each prefix.
To control which link the traffic uses, you just assign router priority in the router advertisement (these are all standard settings in radvd.conf).
> Things like SLACC make it harder to work out what devices are on the network
Again, not true. If you really don’t trust your devices, then DHCP isn’t going to save you. Malicious hosts absolutely can self assign an unused v4 address, and you’ll be none the wiser if you just look at your DHCP leases.
> Yes, it does. You just have each of your routers (wired and 5G) advertise the /64 prefix delegated by each of your ISPs. Your hosts will self-assign a v6 address from each prefix.
> To control which link the traffic uses, you just assign router priority in the router advertisement (these are all standard settings in radvd.conf).
Have you done this? Did it actually work for you?
When I tried it, clients would regularly send to router B with an address from router A, and often ignore the priorities. As I understand the RFCs/client behavior, the router priority field is only relevant if multiple prefixes are in a single advertisement, otherwise most recent advertisement wins.
Once you need to aggregate the advertisements, you may as well NAT66, cause it will be easier.
>their version of windows seems to require an ipv4 adddess on an interface
Could be DirectAccess. Microsoft's earlier built-in VPN solution before Always On VPN. DirectAccess works only with IPv4 inbound so you can't use IPv6 only stack. Under the hood it uses a combination of v4-v6 transition and translation protocols, but it still requires the Windows client machines to have IPv4 addresses.
If you can run PowerShell commands on the laptop and if "Get-DnsClientNrptPolicy" returns some DirectAccessDnsServers then it's DA laptop.
For consumer traffic, your probably right. In data centers, cloud computing, and various enterprise networking solutions, IPv4 is still king. I'm sure IPv6 would work fine in all these use cases, but as long as many large tech companies are not exhausting the CIDR ranges they own (or can opt for using private ranges) there is no impetus to rework existing network infrastructure.
> cloud computing
Nope. Large scale DCs are IPv6 only underneath, exascalers like Google and Meta have stated that multiple times. I.e. https://www.youtube.com/watch?v=Q3ird3UDnOA also see various NANOG talks https://www.youtube.com/@TeamNANOG/videos
The underlay might be v6, but that doesn’t change the fact that people heavily use v4 for the actual workload traffic (i.e. the cloud computing part). EC2 VPCs still default to v4 only last time I checked.
Hyper scalers != cloud computing.
A great many home ISPs are also IPv6 only, and tunnel your IPv4 packets.
What about Amazon?
I had working IPv6 in the past, but currently I seem to have no working IPv6. Using Xfinity. I have access to some servers at a friend's place in another city, pretty sure he also doesn't have IPv6. Maybe some phone calls would sort it out, but when "everything" still works (with IPv4), it's hard to care.
That is really bizarre, because I have Comcast and I find their IPv6 support excellent. The only complaints I have are that I wish you could get bigger than a /60 prefix (a /56 would be nice), and that I wish it was feasible to get a static prefix as a residential customer. Granted you said you don't really care to fix it, but if that ever changes I do think you could get them to fix it pretty easily. IPv6 is one of the things they generally do right.
Curious what you’re doing that requires more than 16 SLAAC-enabled subnets (or a lot more non-SLAAC enabled subnets)
CenturyLink, an ILEC, only offers IPv6 using 6rd gateways. The IPv6 throughput is a fraction of IPv4 and has much higher latency. During peak times, the 6rd gateway saturates, forcing me to stop advertising the prefix to restore internet access. It has been this way for years.
It is also impossible to report IPv6-specific outages. CenturyLink technical support is the worst of the worst, with agents utterly incapable of doing more than pushing a "check ONT" button on their end and scheduling a technician visit with a multiday window. If you ask them for the 6rd configuration information, they act like you're speaking an alien language.
Even among their technicians, IPv6 knowledge is rare. Imagine the guy installing hundreds of dollars of gigabit fibre equipment at your demarc staring you like an idiot because you spoke two extra syllables between "IP" and "address". I'd think the term "IPv6" is chatbot poison if it weren't for the fact it's a human physically in front of me.
The result is their service is effectively IPv4-only.
I had CenturyLink CPE that would crash when a fragmented IPv6 transitted it. That was fun :P. They're also all in on PPPoE and at least on my VDSL2 line, didn't enable RFC 4638 (baby jumbos) to get back to MTU 1500. Pretty happy to be on muni fiber now (although the installation cost was huge).
Ya my router has to do tagged PPPoE through the ONT even though I pay for a static /28. At least I don't have to also do RIP for the subnet like Xfinity requires.
Interestingly, if I pay for their IPTV service the internet side becomes a bare ethernet port over which I can do DHCP for the upstream interface and number the downstream subnet out of my /28.
I have debated paying for TV service as a sanity fee.
Ah, good ol’ CenturyLink: “We put the TTY in TTY.” Be happy it’s not IPv4 over telegraph.
"I'm surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing."
Where can we read some examples of this
I've read commentary about pros and cons of IPv6 over the years but never anything that suggested IPv6 was "niche" or "unreliable"
NB. The requests is for examples that inspired the quoted statement
In order to have inspired the quoted statement these examples would have to be found in forum comments published before the quoted statement was made
Comments made in response to, i.e., after, the quoted statement would not qualify
The comment from phil21 directly above yours calls IPv6 unreliable.
It is for many.
There so e obvious caveats that make ipv6 migration impossible for most users: 1. Ipv6 bridges are not practical at scale which means best case is dual use protocols for a decade (or more) which no one wants to support.
2. Actual implementation MUST be ubiquitous (it never will be) some examples - glo fiber in Virginia, and while I can get pfsense assigned a ipv6 address, there is usually no upstream gateway (meaning that if I disable IPv4, I will not have internet). I say usually because of four times I've checked, once I did get assigned a gateway which was unresponsive even to icmp.
Starlink roam - assigns ipv6 but no bridge so if you disable v4 you lose access to most internet.
Frontier FiOS in Florida - does not support ipv6 at all on my node. I have seen business nodes in Orlando/Tampa assign addresses with bridging but again, without browser or dns translation it's not a practical solution.
3. 'Everyone' is not using ipv6, everyone plugs in or logs into a device that has whatever network stack it has. Those users are not suddenly going to jump through hoops simply to avoid CGNAT and get a unique network address
4. Infrastructure; I have two modest half racks on the east coast at decent sized datacenters (esolutions and peak10), neither of those hosts offer ipv6 routing blocks by default. No provider I have gotten quotes for offers ipv6 by default
I'm in Europe. My country ISPs have actually too many ipv4 addresses so zero ipv6 support at any of them.
Well, for some value of "just works".
For example, I recently attended the IETF meeting in Montreal--practically the epicenter of v6 thinking--which offers a by default v6-only network. My Mac worked fine, but my son's school-issued Chromebook had glitchy behavior until I switched to the network that provided v4.
It’s still a pain to manage ipv6 AWS infrastructure via Terraform.
I'm "niche" - but i had issues with Wireguard being able to connect me through ipv6 to a v4 - other than that i spent most of my time on v6 and as you said it just works
> It just works.
Until you want to like, use GitHub.
There is a clean bifurcation between just works and Microsoft compatible.
i don't like how these companies dictate standards. It's always the case, but they do spend a great deal of money making sure practices morph into standards.
they figured out the "de facto standard" game...
for example:
Microsoft Word DOC. Due to the market dominance of Word, it is supported by all office applications that intend to compete with it, typically by reverse engineering the undocumented file format. Microsoft has repeatedly internally changed the file specification between versions of Word to suit their own needs, while continuing to reuse the same file extension identifier for different versions.
https://en.wikipedia.org/wiki/De_facto_standard
Whoa! Did you see where those goalposts went?
Presumably, they were working before Microsoft came up and they needed to be embraced, extended and extinguished.
https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
Your goalpost already moved from "IPv6 just works" to "IPv6-only just works" though. ;)
In all seriousness, I have IPv6 enabled and GitHub works just fine for me. Though at a slower speed sometimes because the IPv4 CGNAT is heavily congested in my area.
If you count that as IPv6 just working, sure.
I use ipv4 on my internal lan, and turn off ipv6
It is well supported, easy to configure, private, secure.
...and I don't have to configure and secure ipv6 in parallel
This! I guess a good number of tech people will have IPv4 home networks long after their non-tech parents, neighbors and friends will be using IPv6 (without even knowing it).
IPv4 in the home is dead easy. You only need to remember the last digit (unless you've got multiple networks, but most won't). You can ssh to any device by remembering that ".1" is router, ".2" is NAS etc. Firewalls are simple.
You can buy a cheap domain and use it as your home DNS (eg "router.myhome.net" -> "192.168.0.1") so it works anywhere! In the home or roaming (over VPN). I don't really need to run DNS at home. My domain runs on Cloudflare DNS, my devices use NextDNS (with rebind protection disabled for my home domain).
I run OpenWRT and preallocate DHCP addresses for all known devices. Then I shrink the DHCP pool to a blacklisted range. A script automatically creates DNS records for all preallocated devices. If a new device appears in the blacklisted DHCP pool, I can manually allocate its MAC address a proper IP.
It's easy to get TLS certs for any service in the house using the ACME DNS01 challenge.
Tailscale is sexy and it worked fine until one day while roaming it wouldn't connect without "admin work", so I instantly dropkicked it. I'm now using the very unsexy OpenVPN Cloud (free for limited use) and in over two years it has never failed me. Plus it doesn't fuck with the IP addresses with fancypants tailnet addresses - I access devices directly using their DNS names which resolve to private addresses.
So, from inside or outside the home I can access the NAS to watch a movie, sync photos to Immich, print a document, check my IP cameras or ask my wife to put a document on the ancient scanner and access it via the raspberry pi phpscan website (which is on https://scanner.myhome.net)
I'm sure there's a very good reason not to do this and someone will now point it out.
> IPv4 in the home is dead easy
Exactly. I randomly try to "upgrade" to ipv6 in my home once in a while and i always give up because I'd have to do the whole enterprisey setup for no good reason.
Edit:
Basically ipv6 is too complex and automated to hold your home network's whole configuration in your head without effort.
So the techies don't set it up at home unless they have a fetish for overcomplicated setups. They're not familiar with it so they don't push for it at work either.
Adoption is solely driven by ipv4 address space exhaustion. There is no "new toy!" feeling involved.
IMO, not having NAT is a "new toy". It allows end-to-end connectivity again. Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.
You could try fd00::1, fd00::2, ... for short internal static addresses. You don't have to use a random prefix in that range - it's just policy (for good reasons that might not matter for a small network).
> Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.
Yeah, and my Windows box is again accessible from the outside with whatever services MS deems to run by default...
Yes, there are firewalls, but isn't it better if a potential attacker doesn't even know what's behind my router?
P.S.: Since webrtc showed up to do whatever it wants with my network, peer to peer has started to mean "donating resources to some company" to me.
v4 networks commonly only get one IP for the whole network, and people use NAT with port forwarding to make inbound connections work. With this setup, an attacker only needs to scan the 65536 ports on the router to exhaustively enumerate every single publicly accessible server on your entire network, which is about 3 megabytes of traffic and takes approximately no seconds.
On v6, you don't use NAT and networks are /64. Finding every server requires scanning 65536 ports on all 2^64 IPs, which is about 72 billion petabytes of traffic. There are ways to prune this down somewhat, but however you do it the search space is still far larger.
If you want attackers to not know what's behind your router, you want v6.
> to exhaustively enumerate every single publicly accessible server on your entire network
Enterprise thinking. It's not the publicly accessible servers i worry about, it's the other boxes that shouldn't be publicly accessible...
# IPv6 in the home is dead easy. You only need to remember the last digit (unless you've got multiple networks, but most won't). You can ssh to any device by remembering that ".1" is router, ".2" is NAS etc. Firewalls are simple.
# You can buy a cheap domain and use it as your home DNS (eg "router.myhome.net" -> "2003:123:4:5::1") so it works anywhere! In the home or roaming (over VPN). I don't really need to run DNS at home. My domain runs on Cloudflare DNS, my devices use NextDNS (with rebind protection disabled for my home domain).
# I run OpenWRT and preallocate DHCP addresses for all known devices. Then I shrink the DHCP pool to a blacklisted range. A script automatically creates DNS records for all preallocated devices. If a new device appears in the blacklisted DHCP pool, I can manually allocate its MAC address a proper IP.
# It's easy to get TLS certs for any service in the house using the ACME DNS01 challenge.
There is literally no difference between v4 and v6 here.
So why bother with v6?
Yes the largest companies have the most resources. Makes sense.
Most do not.
There are far more single person, small, and mid sized companies that do not.
This includes b2b, regional ISPs, etc.
Not all of the skepticism is "does IPv6 work", some of it is "why should I want it as an end user who values privacy and minimal attack surface?"
From my perspective:
• CGNAT is a feature, not a bug. I'm already deliberately behind a commercial VPN exit node shared with thousands of others. Anonymity-by-crowd is the point. IPv6 giving me a globally unique, stable-ish address is a regression.
• NAT + default-deny inbound is simple, effective security. Yes, "NAT isn't a firewall", but a NAT gateway with no port forwards means unsolicited inbound packets don't reach my devices. That's a concrete property I get for free.
• IPv6 adds configuration surface I don't want. Privacy extensions, temporary addresses, RA flags, NDP, DHCPv6 vs SLAAC — these are problems I don't have with IPv4. More features means more things to audit, understand, and misconfigure.
• I already solved "reaching my own stuff" without global addressing. Tailscale/Headscale gives me authenticated, encrypted, NAT-traversing connectivity. It's better than being globally routable.
So yes, my parents are using IPv6 to watch Netflix. They're also not thinking about their threat model. I am, and IPv4-only behind CGNAT + overlay networking serves it well.
"It just works" isn't the bar for me to adopt IPv6. "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will.
IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property, stateless autoconfiguration, the assumption that endpoints should be reachable. That philosophy is baked in. For someone like me, whose threat model treats obscurity, indirection, and minimal feature surface as assets, IPv6 isn't just unnecessary, it's ideologically opposed to what I want.
Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
> Anonymity-by-crowd is the point
Only for IP based trackers. Any webpages embedding facebook/twitter/microsoft/google trackers have already deanonymised you through a variety of fingerprinting techniques. This includes if you use private browsing sessions, and even qubesOS. You get a fuzzy feeling doing the things you do (and I do these things too), but that battle is lost.
> NAT + default-deny inbound is simple, effective security … That's a concrete property I get for free
Depends on your definition of “free”. Is it cheaper to lookup just a connection state table, or is it cheaper to look up both a connection state table and a NAT table?
> IPv6 adds configuration surface I don't want … More features means more things to audit, understand, and misconfigure.
100% agreed. More complexity, more attack surface, more things to go wrong.
> I already solved "reaching my own stuff" without global addressing … It's better than being globally routable.
I do something like this too. It’s more private and more secure. It adds more complexity, and it restricts my ability to access things from terminals I don’t personally own & control unless I create another exposed vector though. “Better” is subjective based on metrics being optimised for.
> IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property
Apologies, but global addressability as a first-class property is exactly how the internet was designed. NAT was originally deployed as a hacky add-on to temporarily alleviate the lack of addressing space in IPv4 until a successor could resolve that.
That said, the internet of the 90s was a very different beast to the internet of today. A lot of your concerns and perspective is absolutely valid and extremely reasonable given the internet of today.
> "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will … Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
IPv6 can absolutely be configured in ways that just gives you a new addressing scheme and does away with a lot of the other complexity. You’re just very much straying off the happy path, removing complexity by introducing … other complexity.
FWIW, I’m operating my home networks much the same way you do. I’ve also been dual stacking networks since the 2000s. Things have come a long way since the original pure-dogma introduction of ipv6.
> Any webpages embedding facebook/twitter/microsoft/google trackers have already deanonymised you
I bet OP has already blocked at least 3 of them. Private browsing is only a partial solution, blocking/unblocking domains, scripts, etc. on a case-by-case basis is a more reliable way to defend your right to privacy against abusive practices (I'm talking about fine grained adblockers such as uMatrix/uBlockOrigin) daily.
I admit it can be a hassle sometimes, in particular if one explores the net every day, but staying away from bad actors (such as some of those 4) is one way to maybe eventually stop them - even if "vote with your clicks" feels as pointless as "vote with your feet" when you're just one in many millions.
How well do those 4 trackers track you if you don't have accounts with any of them?
Extremely well. You don’t need an account to have a unique fingerprint that will eventually tie to an identity somewhere, and data brokers exist specifically for this purpose.
Thank you for the thoughtful response.
To be fair about fingerprinting, there's no such thing as "bulletproof", but I do have a pretty robust setup. DNS level ad and tracker blocking, browser extension level ad and tracker blocking, LibreWolf's extensive anti-fingerprinting measures, kernel-level measures like kloak, I block all third party JS by default, etc. My goal isn't to become invisible and untraceable to nation states (which is essentially impossible when 90%+ of all global ISPs can and do sell netflow metadata, enabling timing and packet size correlation even across multiple hops, even with background traffic forgery / traffic pattern obfuscation), but rather to frustrate lower-level tracking efforts, and mostly to reduce attack surface for security reasons, and to reduce the total amount of information I'm sending to adversaries, even if it technically increases uniqueness. For instance, WebGL, JS JIT, WASM, WebRTC, and even SVG rendering are similarly disabled by default on my browsers, and I may very selectively enable them on a case-by-case basis depending on how important I feel the web property I'm trying to access actually is. I'll spoof my UA, my screen dimensions, and use residential SOCKS5 proxies, one by one, to identify which fingerprinting measures are being used to block me with YouTube, for instance, without enabling JIT compilation or SVG rendering. This approach absolutely does make me more distinctly identifiable (less anonymous), but doesn't necessarily make me less private, nor less secure, if e.g. ad network JS never even runs on my box in the first place. Security is the base of the pyramid, it is the prerequisite for privacy, but doesn't guarantee it. Privacy is the middle layer, it is the prerequisite for anonymity, but doesn't guarantee it. I'm aggressively climbing that pyramid where I can while accepting some tradeoffs where the net benefit is positive to me. I don't think of any of these - security, privacy, or anonymity - as binary properties, but rather a unified journey I am on to enhance gradually and iteratively over time. Switching to IPv6 would greatly complicate and regress my path through much of the journey I've already completed.
If I could leave you with a couple questions: What tangible benefits have you reaped from IPv6 that simply weren't possible on IPv4? Has the ROI for you on going dual stack outweighed the costs on your time, attention, and configuration work required for securely handling edge cases, dealing with weird or unexpected routing issues, for straying from the happy path?
> I’m surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing.
The more technically knowledgable you happen to be on the subject, the more you realize IPv6 is some unreliable thing when compared to IPv4. Perhaps no longer niche though.
It's unfortunately still an afterthought for many backbones - and not just US-centric ones. There is a noticeable difference in performance metrics from clients served via IPv4 endpoints vs. IPv6 for web assets in the same locations from the same transit providers.
It is pretty much the opposite of "just works" depending on your definition of "just works". It results in more Traffic Engineering per bit served by a large factor compared to IPv4.