new | ask | show | jobs
ninkendo 8 hours ago  [ - ]

> then all I needed to relay to them was the simple dotted octet that identified my WAN interface.

Then either you must be one of the precious few people who owns a /24 or something for their house and gives each device a global IPv4 address, or you’re forgetting the part where you have to go to your router and pick a random port to forward, and open it up. Otherwise you don’t just “have” an independent WAN address on each host in your network, like you do with a typical IPv6 setup.

> So 2001:3c7:4f80:1a01::3 can be one system on the LAN and 2001:3c7:4f80:1a01::4? And these are complete, unique, world-routable addresses that someone else on the world can connect to with the appropriate firewall rules in-place?

yes

> But the first half is assigned by my ISP and changed at their whim, right?

like your IPv4 WAN address does, yes

(About ULA)> That sounds great, in concept. But now we're back to using private, non-routable addresses?

like IPv4 yes. But in IPv6 you can have both, a ULA (like rfc1918 addresses) and a GUA (an actual routable address) on the same subnet. It’s fine. Use the ULA for your LAN use cases where you need to use a LAN IP address (bonus, it stays the same even if your ISP changes your prefix) and use the GUA for the rare occasion where you need someone on the other side of the world to talk to one of your hosts. You’re gonna have to poke a firewall rule anyway, so you just pick a decent GUA address while you’re at it ($global_prefix::1, etc.) You can do whatever you want, it’s your prefix (until your ISP changes it.)

> How does fd00::3 then communicate with the greater internet? NAT?

no need, it just has another address for global traffic. Typically one of the really long random ones, that’s what they’re for. (They even change for every external service you talk to.). The whole purpose of the long impenetrable fully-populated 128-bit address, is basically only necessary for privacy (I.e. you intentionally want the address to be meaningless.) For anything where you’re persisting an IP somewhere, just pick a better address for it. $prefix::1, whatever. It’s a single ifconfig command even on macOS, ditto Linux. (Windows I have no experience with but I’m sure that too.) Trivial to persist across reboots, etc.

The ISP changing the prefix is a real problem though, and is far too difficult to rely on persisted global addresses for that reason. Using a ULA anywhere you need to configure an IP address locally is the only sane option, and for global addresses it’s simply a huge pain in the ass if you ever get a different prefix.

> edit: And then, how is fd00::3 superior to 10.3 [10.0.0.3] on the LAN?

 6 hours ago  [ - ]
[deleted]
 6 hours ago  [ - ]
[deleted]