673
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 24 Jun 2024
673 points (98.0% liked)
Programmer Humor
31214 readers
1237 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 4 years ago
MODERATORS
~~fc00::/7 are ULA (basically what RFC1918 was for IPv4)~~ not entirely true, fc00::/8 is part of ULA, but it is not yet defined. Use fd00::/8 instead.
2001:db8::/32 is for documentation purposes
IMO they shouldn't have allowed ULA as part of the standard. There's no good reason for it.
I use ULA prefixes to ensure the management interfaces of my devices don’t leak via public routes.
It’s one of the unique parts of the standard IPv6 stack not back ported to IPv4, that an interface on any host can be configured with multiple addresses. It permits functional isolation with the default routing logic.
IPv6 is far from perfect, but the majority of the arguments I’ve seen against deploying it are a mixture of laziness, wilful ignorance, and terminal incuriosity.
I might be misunderstanding. It's definitely possible to have as many IPv4 aliases on an interface as you want with whatever routing preferences you want. Can you clarify?
I agree with your stance on deployment.
Configuring multiple v4 addresses on an interface is a kludge, typically only used on hosts which apply inter-network routing logic. It’s an explicit, primary function of the standard v6 specifications.
With v4, you would use either RFC1918 and NAT, or plumb a public address to the host.
With v6 you should use a ULA and an address with a public prefix, and selectively open ports/services to on appropriate address.
An example is the file sharing and administration daemons on my NAS are only bound to its ULA. I don’t need to worry whether it will accidentally be exposed publicly through fat fingering my firewall config, because it will never route beyond my gateway.
Yeah there is: not breaking all your internal traffic when the wan link goes down and you lose your prefix.
I can potentially see that scenario if your transit provider is giving you a dynamic prefix but I've never seen that in practice. The address space is so enormous there is no reason to.
Otherwise with either of RADVD or DHCPv6 the local routers should still be able to handle the traffic.
My home internal network (v6, SLAAC) with all publicly routeable addresses doesn't break if I unplug my modem.
IIRC, there are some sloppy ISPs who are needlessly handing out prefixes dynamically. ISPs seem to be doing everything they can to fuck this up, and it seems more incompetence than malice. They are hurting themselves with this more than anybody else.
When you want IPv6 but your ISP says “no”
You're not supposed to use fc00::/8, so it's just the fd00::/8 half that's the new ULA.
Didn't know that, thanks. Luckily, I've only ever used fd00::/8
Source btw: https://en.m.wikipedia.org/wiki/Unique_local_address#Definition