Global IPv4 address drought: Seriously, we're done now. We're done

Mine (Netgear) let's you input a domain into their script generator, to allow for stuff like Dyn to work even if your IP changes.

Re: IPv6 is fundamentally broken

The basic problem is an INTER network problem so it is logical to between the networks and leave the networks untouched. An ISP problem not, not a user problem.

Apps on internal devices do not send IP addresses, they send to names.

They expect the IP stack to resolve the name to an IP address and a MAC.

They do not care if you are using really using ATM or NetBois or MPLS so long as the IP stack is happy.

If your ISP can couple your ISPs DNS to IPv6-IPv4 NAT, THEY can allocate a temporary IPv4 address to the Ipv6 address and sort it out with NAT at the at ISP. It would be invisable to us. We should allow us to keep the investment in apps, knowhow and hardware. The crappy bit can be regroup into a DNS/Firewal application (1U 19inch rack box) if you do not want the ISP to do it. But they already provide DNS, and are running BGP4 routing, plus a lot of stuff not really in my best interests like logging every url I use for the government, blocking sites banned by the government, throttling if I use SSH in Iran.

Re: IPv6 is fundamentally broken

"2001:db8:42:1::2

But what the fuck does that mean?"

You seriously expect an IP address to mean something? Odd. But let's have a go anyway...

The 2001:db8 means this is a unicast address with global scope. The equivalent in IPv4-speak is "not in the 224.x.x.x/4 block, and not in 10.x.x.x/8, 172.20.x.x/12, 192.168.x.x/16 or 169.254.x.x/16 either".

The 42:1 is your network. Short, isn't it? Lucky you. Mine is a few characters longer, but to be honest I can't remember it because there is this thing called DNS so I don't have to. For a SOHO user, the 42.1 is the moral equivalent of the external IP address of your NAT. It is the bit that someone might use to track "you" rather than a particular network adapter that you own.

The ::2 is your address within that network. It's also short and I assume that someone has deliberately engineered that address because they occasionally need to type it directly rather than relying on DNS. For a SOHO user, the ::2 is the moral equivalent of the internal IP address of your NAT.

I occasionally hear objections to IPv6 on the grounds that you can't remember the addresses, but the only bit that needs remembering on a machine-by-machine basis is this ::2 bit and the only machines you need to remember are your routers and DNS servers. If you can manage this feat in IPv4 then IPv6 is not going to trouble you. Also, if this had been a multicast prefix, the ::2 suffix would have meant "all routers in this scope", because IPv6 addresses, if anything, are more expressive than the IPv4 ones they replace, so the number of machine addresses you need to remember might actually be fewer in IPv6 than in IPv4.

Re: "Let's use a firewall"

"all firewalls by default will block everything...."

And there we go again assuming that all firewalls are identical and with the same default settings.

Can I just re-iterate that "default" in computer terms does not mean, "normal" or "correctly". It means either "in a state of error" or "requiring configuration". By using default settings, you are not configuring the device with the appropriate settings for the task at hand. At best you are going along with what someone else thought worked well with their configuration, and at worst you are going along with random entries that made it into the firmware image. It frustrates me when someone calls me for support stating "but it's using default settings, it should work". Default means "error" not "correct"!!!

Re: "Let's use a firewall"

One of the nice things about NAT, as widely used in domestic situations is that it allows routers and other devices to 'know' out-of-the-box and thus assume that any address starting with 10. , 172.16. & 192.168. is private and thus local.

Yes IPv6 has the concept of private address space (anything starting fcxx or fdxx.), however it's envisaged usage is different to the current usage of IPv4 private address spaces.

As others here have pointed out, for Joe Public users, the kit has to be preconfigured and work out of the box ie. zero configuration required by typical end users. Also users will expect that local network services such as mDNS (aka Bonjour) to also simply work, so for example Airprint enabled printers either work out-of-the-box or simply need Airprint enabling.

This isn't to say that IPv4 and NAT is wonderful, only that IPv6 has to deliver the totality of the current IPv4 network environment user experience.

Re: It's all Excel's fault

DMZ machines run both stacks. IPv4 and IPv6, these machines are in a DMZ and can talk to world+dog it also has a connection back to the legacy back-end. On these machines you run a protocol proxy EG Varnish, SMTP relay or whatever. This setup is pretty common for IPv4 only networks.

Back-end only talks IPv4

For outbound traffic you pull the same trick EG Squid transparent proxy. Hmmm I wonder if there are IPv4 to IPv6 translators.... May make and interesting project. Shouldn't be that hard .... tcp/udp traffic doesn't know or care about IP/v4/IPv6

The big issue is that most internet providers only offer IPv4 :(