this post was submitted on 19 Jun 2024
315 points (85.6% liked)
Programmer Humor
19691 readers
137 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I felt dirty! and broke so much shit when i had to implement NAT on networks in the mid 90's. Nowdays with ipv6 and getting rid of NAT is much more liberating. The difference is staggering!
Now the greatest and best effect of ipv6 is none of the above. It is that with ipv6 we have a slim hope of reclaiming some of what made the Internet GREAT in the first place. When we all stood on equal footing. Anyone could host their own service. Now we are all vassals of the large companies that have made the common person into a CGNAT4444 using consumer mindlessly lapping up what the large company providers sees fit to provide us. with no way to even try to be a real and true part of the Internet. Fight the companies that want to make you a eyeball in their statistic, Set up your own IPv6 service on the Internet today !
"Senpai, route me like one of your French ISPs"
Sir this is a Wendy's
JK that's a lot of good info
i got like a third through it before scrolling to the bottom to see how long it was. omg! should be the canonical example of the opposite of a shitpost ha
Its as long as an ipv6 address
If all that is true, then why do I still hate ipv6 so much.
I assume the normal fear of unknown things. It is hard to hate ipv6 once you have equivalent competence in ipv4 and ipv6.
I'd bet it's this little bugger " : "
It is for me.
The : is ok. I dont struggle with the shortening part. I struggle the "everything else" part.
🧓
What is localhost now again...
Edit, remember you could use 127.0.0.1, but then it was changed to like 127.0.0.1......something....ff
So guess I was wrong :-) thanks for the info!
::1
For me is because it’s so fucking slow. As soon as I disable ipv6 on every device it has better speeds.
IPv6 is trash.
Tell that to your ISP which has fucked their IPv6 deployment up. In my experience IPv6 is actually faster since it bypasses the IPv4 CGNAT.
On busy days my IPv4 connection can get as slow as 15KB/s, now that's trash.
Lol that's ridiculous. There's nothing about ipv6 that'd make it any slower
There's one practical thing. Routers have had years to optimize IPv4 routing, which has to be redone for IPv6. Same with networking stacks in general.
In theory, IPv6 should be faster by not having to do bullshit like CGNAT. There's every reason to think it'll match that advantage if we just make it happen.
In the USA, around 50% of Google traffic and 60% of Facebook traffic goes over IPv6. The largest mobile carriers in the US are nearly entirely IPv6-only too (customers don't get an IPv4 address, just an IPv6 one), using 464XLAT to connect to legacy IPv4-only servers. I'm sure we'd know if routing with IPv6 was slower. Google's data actually shows 10ms lower latency over IPv6: https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption
That doesn't make it "trash".
Google's data shows that IPv6 is usually faster. Their metrics show an average of 10ms less latency over IPv6 in the USA and Canada: https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption
This is one of the best comments I've ever read on Lemmy. Thanks for writing it. I fully agree with all your points!
Thank you! :) I also notice i compleatly forgot the port exhaustion issue we see with larger networks behind roo few ipv4 NAT addresses..
Imagine actually having ipv6 available through your ISP.
...and ever if my ISP actually provided one, getting a static one costs money so there's no difference in the end.
I guess I am lucky. 3 out of 3 isp's available from in my region provide IPv6 with a dhcp-pd assigned stable address by default. (Norway)
Yeah, here in Russia the ISPs and IT infrastructure guys seem to be treating IPv6 like it has cooties. I can't find an article (and it'd be in russian anyway) but as far back as 2022, if you get IPv6 you can expect a variety of issues with it, ranging from "you need to reboot your router every once in a while" to "you technically have v6 but good luck actually browsing v6 internet".
And of course, why would they give you a stable IP when they can charge for it :T. At least it's only a third the price of a stable IPv4.
My current ISP technically provides v6 according to their site - but my connection doesn't have it, and since there's nothing about it in the years-old contract, I'd need to redo that if I want to complain.
You have my sympathy. I do not know of a sure way to get isp's to behave. Espesially not if they have regional monopoly
There are usually plenty of choices for ISPs here, actually. But switching between them isn't likely to give me IPv6 since either they share a magistral or the hardware is just plain old. That, and IPv6 is just not a thing anyone markets.
...and with the current fuckery going on, I doubt many of them have budget for big upgrades. Or maybe even access to hardware to buy.
I just get that included. Like the Norwegian guy, but in Switzerland from Init7
But IPv4 addresses are easier to remember!
/s
I could see a point of having home networks stay on IPv4 and NAT with an external v6 address.
That would keep the current security model for home networks where we can assume general tech litteracy is low.
That is not how it works. You can have a home network on ipv6. And it can reach all of ipv4 via nat ( just like ipv4 do today). A net with only ipv4 can not reach any ipv6 without a proxy that terminst the v4 connection and make a new v6 connection. since ipv6 is backwards compatible. But ipv4 is naturally not forwards compatible.
Also it is the default deny of the stateful firewall that always coexist with NAT, since NAT depends on that state, that is the security in a NAT router.
That default deny is not in any way dependant on the NAT part.
Interesting, I thought NAT could handle it...
If there is a ipv6 service online. That you want to reach from a v4 only client. You can set up a fixed 1:1 nat on your firewall where you define a fake internal ipv4 address -> destination NAT onto the public ipv6 address of the service. And SRC NAT64 embed your clients internal v4 into the source ipv6 for the return traffic. And provide a internal dns view A record pointing to the fake internal ip record. It would work, but does not scale very well. Since you would have to set this up for every ipv6 ip.
A better solution would be to use a dualstack SOCKS5 proxy with dns forwarding where the client would use the IPv6 of the proxy for the connection. But that does not use NAT tho.
The best solution is to deploy IPv6 ofcourse. ;)
You could still NAT between v6's though.
Con: you are now even more dependent on DNS, increasing the blast radius even more ~~if~~ when it breaks.
But DNS rarely break. The meme about it beeing DNS's fault is more often then not just a symptom of the complexity of IPv4 NAT problem.
If i should guesstimate i think atleast 95% of the dns issues i have ever seen, are just confusion of what dns views they are in. confusion of inside and outside nat records. And forgetting to configure the inside when doing the outside or vice verca. DNS is very robust and stable when you can get rid of that complexity.
That beeing said, there are people that insist on obscurity beeing security (sigh) and want to keep doing dns views when using IPv6. But even then things are much easier when the result would be the same in either view.
I broke DNS plenty of times in my homelab independent from NAT. In the last few months:
Yes, most of them is my dumb ass making mistakes, but in the end it's something that constantly breaks and it helps knowing the IP addresses of my servers and routers.
Aditionally, obscurity is a security helper. The problem is relying only on obscurity. But if I have proper firewall rules in place and strong usernames and passwords I still prefer if you don't even know the IP addresses of my servers on top of that (in case I break some of the other security layers).
OMG!!
This guys a bee! Everybody run!!!!