12 Matching Annotations
  1. Jun 2021
  2. Nov 2020
    1. decide that maybe that’s something best left untouched.

      agreed that this Road could use more Paving. the lone, stressed out operator might not be the ideal circumstance for such paving.

    2. (Yes, IPv6 capable hosts will have multiple IPv6 addresses on one interface. That’s not mildly confusing at all.)

      great feature, already discussed in Prefix Delegation how powerful it can be, what a win for security & privacy it is.

    3. Only clients that, likely, are gateways for their own LANs are really going to ask for a delegation.

      this feature enables things like the super cool ipv6 privacy extensions in Linux, where connections get random ip addresses. i think Apple has a similar offering? rather than have all activity come from a single IP address, that activity can now look like it comes from across a subnet of addresses. this also allows service isolation, such that your file-sharing protocol is the only thing offered on one ip address, your dns service is the only thing available on another ip address, &c. this is really powerful, privacy protecting, giving computers multiple ip addresses. ipv6!

    4. also, the entire point of IPv6 is that all nodes are globally routable, you don’t need special private address spaces or translation of any kind, it just works. And if you want, hah, privacy, that’s what firewalls are for.

      accurate. that is what firewalls are for? what is bad or the downside about that? it's not computationally complex, home routers should be able to offer this network security you want.

      the amount of networking hell we have had to endure because devices are not on the internet has been vast. i know we still have some way to go before we can trust in device security, but this warm blanket of network security, of running our own private networks & NAT'ing between, is a malpractice & problematic beyond belief & we need to get better, advance.

      there is some salvageable wisdom here. devices should come with an option to run in site-local address scopes, such that they are not routeable. my hope is most devices can be online, but perhaps we can allow for the option to not.

    5. That “different IPs” bit may sound a bit… duh, then remember that for some systems I run (like this blog, with NNTP), the port number alone is what decides the destination, you could even still go to the same domain name and it counts. With NPt, you cannot do this, you’d have to have an additional device like a layer 7 proxy (like HAProxy) to take in everything and send it to the correct destination, meaning I need a dedicated host to do the thing that IPv4 NAT could already do natively!

      you can easily route any range of addresses, by port, to wherever you want with ipv6. this isn't pure network prefix translation, but that's not the only tool in the shed for ipv6.

    6. If you know me, you know I always say that computer networking is a miracle that only holds together by duct tape, prayers of engineers, and dumb luck.

      where-in the author argues that devices should be kept off the internet & should not have their own internet addresses. which, is, well, conventional & safe, yes. but i tire of this stalemate. i very much would like devices to be connectable.

      yes you need dual rules. alas, the legacy world haunts us.

    7. IPv6 also expects senders to perform Path MTU discovery, by actually listening to ICMP packet too big messages, which contains the MTU of that node. The sender is expected to read this, and then adjust accordingly, repeating this in a loop until the packet can pass just fine. Alternatively… don’t exceed the IPv6 minimum MTU, 1280 bytes.

      i am all here for explicit behavior over invisible, slow, dangerous behavior. everything written in this section sounds like an escape from a nightmare.

      well, almost everything. i scanned the PMTU doc. it looks like the sender has to send large packets in order to trigger the Packet Too Big (PTB) messages, which is un-ideal. it'd be great to ICMPv6 probe this with small packets? bah.

      also there is an (expired) "IPv6 Packet Truncation" draft that i'm not sure if is implemented or no (probably not), where a router can truncate the packet & issue the ICMPv6 Packet Too Big back to the sender, such that the IPv6 source can, in some cases, application protocol specific, send the remaining "fragmented" data without loss, at the expected MTU size. notably, this may mean multiple PTB messages if the packet runs into multiple mtu decreases as it goes, creating odd timing & reconstruction issues for those seeking to implement this.

    8. That is insane.

      i grow tired of the author bellyaching about big addresses being hard. the switch from . separated to colon separated at least has some grounds for head scratching, but the complaints about long addresses, about long rDNS? please. it's not the prettiest, yes. but it doesn't strike me as bad, or a nightmare. there's critiques on ipv6, but this aint it. this is small.

    9. Even though the entire “special” address assignments are exactly 1.271% of the entire IPv6 address space, we’re still allocating giant swathes of addresses. History repeats itself, you can see that right here.

      i can definitely see wanting massive local address space in ipv6. i imagine, for example, creating an untrusted/semi-trusted container/workload that shouldn't know where it's connections are coming from, where all packets are forwarded to it mapped through link local addresses. having this huge address space would allow not just that one container to have this kind of blindfolded addressing happen, but would allow tens of thousands of containers to have this kind of blindfolded addressing work on a machine.

      this seems like a weird bone to pick, and it strikes me as a huge feature, offering some very valid flexibility

  3. Oct 2020
    1. n IPv4 there’s a protocol called dynamic host configuration protocol (DHCP) so as long as you can find a DHCP server you can get all the information you need to connect (local address, router, DNS server, time server, etc). However, this service has to be set up by someone and IPv6 is designed to configure a network without it.

      There's no DHCP server involved with handing out IPv6 addresses.

  4. Nov 2015