IPv6 - its time to take it seriously
For now - a handy place to put IPv6-relevant links and discussions
Test your own IPv6 connectivity https://test-ipv6.com/
Primer - A Basic Introduction to IPv6
EDIT: Thanks to @JPL this is now a wiki - add your own links above
I have 4 IPv6 addresses assigned to my network card.
1 of which I made by myself - fc00:1::2 - for local communications with my router.
2nd was assigned by OS - fe80: - automatically.
I tested IPv6 support from my ISP long time ago.
I was disappointed that they did not wanted to give me whole subnet, but decided to look how it works anyway.
During tests I started to notice that some websites which were working fine with IPv4 became too much glitchy with IPv6.
I said about this problem to ISP support (with technical details like traceroute results), they promised to look at it. But time went and nothing changed.
So instead of public IP I switched to local address and forgot about IPv6.
Until about year ago.
Accidentally I found that now I have not 2 addresses, but 4 of them.
2 addresses 2a03: appeared despite OS settings contains only my local address.
I don’t know why it happened, but since now there are not many glitches with it, I decided to let it be for a while.
But if IPv6 will start breaking my connectivity again, then I will just find the way to block it more reliably.
That is my plan instead of searching for more correct and authoritative sources 
Yes but AIUI, these addresses will contain portions derived from your MAC address(es), not necessarily quoting it “in clear”
Try again https://test-ipv6.com/
Big chunky dull issues that I read as perhaps just management… and expect they are of a kind that forces to resolution at some point but testament perhaps to the current state that such a basic glitch exists… tldr; three networks cannot cooperate.
posting this as I saw it a couple of days ago but looking now I wonder it’s one of those pages without a date stamp…
linking this here as its a big privacy issue the way ipv6 tries to have an ip for each of your devices but I think they will fix it eventually
@EUTechHealth
2 months ago
Rob you cannot … I tried back in 2000s to push for NAT in IPv6, something that creates amazing security for the home, as the cache has to add the entry from an outgoing, especially if you own your own box and the ISP is not doing anything cheeky. Without NAT your whole network is exposed. Second problem is the link local annoyance, like Apple refuses to allow you to switch it off, as do others, like on the router you mention for a reason, it leaves a hole, at least in the GUI, the multicast L2 is very intrusive and can bunny hop, so just having Link Local does not help. Even if you use an IPv6 VPN it is incredible privacy violating. It should be switched off & blocked. I developed DS-lite, and pushed it worldwide, so you never had to use IPv6 in the home. So when you say multiple people having the same address that is what DS-lite does, so as long as your gateway, ISP internal interface address, is a private IPv4 only, 192 etc, and IPv6 public only externally, that weird Hex starting with 2, then you are almost guaranteed to be using DS-lite and incredible safe as you are using nested NAT, one in the ISP network, and one locally inside your network. Microsoft hated me for that As long as you do not use IPv6 only services then you will fine for the next 40 years unless someone tries to force it, but then we are developing IPv4 private to IPv6 NAT, so should be ok when it happens. & please you need to explain EUI-64. and mac addresses placed inside the link local and L3 IPv6 addresses, as this is a major security risk. Always switch off ALL of IPv6 in your local network.
This is the comment found under Rob’s video.
NAT is not a security feature, NAT is a annoying barrier that cripples regular function and as a side-effect also blocks some unwanted connections. All the “security” that NAT brings can be done with two firewall rules in the same router that would do the NAT.
NAT (or other IP sharing mechanism) can provide “soft anonymity” as you can hide yourself from average Joe, but not from police. ISPs in most countries have to do mandatory logging of every connection and which customer it belongs to. Doesn’t matter which protocol and if the connection goes through NAT or not.
EUI64 = MAC address is used to autoconfig IPv6 address and by that the device can be identified if it moves to another network. Problem for users (not so much for servers, IoT devices, etc.), solved by privacy extensions.
Privacy extensions = autoconfigured IPv6 address is independent on MAC, default since Windows XP (and it changes the IP every 10 minutes)
NAT is what often brings the security risk as is it brokes direct access to devices …and users want that. For example security cameras, on IPv6 (or public IPv4, as it was intended) I can block all their communication outside my network with only exemption to allow my phone/notebook to remotely check what is happening. Behind NAT my only option is to allow the cameras to “call home” and then access them through the manufacturers server/app, which means unknown number of unknown people have full access to my devices. That I call a security risk.
Great info! Thank you!
Would this increase the amount of processing power needed for routers? -particularly if the network comes under attack?
Wondering what the roadblocks are aside from inertia and fear of new things – i.e. why isn’t it happening?
I guess it depends on specific implementation, but it should be the same. Unless we are talking Gbit+ data streams and millions of packets per second, cpu power is usually not the issue on today’s routers.
Biggest technological roadblock in IPv6 itself was (and kind of still is) addressing devices in IPv6 (what DHCP does in IPv4), you can have SLAAC, DHCPv6 or combination of both, it works, but not all is supported everywhere and it can be confusing.
And of course the chicken-egg problem - there are not enough IPv6-only services to make users want it and businesses are afraid to go IPv6-only because not enough users have it. When service provider goes dual-stack it is double edged sword, it works for all users, but it doubles the work and security risks and users feel fine staying on IPv4.
Biggest psychological problem I think is how close, but also different the protocols are. If you are able to see IPv6 as different animal and accept it behaves differently, it makes sense and it is actually elegant in some things. Problem is people who know IPv4 often want to bend IPv6 to behave like IPv4 and then get upset when it doesn’t work or works poorly.
Thanks for the details. Appreciated. 