ipv6 is strictly superior and i will die on this hill
If ipv4 wasn't owned by the address-hogging empire of evil, we wouldn't need ipv6
There was a cool project that converted hexadecimal numbers (or IPs) to pronouceable words. I think it was also more dense, and of course faster to say / easier to remember.
Some kind of Name System?
Perhaps organised into some sort of domains for clarity?
Just make your IP addresses pronouncable words like feed:deaf:babe:beef:cafe:: problem solved ez (working 2023!)
But you're limited to a-f. I wonder if anyone's figured out how many addresses are actually possible with that system.
throw some 1337 speek in there and you're all set!
I think that's just 6^32, no? (Amount of options^string length). Which is 7958661109E24.
Yeah, calculation of the amount of possible strings containing only a-f is trivial. But the idea is for addresses to be memorable. So I'm wondering how many strings which are valid IPv6 addresses are possible if you are limited to actual English (or, pick a language) 4-letter words containing only a-f. As someone mentioned, this could be expanded with 1337-speak.
Ahh right, that would be a bit more difficult to calculate.
I guess you could make a script which just bruteforces all combinations of a-f against an English dictionary. I might try to do that tonight.
Reminds me of three word location.
That's cool, but I'm sure it broke the relationship between ip addresses. Like it would be hard to tell if 1 IP was 1 higher or lower than another/ in the same /28 subnet, etc
maybe they could be sorted alphabetically to give you an idea, but yeah, it'd be harder to know for sure without a mixed format like
worda:wordb::f1
there's no place like Nyamyochu Sha
Does IPv6 scare you so much that you start craving the monstrosity known as NAT44?
Idk man, NAT makes a lot of sense once you get used to it. And it's pretty cozy with its firewall features. And somewhat human readable ipv4 addresses are nice.
NAT provides no firewall features and we can have a discussion about how wrong that statement is
ISPs putting you behind NAT is not cozy.
They charge extra for a feature called "static IP". But the IP address not being static is not the issue, for me at least. You could host stuff with a dynamic IP back in 2000s/2010s. But no, now you get to share the same IPv4 address with a bunch of other households, unless you pay extra.
Ha, yeah that sucks and I'd absolutely hate it if I were behind a CGNAT. But I believe most ISPs don't do that. None of mine ever have. Just like how most ISPs provide you with an ipv6 address range, but not all. Fact is that crappy ISPs can screw up your network no matter what ip spec you're using.
And I've never heard of a business network being behind an ISP controlled CGNAT. A NAT you control can be nice.
You don’t need a NAT with IPv6, that’s what link-local addressing is for
Unless your ISP won't support DHCPv6-PD until you pay them extra... want to guess how I know this?
The "firewall" features are called connection tracking and, a firewall. With IPv6 I have my firewall setup very similar to NAT. Established and outgoing new connections are allowed (this is done using connection tracking). Incoming new connections are not allowed unless I open up a specific port.
Home firewalls SHOULD be setup the same for IPv6, a lot are not and IMO is the main problem right now.
Idk man, NAT makes a lot of sense once you get used to it.
That's a lie, NAT is bullshit, sometimes necessary, but it will never "make sense".
I like that none of my local devices are externally addressable unless an outgoing connection has been established. You can (and should) achieve the same thing with ipv6, but then it's essentially just maintaining a NAT table without the translation piece. I think that makes sense in both protocols.
With IPv6 for most use cases there's actually more security. With privacy extensions (pretty sure it's enabled on windows by default), when you make connections from your device, it uses a "private" IP. That is a randomly chosen address inside your network's prefix, that changes regularly.
These addresses don't accept incoming connections. You have a main address that doesn't really change that you accept connections on. Firewall that for ports you want to allow and then hackers need to port scan 2^64 or 2^80 address space to find your real IPs in your prefix. If they capture your IP from a connection to a web server etc, they won't have luck scanning you.
Again as per my post above, the biggest risk right now is bad default configurations on many home routers.
exactly, I also like this peace of mind for my home network and see no benefit in using ipv6 there. Similarly for any VPC I deploy to an IaaS.
I'm actually trying a hybrid approach with some VPCs: use firewalled IPv6 ports for remote management, direct to the VMs; while siphoning off the IPv4 traffic to a basic Linux host with Netfilter rules acting as a NAT router. I keep the benefits of using IPv6, without eating up a bunch of external IPv4 addresses, that I would also have to account for on filtering.
I like that none of my local devices are externally addressable unless an outgoing connection has been established.
This can also be achieved using (other) firewall rules.
but then it's essentially just maintaining a NAT table without the translation piece.
So... a firewall?
NAT isn't a security feature and shouldn't be relied on for managing access to hosts.
It also breaks the assumption of IP that connections between hosts are end-to-end, which requires sophisticated solutions so that everything works (more or less).
I too employ NAT to make services accessible over IPv4. But only because it doesn't work otherwise. Not because it "makes sense". I don't use it at all for IPv6.
1-888-STOP-HEX
Are we hiring a white hat hacker or a white hat witch?
Yes
Witch is fine. Why not conjure a big curse to the people who came up with IPv6 addresses? Let them have piss in their blood and rotten teeth for the rest of their lives.
Yes, who do you think deployed it.
i don't think i ever worked a job where they took ipv6 more seriously than an afterthought.
why did you implement it?
I was working for an ISP and the customer requested it.
I wish you worked for Quantum/CenturyLink. All I've got is 6RD.
oooh, that makes sense.
Ain't nobody never asked for any of this, but it invaded my home computer too!!! IPv6 rapist immigrants are taking over this country.
The future is now, old man
I don't get how regular network works, ipv6 is like 10 times more confusing with all its prefixes and subnets
I mean they dropped the parts of ip4 that are not used. They only multiplied the number of bits by 4, otherwise it's the exact same ideas. The confusing part might be that a device gets multiple addresses off the bat. Using decimal for 128 bits would have made the address even worse.
/64
That's not an address, that's a whole fucking subnet consisting of 2^64 different addresses. ☝️🤓
It is a single address with an associated subnet mask, indicating what subnet the address is in.
The subnet would be 3fff:a1:1ab:bc67::/64, for the top one.
I'll see you in court.
Maybe but I always have to enter /24 after setting a VM's manual IP for it to be valid
That would depend on the network environment. If your VM is on a /28 subnet and you set /24 it won't be valid
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
