Seriously, my knowledge ends with:

  • It offers a shitload of IP addresses
  • They look really complicated
  • Something about every device in your local network being visible from everywhere?
  • Some claim it obsoletes NAT?

I get that it’s probably too complicated a subject for an ELI5, so if there are good videos or resources explaining it in less than half an hour, feel free to share.

  • r00ty@kbin.life
    link
    fedilink
    arrow-up
    4
    ·
    11 days ago

    I’m going to just answer each point in turn. Maybe it’s useful. I don’t know.

    It offers a shitload of IP addresses

    It does. Generally most ISPs assign each user the equivalent of the IPv4 address space multiplied by itself. There’s a lot of address space to go around.

    They look really complicated

    This is true. But you rarely need to remember a full IP address. Most resources you access via DNS. If you have servers on your own network you will probably need to remember your own prefix (first 3 or 4 blocks of 4 hex numbers) and your servers you want to access would likely be ::1 and ::2 etc in that allocation. So you’d learn them. Also most routers allow for local DNS entries and there’s other things that will help here.

    Something about every device in your local network being visible from everywhere?

    This is a concern, but that’s mostly because router makers now are often badly configuring their routers. The correct way to configure a router is to allow outgoing/established connections by default and block all incoming (until you specifically open a port). Once this is done the security is very similar to NAT.

    Some claim it obsoletes NAT?

    Yes, NAT was created to make a small address space work in an era of multiple internet consumers behind a single connection. But when each device can get a routable IPv6 address, NAT is not needed. However the security I talk about above IS essential to apply to consumer routers.

    Now, I’ll elaborate on some of the features of IPv6 (a lot of which are just not being used when they could have been).

    IPv6 privacy extensions (RFC4951)

    This allows normal client machines (the kind that would usually be behind NAT entirely) to have a similar level of security and privacy provided by NAT. One concern with just plain IPv6 with a fixed IPv6 allocation is that people could ID a specific machine from web logs etc and could be used against you in privacy terms. This extension ensures that you have multiple active IPv6 addresses. One could be the one you perhaps have some ports open on. That address will not be used for outgoing connections. A random IP will be used for outgoing connections and this IP will not have any ports open and will change frequently. I think on windows this is enabled by default (when you look in ipconfig you will often see multiple “temporary addresses”).

    Harder to portscan

    Currently it doesn’t take THAT long to portscan the whole IPv4 address space. And because almost every public address is hosting multiple hosts behind it, there’s a good chance ports will be open on a lot of the IPs scanned.

    With IPv6 the public address space is huge. With normal machines having their allocations made randomly within a huge allocation per user and every IP would still need every port scanned. This makes active port scanning much harder. The above privacy extensions also mean that passive port scanning (port scanning IPs found in web logs for example) is harder too.

    User experience

    Provided consumer routers are configured well from the factory and ISPs are making sensible decisions regarding allocation of address space, the user will benefit from the advantages and not even know they’re using IPv6 in many cases. When you go to google/facebook/youtube etc you will be on IPv6 and not even know it.