I am sure there is something I am missing, but when I hear about NAT64+DNS64 services, it seems so simple to me to convert v4 to v6 using that well known prefix, so why isn’t that just built into all new routers?
I guess you mean your home router. I would say there are two reasons:
First of all a NAT64 isn’t stateless. Of course you can embed the destination in the IPv6 address. But the NAT64 must save the source IPv6 address (and ports) so it knows whom to send possible responses. Of course this is also required for NAT44. But you must have it in mind when to construct a cheap router for many end customer which only want youtube.
The second reason is that most consumer don’t care[0] about the technical details. For them it’s important that when they click on a link the website must load. This works at the moment perfect fine with IPv4, because if you can’t provide your website with IPv4 the customer believe your service is broken. But when the service is available over IPv4 the problem is on the client side. So for a router vendor everything is fine as long IPv4 is working. They don’t gain more customers[1] with such features.
[0] This isn’t criticism, just observation
[1] expect for some technical specialist
After reading the article I’m pretty convinced that it’s possible to set this up, especially given technologies like NAT64 and DNS64.
The author makes a note early in the post:
In this post, I don’t really want to get into the detail of why IPv6 is an improvement over IPv4. The initial RFC was ratified in 1998 and there’s been over 2 decades of content generated about the benefits it brings since then. IPv6 is the current version of the IP protocol and IPv4 is legacy. I consider that a settled matter.
To a normal end user, what would the benefit be? Chances are my router is still going to firewall external connections to my local network devices, and that seems like a good thing to leave in place unless I really want to run a service on the desktop in my bedroom?
I’m curious what other benefits there might be to this sort of configuration, if we start from the assumption that I don’t actually care to expose local network devices to the public internet.
Chances are my router is still going to firewall external connections to my local network devices, and that seems like a good thing to leave in place unless I really want to run a service on the desktop in my bedroom?
It’s bad in a lot of different ways that it is so difficult for the average person to run a service on a computer in their house.
Proliferation of cloud-based IoT “solutions” comes to mind when somebody says “I don’t actually care to expose local network devices to the public internet”.
Nowadays it actually becomes the norm that people actually do want to expose their devices to internet in a controlled fashion. They do want to control heating remotely. The do want to access their photos on a home storage. They do want to turn on their computer, grab a document they’ve forgotten to pack and then suspend the computer again.
There is no reason why your phone cannot be paired with your home desktop or laptop for document and photo sharing regardless of where either of them are, save for some randezvous help that e.g. Kademlia would suffice for.
I think it’s a pretty mixed bag. In theory there are benefits (eg: you can connect to IPv6 only endpoints) but in practice it greatly depends on your ISP and your gear. My ISP does dual stack and in no matter what configuration I try, my internal network is highly unstable when IPv6 is enabled. For instance my Sonos speakers become a lot less reliable than if IPv6 is disabled. I don’t even think the fault is with the speakers, my suspicion is that I did something wrong on the router / the router is not great (Netgear Orbi).
Eventually we will all use IPv6 but I would not be surprised if that transition will take a lot longer.
I assume it could help end users a bit. For example it’s easier to figure out your IP. (video games) It could also be less annoying with NAT not working correctly. No weird port forwarding/mapping. Multiple clients can use the same port, which is nice for multiple device that use any kind of P2P applications and so on.
I solved the whole problem by simply setting up a dual stack proxy. Just such IP to that poof no need for DNS as long as the proxy server itself can get out to the internet
I believe that until NAT64+DNS64 aren’t simple services you can setup on your router, it will never be trivial to run a IPv6-only stack setup.
I had to spend a couple days setting it mine up as I’m not a networking expert. I just don’t see the world switching to it if its not made simpler for average person. Tho I do believe it works, I now have it running at home and have witnessed it at the FOSDEM conference where they run an IPv6-only stack and I’m always impressed with its performance.
Unfortunately, my ISP (Pavlov Media) still hasn’t rolled out v6 (and their required routers are still using TKIP) My university tried rolling out v6 on their BYOD WiFi, but because a lot of websites have bad v6 support (even though they advertise them), v6 on the WiFi was rolled back.
I’ll need to try this! Previously, my ISP didn’t offer IPv6, but I moved and the new ISP does support IPv6 (at least in theory, I haven’t experimented a lot with it yet!)
One way to work around the lack of IPv6 on websites is to use a proxy like Private Relay. However, git still wouldn’t work.
You mean github?
I mean git to GitHub. Safari to GitHub would work with Private Relay.
I am sure there is something I am missing, but when I hear about NAT64+DNS64 services, it seems so simple to me to convert v4 to v6 using that well known prefix, so why isn’t that just built into all new routers?
I guess you mean your home router. I would say there are two reasons:
First of all a NAT64 isn’t stateless. Of course you can embed the destination in the IPv6 address. But the NAT64 must save the source IPv6 address (and ports) so it knows whom to send possible responses. Of course this is also required for NAT44. But you must have it in mind when to construct a cheap router for many end customer which only want youtube.
The second reason is that most consumer don’t care[0] about the technical details. For them it’s important that when they click on a link the website must load. This works at the moment perfect fine with IPv4, because if you can’t provide your website with IPv4 the customer believe your service is broken. But when the service is available over IPv4 the problem is on the client side. So for a router vendor everything is fine as long IPv4 is working. They don’t gain more customers[1] with such features.
[0] This isn’t criticism, just observation [1] expect for some technical specialist
After reading the article I’m pretty convinced that it’s possible to set this up, especially given technologies like NAT64 and DNS64.
The author makes a note early in the post:
To a normal end user, what would the benefit be? Chances are my router is still going to firewall external connections to my local network devices, and that seems like a good thing to leave in place unless I really want to run a service on the desktop in my bedroom?
I’m curious what other benefits there might be to this sort of configuration, if we start from the assumption that I don’t actually care to expose local network devices to the public internet.
It’s bad in a lot of different ways that it is so difficult for the average person to run a service on a computer in their house.
People run everything from P2P applications to video games all the time and struggle with NAT.
Proliferation of cloud-based IoT “solutions” comes to mind when somebody says “I don’t actually care to expose local network devices to the public internet”.
Nowadays it actually becomes the norm that people actually do want to expose their devices to internet in a controlled fashion. They do want to control heating remotely. The do want to access their photos on a home storage. They do want to turn on their computer, grab a document they’ve forgotten to pack and then suspend the computer again.
There is no reason why your phone cannot be paired with your home desktop or laptop for document and photo sharing regardless of where either of them are, save for some randezvous help that e.g. Kademlia would suffice for.
More numbers! As many numbers as you could want.
I think it’s a pretty mixed bag. In theory there are benefits (eg: you can connect to IPv6 only endpoints) but in practice it greatly depends on your ISP and your gear. My ISP does dual stack and in no matter what configuration I try, my internal network is highly unstable when IPv6 is enabled. For instance my Sonos speakers become a lot less reliable than if IPv6 is disabled. I don’t even think the fault is with the speakers, my suspicion is that I did something wrong on the router / the router is not great (Netgear Orbi).
Eventually we will all use IPv6 but I would not be surprised if that transition will take a lot longer.
I assume it could help end users a bit. For example it’s easier to figure out your IP. (video games) It could also be less annoying with NAT not working correctly. No weird port forwarding/mapping. Multiple clients can use the same port, which is nice for multiple device that use any kind of P2P applications and so on.
I solved the whole problem by simply setting up a dual stack proxy. Just such IP to that poof no need for DNS as long as the proxy server itself can get out to the internet
I believe that until NAT64+DNS64 aren’t simple services you can setup on your router, it will never be trivial to run a IPv6-only stack setup. I had to spend a couple days setting it mine up as I’m not a networking expert. I just don’t see the world switching to it if its not made simpler for average person. Tho I do believe it works, I now have it running at home and have witnessed it at the FOSDEM conference where they run an IPv6-only stack and I’m always impressed with its performance.
Unfortunately, my ISP (Pavlov Media) still hasn’t rolled out v6 (and their required routers are still using TKIP) My university tried rolling out v6 on their BYOD WiFi, but because a lot of websites have bad v6 support (even though they advertise them), v6 on the WiFi was rolled back.
I’ll need to try this! Previously, my ISP didn’t offer IPv6, but I moved and the new ISP does support IPv6 (at least in theory, I haven’t experimented a lot with it yet!)
I know I’m getting old because I want “the new internet”, but a lot of time ago I got my VPN/DNS setup going and I’m too lazy to rehash that.
(Basically, all my systems are name-addressable right now.)
I feel https://yggdrasil-network.github.io/ is also worthwhile to check out.
But given I have an 80%-solution, I have the excuse of waiting until others figure this out.