Can we please get an IPv6 video?

ChrisLifts · August 20, 2020, 12:30pm

Lol. Good write up

vlycop · August 20, 2020, 12:40pm

I wanted to invocate DeusQuain in this, but i feel like he already have so many project that he won’t have time to continue his network series

wertigon · August 20, 2020, 4:06pm

This is actually bogus and should be quite easily fixed with an alias. There is no reason whatsoever to have NAT the way IPv4 did it, if you have “sensitive” IP addresses you should just be able to alias those to a virtual subnet or something, e.g.

1234:5678:90AB:1::100 is your actual IP, but any traffic trying to access the web service on that address will be met with silence. Instead, they will access that on the address 1234:5678:90AB:3::f46e. Then to remote login you must have ssh access to that specific, hidden address. No need for NAT, really.

I do agree the need for private network addresses though, but isn’t :: that?

Trooper_ish · August 20, 2020, 6:54pm

Sureley a single public facing ip address would still be useful, and then the owner’s system can route to which ever instance is actually available/ less busy?

Like sharded servers or whatever?
Or would it all go through one interface? sounds pretty crowded?

Like, you connect to a public ip for Netflix, but it might shuffle your individual connection elsewhere?
Or like, any service like that?

wertigon · August 20, 2020, 8:55pm

Yes, this is a router alias. But since IPv6 has a permanent network part (6 bytes) and subnet part (2 bytes) and host part (8 bytes), it is much cheaper to just simply route the last 4 bytes to whatever protocol and port number you are using. E.g. a TCP connection on port 14132 could theoretically connect to ::123:0006:3734 where master host IP is ::123:0:0

carnogaunt · August 21, 2020, 1:53am

That’s not really a problem that NAT solves. That would be a job for a load balancer. You can still have a load balancer with IPv6.

I think you’re referring to anycast. That’s also not NAT.

wertigon · August 21, 2020, 8:26am

And, just to clarify, IPv6 allows for a lot of special routing shenanigans designed to throw people off. NAT will still be available, but given that you will have a /64 host part, you can do a lot more powerful techniques for routing that confuses a would-be attacker.

IPv6 has better options in pretty much all cases over NAT, and NAT introduces a whole slew of inefficiencies and headaches. Those options may require you to approach a problem slightly different though. My advice is, don’t do NAT6, learn the proper way.