This may be a “joke”, but it’s disturbing to see people clamoring to deny others their freedom in a FOSS context.
Want to use IPv6? Fine. But don’t try to remove v4 support from people who have built stable networks around it.
You won’t be able to force the world to switch to IPv6 with tricks like this, any more than you can force old industrial machines to stop using ancient 486es as controllers. There is a lot of old equipment in the world.
IPv6 was built to work alongside v4, and there is no reason to change that.
> it’s disturbing to see people clamoring to deny others their freedom in a FOSS context
How does "allow building Linux to be IPv6-only" somehow "deny others their freedom" exactly? I'm willing to wager most distributions will still be dual v4+v6, but if they aren't, isn't that something for you to bring up with your distribution rather than that the kernel just allows something?
As it should. Date notwithstanding, I would actually enjoy if there was a manually induced latency penalty for "legacy IP" that needs to be manually turned off on Linux. I know some people don't care at all, but the internet was made to be addressable. IPv6 is the only shot we have to go back to that.
As sad as it makes me to admit, I don't think IPv6 is ever going to happen without government intervention. Adoption is flat at under 50% over the past year. IPv6 doesn't benefit big tech. SNI routing and NAT work pretty well for centralized platforms. AWS will gladly rent us IPv4 addresses until the end of time.
- I don't want my interfaces to have multiple IP addresses
- I don't want my devices to have public, discoverable IPs
- I like NAT and it works fine
- I don't want to use dynamic DNS just so I have set up a single home server without my ISP rotating my /64 for no reason (and no SLAAC is not an answer because I don't want multiple addresses per interface)
- I don't need an entire /48 for my home network
IPv6 won't help the internet "be addressable." Almost everyone is moving towards centralized services, and almost no one is running home servers. IPv4 is not what is holding this back.
Why don't you want every device to have a public IP? There seems to be a perception that this is somehow insecure, but the default configuration of any router is to firewall everything. And one small bonus of the huge size of a /64 is that port scanning is not feasible, unlike in the old days when you could trivially scan a whole IPv4 /24 of a company that forgot to configure their firewall.
NAT may work fine for your setup, but it can be a huge headache for some users, especially users on CGNAT. How many years of human effort have gone towards unnecessary NAT workarounds? With IPv6, if you want a peer-to-peer connection between firewalled peers, you do a quick UDP hole punch and you're done - since everything has a unique IP, you don't even need to worry about remapping port numbers.
Your ISP shouldn't be rotating your /64, although unfortunately many do since they are still IPv4-brained when it comes to prefix assignment. Best practice is to assign a static /56 per customer, although admittedly this isn't always followed.
And if you don't need a /48... don't use it? 99.99% of home customers will just automatically use the first /64 in the block, and that's totally fine. There's a ton of address space available, there's no drawback to giving every customer a /56 or even a /48.
I don’t want some of my devices to be publicly addressable at all, even if I mess up something at the firewall while updating the rules. NAT provides this by default.
I don’t want a static address either (although static addresses should be freely available to those who want them). Having a rotating IP provides a small privacy benefit. People who have upset other people during an online gaming session will understand; revenge DDoS is not unheard of in the gaming world.
NAT is arguably a very broken solution.IPv4 isn't meant to be doing address translation, period. NAT creates all sorts of issues because in the end you're still pretending all communications are end to end, just with a proxy. We had to invent STUN and all sorts of hole punching techniques just to make things work decently, but they are lacking and have lots of issues we can't fix without changing IPv4. I do see why some people may like it, but it isn't a security measure and there are like a billion different ways to have better, more reliable security with IPv6. The "I don't want my devices to have public, discoverable IPs" is moot when you have literally billions of addresses assigned to you. with the /48 your ISP is supposed to assign you you may have 4 billion devices connected, each one with a set of 281 trillion unique addresses. You could randomly pick an IP per TCP/UDP connection and not exhaust them in _centuries_. The whole argument is kind of moot IMHO, we have ways to do privacy on top of IPv6 that don't require fucking up your network stack and having rendezvous servers setting that up.
We may also argue that NAT basically forces you to rely on cloud services - even doing a basic peer to peer VoIP call is a poor experience as soon as you have 2 layers of NAT. We had to move to centralised services because IPv4 made hosting your own content extremely hard, causing little interest in symmetrical DSL/fiber, leading to less interest into ensuring peer to peer connections between consumers are fast enough, which lead to the rise of cloud and so on. I truly believe that the Internet would be way different today if people could just access their computers from anywhere back in the '00s without having to know networking
NAT only matters in so far as you don't technically need a firewall to block incoming traffic since if it fails a NAT lookup you know to drop the traffic.
But from a security standpoint you can just do the same tracking for the same result. That is just technically a firewall at that point.
I recently changed ISPs and have IPv6 for the first time. I mostly felt the same way, but have learned to get over it. Some things took some getting used to.
An "ip address show" is messy with so many addresses.
Those public IPs are randomized on most devices, so one is created and more static but goes mostly unused. The randomly generated IPs aren't useful inbound for long. I don't think you could brute force scan that kind of address space, and the address used to connect to the Internet will be different in a few hours.
Having a public address doesn't worry me. At home I have a firewall at the edge. It is set to block everything incoming. Hosts have firewalls too. They also block everything. Back in the day, my PC got a real public IP too.
NAT really is nice for keeping internal/external separate mentally.
I'm lucky enough my current ISP does not rotate my IPv6 range. This, ironically, means I no longer need dynamic DNS. My IPv4 address changes daily.
A residential account usually gets a /56, what are you talking about? Nowhere near a /48! (I'm just being funny here...)
There are reasons to need direct connectivity that aren't hosting a server. Voice and video calls no longer need TURN/STUN. A bunch of workarounds required for online gaming become unnecessary. Be creative.
I'm not confused about the NAT / firewall distinction, but it might be nice if my ISP didn't have a constant, precise idea of exactly how many connected devices I owned. Can that be _inferred_ with IPv4? Yes, but it's fuzzier.
Only because most people don't know how NAT is hurting them, and because corporations have spent incredible resources on hacking around the problem for when peer to peer is required (essentially only for VoIP latency optimization and gaming).
NAT hurts peer to peer applications much more than cloud services, which are client-server by nature and as such indeed don't care that only outgoing connections are possible.
Even in a NAT-less world, the common advice is to use a firewall rule that disallows incoming connections by default. (And I'd certainly be worried if typical home routers were configured otherwise.) So either way, you'd need the average person to mess with their router configuration, if they want to allow incoming P2P connections without hole-punching tricks. At best, the lack of NAT might save you an address-discovery step.
Odido is the cheapest ISP for a reason. They refuse to implement anything that isn't strictly required.
Perhaps implementing an Odido tax might actually make Odido care enough to throw the switch on IPv6. They bought 2a02:4240::/32, they just refuse to make use of it.
> They refuse to implement anything strictly required
This describes a lot of businesses ngl.
Bell in Canada is one huge head scratcher. They are one of the largest ISPs here and I can even buy 8 gig internet to my house if I want but they don't support IPv6.
Canadian ISPs are also extremely far behind on IPv6. Bell is the largest ISPs in the country and they still don't have IPv6. I'm with one of their wholly owned subsidiaries (EBOX) which offers static /56 allocations, but good luck trying to find anyone in tech support who understands WTF you're talking about.
Annoying things such as paying taxes, recycling/not polluting etc.?
Some things really can only be solved via central coordination, as there is no natural game-theoretic/purely economic path from one local minimum to another. Being able to dig a small trench and letting gravity and water do the rest is great, but sometimes you do need a pump.
I'm not convinced that IPv6 is such a case, but if it is, that's exactly the type of thing governments are much better at than markets.
It will be a neat experiment, but I think most software will break and will remain broken indefinitely and then people will turn to LLMs to try to automate fixing all of it and that will turn into a mess just due to the sheer amount of changes required with little scrutiny.
Not sure if you're taking the piss or just missed it but allowing build with either protocol alone is one of the genuine ideas in this joke:
> Yeah. The date notwithstanding, I do actually think we should do most
of this for real.
> Maybe we don't get away with the actual deprecation and the warnings on
use just yet, and maybe we won't even get away with calling the
config option CONFIG_LEGACY_IP, although I would genuinely like to see
us moving consistently towards saying "Legacy IP" instead of "IPv4"
everywhere.
> But we should clean up the separation of CONFIG_INET and
CONFIG_IPV[64] and make it possible to build with either protocol
alone.
great, now can we convince the rest of the internet to start adding AAAA records and ipv6 endpoints for things. Github is still a nightmare to use DNS64 and NAT64 to access those from IPv6 only machines.
Or all the Container based stuff that still falls flat with ipv6 only modes. Docker still shits the bed if you dont give it ipv4 unless you do a lot of manual overrides to things. A bunch of Envoy based gateway proxies fail on internal ipv6 resources in a k8s cluster that runs on ARM64.
There is just a bunch of nonsense you have to deal with if you choose the ipv6-only route
Dont get me started on CDNs like Bunny or Load Balancers as a service like those from Hetzner, UpCloud, etc that don't work with ipv6 origins.
Source: Trying to run a ipv6 only self-hosted box on hetzner.
I've tried to run an IPv6 only box on Hetzner 2-3 years ago. Didn't have a problem with the platform, but with RedHat because subscription-manager didn't work over a IPv6-only stack.
When I accidentally had IPv6 only for a new Windows box it was very apparent what was a priority (worked regardless) and what wasn't important (only began working once I had IPv4 and everything fixed too).
Baked in advertising? Works with any network. The option to turn off the baked in advertising? That needs IPv4.
I honestly think GitHub and AWS are the two biggest blockers to IPv6 left. Sure your public web servers might need IPv4 for a long while yet, but all these backend microservices and CI builds etc could all be v6 only, except they need to pull stuff from GitHub or certain AWS services.
This may be a “joke”, but it’s disturbing to see people clamoring to deny others their freedom in a FOSS context.
Want to use IPv6? Fine. But don’t try to remove v4 support from people who have built stable networks around it.
You won’t be able to force the world to switch to IPv6 with tricks like this, any more than you can force old industrial machines to stop using ancient 486es as controllers. There is a lot of old equipment in the world.
IPv6 was built to work alongside v4, and there is no reason to change that.
> it’s disturbing to see people clamoring to deny others their freedom in a FOSS context
How does "allow building Linux to be IPv6-only" somehow "deny others their freedom" exactly? I'm willing to wager most distributions will still be dual v4+v6, but if they aren't, isn't that something for you to bring up with your distribution rather than that the kernel just allows something?
As it should. Date notwithstanding, I would actually enjoy if there was a manually induced latency penalty for "legacy IP" that needs to be manually turned off on Linux. I know some people don't care at all, but the internet was made to be addressable. IPv6 is the only shot we have to go back to that.
As sad as it makes me to admit, I don't think IPv6 is ever going to happen without government intervention. Adoption is flat at under 50% over the past year. IPv6 doesn't benefit big tech. SNI routing and NAT work pretty well for centralized platforms. AWS will gladly rent us IPv4 addresses until the end of time.
- I don't want my interfaces to have multiple IP addresses
- I don't want my devices to have public, discoverable IPs
- I like NAT and it works fine
- I don't want to use dynamic DNS just so I have set up a single home server without my ISP rotating my /64 for no reason (and no SLAAC is not an answer because I don't want multiple addresses per interface)
- I don't need an entire /48 for my home network
IPv6 won't help the internet "be addressable." Almost everyone is moving towards centralized services, and almost no one is running home servers. IPv4 is not what is holding this back.
Why don't you want every device to have a public IP? There seems to be a perception that this is somehow insecure, but the default configuration of any router is to firewall everything. And one small bonus of the huge size of a /64 is that port scanning is not feasible, unlike in the old days when you could trivially scan a whole IPv4 /24 of a company that forgot to configure their firewall.
NAT may work fine for your setup, but it can be a huge headache for some users, especially users on CGNAT. How many years of human effort have gone towards unnecessary NAT workarounds? With IPv6, if you want a peer-to-peer connection between firewalled peers, you do a quick UDP hole punch and you're done - since everything has a unique IP, you don't even need to worry about remapping port numbers.
Your ISP shouldn't be rotating your /64, although unfortunately many do since they are still IPv4-brained when it comes to prefix assignment. Best practice is to assign a static /56 per customer, although admittedly this isn't always followed.
And if you don't need a /48... don't use it? 99.99% of home customers will just automatically use the first /64 in the block, and that's totally fine. There's a ton of address space available, there's no drawback to giving every customer a /56 or even a /48.
I don’t want some of my devices to be publicly addressable at all, even if I mess up something at the firewall while updating the rules. NAT provides this by default.
I don’t want a static address either (although static addresses should be freely available to those who want them). Having a rotating IP provides a small privacy benefit. People who have upset other people during an online gaming session will understand; revenge DDoS is not unheard of in the gaming world.
NAT is arguably a very broken solution.IPv4 isn't meant to be doing address translation, period. NAT creates all sorts of issues because in the end you're still pretending all communications are end to end, just with a proxy. We had to invent STUN and all sorts of hole punching techniques just to make things work decently, but they are lacking and have lots of issues we can't fix without changing IPv4. I do see why some people may like it, but it isn't a security measure and there are like a billion different ways to have better, more reliable security with IPv6. The "I don't want my devices to have public, discoverable IPs" is moot when you have literally billions of addresses assigned to you. with the /48 your ISP is supposed to assign you you may have 4 billion devices connected, each one with a set of 281 trillion unique addresses. You could randomly pick an IP per TCP/UDP connection and not exhaust them in _centuries_. The whole argument is kind of moot IMHO, we have ways to do privacy on top of IPv6 that don't require fucking up your network stack and having rendezvous servers setting that up.
We may also argue that NAT basically forces you to rely on cloud services - even doing a basic peer to peer VoIP call is a poor experience as soon as you have 2 layers of NAT. We had to move to centralised services because IPv4 made hosting your own content extremely hard, causing little interest in symmetrical DSL/fiber, leading to less interest into ensuring peer to peer connections between consumers are fast enough, which lead to the rise of cloud and so on. I truly believe that the Internet would be way different today if people could just access their computers from anywhere back in the '00s without having to know networking
NAT only matters in so far as you don't technically need a firewall to block incoming traffic since if it fails a NAT lookup you know to drop the traffic.
But from a security standpoint you can just do the same tracking for the same result. That is just technically a firewall at that point.
So run fc00::/7 addresses with IPv6 NAT.
That addresses all of your concerns, and you have that option.
I recently changed ISPs and have IPv6 for the first time. I mostly felt the same way, but have learned to get over it. Some things took some getting used to.
An "ip address show" is messy with so many addresses.
Those public IPs are randomized on most devices, so one is created and more static but goes mostly unused. The randomly generated IPs aren't useful inbound for long. I don't think you could brute force scan that kind of address space, and the address used to connect to the Internet will be different in a few hours.
Having a public address doesn't worry me. At home I have a firewall at the edge. It is set to block everything incoming. Hosts have firewalls too. They also block everything. Back in the day, my PC got a real public IP too.
NAT really is nice for keeping internal/external separate mentally.
I'm lucky enough my current ISP does not rotate my IPv6 range. This, ironically, means I no longer need dynamic DNS. My IPv4 address changes daily.
A residential account usually gets a /56, what are you talking about? Nowhere near a /48! (I'm just being funny here...)
There are reasons to need direct connectivity that aren't hosting a server. Voice and video calls no longer need TURN/STUN. A bunch of workarounds required for online gaming become unnecessary. Be creative.
> Having a public address doesn't worry me. At home I have a firewall at the edge. It is set to block everything incoming.
Concern is privacy, not security. Publicly addressable machine is a bit worse for security (IoT anyone?), but it is a lot worse for privacy.
I'm not confused about the NAT / firewall distinction, but it might be nice if my ISP didn't have a constant, precise idea of exactly how many connected devices I owned. Can that be _inferred_ with IPv4? Yes, but it's fuzzier.
You already have a public IP address the only difference is if you have a rotating IP address which is orthogonal to IPv6.
The only difference is most ISPs rotate IPv4 but not IPv6.
Heck IPv6 allows more rotation of IPs since it has larger address spaces.
IPv6 can "leak" MAC addresses of connected devices "behind the firewall" if you don't have the privacy extensions / random addresses in use.
There are a number of footguns for privacy with IPv6 that you need to know enough to avoid.
IPv4 is not holding back home setups, nobody cares about NAT at home.
The place where it hurts is small VPSs, from AWS to mom and pop hosters, the cost of addresses is becoming significant compared to low cost VPSs.
> nobody cares about NAT at home.
Only because most people don't know how NAT is hurting them, and because corporations have spent incredible resources on hacking around the problem for when peer to peer is required (essentially only for VoIP latency optimization and gaming).
NAT hurts peer to peer applications much more than cloud services, which are client-server by nature and as such indeed don't care that only outgoing connections are possible.
Even in a NAT-less world, the common advice is to use a firewall rule that disallows incoming connections by default. (And I'd certainly be worried if typical home routers were configured otherwise.) So either way, you'd need the average person to mess with their router configuration, if they want to allow incoming P2P connections without hole-punching tricks. At best, the lack of NAT might save you an address-discovery step.
It’s not implemented in the Linux kernel, but the latency penalty you’re describing is part of the “Happy Eyeballs” algorithm: https://en.wikipedia.org/wiki/Happy_Eyeballs
Why, so you can inflict some personal pain on people without IPv6 access?
I am running IPv6 only servers, and I think it's fair that v4 only people feel the same pain some time in the future.
Surely IPv6 support will spontaneously materialize on their networks once their pain becomes big enough!
Please no. I used to have a Dutch ISP a few months ago that did not support IPv6 yet. (Odido. Same ISP that leaked my data in a big hack.)
Odido is the cheapest ISP for a reason. They refuse to implement anything that isn't strictly required.
Perhaps implementing an Odido tax might actually make Odido care enough to throw the switch on IPv6. They bought 2a02:4240::/32, they just refuse to make use of it.
> They refuse to implement anything strictly required
This describes a lot of businesses ngl.
Bell in Canada is one huge head scratcher. They are one of the largest ISPs here and I can even buy 8 gig internet to my house if I want but they don't support IPv6.
they do use it in their speedtest server.
Canadian ISPs are also extremely far behind on IPv6. Bell is the largest ISPs in the country and they still don't have IPv6. I'm with one of their wholly owned subsidiaries (EBOX) which offers static /56 allocations, but good luck trying to find anyone in tech support who understands WTF you're talking about.
This reminds me of the ways the governments screw over people to force them to do things they don’t want to.
Annoying things such as paying taxes, recycling/not polluting etc.?
Some things really can only be solved via central coordination, as there is no natural game-theoretic/purely economic path from one local minimum to another. Being able to dig a small trench and letting gravity and water do the rest is great, but sometimes you do need a pump.
I'm not convinced that IPv6 is such a case, but if it is, that's exactly the type of thing governments are much better at than markets.
It will be a neat experiment, but I think most software will break and will remain broken indefinitely and then people will turn to LLMs to try to automate fixing all of it and that will turn into a mess just due to the sheer amount of changes required with little scrutiny.
Perhaps it's time to submit patches that allow building it without IPv6 instead. Countless hours of configuration meddling will be saved.
Not sure if you're taking the piss or just missed it but allowing build with either protocol alone is one of the genuine ideas in this joke:
> Yeah. The date notwithstanding, I do actually think we should do most of this for real.
> Maybe we don't get away with the actual deprecation and the warnings on use just yet, and maybe we won't even get away with calling the config option CONFIG_LEGACY_IP, although I would genuinely like to see us moving consistently towards saying "Legacy IP" instead of "IPv4" everywhere.
> But we should clean up the separation of CONFIG_INET and CONFIG_IPV[64] and make it possible to build with either protocol alone.
Good stuff (both the joke and the genuine proposal of splitting the config options for IPv4 and IPv6).
The best pranks are the ones that succeed to rattle an individual. Build it!
IPv6 vs. 4 is like Python 3 vs. 2, just worse.
And IPv6 vs v4 discussions are just like Python 3 vs. 2 discussions: Often much more annoying than just getting it over with and switching.
When I was in grade school I did a presentation on ipv6 and how it was the future of the Internet. That was like 20 years ago.
great, now can we convince the rest of the internet to start adding AAAA records and ipv6 endpoints for things. Github is still a nightmare to use DNS64 and NAT64 to access those from IPv6 only machines.
Or all the Container based stuff that still falls flat with ipv6 only modes. Docker still shits the bed if you dont give it ipv4 unless you do a lot of manual overrides to things. A bunch of Envoy based gateway proxies fail on internal ipv6 resources in a k8s cluster that runs on ARM64.
There is just a bunch of nonsense you have to deal with if you choose the ipv6-only route
Dont get me started on CDNs like Bunny or Load Balancers as a service like those from Hetzner, UpCloud, etc that don't work with ipv6 origins.
Source: Trying to run a ipv6 only self-hosted box on hetzner.
I've tried to run an IPv6 only box on Hetzner 2-3 years ago. Didn't have a problem with the platform, but with RedHat because subscription-manager didn't work over a IPv6-only stack.
When I accidentally had IPv6 only for a new Windows box it was very apparent what was a priority (worked regardless) and what wasn't important (only began working once I had IPv4 and everything fixed too).
Baked in advertising? Works with any network. The option to turn off the baked in advertising? That needs IPv4.
Around the same time, I think the Photoprism image also didn't work on IPv6 because of Traefik
I honestly think GitHub and AWS are the two biggest blockers to IPv6 left. Sure your public web servers might need IPv4 for a long while yet, but all these backend microservices and CI builds etc could all be v6 only, except they need to pull stuff from GitHub or certain AWS services.
It's particularly aggravating with AWS, since they charge for IPv4 addresses yet many of their services aren't IPv6 capable.
I suppose this will lead to a classic torvalds rant. I will be watching r/linusrants
We’re so close guys! Another 25 years and we might almost be there!
[dead]
[flagged]