cancel
Showing results for 
Search instead for 
Did you mean: 

IPV6...

MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: IPV6...

This discussion seems to have gone the way of 'IPv6 vs IPv4-with-NAT'. If only this was this case....

 

The long-term choice is unfortunately 'IPv6 vs IPv4-with-CGNAT'. Any effort and overhead of port forwarding is a moot point when it comes to CGNAT as it simply isn't possible given that the CGNAT has to, by definition, be under the control of the ISP and they are not going to be nailing up port maps through multiple levels of NAT because i) deploying CGNAT is already an expensive overhead for them - they won't want to be adding further costs, and ii) it runs counter to the raison d'etre for CGNAT and that is the limitation of public IPv4 address space and layer 4 port numbers to expand them out.

 

Notwithstanding the issues/niggles/whatever described previously, IPv4-with-NAT works today however the writing is on the wall for it given there is only so far you can stretch the 32-bit IPv4 address space with this technique.

summers
Aspiring Pro
Posts: 275
Thanks: 50
Fixes: 1
Registered: ‎01-06-2014

Re: IPV6...

I use nftables on my openwrt router, and writing a rule that does packet forwarding, and transferring to another port, and only allowing that port to be open for packets that are forwarded. And NATing the html pages being sent back. Its actually quite a bit of work - do try it some time, and see how long it takes you ...

You can see some of my code on https://openwrt.org/docs/guide-user/firewall/misc/nftables - that has the fault that it needs port 22 to be open, as the forwarded packet is going to port 22, and that meant port 22 open on the whole router ...

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: IPV6...

Well - if you are going to use a proper firewall, as opposed to a consumer grade router, things are going to be more complex. 😀

I bet you get loads of attacks on that port 22!

"In The Beginning Was The Word, And The Word Was Aardvark."

SimonHobson
Rising Star
Posts: 190
Thanks: 41
Registered: ‎30-07-2007

Re: IPV6...


@VileReynard wrote:

I've never had any problems with IPV4 or using NAT on any data protocol such as FTP, bit torrent or anything else.


So your argument comes down to "I've never seen a problem, therefore one doesn't exist" 🙄😞 This is part of the problem we face, too many people see "NAT seems to work, problem solved, no need to work on an upgrade" and so it's taken 20 years to get to where we are now with IPv6.

As I've pointed out before, the reason you don't see a problem is that people have spent time and money on mitigating the problems so that you don't see them. Fro FTP, the router will have code that detects FTP traffic, inspects it's content, and manages the NAT mappings needed to make it work. For Bit torrent, your client will have code to detect the NAT in use and work around the issues - this can include using a third party server to allow two clients to find out about each other and open outbound connections which then create the NAT mappings to allow them to communicate.

Just imagine if all the effort that goes into gaffer taping IPv4 together had been spent on just getting IPv6 rolled out as the universal protocol spoken on the internet ?

 

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: IPV6...

I think the vast majority of modern FTP uses passive mode and therefore doesn't have such a problem with NAT. It's also possible to use bittorrent without being able to accept any incoming connections.

MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: IPV6...


@ejs wrote:

I think the vast majority of modern FTP uses passive mode and therefore doesn't have such a problem with NAT.


Passive FTP doesn't solve the NAT problem, it just moves the problem to the server side to handle. If the server is sat behind a NAT (which eventually they will have to due to address space exhaustion) then it'll fail without nailing up ports.


@ejs wrote:

 It's also possible to use bittorrent without being able to accept any incoming connections.


If every peer takes that view then bittorrent won't work.

You have, perhaps inadvertently, demonstrated the all-too-common 'I'm alright jack therefore there isn't a problem' stance without realising that there is a problem and that it is being mitigated by someone else.

 

SimonHobson
Rising Star
Posts: 190
Thanks: 41
Registered: ‎30-07-2007

Re: IPV6...

Bittorrent can't work if no peers accept incoming connections. It's OK if a few peers can only make outbound connections - but they can only do that to peers that accept incoming connections. And of course, it complicates matters compared to a "simple" setup where everything can accept inbound connections when required.

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: IPV6...

Since FTP is claimed to be unusable, obviously it would be better to use SFTP or SSH over IPV6 - except that local devices don't have fixed addresses so its hard to associate host names with IP addresses. So how would this work?

"In The Beginning Was The Word, And The Word Was Aardvark."

coofercat
Hooked
Posts: 8
Thanks: 12
Registered: ‎12-07-2016

Re: IPV6...

I don't know why anyone needs broadband, dialup is perfectly fine and provides inherent protection to my computer when disconnected 😉

Honestly, we're just asking for the present state-of-the-art - we're not asking for any crazy exotic future tech that may never get used - we're asking for something already in use the world over. It's something we want to be able to participate in. We're not forcing anyone to give anything up, or pay anything extra.

Telling people they don't need something when they know they do, or telling them you prefer something else isn't helpful. If you want to stay on IPv4 for whatever reason, then by all means petition for that - just please don't stop the rest of us moving forward to the present.

It's really no surprise Plusnet ignore us when we bring things up like this 😞
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: IPV6...


@MJN wrote:


Passive FTP doesn't solve the NAT problem, it just moves the problem to the server side to handle. If the server is sat behind a NAT (which eventually they will have to due to address space exhaustion) then it'll fail without nailing up ports.

If the server is behind a NAT, then of course you would need a NAT mapping to make the server accessible at all.

 

It's not so much that I don't realise that there is a problem, it's that I don't find the arguments presented particularly convincing. They sound equivalent to people complaining that they need 1Gbit full fibre to do online banking.

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: IPV6...

With the amount of junk on some web pages a 1200bits/sec modem isn't going to cut it.

"In The Beginning Was The Word, And The Word Was Aardvark."

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: IPV6...


@coofercat wrote:
We're not forcing anyone to give anything up, or pay anything extra.

I hope you're not implying that it's going to cost Plusnet nothing to implement or Plusnet's customers aren't going to be paying for them to do it.

 

Nobody is stopping anyone switching to another ISP that offers what you want (or claim to need and yet are still here without it).

MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: IPV6...


@VileReynard wrote:

Since FTP is claimed to be unusable, obviously it would be better to use SFTP or SSH over IPV6 - except that local devices don't have fixed addresses so its hard to associate host names with IP addresses. So how would this work?


Yes, SFTP is considerably better (regardless of IP version) thanks to its use of a single port and of course provides security benefits too. 

Dynamuc DNS solves the dynamic addressing issue, as does the use of static IPs. This applies to both IPv4 and IPv6. 

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: IPV6...

But by virtue of hiding behind NAT, I can use fixed IPV4 addresses for local devices and associate host names with them.

DNS isn't applicable in this case.

"In The Beginning Was The Word, And The Word Was Aardvark."

MJN
Pro
Posts: 1,318
Thanks: 161
Fixes: 5
Registered: ‎26-08-2010

Re: IPV6...


@ejs wrote:

@@

It's not so much that I don't realise that there is a problem, it's that I don't find the arguments presented particularly convincing. They sound equivalent to people complaining that they need 1Gbit full fibre to do online banking.


I don't know what you mean by that. I'm not seeing any comparison whatsoever. 

 

We have merely been describing some of the problems with IPv4, or more to the point the cludges and workarounds designed to extend its useful life. These techniques are starting to really struggle but fortunately this has long been anticipated hence the development of IPv6 as a viable long term solution.