A Swiss VM hosting provider has a technical blog post about how to kill IPv4 completely on FreeBSD. That is to say, turning it completely off, not just preferring IPv6. They then solicit concrete solutions describing, along with a proof of concept, how to turn IPv4 completely off in other operating systems and allowing them to communicate with IPv6 only.
Earlier on SN:
Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different (2016)
You have IPv6. Turn it on. (2016)
We've Killed IPv4! (2014)
(Score: 1, Insightful) by Anonymous Coward on Saturday January 19 2019, @03:10AM (22 children)
The quicker IPv4 dies, the better. NAT can DIAF.
(Score: 4, Funny) by Azuma Hazuki on Saturday January 19 2019, @03:25AM (4 children)
You can NAT in IPv6 you know...
I am "that girl" your mother warned you about...
(Score: 5, Interesting) by VLM on Saturday January 19 2019, @02:49PM (3 children)
When old timers talk about NAT in ipv6 they usually don't mean NAT, they mean a stateless FW instead.
You can stateless firewall in ipv6 pretty easily:
ip6tables -A OUTPUT -o your_isp_interface -j ACCEPT
ip6tables -A INPUT -i your_isp_interface -m state --state ESTABLISHED,RELATED -j ACCEPT
NAT on ipv4 in the olden days was merely the above, for ipv4 obviously, plus an extra line:
iptables -t nat -A POSTROUTING -o your_isp_interface -j MASQUERADE
You don't need to "fake" and remap the addrs for ipv4 like you do for ipv6, so you'd not include the ipv6tables equivalent of the line above.
As with most linux type things, a lot of effort has been put into making impossible to use "simpler" systems so on systemd-redhat non-unix-like OSes, god only knows what layers of hell you'd have to go thru to avoid one or two straightforward lines of clear and obvious ip6ables from the old days.
(Score: 2) by VLM on Saturday January 19 2019, @02:50PM
Disclaimer entire post above was from memory and might work and might be secure for some values of "work" and "secure" you'd best hit up the mighty Google search bar if you're doing this for realzies but for discussion purposes its mostly accurate enough in the sense of hand grenades being close enough and so forth.
(Score: 2) by Deeo Kain on Sunday January 20 2019, @04:18PM (1 child)
Of course you know that the rule you wrote define a state*ful* FW, do you?
(Score: 2) by VLM on Monday January 21 2019, @10:09PM
Yeah I know... caffeine levels too low etc. Heart was in the right place at least.
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @03:42AM (7 children)
Cause you just need your office printer to have a direct line to China.
(Score: 3, Informative) by janrinok on Saturday January 19 2019, @09:26AM
Firewalls still work with IPv6 you know? If you have identified an IP address that you don't want your boxes to access, it is simple to block it. What do you do now?
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2, Disagree) by VLM on Saturday January 19 2019, @02:35PM (5 children)
A lot of ipv4 old timers seem to confuse the concept of a stateless firewall with the concept of NAT, because cheap ipv4 appliances have always marketed them as a package deal for a quarter century now.
Believe me, a stateless ipv6 fw has not been much of a hassle for most of that quarter century.
(Score: 4, Informative) by TheGratefulNet on Saturday January 19 2019, @03:18PM (4 children)
you DO mean stateful and not stateless, right?
a firewall has to keep track of the state of the tcp connection so that it can allow incoming pkts that are 'part of' previously outgoing-init'd comms.
yeah?
"It is now safe to switch off your computer."
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @06:46PM (1 child)
thank you. that was making me think i had fallen into some opposite world.
(Score: 2) by VLM on Sunday January 20 2019, @04:07PM
Yeah the blood percentage in my caffeine system was too high when I wrote that. TheGratefulNet is correct.
(Score: 0, Disagree) by fakefuck39 on Saturday January 19 2019, @09:24PM (1 child)
no, he means stateless. no one is talking about TCP here. we are talking about IP.
(Score: 2) by Deeo Kain on Sunday January 20 2019, @04:23PM
No, he means stateful. The rules he wrote are TCP, not IP:
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @08:49AM (8 children)
And you expect thousands of net providers will just give their customers public IPs for free? They will pay more for something not much useful for everyone except geeks.
(Score: 5, Insightful) by janrinok on Saturday January 19 2019, @09:29AM (5 children)
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Interesting) by TheGratefulNet on Saturday January 19 2019, @03:22PM (1 child)
in the US (perhaps its wider than that) there is an expression "leaving money on the table". meaning, if you negotiate a deal, did you get the very best deal you could have gotton, or did you get less than you could have, if you were a more skilled bargainer.
that says a whole lot about our (US) culture. if you are don't charge your customers for every little thing, you are not 'doing it right'.
I completely disagree with that, but then again, I'm an engineer and not a businessman. those are the guys who are ruining things, not us. we don't care if we leave a few microfarads on the table, here and there ;)
"It is now safe to switch off your computer."
(Score: 2) by captain normal on Saturday January 19 2019, @06:30PM
There is no "bargaining" with a monopoly, near monopoly nor dictator for that matter.
The Musk/Trump interview appears to have been hacked, but not a DDOS hack...more like A Distributed Denial of Reality.
(Score: 1, Interesting) by Anonymous Coward on Saturday January 19 2019, @08:08PM
Not France, but also EU. NATted networks with hundreds of customers are ultra-popular here as the opinion about Internet is that it's Google and FB. Yes, the Internet :(.
There is a nice question for a network test: How many NAT routers are between you and the world? I traced my network and there are 5. One is mine, so I can configure it as I want. One is from my provider. Third one is from provider of my provider, fourth and fifth are in computational center being the proper "provider" of Internet. Summing up: 5 NATs to pinch a hole in.
When I wanted to get a single-port pass-through (my computation machine returned its state... by periodically throwing strings through netcat, I'm lazy) I had to go to 3 people and the hole disappeared a few months later when computational center upgraded their routers.
The problem is that you may get a really poor telecommunication-grade Internet (fortunately not a famous 9600/8/n/1, but it started this way), with world IP but expensive and really slow, or faster and cheaper one without IP.
(Score: 0) by Anonymous Coward on Saturday January 19 2019, @09:19PM (1 child)
IPV4 is 'filled up'.
I have a /60 for IPV6 from my provider. My router asks for a /64 from that.
That is the state of the 'US'.
(Score: 2) by hendrikboom on Wednesday January 23 2019, @11:06PM
I can never remember if /60 indicates the number of bits you get to play with, or the number of bits that are fixed for the entire subnet.
(Score: 1, Interesting) by Anonymous Coward on Saturday January 19 2019, @01:10PM
I live in Germany. I have a free /62 assigned to me. But I don't have an IPv4 at all. I only connect to these legacy networks via an ISP tunnel
There is as much reason for using IPv4 on internal network as there is for having an yeast infection.
(Score: 2) by rleigh on Saturday January 19 2019, @05:28PM
Yes. It's common practice for IPv6 to give every customer a /64 allocation. This is used for SLAAC on your internal network, and you can use any address within that range as you see fit.