IPv4 is all you need#

For the longest time I can remember, I was avoiding IPv6, thinking it’s just a clusterfuck of incompatibilities, which is true, compared to IPv4. But honestly I was just being a wuss. Like, change is hard, right? It wasn’t until recently that I decided to let go of my fears and biases, and give IPv6 a go. And what did I learn? You don’t need it really. There’s a thing called NAT that creates your own little bubble of comfort and safety, and there is no reason to pop it. You’re able to participate in teh “interwebs” and the bubble will keep you protected, what else do you need?

But IPv6 is better#

Here’s the thing, NAT is a bit of a HACK and not an actual security measure to rely on. IPv4 is like an old man with a receding hairline. He’s trying to mask his balding head by combing his hair in such a way that it covers up the shiny parts. Of course, nothing wrong with that, but that’s what we’re doing with IPv4 by leveraging NAT. We’re creating bubbled networks from which we’re able to access outside, but not inside. We have to resort to using messy port forwarding (which are also limited in number) every time we want “the outside” to talk to us. It’s gone so far that now a lot of internet providers are using Carrier-grade NATs (CG-NAT), creating ever-increasing bubbles and centralizing the internet further. We’ve run out of available IPv4!

Now, wouldn’t it be cooler if devices could talk to one another directly in a nice clean manner? That’s why IPv6 is cooler! You get such a large number of possible IP addresses that you might consider them to be near infinite (not quite, but it’s a really large number!). In other words, every device you’ll ever connect to the internet will have its own globally routable IP address, even multiple if you want.

There’s more#

It’s not just NAT, there’s also no real need for DHCP, you know, the thing that runs on your router (usually) and assigns internal IP addresses to devices, making sure they don’t conflict and shit. With IPv6, devices can just pick a random IP address and shit just works. That’s called Stateless Address Auto-configuration (SLAAC). The router just sends out a Router Advertisement (RA) every now and then to let everyone know the network prefix, and the devices do the rest of the heavy lifting themselves.

And that’s not even getting into the real performance stuff. IPv6 gives us native Anycast, which lets multiple servers across the world share the same IP. The network automatically routes you to the closest one. No DNS trickery or load-balancer hacks required. It also makes routing way more efficient - routers don’t have to break their backs fragmenting packets anymore. It’s basically just a faster, flatter version of the internet.

Security nightmare#

It’s really not. NAT wasn’t supposed to be used as a security feature, but due to its “one-way” nature it kinda can act like one, in a sense mimicking what a firewall does. Guess what can do firewalling better than NAT? A firewall. Just don’t let shit in and you’ll be fine. And if you want to punch a hole through it, you allow access to a specific device directly, on a specific port, on a specific protocol. And it’ll just work since it’s globally routable. It’s that simple.

What about privacy?#

What about it? What about your external IPv4 that everyone can see? The thing is, your ISP can allocate you an IPv6 prefix similarly to how they allocate you a single IPv4 address. The difference is that with IPv6, every device has its own IP within that range. That concerns some people, but here’s the thing, you get so many IPs that essentially you can just generate a fresh one every day, hell, every hour. The prefix will stay the same like the IP does for your IPv4, however.

The only thing that comes to mind is a device generating its IPv6 based on its MAC address of the network card. Just avoid generating an IPv6 from your MAC address. Look up the settings for your device.

What about DHCPv6#

Use it if you want to, but it’s not needed.

Give it a try#

Check if your ISP provides you with an IPv6. If it does, you can start using it alongside IPv4, called dual stack. You may need to enable it in your router settings if it’s not the default. Then you can try running something like curl -6 ifconfig.me. If it responds with an IPv6 address, compare it to your network interface IP, ifconfig, ip addr or whatever you use on your system. You’ll see it’s the same address.