Menu
What's new
By:
Filters Better Search

Dual Stack home network pros and cons

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SomeWhereOverTheRainBow said:
Slaac addressing still has a part of the device identifier generated per device and part of the isp identifier in the address. Not that you are wrong though.
Click to expand...

SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
 
CriticJay said:
SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
Click to expand...
Then we should also remove this as a valid criticism when it was used as a justification to not enable IPv6. Thats what I think the real point was here. Earlier in this thread or maybe in the other thread, it was stated that your privacy is better with IPv4 behind NAT because your individual IP's are not exposed. But, in reality, you are more exposed under NAT since the one IP coming from your network can still be tracked and its usage lasts for a longer period.

If you are concerned about this and are diligently using a VPN, then it doesn't matter either way. However, ff you are not using a VPN, can't use a VPN, or forget to turn it on, your situation improves with IPv6.
 
Last edited:
CriticJay said:
SLAAC should have privacy extensions enabled by default on most modern devices/OS's, which addresses the first part of your statement - and the second part of your statement can only be addressed by using VPN so it's not a valid criticism
Click to expand...
Wasn't aimed at being a criticism at all, just that it is not actually private and the fact that it makes more outgoing connections than ipv4 leaves your foot print in more places. And by the way it is a common myth that privacy extensions solve all ipv6 slaac privacy concerns. Privacy extention is created in addition of slaac and not in replacement of slaac. It should also be noted they are horrible in regards to where network management is concerned because of how often they change.while this may make it hard to track devices, unchanging IIDs can be used to identify and track a given device.
 
Last edited:
Frank Monroe said:
Then we should also remove this as a valid criticism when it was used as a justification to not enable IPv6. Thats what I think the real point was here. Earlier in this thread or maybe in the other thread, it was stated that your privacy is better with IPv4 behind NAT because your individual IP's are not exposed. But, in reality, you are more exposed under NAT since the one IP coming from your network can still be tracked and its usage lasts for a longer period.

If you are concerned about this and are diligently using a VPN, then it doesn't matter either way. However, ff you are not using a VPN, can't use a VPN, or forget to turn it on, your situation improves with IPv6.
Click to expand...
I agree the fact that slaac was brought up in regards to whether one should enable ipv6 or not is irrelevant.
 
Tech9 said:
@heysoundude, you run DNS/IP-blocking scripts not really necessary for average user security and in the same time you have opened another access to your network without knowing if your IPv4 level of security applies to IPv6. There are smarter people out there indeed. Someone may come see you uninvited. Is your Internet experience any different with IPv6 enabled?
Click to expand...
my understanding of v6 is that by design, openings in the firewall must be mindfully, deliberately opened, whereas in v4 there's a lot of plugging that needs doing by default. completely bass-ackwards if you're asking my opinion.
as far as user experience, I'd need to be able to tell if I'm using 6 or 4 first before I can possibly evaluate...but I do know ipv6.google.com loads quicker.
I've a trust of the people who make it possible to run the scripts I do, because I assume they run them themselves on their networks for more specific reasons than I have - why would they self-sabotage?
 
CriticJay said:
I don't know everything about how my Asus router handles IPv6; therefore it must be a security risk
Click to expand...

No. We are trying to find what we gain and what we lose, if we enable IPv6 just to test it. For people who need IPv6 - no choice. Since the forum folks mostly use Asus routers, the focus shifted on Asuswrt IPv6 support.

thelonelycoder said:
Diversion automatically enables or disables IPv6 support when the router settings change
Click to expand...

Does it increase the workload by increasing the blocklist size when IPv6 is enabled? It was @dave14305 observation in previous discussion.
 
Frank Monroe said:
-Parental Controls: This works with IPv6. I wouldn't expect it to break since ASUS uses MAC address for enforcement and not IP
Click to expand...

It identifies the client, but does it identify the traffic?

Frank Monroe said:
-NAT acceleration: Works as normal
Click to expand...

I've got kernel buggy errors with NAT acceleration on AC86U router, Asuswrt 45956 firmware. Had to disable it to stop the error log.
 
heysoundude said:
I've a trust of the people who make it possible to run the scripts
Click to expand...

Well, @RMerlin and @thelonelycoder ISP's don't support IPv6. Skynet does nothing with IPv6. OpenVPN was IPv4 only yesterday. You are the one to test.

heysoundude said:
my understanding of v6 is that by design, openings in the firewall must be mindfully, deliberately opened
Click to expand...

Not really. Don't count on grain of sand on the beach theory. IPv6 clients scanning techniques already exist and quite effective. Shodan sees you.
 
heysoundude said:
How do you track this?
Click to expand...
As stated earlier, I had a pfSense VM in-between the ASUS and the T-Mobile gateway. During another period, I had all IPv4 traffic running through the pfSense while IPv6 traffic was routing through the ASUS. With these two setups I had other goals than collecting the data. But, when I had these two setups I did check and most of my traffic is IPv6. Thats not really a surprise to me since most of the services that I use also support IPv6.

You can also use DNS logs. That won't really tell you how much traffic. But, it will tell you who offers IPv6 and who doesn't. For the usage in my house, even DNS shows a high lookup hit for IPv6. Its hard to say if there's more DNS for IPv6 over IPv4. But, for the traffic, IPv6 is definitely exceeding IPv4 traffic from my house. BTW, I use IPv6 DNS servers.
 
Frank Monroe said:
I'm not having this issue on my AC-5300 running IPv6.
Click to expand...

Confirmed on non-HND router, RT-AC1900P. Must be HND related.

Here is my guinea pig certificate: :D

20211230_161925000_iOS.png
 
heysoundude said:
To whom, and are they a threat to me?
Click to expand...

I don't know. Some people use Parental Controls to filter content. Also, I need to experiment with filtering DNS filtering services. With IPv6 enabled no more category filtering with popular OpenDNS, for example. This is a serious drawback. Other similar services are paid.
 
Tech9 said:
I don't know. Some people use Parental Controls to filter content. Also, I need to experiment with filtering DNS filtering services. With IPv6 enabled no more category filtering with popular OpenDNS, for example. This is a serious drawback. Other similar services are paid.
Click to expand...
That is a good concern though. How well does the traffic properly get identified.
 
Tech9 said:
Does it increase the workload by increasing the blocklist size when IPv6 is enabled? It was @dave14305 observation in previous discussion.
Click to expand...
The Diversion blocklists line count doubles with IPv6 enabled. That means Dnsmasq uses more memory. The workload increase is marginal during normal router operations. However, the cpu load and read/write actions are higher during an update of said lists, compared to a non v6 update. Nothing I would be worried about.
 
You must log in or register to reply here.

Similar threads

giopas
From public fixed IPv4 to private dynamic IPv4 + public dynamic IPv6 (dual stack)
Replies
16
Views
2K
drinkingbird
drinkingbird
H
Solving: Slow LAN speeds and directing traffic by NIC
Replies
5
Views
2K
degrub
D
K
G to AC66 Dual Band Architecture feedback
Replies
4
Views
2K
azazel1024
azazel1024
H
Home Network Design with PoE and Link Aggregation for NAS
Replies
7
Views
5K
htismaqe
htismaqe
Similar threads
Thread starter Title Forum Replies Date
O Easymesh home network facing connectivity issues! Routers 0
T Home Network Ethernet Wiring Routers 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 895 (members: 29, guests: 866)
Top