IPv6 question

[GHammer]

Didn't literally mean you in the first part but that wasn't clear especially because I did in the second part. "If someone" is more accurate.

But do you use ULA?

I'm more of a Uma kinda guy.

 

[heysoundude]

Hey, sound dude! Don't forget your toy router and YouTube network is much different than my networks. You can play with IPv6, QUIC, DoH and scripts written by lonely coders all day long. I can't and in some parts not allowed to. Otherwise I may have to join your networking club and I don't want to.

Are you sure you're in the right place? This is the SMALL NET BUILDER forums. I'm afraid you may be conflating the home aspect of networking and your commercial activities, friend:
I'm sure your clinical evaluations are appreciated on the hardware, when it's focused on average home users, but if you continue to promote what the rest of us are here to discuss as "toys" (which comparatively they are), you'd be best off in the sandbox the big(ger) boys play in where they discuss pro tools.

 

[Tech9]

Are you sure you're in the right place? This is the SMALL NET BUILDER forums.

Yes. My networks are under 200 clients each. You virtually have no "network". Perhaps the worst reliability Asus home router with software bugs on top, slow DSL Internet connection and a bunch of personal devices. You have nothing much to care about. Your IPv6 enabled and not needed may lead to traffic leaks, your Unbound server installed and not needed may reveal your external IP address, some scripts you advise other people to install are just destroying your connection or regular intervals, etc. You stopped here at this thread to share what exactly knowledge and experience?

 

[drinkingbird]

I'm more of a Uma kinda guy.

Pff that's so last year, UNA is the new spec.

 

[drinkingbird]

Always nice to see how IPv6 brings out the best in us all.

 

[heysoundude]

Yes. My networks are under 200 clients each. You virtually have no "network". Perhaps the worst reliability Asus home router with software bugs on top, slow DSL Internet connection and a bunch of personal devices. You have nothing much to care about. Your IPv6 enabled and not needed may lead to traffic leaks, your Unbound server installed and not needed may reveal your external IP address, some scripts you advise other people to install are just destroying your connection or regular intervals, etc. You stopped here at this thread to share what exactly knowledge and experience?

Touched a nerve, I see...

 

[Tech9]

Touched a nerve, I see...

Seven pages and no one touched a single benefit of IPv6 enabled when public IPv4 is available. Do you want to try your luck?

 

[L&LD]

Yes, easy to state that when you simply ignore what others post here.

Continue keeping your head in the sand on matters you know little about (including IPv6 and Asus routers you don't actually use daily), but just stop posting the same tone-deaf responses, over and over again.

 

[Tech9]

Always nice to see how IPv6 brings out the best in us all.

It's super easy to convince a new member of SNB Forums to take unnecessary steps. This is how the previous long thread started. Strangely enough when someone reports VPN unreal speeds or QoS strange behavior the IPv6 supporters stay quiet. When someone wants to install Diversion or Skynet no one warns them about increased workload or just a script doing nothing with IPv6. Quiet again. Since very recently there was no IPv6 support in VPN Server, there is still no VPN Client with IPv6 support. DNSFilter many rely on had no IPv6 support until last available firmware. Quiet again. Some folks believe whatever they have set is working, but in fact it's regularly bypassed or invalidated just because they have enabled something they don't need.

 

[sfx2000]

But do you use ULA?

Nice

 

[azdeltawye]

Seven pages and no one touched a single benefit of IPv6 enabled when public IPv4 is available...

I've read through this entire thread and decided to chime in on this as an outsider with an observed benefit to using IPv6. I say 'outsider' because I no longer use an Asus routing device, instead I use pfSense for my router/firewall. I ran with IPv6 enabled for several years and during that time, there was a period of a few months where having IPv4 + IPv6 added value to my home network experience. I have Comcast for my ISP and during the spring/summer of 2021 they were apparently having issues on their system which would manifest by dropping packets on my IPv4 connection, however, my IPv6 connection would remain perfectly functional. These asymmetric outages would seem to coincide with high wind events in the neighborhood. Ref Xfinity forum thread: https://forums.xfinity.com/conversa...-on-windy-afternoons/6087431943a1b761d4e812db
After months of complaining to Comcast, the problem eventually went away. Not sure if it was from my complaints or just a result of normal system maintenance...

So, I can say from experience that having both IPv4 and IPv6 enabled was beneficial, although somewhat limited. I say limited because I work from home and since my work VPN is strictly IPv4, I was not able to work through the ISP IPv4 outages. But, I could still surf the web...

Since then, I have disabled my IPv6 connection. Overall, I found it frustrating to look over my state tables or firewall logs and not be able to recognize any of the IPv6 traffic that was flowing through my network to the outside world. With IPv4, I can easily identify device classes based on their VLAN subnet IP, or even recognize outside IPs such as Microsoft (20.0.0.0/11). I thought I would eventually learn to read IPv6, but it still looks completely foreign to me. So while I did indeed see a benefit to running both, I eventually succumbed to just using IPv4 for simplicity sake...

 

[drinkingbird]

I've read through this entire thread and decided to chime in on this as an outsider with an observed benefit to using IPv6. I say 'outsider' because I no longer use an Asus routing device, instead I use pfSense for my router/firewall. I ran with IPv6 enabled for several years and during that time, there was a period of a few months where having IPv4 + IPv6 added value to my home network experience. I have Comcast for my ISP and during the spring/summer of 2021 they were apparently having issues on their system which would manifest by dropping packets on my IPv4 connection, however, my IPv6 connection would remain perfectly functional. These asymmetric outages would seem to coincide with high wind events in the neighborhood. Ref Xfinity forum thread: https://forums.xfinity.com/conversa...-on-windy-afternoons/6087431943a1b761d4e812db
After months of complaining to Comcast, the problem eventually went away. Not sure if it was from my complaints or just a result of normal system maintenance...

So, I can say from experience that having both IPv4 and IPv6 enabled was beneficial, although somewhat limited. I say limited because I work from home and since my work VPN is strictly IPv4, I was not able to work through the ISP IPv4 outages. But, I could still surf the web...

Since then, I have disabled my IPv6 connection. Overall, I found it frustrating to look over my state tables or firewall logs and not be able to recognize any of the IPv6 traffic that was flowing through my network to the outside world. With IPv4, I can easily identify device classes based on their VLAN subnet IP, or even recognize outside IPs such as Microsoft (20.0.0.0/11). I thought I would eventually learn to read IPv6, but it still looks completely foreign to me. So while I did indeed see a benefit to running both, I eventually succumbed to just using IPv4 for simplicity sake...

Interesting, if it was a connectivity issue in your neighborhood (loose connection being blown around) it wouldn't affect one protocol but not the other, both are just 1's and 0's at the physical layer. But who knows maybe it was impacting a fiber on a main road that went in one direction and not the other direction, and the IPv6 route happened to go over the non-impacted direction. My experience with IPv6 on Comcast was the opposite, one family member with constant email issues with IPv6 enabled and a neighbor with lots of slowness and sites failing to load until it was disabled. That was a couple years ago though, I'm sure things will continue to improve gradually.

I went through packet loss issues with Comcast for months (many years ago), according to them there was a power line laying on their line and had to wait for the power company to fix it. Luckily FIOS had recently come to my neighborhood and that was the opportunity to move over, and glad I did no looking back. 350 meg up and down for $40 a month.

What you're seeing with IPv6 is a common frustration. Even I'm guilty of (when I had IPv6 with a static /48 subnet) assigning "IPv4-like" IPs to my devices (like AB12:1234::1 through 20 to static hosts and a DHCP range of 50 through 200). Made configuring firewall, access lists, and monitoring traffic so much easier. I think before IPv6 adoption really takes off they're going to have to update many things to use hostnames and really be integrated with DNS, especially monitoring tools. And not just "on demand" lookup which you have to sit there and wait for, but constant awareness of IP to hostname so you can look anytime and see things quickly. I remember I ran a netflow analyzer and I'd go in and tell it to resolve hostnames and it would take several minutes (local hosts were quick, remote were slow due to many having to time out).

IPv6 is a classic case of a design team being out of touch with the "boots on the ground" folks, at least so far.

 

[thecheapseats]

There are a large handful of helpful individuals on SNB - best sought out for reliable information. Typically they have long experience in one (or a few) of the protocol stack OSI Layers doing design, deployment, admin, etc.

Individuals skilled in one or several layers easily and immediately recognize those with the same and/or additional layer skills. The lingua franca concepts and troubleshooting methods are the same.

Additionally, those with the aforementioned OSI layer skills immediately recognize those without those skills - and comments from those in that group should always be taken with a grain of salt - or simply ignored altogether.

 

[sfx2000]

Easy enough - leading by example... put up or shut up on ipv6

Dropbox - File Deleted - Simplify your life

www.dropbox.com

Just wanted to share...

Bufferbloat and Internet Speed Test - Waveform

View the full results, and test your own bufferbloat

www.waveform.com

It's not the fastest thing in the world, but at least we have bufferbloat and AQM for WiFi under control - as well as IPv6...

Not bad for a 15 year old chip in 2.4GHz on a noisy 2.4GHz network

 

[sfx2000]

Overall, I found it frustrating to look over my state tables or firewall logs and not be able to recognize any of the IPv6 traffic that was flowing through my network to the outside world. With IPv4, I can easily identify device classes based on their VLAN subnet IP, or even recognize outside IPs such as Microsoft (20.0.0.0/11). I thought I would eventually learn to read IPv6, but it still looks completely foreign to me. So while I did indeed see a benefit to running both, I eventually succumbed to just using IPv4 for simplicity sake...

I think this might be a fair statement, esp. regarding the AsusWRT devices, where IPv6 is kind of patched on after the fact...

IPv6 isn't going away - IPv4 isn't as well, but it will become more restricted over time, esp. at the last mile access to the home/business...

That being said - BSP's are evolving, this is a hot market at the moment with fibre being deployed, 5G-Fixed Wireless Access, etc...

 

[Tech9]

but it will become more restricted over time

I don't see it happening any time soon. I plan to drop all IP related issues in next 10 years anyway.

 

[SomeWhereOverTheRainBow]

I plan to drop all IP related issues in next 10 years anyway.

Going off the grid?

Famous quote of the day:

"And they said IPV6 will replace all addresses when we run out! Who needs addresses?! In ten years, they will be a thing of the past!"

 

[SomeWhereOverTheRainBow]

Just wanted to share...

Bufferbloat and Internet Speed Test - Waveform

View the full results, and test your own bufferbloat

www.waveform.com

It's not the fastest thing in the world, but at least we have bufferbloat and AQM for WiFi under control - as well as IPv6...

Not bad for a 15 year old chip in 2.4GHz on a noisy 2.4GHz network

Since sharing is caring:

Bufferbloat and Internet Speed Test - Waveform

View the full results, and test your own bufferbloat

www.waveform.com

When I feel like fully upgrading my network framework, then it will be higher.

 

[Treadler]

When using dual stack, IPv4 & 6:
I notice when doing a port scan, an IPv4 scan shows all ports as being in ‘stealth mode’.
However, when doing an IPv6 port scan, most (not all) ports show connection ‘refused’ rather than ‘stealth’.

Is this an anomaly?

 

[drinkingbird]

When using dual stack, IPv4 & 6:
I notice when doing a port scan, an IPv4 scan shows all ports as being in ‘stealth mode’.
However, when doing an IPv6 port scan, most (not all) ports show connection ‘refused’ rather than ‘stealth’.

Is this an anomaly?

May have to check iptables. Drop means stealth, reject means respond with a refusal.

General rule is always use drop, so not sure why they would be using reject.

Actually are you using native or passthrough mode? The reject may very well be coming from the actual host being scanned and not the firewall. In which case, your IPv6 is a big security hole right now til you configure it right. PCs/servers/etc typically will respond with a refusal, whereas firewalls should always be set to drop, at least on the untrusted side.