[VicPiMakers General] IPv6 discussion on hacker news

[Craig Miller]

Hi Peter,

I have a couple of comments. I am sorry to hear you didn't have much 
success getting IPv6 to work with pfsense. pfsense is not for beginners, 
and IPv6 really is a different protocol, and we shouldn't assume it 
works just like IPv4, because it doesn't. I have heard that pfsense has 
issues with doing prefix delegation downstream (to any other routers you 
may have on your network).

Shaw is basically worthless when it comes to IPv6. They only support it 
on their top-tier service, and even then they only give the customer a 
single /64, which is not in accordance with best practices (BCOP 690). I 
look forward to the Rogers guys taking over, as they have been doing 
IPv6 well for years now in Ontario.

https://www.ripe.net/publications/docs/ripe-690

Telus is "better" in that they will give you a /56, but they don't give 
you a static prefix, which means you will get a different /56 every time 
you connect (also doesn't follow BCOP 690).

I can't speak to pfsense, but if you would like to see OpenWrt in action 
(the defaults work great for IPv6), please consider coming to one of our 
VicPiMakers meetings where I have an OpenWrt router doing a wireguard 
VPN tunneling IPv6 back to my DMZ at my house. I will be happy to talk 
to you about IPv6 and OpenWrt.

http://www.makikiweb.com/ipv6/wireguard_on_openwrt.html

warm regards,

Craig...

On 12/9/22 16:26, Peter Sprague wrote:
> Maybe we need a revisit of IPV6 in our regional context so that we can 
> be more current, and possibly effective in our pursuit?
>
> I have tried dabbling across the great divide with my Pfsense 
> firewalls and a couple of servers but stopped after trying to get 
> information from the Shaw techs.  I apparently have some form of IPV6 
> allocation available according to my modem, but the techs have no idea 
> what I actual have available or how to use it. Pretty sure I can run 
> dual IPV4/6 networks with my PFsense routers.  Just seemed like an 
> ever enlarging bottomless rabbit hole with no positive 
> outcomes/solutions beyond losing weeks of free-time from my life.  
> That's were it got left.
>
> Trying to be a responsible citizen, but the trail just doesn't seem to 
> exist unless one is quite conversant in IPV6.  Opted to spend time 
> learning how to build Stratum 1 time servers for my LAN and ham radio 
> use, way more fun.
>
> Peter Sprague MSc.
> GeoVision Environmental Informatics
> peter.sprague at geovisionenvironmental.ca
> 250-412-3444 Victoria
>
> On 2022-12-09 15:59, Craig Miller wrote:
>> Thanks Mark,
>>
>> I have had to give my response some thought. My first response is 
>> kind of snarky, and goes like this:
>>
>> "Wow, a guy who  10 years after world IPv6 launch day, decides to 
>> configure one machine for IPv6, and discovers that others also have 
>> been slow to enable IPv6"
>>
>> But a kinder response, would be:
>>
>> Yes, there are many services which do not yet support native IPv6. 
>> And therefore it is best practice to use a transition mechanism such 
>> as DNS64/NAT64 so that IPv6 machines can communicate with IPv4-only 
>> machines. There are even public DNS64 and NAT64 services, so that you 
>> don't have to implement them yourself, if you don't mind sending your 
>> traffic through them.
>>
>> More people should consider enabling IPv6 on their servers and home 
>> networks so when "9dev" tries his experiment again in another 10 
>> years, there will be more for him to see online </snark>
>>
>> My 2 cents,
>>
>> Craig....
>>
>>
>> On 12/7/22 09:47, Mark G. wrote:
>>> Hi Everybody,
>>>
>>> Since we are all familiar with IPv6, I thought this
>>> discussion on Hacker News might interest some of
>>> us.
>>>
>>> https://news.ycombinator.com/item?id=33894933
>>>
>>> Some highly charged opinions abound.
>>>
>>> Here's the preamble:
>>>
>>> "Our Hosting provider, Hetzner, has recently started charging for 
>>> public IPv4 addresses - as they should! Those numbers started 
>>> getting expensive. This prompted me to try and set up a new server 
>>> cluster using IPv6 exclusively, and see how far I could get before 
>>> having to give in and purchase an additional v4 address.
>>>
>>> The experiment ended much sooner than I had anticipated. Some of the 
>>> road blocks I hit along the way:
>>>
>>>   - The GitHub API and its code load endpoints are not reachable via 
>>> IPv6, making it impossible to download release artefacts from many 
>>> projects, lots of which distribute their software via GitHub 
>>> exclusively (Prometheus for instance).
>>>   - The default Ubuntu key servers aren't reachable via IPv6, making 
>>> it difficult to install packages from third-party registries, such 
>>> as Docker or Grafana. While debugging, I noticed huge swaths of the 
>>> GPG infrastructure are defunct: There aren't many key servers left 
>>> at all, and the only one I found actually working via IPv6 was 
>>> pgpkeys.eu.
>>>   - BitBucket cannot deploy to IPv6 hosts, as pipelines don't 
>>> support IPv6 at all. You can self-host a pipeline runner and connect 
>>> to it via v6, BUT it needs to have a dual stack - otherwise the 
>>> runner won't start.
>>>   - Hetzner itself doesn't even provide their own API via IPv6 
>>> (which we talk to for in-cluster service discovery. Oh, the irony.
>>>
>>> It seems IPv6 is still not viable, more than a decade after launch. 
>>> Do you use it in production? If so, how? What issues did you hit?"
>>>
>>>
>
-- 
IPv6 is the future, the future is here
ipv6hawaii.org