The question above for the most part, been reading up on it. Also want to it for learning purposes.

  • dud3@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Dual-Stack is usually no problem, but going IPv6-only is a pain, because a suprising amount of services are v4 only. Even NAT64/DNS64 doesn’t help everywhere.

  • tburkhol@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Definitely dual stack if you do. The real benefit of IPv6 is that, supposedly, each of your internal devices can have its own address and be directly accessible, but I don’t think anyone actually wants all of their internal network exposed to the internet. My ISP provides IPv6, but only a single /128 address, so everything still goes through NAT.

    Setting it up was definitely a learning process - SLAAC vs DHCP; isc’s dhcpd uses all different keywords for 6 vs 4, you have to run 6 and 4 in separate processes. It’s definitely doable, but I think the main benefit is the knowledge you gain.

    • Katrina@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      And the biggest disadvantage of IPv6 is that each of your internal devices has its own address and can be directly accessible from outside. So you need to completely rethink how you do security.

  • fedev@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Because devices in your LAN will all be accessible from the internet with IPv6, you need to firewall every device.

    It becomes more of a problem for IoT devices which you can’t really control. If you can, disable ipv6 for those.

    • orangeboats@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      It’s not necessary to firewall every device. Just like how your router can handle NAT, it should be able to handle stateful firewall too.

      Mine blocks all incoming connections by default. I can add (IP, port range) entries to the whitelist if I need to host a service, it’s not really different to NAT port forwarding rules.

        • amki@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Nothing has changed about why that is compelling: NAT sucks and creates nothing but problems.

          Network security is almost the same with IPv6.

          If you rely on NAT as a security measure you are just very bad at networking.