this post was submitted on 12 Jun 2023
195 points (96.2% liked)

Lemmy.World Announcements

29027 readers
9 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 1 year ago
MODERATORS
 

I see that lemmy.ml is the only major instance currently reachable over IPv6. When will lemmy.world join the modern internet?

top 37 comments
sorted by: hot top controversial new old
[–] [email protected] 115 points 1 year ago (4 children)

Yes, on the to-do list! Thanks!

[–] [email protected] 12 points 1 year ago
[–] [email protected] 8 points 1 year ago

HTTP/3 next? :D

[–] [email protected] 5 points 1 year ago

Thank you Ruud!

[–] [email protected] 1 points 1 year ago

I'm connected to 2a01:4f9:3a:178f::2 now. Thanks.

[–] [email protected] 54 points 1 year ago (4 children)

Why does it matter? Actually curious.

[–] [email protected] 59 points 1 year ago* (last edited 1 year ago) (1 children)

Basically, the Internet ran out of IPv4 addresses to distribute about ten years ago. People knew that would happen back in the 1990ies, so they invented IPv6 with the idea that the Internet would eventually switch over to an address format that had enough addresses for basically forever. Ever since about twenty years ago, network technicians have introduced an increasing amount of hacks and shitty workarounds that would undermine and erode a lot of the egalitarian ideas and principles that originally underpinned the lowest levels of the Internet stack in order to work around this increasing shortage.

Just try hosting a computer game on a modern internet connection. On many (not all) modern internet connections, that doesn't work anymore, because you are effectively behind double NAT, and the second layer is controlled by your ISP. There is a reason why many modern multiplayer games say "fuck it, we'll host it for you". Or even "fuck it, we'll tell the user to rent a server in a datacenter if they want to host." (Note, games are just an example. There are plenty of examples where earlier internet users had some degree of autonomy when interacting with one another where current users can only hope for the continued benevolence and cooperation of Google and the like.)

By today, even though you don't really see it as an end-user, the IPv4 internet is basically held together with spit and duck tape. And also an honest-to-goodness black market for IPv4 addresses.

However, the big and obviously advantageous switch still isn't happening. There are hardly any services out there that will work via IPv6, but not IPv4, so there is no visible incentive for end users to even want IPv6. In fact, most won't even know what that is. (Technically, there is one: A Japanese site from like 1999 that will show you an animated gif of a turtle instead of a static one if you visit via IPv6. Somehow that hasn't yet convinced grandma from down the road to switch to an ISP that promises high quality IPv6 connection...) On the flip side, anybody offering a service on the Internet knows that it absolutely must be reachable via IPv4, even if that's expensive and cumbersome, while IPv6 is kinda optional, even if those addresses are a dime a dozen... million.

The whole thing is a bit of a catch-22 at this point, and even though all the experts know, and have known for 30 years, that we must switch over eventually, no real progress seems to be made lately.

Lemmy.world getting or not getting an IPv6 address is not going to make or break this. Still, it is irksome to see it being one of those obstacles that keep standing in the way of progress.

[–] [email protected] 4 points 1 year ago (1 children)

So as an average internet user, can I still access everything if I switch to an ipv6 ISP which doesn't provide ipv4?

[–] [email protected] 10 points 1 year ago (1 children)

I highly doubt you're gonna find a purely IPv6 ISP. You probably wouldn't be able to access everything, but I'd wager most of the big sites would work.

[–] [email protected] 10 points 1 year ago

You might be unpleasantly surprised:

Out of the top 1000 Alexa sites, only 490 has IPv6 enabled

(source)

That's close to, but not quite, "most".

[–] [email protected] 42 points 1 year ago (2 children)

The more servers have IPv6 support the more it will become the standard and we can finally switch to it instead of IPv4.

Now why you'd wanna switch, the main reason is there are far too few IPv4 addresses available for every device to actually have a unique IPv4 address, and that results in all sorts of headaches.

[–] [email protected] 11 points 1 year ago (2 children)

Slightly off topic, but perhaps you can point me in the right direction. I recently upgraded my home router/NAT firewall to one that runs pfSense and it now supports IPv6. I was slightly horrified to find that DHCP had assigned all my devices IPv6 addresses and that they were all publicly routable. Comments online seemed to indicate that in order to protect devices on my local network from being probed by external entities I'd have to create custom firewall rules. I know just enough to know I didn't want to do that as the likelihood of doing it wrong and compromising security far outweighed any benefit I'd see from IPv6. The only other option was to disable all IPv6 traffic at the firewall.

What am I missing here? Is it intended that regular home users have their printer, which the manufacturer hasn't seen fit to update since Bush Jr. was president, exposed to the entire Internet? Is it that the IPv6 space is so large that port scanning for vulnerable machines is like finding a needle in a haystack?

[–] [email protected] 11 points 1 year ago

Generally this isn't an issue for home users. Pretty much every home router defaults to denying incoming connections but allowing outgoing ones, for both IPv4 and IPv6.

In both cases you can of course configure the router to allow incoming connections on certain ports and (for IPv6) IP addresses (unless you're behind CGNAT), but it's almost never the default.

For IPv4 this happens to be a necessity of NAT: without additional configuration, the router simply doesn't know which device is being addressed because they all use the router's IPv4, so it can't forward it. For IPv6 this is a good and extremely common default firewall configuration, especially for routers intended for connecting private networks to the Internet.

The only real difference is that for outgoing IPv4 connections they typically all come from the same IPv4 (as seen from outside the local network) while for outgoing IPv6 you can potentially distinguish^1^ between different devices.

^1^: Not reliably, mind you: a device can have multiple IPv6 addresses, and many default to changing the one they use for outgoing connections every so often. Theoretically they could even re-use one that was previously used by another device, but that's vanishingly unlikely unless specifically configured to do so.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

~~In general, you should probably turn on your router's NAT even for IPv6. What you mentioned is a security concern, and while yes, the IPv6 address space is enormous and finding a valid address is hard, if somebody already knows your IPv6 address it's a lot easier. For a home user there isn't really a reason for your ports to be accessible from the outside, and if you need such a thing, you can easily port forward specific ports~~.

edit: To add to that, turning on your router's NAT isn't a problem, you can always port forward, the problem with IPv4 is that you're behind two NATs, your router's and your ISP's. Because of this, you can't actually open up any port to be publicly visible on the Internet, which is extremely frustrating.

edit edit: Reply to my comment pointed out that what I suggest is retarded.

[–] [email protected] 12 points 1 year ago (2 children)

In general, you should probably turn on your router’s NAT even for IPv6.

No, you should not! NAT is not needed with IPv6 and you should never use it unless you really know what you are doing.

NAT is not a security feature, firewalls are, the default firewall rules from consumer routers are generally enough (allow outgoing, deny incoming except if it's an existing connection). And if you're concerned about others tracking hosts inside your network, the default settings of Privacy Extensions makes your device assign itself different IPs for outgoing connections every so often.

[–] [email protected] 3 points 1 year ago (1 children)

Coming from the land of IPV4 networks I struggle so much to wrap my head around this, do you have any suggestions for good resources to learn about it?

[–] [email protected] 1 points 1 year ago

Learn about which part specifically? I'd argue that IPv6 is essentially IPv4 with reduced complexity (due to stuff like NAT no longer being necessary since address space is large enough). The basics of how smaller connected IPv4 networks work pretty much extends to how IPv6 works across the internet with a few differences such as link-local addresses which are only valid in the same network.

If you mean Privacy Extensions, that's part of SLAAC, which is a way of how devices in a network can get an IP address (the other being DHCPv6, which afaik works pretty much like DHCP in IPv4). Here, the router only announces the local network prefix and hosts assign IP addresses themselves, instead of the router assigning an address to each host. This works due to networks usually being a /64 block which is a large enough address space for IP collisions to be very unlikely (and in case they happen, the colliding hosts can resolve that automatically).

That's as far as my understanding goes anyway, I'm far from an expert, just someone who has set up a Linux home router from scratch so I've had to deal with this stuff :P

[–] [email protected] 1 points 1 year ago

Thanks for pointing out. By NAT there I meant symmetric NAT which by my understanding would fix that problem as well.

But you're right, NAT wouldn't make sense, you could just add some rules to the firewall.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

My ISP screwed something up last month and no one in my county got an IPv4 address / route for close to 6 hours. Meanwhile, IPv6 worked flawlessly.

[–] [email protected] 3 points 1 year ago (2 children)

Would you not still be able to reach a website over IPv4 even if your IP is IPv6? I know almost nothing about networks, sorry.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

IPv6 clients can communicate with IPv6 servers.

IPv4 clients can communicate with IPv4 servers.

In order to mix and match you need some intermediary server that has both IPv4 and IPv6 to translate.

For example my mobile service provider (T-Mobile US) doesn't support IPv4 on their network, however I can still access IPv4 services because they automatically route that traffic through a NAT64 server, which translates the IPv6 from my device into IPv4 heading to the IPv4-only service.

T-Mobile actually takes it a step further than many other IPv6-only service providers. NAT64 alone only solves problems with servers that are IPv4-only, whereas T-Mobile uses 464xlat (which includes NAT64) which also solves problems with apps on the user's device that are IPv4-only.

[–] [email protected] 1 points 1 year ago

Sweet, thanks!

[–] [email protected] 3 points 1 year ago

Possible but not β€œout of the box”, per se. some technological assistance is needed and if it doesn’t already exist within your own or your ISPs infrastructure it’s beyond the capabilities of a typical consumer.

[–] [email protected] -1 points 1 year ago

Hi guys! Just joined. Where's the pizza?

[–] [email protected] 14 points 1 year ago

I'm sure it will before long. The server has already been moved to allow for growth, once things are more stable that will be fairly easy to add to a cloud hosted server like this.

[–] [email protected] 14 points 1 year ago (1 children)

I see that lemmy.ml is the only major instance currently reachable over IPv6

How do you define "major instance"? At lemm.ee, we have the same order of magnitude of users as some of the ones you listed, and I believe we are fully accessible over IPv6 πŸ˜›

[–] [email protected] 12 points 1 year ago

My methodology was: go to https://lemmy.world, hit "All", look at IPvFoo.

So I guess my definition of a major instance is one with enough content to reach the front page of lemmy.world.

[–] [email protected] 14 points 1 year ago

Lemmy NSFW should include more 69s.

[–] [email protected] 12 points 1 year ago (1 children)

I'm pretty sure that's more to do with the server provider than the instance itself. It's up to the server providers to allow IPv6

[–] [email protected] 12 points 1 year ago (2 children)

135.181.143.230 is Hetzner. I think they have decent IPv6 support.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

You seem to be right, and from what I see it's free but requires manual configuration, though the manual configuration seems pretty simple

https://docs.hetzner.com/cloud/servers/primary-ips/overview
https://docs.hetzner.com/cloud/servers/primary-ips/primary-ip-configuration

[–] [email protected] 3 points 1 year ago

Can confirm, my Hetzner servers all have IPv6, even the oldest ones.

[–] [email protected] 3 points 1 year ago

I've started my Lemmy instance on v6 only but needed to add a v4 address at it seems to not sync properly while only using v6. Anyone else encountered the problem ?

[–] [email protected] 1 points 1 year ago (1 children)

Will lemmy.one be IPv6 enabled ?

[–] [email protected] 1 points 1 year ago

https://lemmy.one/c/meta is the relevant community for that question.

load more comments
view more: next β€Ί