• DefederateLemmyMl@feddit.nl
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    6 months ago

    It’s when you have to set static routes and such.

    For example I have a couple of locations tied together with a Wireguard site-to-site VPN, each with several subnets. I had to write wg config files and set static routes with hardcoded subnets and IP addresses. Writing the wg config files and getting it working was already a bit daunting with IPv4, because I was also wrapping my head around wireguard concepts at the same time. It would have been so much worse to debug with IPv6 unreadable subnet names.

    Network ACLs and firewall rules are another thing where you have to work with raw IPv6 addresses. For example: let’s say you have a Samba share or proxy server that you only want to be accessible from one specific subnet, you have to use IPv6 addresses. You can’t solve that with DNS names.

    Anyway my point is: the idea that you can simply avoid IPv6’s complexity by using DNS names is just wrong.

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        You don’t even have to NAT the fuck out of your network. NAT is usually only needed in one place: where your internal network meets the outside world, and it provides a clean separation between the two as well, which I like.

        For most internal networks there really are no advantages to moving to IPv6 other than bragging rights.

        The more I think about it, the more I find IPv6 a huge overly complicated mistake. For the issue they wanted to solve, worldwide public IP shortage, they could have just added an octet to IPv4 to multiply the number of available addresses with 256 and called it a day. Not every square cm of the planet needs a public IP.