# IPv6 home network



## Max212 (Nov 2, 2021)

Hi,

I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech 
Do you run IPv6 in your home networks?
If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?

Thank you


----------



## drhowarddrfine (Nov 2, 2021)

Because I have Google wifi at home and it was an option I wanted to explore. So I turned it on, got distracted, and never look into it any further.


----------



## Geezer (Nov 2, 2021)

At home, I would like to. My ISP does not provide IPV6. It would be a can of works to ask them.

All other machines have been V6 for a while.


----------



## ct85711 (Nov 2, 2021)

My old ISP provided an IPv6, but my new one doesn't.  Beyond that, my local network does use ipv6; I even had my server's sshd listen only to the ipv6 link local address for added security.


----------



## zirias@ (Nov 2, 2021)

Max212 said:


> Do you run IPv6 in your home networks?


Of course I do.


Max212 said:


> If yes, why?



I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
With IPv4, I'm lucky to get a single public address. With IPv6, /64 and even /56 prefixes are more or less for free.
I'm prepared. ISPs employing NAT themselves (CGNAT) because they don't have enough IPv4 addresses for all their customers any more, is probably the last escalation step in an astonishing history of keeping something alive that doesn't fit any more since many many years.
I can reach IPv6-only services (e.g. FreeBSD's official package builders are interesting from time to time).
With a tunnel offered by HE, I even get a _static_ prefix and reverse DNS delegation (that's why I prefer that over the dynamic prefix offered by my ISP).
Well, I need no stinking NAT…  



Max212 said:


> Also do you run dual stack


Yes. Of course, the IPv4 network uses private addresses and therefore _does_ need NAT. But as IPv6 is preferred, this is only a clumsy fallback when connecting to IPv4-only services.


----------



## Max212 (Nov 11, 2021)

Thank you for your answers 
I will deploy IPv6 in a small lab. After that I will decide, will I run it in whole network.


----------



## sko (Nov 11, 2021)

At home - yes
At work - for all infrastructure and 'external' services, but not for client networks, because half of our applications still doesn't support IPv6 and one of them will just crash & burn if it gets AAAA records returned from its malformed DNS queries (because rolling your own buggy DNS resolver with your application is what you did back in the 90s where this vendor is stuck... same goes for the custom, buggy and mostly non-working crypto...)


----------



## grahamperrin@ (Nov 20, 2021)

Geezer said:


> My ISP does not provide IPV6.



Ditto. 

I use Hurricane Electric Free IPv6 Tunnel Broker with my router, but I don't class this as IPv6 home networking.


----------



## Alain De Vos (Nov 20, 2021)

The services rtsold & ip6addrctl do the heavy lifting for me.


----------



## Blue|Fusion (Nov 24, 2021)

Max212 said:


> Do you run IPv6 in your home networks?


Yes, for about a year now.



Max212 said:


> If yes, why? Also do you run dual stack or do you run NAT64 and DNS64?


Dual stack.


I've learned a ton about IPv6 configuring my homelab with some Brocade ICX switches and routing my home VLAN subnets on the switch.  SLAAC works well with a few caveats for getting consistent IPv6 addresses (random MAC addresses in virtualization, for example).  For home network DNS, I use static assignments and update as required.


The technical benefits of IPv6 are numerous but the global rollout is still taking forever so whenever you can, participate in IPv6 usage.  If you're looking to max out 10, 25, 40, 100Gbps NICs with data traffic without NAT/PAT in between devices and without jumbo frames, stick to IPv4 for a slight increase in throughput.  IPv6 use 40 byte headers whereas IPv4 uses (generally) 20 byte (variable size).


----------



## D-FENS (Nov 27, 2021)

Zirias said:


> Of course I do.
> 
> 
> I don't need crappy NAT, so end-to-end communication doesn't suffer from its shortcomings and bugs.
> ...


So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.
Having the public IP address - I see the value in this. You could have a public IPv4 too though, I believe every reputable ISP should offer you a public IPv4 if you need one (some of them cost extra however).


----------



## D-FENS (Nov 27, 2021)

Max212 said:


> Hi,
> 
> I have possibility do deploy IPv6 in my home network. Is it worth it, except to learn new tech
> Do you run IPv6 in your home networks?
> ...


I do not use IPv6 in my home network, mostly because I have been intellectually lazy and I have not learned how the address allocation works.
My life is totally fine when confined to IPv4, I manage around 200-300 nodes at home with ~20-30 subnets and it works fine. For my external connection I use NAT and 1 external IP address.

In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.
Thinking that every ISP will configure their firewalls perfectly, I think it's wishful thinking. We'll see how it unfolds.

In my honest opinion, IPv4 will still be dominant for the foreseeable future, unless everybody gets like 500 IoT devices at home (which _could_ happen)...


----------



## zirias@ (Nov 28, 2021)

roccobaroccoSC said:


> So... basically you cannot escape from NAT yet? Using IPv6 does not solve this problem of yours.


There's no escape from NAT with IPv4 of course, there just aren't any addresses left. Of course IPv6 solves this problem. While there are very few v6-only services, there are a LOT of dual-stack services, and using v6 with them, no NAT is involved.


roccobaroccoSC said:


> In a sense, NAT protects most of the clueless Internet users today. I can foresee when people finally get rid of IPv4 globally a new big wave of successful attacks and more powerful botnets once everybody has a publicly accessible IP address.


NAT doesn't protect anything. A somewhat "good" NAT implementation tries to route as much traffic as possible, this includes remembering outgoing ports and route back there even from other peers, helping online games, telephony, etc.

The times when home users connected Windows boxes directly to the internet are long gone. Plastic routers typically default to reject anything incoming, there's no reason this would change with IPv6 (actually, they already support IPv6 and, of course, have the same defaults). NAT has nothing to do with that.


----------



## Alain De Vos (Nov 28, 2021)

When you PPP through your router nothing is filtered, &why would you need filtering if you make sure you don't run services ?


----------



## zirias@ (Nov 28, 2021)

Alain De Vos said:


> When you PPP through your router nothing is filtered


Then you don't use it as a router but merely as a modem. That's btw what I do, cause I prefer my own firewall over the one built into such a device. But it isn't the default configuration and it isn't what average Joe will do.


Alain De Vos said:


> &why would you need filtering if you make sure you don't run services ?


It's always a good idea to expect own errors and have more than one line of defense when it comes to security.


----------

