this post was submitted on 19 Jun 2024
209 points (100.0% liked)

Programmer Humor

421 readers
1 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 

Today in our newest take on "older technology is better": why NAT rules!

you are viewing a single comment's thread
view the rest of the comments
[–] jlh@lemmy.jlh.name 8 points 7 months ago* (last edited 7 months ago) (18 children)

1:1 stateless NAT is useful for static IPs. Since all your addresses are otherwise global, if you need to switch providers or give up your /64, then you'll need to re-address your static addresses. Instead, you can give your machines static private IPs, and just translate the prefix when going through NAT. It's a lot less horrible than IPv4 NAT since there's no connection tracking needed.

This is something I probably should have done setting up my home Kubernetes cluster. My current IPv6 prefix is from Hurricane Electric, and if my ISP ever gives me a real IPv6 prefix, I will have to delete the entire cluster and recreate it with the new prefix.

[–] Thiakil@aussie.zone 4 points 7 months ago (17 children)

It should only be needed if your ISP is brain-dead and only gives you a /64 instead of what they should be doing and also giving you a /56 or /48 with prefix delegation (I.e it should be getting both a 64 for the wan interface, and a delegation for routing)

You router should be using that prefix and sticking just a /64 on the lan interface which it advertises appropriately (and you can route the others as you please)

Internal ipv6 should be using site-local ipv6, and if they have internet access they would have both addresses.

[–] dan@upvote.au 1 points 7 months ago* (last edited 7 months ago) (5 children)

My ISP does this right (provides a /56 for routing), but unfortunately both are dynamic and change periodically. Every time I disconnect and reconnect from the internet, I get a different prefix.

I ended up needing to have ULAs for devices where I need to know the IPv6 address on my network (e.g. my internal DNS servers).

[–] Thiakil@aussie.zone 1 points 7 months ago (2 children)

Indeed, that's correct ula usage, but shouldn't need nat rewriting. The global prefixes just need to be advertised by RA packets

[–] Thiakil@aussie.zone 1 points 7 months ago (1 children)

I use openwrt on my home network which uses dnsmasq for dhcp. It can give a static suffix which just works with the global prefix on the interface and the site local / ula prefix it uses

[–] dan@upvote.au 1 points 7 months ago (1 children)

Note that Android doesn't support DHCPv6, just in case you have Android devices and ever have to debug IPv6 on them.

[–] Thiakil@aussie.zone 1 points 7 months ago

Yup indeed. That's why it advertises both dhcp and slaac

[–] dan@upvote.au 1 points 7 months ago* (last edited 7 months ago)

Yeah I'm not using NAT, sorry for the confusion.

My router doesn't support RAs for a ULA range though, so I'm running radvd on my home server.

load more comments (2 replies)
load more comments (13 replies)
load more comments (13 replies)