I have configured IPv6 away on my router a while ago (it was complicated/not reliable/not properly supported by ISP/etc), but now I am reconsidering that. Everything I read about it says to go for it. But is there a difference in a home router use case?
Depends. If you are not portforwarding, and you can reach everything you want, IPv6 has no immediate benefits.
But the IPv4 addresses are exhausted, so an increasing number of people don't have a public IPv4 address anymore. To reach them, you need IPv6 (or some proxy).
If you are portforwarding, IPv6 offers you the option to forward the same port to several devices, as all devices get their own, public, IPv6 address. (Well, actually it's not portforwarding anymore, but unblocking. There is no address translation).
The main benefit is the vast pool of public addresses. No need for NAT tricks and port forwards.
So, it is only useful if I am running some servers behind my router?
I don't know your use cases to say if it is useful only for that.
I would approach this slightly differently. If your ISP does a reasonable job with providing IPv6 access without any major issues and if you can get a sane configuration established, there is no reason not to use IPv6.
We all know that the IPv4 pools are exhausted, that isn't yet an issue for larger servers that expect lots of customers (as they can solve the issue with money, progressively more money the scarcer IPv4 addresses get) - but this is increasingly becoming an issue for home users. Especially new'ish ISPs (e.g. cell-/ LTE-/ 5g-, wlan-, cable- or fibre based ones), particularly in Europe or even more pronounced in Asia, simply couldn't obtain a large enough IPv4 pool to serve their users, these users simply will not get a public IPv4 address anymore and have to rely on cgNAT like techniques instead. While this still allows accessing IPv4 ressources on the internet, it makes it impossible to open (respectively forward-) ports on your firewall to the inside, this hits services like SIP based VoIP connections, gaming, IoT devices (which don't rely on cloud based services) and incoming VPN connections the hardest (read it makes them basically impossible).
The solutions to this vary, but they are kludges at best:
- VoIP/ SIP: as long as you only want to use your ISP's SIP services the situation is easy (using internal IP addresses), but if you need to use independent SIP service providers (which can make a lot of sense, be it economical or keeping a permanent/ non-regional phone number, etc.) you do have a real problem. Here IPv6 is the only viable option.
- the suddenly very popular video conferencing systems are in a similar boat, this is difficult to achieve without peer-to-peer networking (central servers instead) - using IPv6 makes this a lot easier and less resource intensive (~host your own video call).
- gaming: many games simply won't work without an external IPv4 address and having the ability to open ports. Microsoft has already dabbled with IPv6 to solve this by using Teredo as IPv6 based tunneling protocol (not without its own share of collateral damage though). The situation here is difficult, vendors try to work around the problem in multiple ways, but many games don't properly support IPv6 yet.
- IoT: this is increasingly going the cloud based route, avoiding the need to access devices on your internal network from the outside, but having those devices push their data from the inside to the vendor's cloud and collecting it there. This side-steps the IPv4 shortage, but at the same time renders you dependent on the vendor's cloud services - monthly subscriptions, usage limits, if the cloud is down you won't have access to your devices and if the vendor ceases their services, the devices cease to function. I don't see much IPv6 support here (and vendors obviously like to lock their customers into paid subscription models), but there are still non-cloud options that can be used instead (at least via VPN).
- VPN: for this to work, you simply must have some kind of access (opening the necessary ports) to your network. If you only get cgNAT IPv4 addresses, your only option is to turn to IPv6 instead (which works, right now - but you do need to have IPv6 access on both ends).
- peer-to-peer services (e.g. bittorrent), this hard-depends on being able to open ports, with cgNAT IPv6 is the only option.
- captchas and similar: cgNAT is based on doing NAT for a sizeable number of users behind a single IPv4 address, this poses a problem with services that try to protect themselves from abuse. If you do have a cgNAT address which is not known to the service (each individual one) as such, you might be blocked from being served. This can result in getting faced with captchas a lot to prove that you're indeed a human or might lead to complete failure. IPv6 access on the server side (and obviously the user side as well) would help with that.
Personally I've just had to switch from a native dual-stack ISP (VDSL, native IPv4 address + native dynamic /56 IPv6 prefix) to a new ftth ISP only offering cgNAT + a semi-static /56 IPv6 prefix, as a result I no longer have a public (=usable) IPv4 address, this shows its ugly rear exactly in the topics above. I do use incoming VPN services ("road-warrior" setup), to access my local network from the road, which isn't possible without a public IP address. IPv4 is no longer an option, but now I do have IPv6 services and fortunately my LTE cell phone ISP has been offering IPv6 (optionally) for a couple of years as well - this works out for me, but it's the only option.
Right now, as long as you still obtain a public IPv4 address from your ISP, you might not necessarily need to bother about IPv6 - but as you see above, the tide is turning. Even if you might not require IPv6 right now, you (or your visitors) might want to connect to a VPN provided by someone who isn't that lucky (parents, relatives, friends on cgNAT) - if you have IPv6 available, this will work fine - without IPv6, you'd be out of luck. This situation will become more prevalent in the future (gaming? only if you have IPv6 enabled - or you'd be restricted to a subset of users who still have a public IPv4 address, etc. pp.). The US was first to the party, they got the lion's share of the IPv4 address pool and don't see that much contention yet, but elsewhere around the world the situation is more contentious. There IPv4 addresses are a scarce resource for consumers already, taking my situation as an example - other than changing ISPs to the worse (non-fibre), I simply don't have any option to get a public IPv4 address anymore (yes, business contracts with IPv4 addresses exist, but they're not offered to non-businesses and they're significantly (multiples) more expensive).
By default, OpenWrt makes IPv6 easy and preconfigured with the same policies as your IPv4 access (reject incoming connections by default, allow outgoing), so enabling IPv6 should be non-disruptive - there's imho no reason not to use it. Given that the IPv4 address pool is exhausted, there is no way around IPv6 - the only question is when you make the jump, respectively at which point obtaining IPv4 addresses for servers becomes too expensive to be viable. IPv6 is there to stay, it has had a lead time of 25 years, it's available and working right now (I've been using it for around a decade now) - even if some users don't 'like' it (the longer hexadecimal addresses), there is no alternative - any contender would face similar lead-up times (but we don't have that luxury, we need it now - and deployed and usable by everyone).
I think everybody should use ipv6, it's 8 years after the World IPv6 launch day after all.
But if it's unreliable and not supported by the ISP then I guess you may have to wait until its supported by the ISP.
IPv6 also benefits zeroconf, LAN and VPN:
- LLA can be utilized in zeroconf setups, e.g. to achieve connectivity with broken L3 configuration.
- ULA helps to resolve routing collisions when the host simultaneously has more than one active connection to different networks with limited control, e.g. your IPv6 VPN will work no matter which public network your client connects from assuming that the firewall allows it.
Thx everyone for the comments; it looks like it is worth giving it a shot if the ISP supports it.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.