Today in our newest take on “older technology is better”: why NAT rules!
6 ≠ 16
v ≠ oWell… I still like IPv6 better than ATM and those darn virtual circuit identifiers.
Another Technical Mistake
Hah. But to be fair, ATM did have a specific use that it worked great for. That is the move to digital voice circuits. The small fixed cell size and built in QoS meant that if you had a fixed line size you could fit X voice channels, and they would all be extremely low latency and share the bandwidth fairly. You didn’t need to buffer beyond one cell of data and you didn’t need to include overhead beyond the cell headers.
ATM was designed to handle the “future” or digital network needs. But, the immediate use was about voice frames and that likely dictated a lot of the design I’d expect.
Typing addresses in ipv4 is ingrained into my brain, but zero NATing with ipv6 is magical.
Honestly we should just use 4 bit ip addresses, it’s too hard for me to remember ipv4 addresses anyways. Carrier grade NAT will take care of the rest.
Why compromise? Use 1-bit IP addresses.
Finally, a use for my 1-bit bloom filter!
You can still NAT IPv6
Only if you’re a masochist.
I haven’t read anything this cursed in a while
Yes, but why would you want to? We have enough addresses for the foreseeable future.
So you don’t need to change your network if your isp changes.
The solution to that is to buy a net block. IPV6 address space is very affordable.
You shouldn’t have to?? Maybe you might need to change the mask in your firewall settings if the ipv6 allocation block size changes but that should be it.
Everything else should just work as normal.
You should only assign static ipv6 to servers, in theory you could just define a host id and use a prefix too. But, most people at home really aren’t running enough servers to make that worthwhile. Everything else should just pick up new addresses fine using ND.
There ought to be more servers.
Will the app for the smart thermostat be updated three years from now and still be useful? If it was instead a web server app on a routable IP, it wouldn’t matter provided they didn’t fuck up the authentication and access control.
Yeah, but they’re not. That’s the modern world. But also even if it was a web server there’s usually ways to advertise the IP for the app to connect to. I’ve seen other stuff do that. So getting an IP is easy. Once the app knows the IP and if you really want to allow connections from outside to your IOT devices (I wouldn’t) it could remember the IP and allow that.
You really don’t need to give a fixed IP to everything. I think I’ve given 1 or 2 things fixed IPv6 IPs. Everything else is fine with what it assigns itself.
The other app off the top of my head is VoIP. You should be able to “dial” a number directly. Most solutions go through the company’s data center first in order to pierce through NAT. Which makes it more expensive, less reliable, slower, and more susceptible to snooping.
There’s a “if you build it, they will come” effect here. Once you can address hosts directly, a whole bunch of things become better, and new ideas that were infeasible are now feasible. They don’t exist now because they can’t.
You can use ULAs (unique local addresses) or that purpose. Your devices can have a ULA IPv6 address that’s constant, and a public IPv6 that changes. Both can be assigned using SLAAC (no manual config required).
I do this because the /56 IPv6 range provided by my ISP is dynamic, and periodically changes.
Yes but you’d still be performing NAT. It’s at least 1:1.
You’ll need to deal with firewall rules regardless, and drop IPs into policies. IPv6 doesn’t remove any of those chores but gets rid of having to maintain tables to deal with many-to-one NAT.
You wouldn’t need NAT. The ULA is used on the internal network, and the public IP is for internet access. Neither of those need NAT.
What translates the public ip to the internal ip? Aren’t they different?
There’s no translation between them. With IPv6, one network interface can have multiple IPs. A ULA (internal IP) is only used on your local network. Any internet-connected devices will also have a public IPv6 address.
ULAs aren’t too common. A lot of IPv6-enabled systems only have one IP: The private one.
If you use a single shared public ip then you’re using some amount of address translation.
If you’re using an external ip address that’s different than an internal ip address but both are assigned to a single host the you’re doing 1:1 NAT.
At least that’s how I understand ipv4 and I don’t think ipv6 is much different.
If you use a single shared public ip then you’re using some amount of address translation
This is practically never the case with IPv6. Usually, each device gets its own public IP. This is how the IPv4 internet used to work in the old days (one IP = one device), and it solves so many problems. No need for NAT traversal since there’s no NAT. No need for split horizon DNS since the same IP works both inside and outside your network.
There’s still a firewall on the router, of course.
At least that’s how I understand ipv4 and I don’t think ipv6 is much different.
With IPv6, each network device can have multiple IPs. If you have an internal IP for whatever reason, it’s in addition to your public IP, not instead of it.
IPs are often allocated using SLAAC (stateless address auto config). The router tells the client "I have a network you can use; its IP range is
2001:whatever/64, and the client auto-generates an IP in that range, either based on the MAC address (always the same) or random, depending on if privacy extensions are enabled - usually on for client systems and off for servers.
That’s what they thought for IPv4… and for 2-year digits… and for…
1:1 stateless NAT is useful for static IPs. Since all your addresses are otherwise global, if you need to switch providers or give up your /64, then you’ll need to re-address your static addresses. Instead, you can give your machines static private IPs, and just translate the prefix when going through NAT. It’s a lot less horrible than IPv4 NAT since there’s no connection tracking needed.
This is something I probably should have done setting up my home Kubernetes cluster. My current IPv6 prefix is from Hurricane Electric, and if my ISP ever gives me a real IPv6 prefix, I will have to delete the entire cluster and recreate it with the new prefix.
It should only be needed if your ISP is brain-dead and only gives you a /64 instead of what they should be doing and also giving you a /56 or /48 with prefix delegation (I.e it should be getting both a 64 for the wan interface, and a delegation for routing)
You router should be using that prefix and sticking just a /64 on the lan interface which it advertises appropriately (and you can route the others as you please)
Internal ipv6 should be using site-local ipv6, and if they have internet access they would have both addresses.
And if you want static ips either use dhcp6 or disable the randomisation of eui64 addresses
I have static IPs for my Kubernetes nodes, and I actually use DHCPv6 for dynamic dns so I can reach any device with a hostname, even though most of my devices don’t have static IPs.
The issue is those static IPs are tied to my current ISP, preventing me from changing ISPs without deleting my entire Kubernetes cluster.
It certainly looks like you can give it a prefix to assign out, possibly even multiples
Hurricane Electric gives me a /48.
Site-local ipv6 would work here as well, true. But then my containers wouldnt have internet access. Kubernetes containers use Ipam with a single subnet, they can’t use SLAAC.
Point is, you should be able to have them have both. Or stick a reverse proxy in front that can translate. Unless they’re somehow meant to be directly internet reachable the public addresses could be autogenerated
Full disclosure though I don’t know anything about kubernetes.
Yeah, I wonder if there’s any proposals to allow for multiple IPV6 addresses in Kubernetes, it would be a much better solution than NAT.
As far as I know, it’s currently not possible. Every container/Pod receives a single IPv4 and/or IPv6 address on creation from the networking driver.
Even if you give it multiple ip6 cidrs to allocate?
My ISP does this right (provides a /56 for routing), but unfortunately both are dynamic and change periodically. Every time I disconnect and reconnect from the internet, I get a different prefix.
I ended up needing to have ULAs for devices where I need to know the IPv6 address on my network (e.g. my internal DNS servers).
Indeed, that’s correct ula usage, but shouldn’t need nat rewriting. The global prefixes just need to be advertised by RA packets
Yeah I’m not using NAT, sorry for the confusion.
My router doesn’t support RAs for a ULA range though, so I’m running radvd on my home server.
I use openwrt on my home network which uses dnsmasq for dhcp. It can give a static suffix which just works with the global prefix on the interface and the site local / ula prefix it uses
Note that Android doesn’t support DHCPv6, just in case you have Android devices and ever have to debug IPv6 on them.
64 for the wan interface
Nitpicking, but the address for the wan interface wouldn’t have a prefix, so the host would just set it as a /128 (point-to-point)
Ehh, I’ve seen both. Perhaps not in a home router context though, never really bothered to check
Bro used <> instead of !=
What languages use this? I don’t like it!
On the other hand it goes well with >= and <=. If >= means “either > or =” then <> means “either < or >”, it checks out.
But I still don’t like it.
BASIC. At least VB.
Can confirm also BASICA, GWBASIC, QBASIC, and QuickBASIC
I think Excel formulas also use this, but it’s been a long time so I might be misremembering.
SQL
Depends on the dialect. I mostly use Presto and MySQL at work, and both allow
!=.Presto also lets you use
NOTfor booleans - instead ofWHERE foo = false, you can doWHERE NOT foo.
F# definitely and maybe Haskell and OCaml as well? Elixir and Erlang use it as a binary concatenation operator.
Yes for OCaml. Haskell’s inequality is defined as
/=(for ≠).<>is usually the Monoidmappendoperator (i.e. generalized binary concatenation).
SQL uses it but yeah, not programming language :p.
I was on mobile so I didn’t have a
.XComposeavailable to type≠.SQL is definitely a programming language. Most dialects are Turing-complete in some way. Some allow custom functions and stored procedures.
If you want to be able to write practically anything on mobile, including ≠, ≈, ‰, ℝ etc., have a look at Unexpected keyboard. No spellcheck or autocomplete, though.
I was on mobile so I didn’t have a
.XComposeavailable to type.I feel the opposite. On mobile I have much easier access to special characters. I just need to hold down characters to get more variants.
Yup, ≠ is right “under” =. As is ≈.
Damn I never understood it but now it makes sense thanks to you
Yea it’s ugly 😭
logo does
Removed by mod
Not a big deal. We’re projected to run out of years by 2000 and then the world will end.
Oh god that brings back memories. Reallying dumb ones of people but memories none the less
And it took a lot of hard work by a lot of people to adopt new date standards to avoid that problem. Now it’s time to adopt new IP standards, and it’s going to take a lot of hard work by a lot of people.
And we are facing the effects of it as we’re speaking. CGNAT and protocols like TURN were not invented without a reason.
Slightly related to the issue of remembering addresses, I think the main issue is with the fact that local nameservers are pretty much non-existent if you’re not running OpenWrt or OpnSense. Which is shameful because the local nameserver is an amazing quality of life tool.
Also the fact that officially there are no local TLDs except for “.arpa” while browsers won’t resolve one word domains without adding http://
And don’t get me started on TLS certificates in local networks… (although dns01 saves the day)
And don’t get me started on TLS certificates in local networks…
I hate this and the fact that modern platforms seem to require TLS even if you’re serving localhost, so much.
I don’t get why ‘.local’ isn’t a top level domain for LAN hosts.
I’ve taken to using
.here(or.aqui, “here” in Español, much harder to match outside) as alternatives until something better comes up.Ideally I’d use
.aquí, correctly with the diacritic, but DNS doesn’t seem to support even the basics of Unicode in 2024.Well, there is Punycode, which, if I understand correctly, is a layer before DNS, which translates a Unicode string into a DNS-compatible ASCII string.
I don’t actually recommend using that, though. Every so often, the ugly ASCII string shows up in places, because Punycode translation isn’t implemented there. Certainly increases administration complexity.
Yeah I’ve heard about punycode. Personally, I’m well against it because it puts down non-MURRICAN English domain names as second-class citizens on the internet. If I have a website about Copiapó, a perfectly legal town, there’s no good reason why the domain name should not be
copiapó.clrather thancopiap-xcwhngoingohi4oleleiyho42yt4ptg4ht4.cl, making it look “suspect” and “malware-y”.There were quite some complains back in the time about Firefox choosing not to “flag” internationalized names as potentially dangerous, and pretty much all those complaints that I know of likely came from English speakers who simply can’t understand other countries in the world even can have different alphabets.
I mean, there is some legitimate concerns. For example, in theory, someone could register a domain “αpple.com” and use that to send phishing mails. That “α” is an alpha. The more alphabets and letter variants you allow, the more lookalikes there will be.
But yeah, in practice, domain registrars check that you’re not registering such a lookalike domain and then that’s not really a problem, as far as I’m aware.
.localis already used by mDNSAh, that makes sense. I just knew it was unavailable. Apparently
.lanis fine to use, I think I’ll try that next time.
I think it’s worth taking the time to learn IPv6 property. If you have a good understanding of IPv4 it shouldn’t take you more than an afternoon.
Eliminating NAT and just using firewall rules (ie what NAT does behind your back) is incredibly freeing.
I don’t get people complaining about typing out IPs. I like to give all of my clients full FQDNs but you don’t have to. Just using mDNS would be enough to avoid typing a bunch of numbers.
Maybe I have Stockholm Syndrome, but I like NAT. It’s like, due to the flaws of IPv4 we basically accidentally get subnets segmented off, no listening ports, have to explicitly configure port forwarding to be able to listen for connections, which kinda implies you know what you’re doing (ssshh don’t talk about UPnP). Accidental security of a default deny policy even without any firewalls configured. Haha. I’m still getting into this stuff though, please feel free to enlighten me
Instead of nat and port forwards that rewrite, your firewall is set to only forward specific traffic, exactly how’d you’d configure outbound forwarding on a nat network (but opposite directions)
Open forwarding is a router, not a firewall
I don’t think you have Stockholm syndrome. You just like what you already understand well. It’s a normal part of the human condition.
All those features of nat also work with IPV6 with no nat in the exact same way. When I want to open up a port I just make a new firewall rule. Plus you get the advantages of being able to address the ach host behind the firewall. It’s a huge win with no losses.
Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.
There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.
If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.
With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.
Ahh, woah, I never thought about the huge address space would affect network scans and such.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.
Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.
Good luck finding the used ones.
That and the IPv6 address on client systems will periodically rotate (privacy extensions), so the IPs used today won’t necessarily be the ones used tomorrow.
(you can disable that of course, and it’s usually disabled by default on server-focused OSes)
Could a hypothetical attacker not just get you to visit a webpage, or an image embedded in another, or even a speculatively loaded URL by your browser. Then from the v6 address of the connection, directly attack that address hoping for a misconfiguration of your router (which is probable, as most of them are in the dumbest ways)
Vs v4, where the attacker just sees either your routers IP address (and then has to hope the router has a vulnerability or a port forward) or increasingly gets the IP address of the CGNAT block which might have another 1000 routers behind it.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.
While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.
Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.
Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.
Since you can have multiple IPv6 addresses on one machine, you can use a rotating address for all outbound connections and a permanent address for inbound connections. If you visit a malicious website that tries to attack the IP that visits it, there will be no ports open. They would have to scan billions of addresses to find the permanent address. All of that scanning would be easily detected and blocked by an IDS.
There is this notion that IPv6 exposes any host directly to the internet, which is not correct.
TP-Link routers used to actually do this. They didn’t have an IPv6 firewall at all. In fact they didn’t add an IPv6 firewall to their “enterprise-focused” 10Gbps router (ER8411) until October 2023.
I wouldn’t rely on the size of the address space to provide security. It’s possible to find hosts through methods other than brute force scanning. I remember seeing a talk from a conference (CCC? DEF CON? I can’t remember) where they were able to find hosts in government IPv6 address space (might have been DOD?) through stuff like certificate transparency logs and other DNS side channels.
Man, I need to go find that talk now…
Edit: I don’t think this is the one I saw previously but is in a similar vein: https://www.youtube.com/watch?v=AayifEqLbhI
Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.
For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.
However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.
It should not be the sole source of security but it definitely adds to it if done right.
accidentally get subnets segmented off, no listening ports, have to explicitly configure port forwarding to be able to listen for connections
You can intentionally get that behaviour by using a firewall.
Every time I see a defense of IPv4 and NAT, I think back to the days of trying to get myself and my roommate to play C&C: Generals together online, with a 2v2 game, with one of us hosting. Getting just the right combination of port forwarding working was more effort than us playing C&C: Red Alert on dial up when we both lived at home.
With IPv6, the answer is to open incoming traffic on the port(s) to the host machine (or just both since the other guy is might host next time). With IPv4, we have to have a conversation about port forwarding and possibly hairpin routes on top of that. This isn’t a gate for people “who know what they’re doing”, it’s just a bunch of extra bullshit to deal with.
I feel like I could learn Dutch, my English is already broken
I would love to start using ipv6 but my ISP decided that their devices won’t support prefix delegation because “nobody uses ipv6 and nothing works with it”
I can remember an up, but would never an ipv6
Ipv6 is not 6 bytes? 8 segments of 2 bytes for a sum of 16 bytes?
Or am I stupid right now?
IPv6 is unfortunately not six bytes, no. For some weird, ass-backwards reason.
Because 48 bits over 32 bits does not really solve the problems with ip4. 128 bits basically gives one ip4 address space to each square meter of earth. Ip6 also drops all the unused and silly parts of ip4 too.
128 bits basically gives one ip4 address space to each square meter of earth.
That sounds like terminal stage capitalism to me. Why would we want every tree in the Amazons to be cybergorized with its own IP? I don’t know Rick, 64
kbitsbits ought to be enough for everybody, and I’m already risking it.Because bits are not expensive anymore, and if we used 64 bits, we might run out faster than the time needed to convert to a new standard. (After all, IPv4 is still around 26 years after IPv6 was drafted.) Also see the other notes about how networks get segmented in non-optimal ways. It’s a good thing to not have to worry about address space when designing your network.
Our network architecture has the tendency to waste IP addresses. A subnet may have 10 devices but have 256 IPs (e.g. a /24 network like 192.168.0.0 to 192.168.0.255) - that’s 246 wasted addresses. This wastage is kinda unavoidable since we’d need to keep our routing tables from being too fragmented.
With that in mind it is entirely possible for 64-bit addressing space to not be enough, unless we revert to methods like NAT which come with their own disadvantages.
We have already used up about one /11 block of the IPv6 internet. That’s 128-11=117 bits. If we replace the standardized /64 subnets of IPv6 with old /24 subnets typical in IPv4 networks, you get 61 bits. That’s dangerously close to the upper limit of a hypothetical 64-bit IPv5 internet.
Why should it be? Also, MAC addresses are that size.
Yes, you’ve got it right. <> means ≠. 16 is not equal to 6.
Never seen that Notation.
2 bytes would give you 0-4 per segment. Or about IPv22 bytes would be 0-65535 and 8 sets is ~3.4×10^(38) addresses
Whoops, bits vs bytes. This is why I should stop commenting before I’ve had coffee
IPv6 = second system effect. It’s way too complicated for what was needed and this complexity hinders its adoption. We don’t need 100 ip addresses for every atom on the earth’s surface and we never will.
They should have just added an octet to IPv4 and be done with it.
Every time there’s a “just add an extra octet” argument, I feel some people are completely clueless about how hardware works.
Most hardware comes with 32-bit or 64-bit registers. (Recall that IPv6 came out just a year before the Nintendo 64.) By adding only an extra octet, thus having 40 bits for addressing, you are wasting 24 bits of a 64-bit register. Or wasting 24 bits of a 32-bit register pair. Either way, this is inefficient.
And there’s also the fact that the modern internet is actually reaching the upper limits of a hypothetical 64-bit IPv5: https://lemmy.world/comment/10727792. Do we want to spend yet another two decades just to transition to a newer protocol?
64-bit IPv5
64-bit IP would be IPv8, not IPv5.
deleted by creator
you are wasting 24 bits of a 64-bit register
You’re not “wasting” them if you just don’t need the extra bits, Are you wasting a 32-bit
integerif your program only ever counts up to 1000000?Even so when you do start to need them, you can gradually make the other bits available in the form of more octets. Like you can just define it as a.b.c.d.e = 0.a.b.c.d.e = 0.0.a.b.c.d.e = 0.0.0.a.b.c.d.e
Recall that IPv6 came out just a year before the Nintendo 64
If you’re worried about wasting registers it makes even less sense to switch from a 32-bit addressing space to a 128-bit one in one go.
Anyway, your explanation is a perfect example of “second system effect” at work. You get all caught up in the mistakes of the first system, in casu the lack of addressing bits, and then you go all out to correct those mistakes for your second system, giving it all the bits humanity could ever need before the heat death of the universe, while ignoring the real world implications of your choices. And now you are surprised that nobody wants to use your 128-bit abomination.
Hm, didn’t the GP already address (pun unintended!) the 128-bit part?
He/she said the internet is reaching upper limits of 64 bits apparently and gave a value of 61 bits in the linked comment.
You’re not “wasting” them if you just don’t need the extra bits
We are talking about addresses, not counters. An inherently hierarchical one at that (i.e. it goes from top to bottom using up all bits). If you don’t use the bits you are actually wasting them.
you can gradually make the other bits available in the form of more octets
So why didn’t we make other bits available for IPv4 gradually? Yeah, same issue as that: Forwards compatibility. If you meant that this “IPv5” standard should specify compulsory 64-bit support from the very beginning, then why are you arbitrarily restricting the use of some bits in the first place?
If you’re worried about wasting registers it makes even less sense to switch from a 32-bit addressing space to a 128-bit one in one go
All the 128 bits are used in IPv6. ;)
We are talking about addresses, not counters. An inherently hierarchical one at that. If you don’t use the bits you are actually wasting them.
Bullshit.
I have a 64-bit computer, it can address up to 18.4 exabytes, but my computer only has 32GB, so I will never use the vast majority that address space. Am I “wasting” it?
All the 128 bits are used in IPv6. ;)
Yes they are all “used” but you don’t need them. We are not using 2^128 ip addresses in the world. In your own terminology: you are using 4 registers for a 2 register problem. That is much more wasteful in terms of hardware than using 40 bits to represent an ip address and wasting 24 bits.
I have a 64-bit computer, it can address up to 18.4 exabytes, but my computer only has 32GB, so I will never use the vast majority that address space. Am I “wasting” it?
You are using the addressing bits in the form of virtual memory. Right now. Unless you run a unikernel system, then in that case you could be right, but I doubt it.
Anyway, this is apples and oranges. IP addresses are hierarchical by design (so you have subnets of subnets of subnets of …), memory addresses are flat for the most part, minus some x86 shenanigans.
Yes they are all “used” but you don’t need them. We are not using 2^128 ip addresses in the world.
But we do need them! The last 64 bits of your IPv6 addresses are randomized for privacy purposes, it’s either that or your MAC address is used for them. We may not be using those addresses simultaneously but they certainly are used.
Despite that, there still are plenty of empty spaces in IPv6, that’s true. But they will still be used in the future should the opportunity arise. Any “wastage” is artificial, not a built-in deficiency of the protocol. Whereas if we restricted the space to 40 bits, there will be 24 bits wasted forever no matter how.
it’s not about using all 100 IP addresses for every atom
it’s about having large enough ranges to allocate them in ways that make sense instead of arbitrarily allocating them by availability
Please don’t I barely understand subnetting as it is.
That why we should adopt my ipv12. Its three levels of addresses rach 512 bit longs. One for host one for network and one what ever the heel else need. Planet that’s it we asogn each planet a 512 bit address
Mystery of the universe, would IPv5 have hit the sweet spot and taken off?
I’m still on IPv3, haven’t updated yet.
