There are a couple reasons why a lot of organizations have been reluctant to adopt IPv6. The biggest of which is making sure the lessons we've learned with IPv4 security issues and vulnerabilities...
There are a couple reasons why a lot of organizations have been reluctant to adopt IPv6. The biggest of which is making sure the lessons we've learned with IPv4 security issues and vulnerabilities get maintained in any implementation of IPv6, which is not necessarily a simple toggle between IP structures. Improperly configured printers or toasters or whatever IoT device could be threat vectors for attack, where there is even less user interaction than the computers that formed the traditional attack vector before like two or three years ago.
So the industry is massively shifting when it comes to keeping visibility in all these IoT devices on your network, and IPv6 is another wrinkle in that attempt to maintain visibility. The technology that supports IPv4 is in some cases matched to IPv6, but that isn't the case for all the tools and resources as our disposal. Finding alternatives has to come before deployment, and so it makes sense that some companies would be reluctant to make that dive.
I mean, it's already here, especially on mobile networks. T-Mobile, Sprint, and Verizon in the US are full IPv6 with 464XLAT to get IPv4 access (do the European T-Mobile networks have the same...
I mean, it's already here, especially on mobile networks. T-Mobile, Sprint, and Verizon in the US are full IPv6 with 464XLAT to get IPv4 access (do the European T-Mobile networks have the same setup? I'd assume they do), Comcast has been running dual stack for a few years now (and uses v6 internally to access CPE for troubleshooting and the like), Spectrum, AT&T (on the wired side), and CenturyLink have 6rd deployed as well. Given the state of US ISPs, it's hard to believe that they're so much more forward thinking than other ISPs globally.
Plus these Band-Aids on Band-Aids for v4 are getting ridiculous. CGNAT ruining port forwarding, having to run secondary software just to enable end to end connectivity-- why are we slapping so much shit on an exhausted system, when it's replacement is here and has been for over a decade now? The time spent mitigating address exhaustion would be better served solving the transition to v6, IMO.
Yggdrasil is great, but a heads-up if you're new to it and trying it out: you probably want to configure the SessionFirewall in the config file, otherwise everyone else in the yggdrasil network...
Yggdrasil is great, but a heads-up if you're new to it and trying it out: you probably want to configure the SessionFirewall in the config file, otherwise everyone else in the yggdrasil network can connect directly to anything listening on the yggdrasil tunnel interface (i.e. you lose the "protection" of NAT, just like real IPv6).
There are a couple reasons why a lot of organizations have been reluctant to adopt IPv6. The biggest of which is making sure the lessons we've learned with IPv4 security issues and vulnerabilities get maintained in any implementation of IPv6, which is not necessarily a simple toggle between IP structures. Improperly configured printers or toasters or whatever IoT device could be threat vectors for attack, where there is even less user interaction than the computers that formed the traditional attack vector before like two or three years ago.
So the industry is massively shifting when it comes to keeping visibility in all these IoT devices on your network, and IPv6 is another wrinkle in that attempt to maintain visibility. The technology that supports IPv4 is in some cases matched to IPv6, but that isn't the case for all the tools and resources as our disposal. Finding alternatives has to come before deployment, and so it makes sense that some companies would be reluctant to make that dive.
I mean, it's already here, especially on mobile networks. T-Mobile, Sprint, and Verizon in the US are full IPv6 with 464XLAT to get IPv4 access (do the European T-Mobile networks have the same setup? I'd assume they do), Comcast has been running dual stack for a few years now (and uses v6 internally to access CPE for troubleshooting and the like), Spectrum, AT&T (on the wired side), and CenturyLink have 6rd deployed as well. Given the state of US ISPs, it's hard to believe that they're so much more forward thinking than other ISPs globally.
Plus these Band-Aids on Band-Aids for v4 are getting ridiculous. CGNAT ruining port forwarding, having to run secondary software just to enable end to end connectivity-- why are we slapping so much shit on an exhausted system, when it's replacement is here and has been for over a decade now? The time spent mitigating address exhaustion would be better served solving the transition to v6, IMO.
Yggdrasil is great, but a heads-up if you're new to it and trying it out: you probably want to configure the SessionFirewall in the config file, otherwise everyone else in the yggdrasil network can connect directly to anything listening on the yggdrasil tunnel interface (i.e. you lose the "protection" of NAT, just like real IPv6).
Weird, I just got an ip allocated last night, in Germany.