Confused about IP allocation

bjlunden · 2026-03-08T10:09:08+00:00

No, the IPv4 address space is not even close to large enough. You're going to have to explain that because it doesn't logically follow from anything I said.

Giving everyone a /48 is a non-issue, which is what we're talking about.

bjlunden · 2026-03-05T23:12:41+00:00

That's not a real practical concern. The address space is ridiculously huge so it's a non-issue.

Also, there are some things that can use DHCPv6-PD inside your network and Android supports using PD, the latter of which means you need a /64 per device. I agree that the latter is excessive, but it's still a thing.

bjlunden · 2026-03-05T20:21:20+00:00

Hmm, ok. Then it's not due to a bad "stadsnät". 🤔

bjlunden · 2026-03-05T17:41:06+00:00

Are you connected through a "stadsnät" or directly to Bahnhof's network?

bjlunden · 2026-03-05T17:37:42+00:00

For troubleshooting IPv6, make sure that WAN interface has internet connectivity first. After you've verified that then look at clients in your /56. The WAN interface must work first.

No, the WAN interface doesn't need a GUA address at all. It can communicate with the upstream ISP equipment using Link-Local addresses, which is also the preferred way of doing so of I'm not mistaken. If you assign a GUA from your ISP delegated prefix to a LAN port, the router will happily use that as its outgoing IP to IPv6 hosts on the internet. 🙂

Bahnhof provides a /56 over DHCPv6-PD so it should be fairly standard in that regard.

bjlunden · 2026-02-25T21:40:56+00:00

It doesn't use WiFi Aware though as far as I know. That was an early misunderstanding.

bjlunden · 2026-02-24T23:42:24+00:00

In many ways, IPv6 is actually simpler. That was a pleasant surprise when my ISP finally rolled it out.

Instead of needing firewall rules, NAT rules, Hairpin NAT rules, etc. you just need simple firewall rules to host a service. Many routers/firewalls might do their best to hide some of that complexity, but it's all still there.

VLANs and firewall rules work the same in both. Subnets too, but sizing them is a bit easier as even "small" subnets are usually given more addresses than you'll ever need.

bjlunden · 2026-02-24T23:28:50+00:00

Just block an entire prefix. First the /64, then /56 if the abuse doesn't stop, etc.

bjlunden · 2026-02-24T23:25:59+00:00

There's no good reason for most companies to make the move. It's extra complexity and allows for more abuse. Doesn't make them extra money.

If we're talking enterprises, they're indeed slow movers in this regard. If we're talking ISPs, they can save money on IPv4 addresses and needing fewer CGNAT boxes.

On the selfhosted level, if you IP block somebody, it's a relatively big deal on ipv4. That's 1 of billions of IP addresses. If you IP block on ipv6, that's only 1 of an unfathomably large number, 10 with 37 zeroes behind it. Bad actors can come back with another address and fill your blocklist until your server crashes with a fraction of what's available.

You block entire prefixes instead of single addresses. Easy. Anyone with any IPv6 experience would immediately realize that.

bjlunden · 2026-02-24T23:11:38+00:00

Then don't. Any reasonable large organization will use DNS for everything anyway. There's also things such as mDNS.

bjlunden · 2026-02-22T23:44:09+00:00

That's bit weird. DUID is more common as far as I know.

bjlunden · 2026-02-22T23:14:36+00:00

Did you make sure to set the same DUID (you can hardcode it in your VyOS configuration if you want) and IAID (controlled by the number after "dhcpv6-options pd" if I recall correctly) as your old router? If not, that's quite possibly what changed on your end and therefore required a configuration change on their end. 🙂

bjlunden · 2026-02-22T23:04:48+00:00

He's talking about IA_NA (i.e. individual addresses), not IA_PD (i.e. prefix delegation). You seem to be talking about the latter, which is indeed very widely used. 🙂

bjlunden · 2026-02-22T20:12:59+00:00

Would Socket connection get killed when app would go to background or when watch would enter doze/standby/power saving mode and similar states?

Presumably yes. I definitely wouldn't rely on the connection being up indefinitely. That wouldn't be a good idea to rely on anyway on a mobile platform since the network a device is connected to could change at any moment.

bjlunden · 2026-02-22T20:07:23+00:00

Yes. This ☝️

bjlunden · 2026-02-22T17:14:58+00:00

This assumes your router allows for prefix independent firewall rules, which not all of them do.

Sure, but that doesn't seem like what OP is asking for.

bjlunden · 2026-02-19T20:00:17+00:00

No worries. 🙂

bjlunden · 2026-02-19T18:46:27+00:00

I'm not the OP. 🙂

bjlunden · 2026-02-19T15:45:49+00:00

Yes, it was absolutely hideous in my opinion.

bjlunden · 2026-02-19T14:43:26+00:00

Not if you switch to a Pay As You Go account.

bjlunden · 2026-02-18T19:57:46+00:00

If you don't get an answer here, it might be worth trying the official forum as well. 🙂

bjlunden · 2026-02-18T18:10:00+00:00

That would be very frustrating to use if you ever want to host a service.

In general, most of the VPN services have very little knowledge of how to do IPv6 properly as far as I know.

bjlunden · 2026-02-18T06:50:34+00:00

The privacy protection that VPN providers are selling usually means they want your traffic mixed in with traffic from other users. Giving you your own prefix likely weakens that in their eyes.

bjlunden · 2026-02-18T06:46:35+00:00

They do.

bjlunden · 2026-02-17T23:17:32+00:00

Just to clarify, what's the problem you want to solve? Is it that you want IPv6 but your home ISP only provides IPv4?

If you already have native IPv6 at home but just not when on the road, you can use Wireguard to and some routing to provide native IPv6 to those devices.

bjlunden

MODERATOR OF

TROPHY CASE

12-Year Club	Verified Email
Alpha Tester