Wow. It's like your reply is doing an impression of IPv6! (I'm just teasing. I hope you are having a happy new year.)

Not GP, but:

> What happens when multiple devices in your /8 want to listen on port 80 and 443 on the public address? Only one of them can. Now you're running a proxy.

I don't want any of my devices listening on the public address, much less multiple.

> It's called a firewall. You want a firewall. IPv6 also has a firewall. NAT is not a firewall. NAT is usually configured as part of your firewall, but is not a firewall.

That's a non sequitur. I can have a both a firewall and a NAT. The two layers are better than one because at least my address is shouldn't be routable even if I failed to configure my firewall correctly.

> DHCPv6 Okay? DHCPv4

> What are you supposed to do with a /8? Do you have several million computers? That's GP's point. Running out of address space is not a problem even on IPv4 with NAT.

> What happens if your ISP changes your IPv4 address? Well, an ostensible advantage of IPv6 is publicly routable addresses. I know how to configure my internal IPv4 network with host table entries and so on. If I move to IPv6 then my "internal" network address space is at the whim of my ISP.

> It's called a firewall. You want a firewall. IPv6 also has a firewall. NAT is not a firewall. NAT is usually configured as part of your firewall, but is not a firewall.

Expanding on this. NAT as deployed in most soho/residential settings requires a stateful firewall to track connections + port mapping logic.A stateful firewall is also used for IPv6 edge security and using the same basic posture (out allow, in established/related only) except the only difference is it isn't also doing an address mapping. Nobody is out there saying folks should run a wide open IPv6 edge, and as far as I'm aware no one is shipping IPv6 ready consumer routers that do that (but I'm prepared to be proven wrong in the responses).

"What happens when multiple devices in your /8 want to listen on port 80 and 443 on the public address?"

This is a feature not a flaw. The average person doesn't have anything acting as a server, and that's a good thing, because the only servers they'd have would be embedded garbage in poorly maintained or completely abandoned IOT devices with incompetent code that should not be publicly exposed, ever, in anything but a call out model.

You're not wrong, yet there's still no compelling reason to make an extra effort to switch to ipv6 when the limitations of ipv4 don't personally affect you.

> What happens when multiple devices in your /8 want to listen on port 80 and 443 on the public address? Only one of them can. Now you're running a proxy.

I want to be running a proxy in that scenario, because I don't want any of it accidentally exposed.

> It's called a firewall. You want a firewall. IPv6 also has a firewall. NAT is not a firewall. NAT is usually configured as part of your firewall, but is not a firewall.

Yes, but it's arguably helpful to have configuration mistakes still leave your internal network unexposed. It's harder to accidentally expose resources when your ISP won't route to them.

> > - My ISP gives me a /64, what am I supposed to do with that anyways?

> What are you supposed to do with a /8? Do you have several million computers?

Except you can subnet an IPv4 /8. You can't subnet an IPv6 /64. For whatever stupid reason, and despite having 18 quintillion available addresses in a /64, you can't actually do anything useful with it other than yeet a bunch of devices on the same LAN segment.

(At least on pfSense, and when I looked into it some, that's apparently IPv6 design for some reason)

>What happens if your ISP changes your IPv4 address?

Absolutely nothing, because the private IPs behind the NAT are agnostic of the public IP.

> > - My ISP gives me a /64, what am I supposed to do with that anyways?

> What are you supposed to do with a /8? Do you have several million computers?

The /8 was for private addresses, so "free" and uncontested, while the /64 is a public resource. Looking at it as extraneous or over provided is understandable IMHO, even if mathematically it's not supposed to get depleted.

At least it's not doing anything helpful for OP.

NAT is way harder to screw up than a firewall, especially in cases where the defaults were left untouched. Also what the other commenter said about your internal addresses being at the mercy of the ISP.

> DHCPv6

Not supported by >50% of mobile devices

DHCPv6 sadly has the Android problem.

TLS SNI routing has fixed the multiple authorities listening on one IPv4 address port 443.

Most ISP’s implement IPv6 by using the single IPv4 address as a v6 prefix. This results in the entire LAN needing to change local addresses every time the public IP changes. In practice this means a single brief power outage causes hundreds of devices to break instead of none.

Generally speaking ipv6 is useless for most home network users.

Overlapping 10/8 with corporate networks is not a problem, wireguard has solved this in all cases I’ve run into.

  > It's called a firewall. You want a firewall. IPv6 also has a firewall. NAT is not a firewall.

> > - What happens if my ISP decides to change my prefix ? How do my routing rules need to change? I have no idea. > > What happens if your ISP changes your IPv4 address?

To my internal net: nothing. All my internal addresses stay the same. All my firewall settings remain the same. Just to the outside world I come from elsewhere (which is good for my privacy, not sufficient obviously, though)

However if my IPv6 prefix changes all my IP based access control, which is a layer I use to limit what Internet of Shit devices can do, breaks. I could go to fe80 addresses for my local network, but those won't work across different network segments.