So what is IPv6 and why should you care? IPv6 is intended to be the successor of IPv4 and most people know it for the very large address space. However, it has many other benefits as well and is worth learning for self hosting purposes.
IPv6 features
Huge address space
With IPv6, you no long need to be concerned with the limited address space of IPv4. In IPv6 land devices can have many different IPv6 addresses. You can have a different IPv6 address for each service and with the privacy extensions you can have a different IPv6 addresses for each outgoing connection on your computer.
Simplified subnetting
In IPv6 land everything is done via prefixes. An IPv6 prefix is simply the first half of the address which is used in routing to send traffic where it needs to go. A prefix is typically assigned to a vlan and the prefix is then delegated to all devices in that vlan. Because each device can have multiple addresses you can have each device get a public address and also a private address. A prefix is a /64 and if you want multiple prefixes you can get something like a /56, /48 or /32. (CIDR notation) To get a prefix from an ISP you use something called DHCPv6-PD. This is a lot like normal DHCP but it requests one or more prefixes from your ISP.
SLAAC (Stateless address autoconfig)
With SLAAC, devices pick an address and then verify it isn't duplicated. From there a router will send out a RA (router advertisement) which tells the device what prefix to use. The device then drops the link local prefix and replaces it will a public prefix. The major benefit of this is that you no longer need to keep track of DHCP leases. SLAAC allows networks to self assemble without much setup.
IPv6 security and privacy
IPv6 still needs a firewall to be secure. You should not expose things to the internet without properly securing them and anything that is publicly accessible can be compromised. IPv6 also can create major privacy issues since each device has a public IP. SLAAC and the privacy extensions help a lot as they randomize IPs which makes tracking harder. However, devices still share a public prefix so there still could be privacy issues.
NAT64 to eliminate IPv4
One of the technologies to help eliminate the need for IPv4 is NAT64. NAT64 works by mapping IPv4 address to IPv6 ones by setting a prefix that fills in the upper space of the address. To delicate this prefix to devices you can either use Pref64 or DHCPv6 opt 108. On the device applications see a working IPv4 address since the operating system translates IPv4 to IPv6 before it goes onto the network. You can absolutely keep using IPv4 and NAT64 is only for those who want to be IPv6 exclusive networks.
I think I'll die using IPv4 behind NAT along with VPN. 😂
Why?
What is the impetus for change?
The things you listed are nice but not game changing for most people.
Because I have to learn, understand what you wrote, probably more, and especially internalize its security implications. I currently understand all that for IPv4 and I'm confident I'm not leaving holes open when I self-host services. But of course it's probably a good idea to learn and use IPv6. It's just not free and when you have existing infrastructure and muscle memory on IPv4, there's that much more work. If I was starting anew, I'd probably do it. It's similar with SaltStack. If I was starting anew I'd use Ansible instead.
And good luck trying to remember the IP in IPv6.
I would believe DNS is now mandatory when you want to implement IPv6?
Likely because they’re old and resist change like me?
Seriously though it’s such a shift from what I understand I’m very reticent to even start the process. I have a lab at work though that I should really start playing with it at no real risk to anything production. You know what, I’m going to do that next week! Yeah, progress.
First docker and now IPv6. I’m so cutting edge 🤣