Biggest one for me personally is that my current ISP doesn't give stable prefix. Power outages or firmware updates requiring a router reboot thus can cause the PD to be changed and potentially break firewall rules that are sensitive to the PD. In an absolute worst case, it also means that none of your hosts can reach the internet anymore if for whatever reason they're not updated of the prefix change.
No, the ISP is not supposed to that. But I don't see them changing this behavior any time soon. Yes there are ways to mitigate (ULA, mDNS, DNS, DHCPv6, etc) but now you're introducing additional complexity that didn't exist before into the network when I keep hearing how Ipv6 is supposed to reduce complexity. And IPv6 is complex enough to make my head spin without considering those workarounds.
Other issue I can think of off the top of my head is how to deal with an organization that would requires multi-WAN fail over or load balancing? The only solutions I've see thus far are far beyond my level of skill and budget. I assume also that there's similar problems when asking about a load balancer between multiple gateways to the internet.
This is the same reason I don't even bother with anything more than basic ipv6 internet access on my home network. I've made some attempts with using ULA but I could never get it to work right, even after multiple attempts.
I wish there was something in the ipv6 standard that allowed referencing an ipv6 without the prefix on your local subnet (ie: :::10a1:da35:2f4d:3cfc). So you could do all your internal networking with the consistent suffix and just deal with the changing prefix the same way we do with a dynamic ipv4 addresses, dynamic DNS. I'm certain there's a reason something like this couldn't be possible but it just seems like something along these lines is missing.
>I wish there was something in the ipv6 standard that allowed referencing an ipv6 without the prefix on your local subnet (ie: :::10a1:da35:2f4d:3cfc).
That's what the link-local address on your interface is for.
Yeah, there are a lot of situations where NAT is actually preferable. Not everyone is going to need inbound ports, and the stability you get by having internal addresses is a feature, not a bug
Tie all your network config to your IP space provided by your ISP and now suddenly it's a pain to migrate to a different ISP
Or, if you want to carry your own IP space, now you have the administrative overhead of managing that (and, now you have to go with higher-end business internet service that may be more than you need, just to support bringing your own IPs)
I feel like if you want a robust ID for your machines, using DNS instead of hardcoded IP adresses is a better idea. That way you can move services from edge to cloud and vice versa with a single nameserver update, instead of having to do so on every single edge.
Or, if you want to keep things local, run a lightweight nameserver on your LAN to resolve .home or .lan domains. Much nicer to type fridge.home in your browser than 192.168.1.57 or some such.
>Yes there are ways to mitigate (ULA, mDNS, DNS, DHCPv6, etc) but now you're introducing additional complexity that didn't exist before into the network when I keep hearing how Ipv6 is supposed to reduce complexity.
ULAs are neither "additional complexity" nor "reduced complexity" compared to IPv4 NAT - they're the exact same. Both require you to decide on a private prefix, set up DHCP / DNS / static IPs within that prefix, and set up translation for that prefix.
>Other issue I can think of off the top of my head is how to deal with an organization that would requires multi-WAN fail over or load balancing?
You're talking about using NPTv6 with ULA's. Remember, IPv6 is explicitly designed to allow having multiple addresses on an interface - you can have a ULA for internal connectivity and a GUA for everything else.
This is the situation I settled on for my home, because having redundant ISPs means a lot of headaches and I obviously do not qualify for a PI allocation. Every machine on the network gets a ULA address that remains stable, and to deal with ISP failover I have a script on my Mikrotik router to change advertised prefixes when the primary ISP goes down.
Took more work than my v4 NAT setup, and I hope more network vendors build-in support for the WAN failover bit in particular because every consumer/prosumer kit I've used does absolutely nothing for v6 traffic (I literally could not have done it without Mikrotik scripting or rolling my own router because no off-the-shelf distro like opnsense/m0n0wall/etc have support for this).
Biggest one for me personally is that my current ISP doesn't give stable prefix. Power outages or firmware updates requiring a router reboot thus can cause the PD to be changed and potentially break firewall rules that are sensitive to the PD. In an absolute worst case, it also means that none of your hosts can reach the internet anymore if for whatever reason they're not updated of the prefix change.
No, the ISP is not supposed to that. But I don't see them changing this behavior any time soon. Yes there are ways to mitigate (ULA, mDNS, DNS, DHCPv6, etc) but now you're introducing additional complexity that didn't exist before into the network when I keep hearing how Ipv6 is supposed to reduce complexity. And IPv6 is complex enough to make my head spin without considering those workarounds.
Other issue I can think of off the top of my head is how to deal with an organization that would requires multi-WAN fail over or load balancing? The only solutions I've see thus far are far beyond my level of skill and budget. I assume also that there's similar problems when asking about a load balancer between multiple gateways to the internet.