This is actually something where you are often better off outside of cities. The areas serviced by newer providers who are using the government grants to offer fibre to places without it and are actually running new fibre tend to offer much better prices and speeds.
E.g: One of them offers 900Mbps symmetric for £40/month (with a deal for £30/month for the first year). Meanwhile the legacy providers via OpenReach will only give you 700 down/100 up for more money, and require a two year contract.
The only real downside is most of them will CGNAT you, but most do offer IPv6 too, and mine offers a static IPv4 for £5/month more.
The 10 phone sockets are pretty unlikely, true, but 0 Ethernet? Probably more common than not. If anything, modern builds are doing less ethernet than ever because they assume everyone is just using WiFi.
Ah yeah I quoted too much. I meant the phone sockets thing. Zero ethernet seems to be the norm still unfortunately because most people do just use WiFi.
When looking at new build houses a year or two back (in the UK), I saw some stuff that made no sense to me: they installed some by default, but ran it to only the lounge and bedroom 1, the house also had a dedicated study (labelled as such by them) which did not have an ethernet run to it, and they refused to let you option in any more, very weird.
My experience with powerline is they can work well for low activity, but they all overheat if you actually use them continuously, and the advertised speeds are extremely misleading as they are before error correction (which is very significant) and for the whole network.
My guess is that the nature of them being in a power plug means that they struggle to isolate things from the mains for safety in a way that doesn't also make them hotboxes.
I didn't notice overheating, but there are a quite a few different products on the market.
The modest speed (~50MBps at my place) was then ok-ish, but the (variable!) latency of a couple of ms was annoying (it tended to break pacemaker/corosync cluster communication). And every once in a blue moon they stopped working altogether and needed to be un-plugged.
Worst, for someone interested in analogue electronics, they emit (of course) a huge amount of electrical noise into the power lines.
Except in the real world everyone is also running UPnP, so NAT is also one misconfiguration away from exposing something publicly. In the real world your ISP might enable IPv6 one day and suddenly you do have a public address. Relying on NAT is a bad idea because it's less explicit, a firewall is saying you only want to allow these things through, of course nothing is perfect, you can mess up, but NAT is just less clear, the expectation is not "nothing behind NAT should ever be exposed", it's "we don't have enough addresses and need to share".
Sure, and that's fine, but relying on it isn't, and it isn't a reason not to use IPv6 (if you want namespacing, there are tools for that outside hiding behind a single IPv4). Hence the advice is not to rely on NAT.
This is people talking past each other, and to be fair, saying "everyone" in my post made it unclear, I was being glib in response to "because that's not what people run IRL", when evidently people do, I've seen it happen.
I think this is where the disconnect is: the home users are precisely the ones being talked about, because they are the ones most likely to be treating NAT like it is a security system for their devices in the real world.
I've literally seen someone's ISP turn on IPv6, and then have their long-running VNC service compromised because they were just relying on NAT to hide their services.
That's what the firewall on your router is for. NAT might also stop someone connecting, but it's not a guarantee. You can get given a public address and be exposed, you can find out your server actually does UPNP automatically and so is exposed, etc... a firewall is more explicit and a better defence.
This is assuming NAT, with IPv6 you should be able to have globally unique IPs. (Not unique to IPv6 in theory, of course, but in practice almost no one these days is giving LAN devices public IPv4s).
> do you just scramble keys when picking an address?
No. Your ISP or tunnel broker gives you a network prefix. Then you configure SLAAC to use that prefix and hand out addresses within it. Job done.
For example, the prefix might look like 2001:470:e904::/48. Your computers can use any addresses you want as long as they start with that prefix. Since you don’t want to manually hand out addresses to every computer, you configure a router to hand out addresses via SLAAC. Your computers will use SLAAC to discover the prefix from the router, then fill in the bottom 64 bits of the address with a random number. They then ask the local network if anyone is using that full address. If not then they are done and have a working address. If somehow someone is using that address then they try again with a different random number. Servers that want a fixed address will just use their network card’s MAC address (or anything similar, if you want) instead of a random number. The protocol is the same either way.
Notice that this actually gives you some bits of your own to play with, if you want. The full address is 128 bits long. The first 48 were used by the prefix and the bottom 64 by the individual devices, leaving 16 bits in the middle. You could tell your router that the prefix for SLAAC is 2001:470:e904:42::/64, for example, and then use the other subnets for other purposes. Maybe 2001:470:e904:beef::/64 is a special subnet just for your meat freezer and associated monitoring equipment. I don't know, you get to make these things up for yourself. Maybe you manage a corporate network that has a separate VLAN for phones than for normal PCs, and a third VLAN for the guest WiFi. You can give them each a different prefix by embedding the VLAN id into the prefix you advertise via SLAAC.
There’s also DHCPv6 if you want even more control over which addresses are handed out, or you want to subdivide your network even more finely. Or if ISPs ever start handing out smaller prefixes.
> If your ISP gives you a static IPv6. Unfortunately in Germany none of the ISP for private users does (last I checked).
Sure, that’s true. But they probably don’t hand out static addresses for IPv4 either. Not without paying extra, that’s for sure. Either way if you want some static identifier for your computer(s) then the solution is the same: DNS.
Of course if you _are_ running a corporate network with a bunch of VLANS like that then you should actually get your own prefix from your RIR rather than from your ISP. Then you purchase IP transit services from your ISP rather than consumer internet access. You can then advertise your prefix(es) via BGP. Again, this is exactly what you would do for IPv4. Same software, same configuration, just longer addresses. The main advantage of this extra work is that you can keep your addresses static even if you move to an entirely different ISP. You can also use the same addresses over multiple connections to multiple ISPs for better redundancy.
This is a good overview. I think the difficulty with IPv6 is that people rely on all of the crutches invented for IPv4 as features: private addressing NATing gives you security (it doesn't) and portability (it does), IPv6 usually uses subnets per physical location making failover difficult, where as IPv4 will use bgp announcements to failover public IPs, etc. I'm not saying one way is better than the other, just that IPv6 is pretty different and people very much have a IPv4 world view.
> But come on! It is a legitimate question, do you just scramble keys when picking an address?
I did give the answer: SLAAC.
> If your ISP gives you a static IPv6. Unfortunately in Germany none of the ISP for private users does (last I checked).
Weird, here in the UK all the ones I've had have given me a static /56. Still, the same answer for that (DDNS) exist as for dynamic IPv4 addresses, you still get the advantage of not having to deal with NAT.
`attr()` is being updated to basically do that, the modern spec lets you specify a datatype and access any attribute (with some exceptions, you can't get URL types for security reasons), then use it generally.
E.g: One of them offers 900Mbps symmetric for £40/month (with a deal for £30/month for the first year). Meanwhile the legacy providers via OpenReach will only give you 700 down/100 up for more money, and require a two year contract.
The only real downside is most of them will CGNAT you, but most do offer IPv6 too, and mine offers a static IPv4 for £5/month more.
reply