Re: Deprecating IPv6 (Re: draft-bourbaki-6man-classless-ipv6-00)

[Lorenzo Colitti <lorenzo@google.com>]

On Sun, Jun 4, 2017 at 12:50 PM, Mark Smith <markzzzsmith@gmail.com> wrote:

> If you know IPv4, and you don't want to or don't have time to properly
> learn IPv6 (which seems to be one of the motivations for this draft),
> then here is the easiest way to deploy IPv6 without understanding
> IPv6:
>
> 1. Take your IPv4 address in IPv4 format, leveraging your existing
> IPv4 addressing plan
> 2. Prepend it with the IPv6 GUA or ULA 96 bit prefix
> 3. Subtract the IPv4 host bits from 128 and append
>
> e.g., the resulting IPv6 addresses for 1.2.3.4/24 would be
>
> 2001:db8::1.2.3.4/120
>
> That format address is accepted on loopback when I use the Linux 'ip'
> and 'ifconfig' utilities and I can ping it, so it has passed the first
> "can I even configure it" test. If it works on other IPv6
> implementations, this way of deploying IPv6 while avoiding learning
> IPv6 could easily become popular because of its simplicity.
>

Exactly. Realistically, the only reason this is not a widespread practice
is that some OSes do not support DHCPv6.


> (Actually, stateful DHCPv6 can introduce them - OpenWRT supports it
> and uses the same sized IID range for DHCPv6 as it does for DHCPv4
> addresses. Until I recently worked out how to turn it off (because
> that isn't obvious either), my Fedora hosts with wonderful RFC4941 and
> EUi-64 global addresses via SLAAC also had global IPv6 stateful DHCPv6
> addresses from within a range of 100 addresses.)
>

That sounds *really* bad for privacy and security. With end-to-end
connectivity, it's trivial to scan the first 255 addresses and find all
hosts on the subnet very quickly. Steven, are you the DHCPv6 maintainer for
openwrt? Were you aware of this?