I have a secondary Internet connection at home, that uses an extremely dumbed-down CPE — like, you cannot make ANY configuration changes to it.
To connect that network to the rest of my home/homelab network, my choices are either a) set static routes on every device on the network (assuming they even support setting any), or b) inject IPv6 routes into the network using router advertisements.*
#HowIPv6HelpedMeThisWeek (and every week for the last 2-3 years)
While I was away from home for a few days I was able to access data on a machine at home using ssh. Thanks to having IPv6 both at home and in the place I was staying this worked without needing to mess with fragile NAT or port-forwarding setups.
And another #HowIPv6HelpedMeThisWeek (from another week) related to this toot, I have a BIND nameserver in my homelab with 112 views (for shenanigans reasons), and I can't expose that construct to the internet without either #IPv6, or some truly hideous port-based NAT hijinks (which, ugh, no thank you).
(And worse: I actually have two of them now. 😂)
https://mspsocial.net/@jima/114354031715285418
@becomethewaifu@tech.lgbt @jana@social.jsteuernagel.de Plus, if you actually needed to reach something over the tunnel that's stuck IPv4-only, there's always NAT64. 😀 (And here we hint at the only context in which I like DoH: the ability to make one browser use DNS64, but not force the rest of the operating system to also use it.) #HowIPv6HelpedMeThisWeek (but it was a different week)
@becomethewaifu @jana Plus, if you actually needed to reach something over the tunnel that's stuck IPv4-only, there's always NAT64. 😀
(And here we hint at the only context in which I like DoH: the ability to make one browser use DNS64, but not force the rest of the operating system to also use it.)
#HowIPv6HelpedMeThisWeek (but it was a different week)
I'm running some experiments on domain name discovery (mostly in the context of arbitrary third parties scanning for vulnerabilities), and the only way to be sure that the potential threat actor didn't just happen upon the target IP in question through dumb luck is by using an IP address that can't be scanned by brute force, has never been used before, and is not initiating outbound traffic.
A lingering problem I had was my Wireguard tunnel for client devices.
I have multiple times added some subnet and then had to individually add it to the allowed IPs on each device. I didn't want to just preemptively forward the entire 10.0.0.0/8 block, because that would be asking for trouble.
Now it just dawned on me that if I only use IPv6, that problem is gone. Not once did I have to change the v6 prefix, because I can easily leave enough room to grow.
Thanks to IPv6 I can route an IP prefix to my laptop and use it for developing software in Docker containers. The software can use this to connect to a database hosted at a cloud provider which is shared with other developers.
Since there is no NAT I don't have to worry about TCP connections stalling when the NAT times out connections.
For security the database is protected using both an IP whitelist and TLS certificates for both client and server.
A website I manage has been subject to some port scans and subsequently a management interface on a separate port number has seen password brute force attempts.
Since IPv6 gives me enough addresses I have moved the management interface to a different IP address.
IPv6 has so many addresses that scanning all of IPv6 address space is not feasible. So scans use other methods such as scanning known domain names.
If you have multiple domain names pointing to your host they don't all have to point to the same IP address.
I am considering the idea of writing a weekly post #HowIPv6HelpedMeThisWeek giving one example of something useful IPv6 has done for me in the past week.
I am aware that it may be challenging to come up with a novel example each week. And really it does not necessarily have to be novel in order to count. Doing the same useful thing each week is still useful. But the posts will obviously be more interesting, if I don't repeat the same thing week after week.
It may also be challenging to notice each time IPv6 does something useful because we tend to notice things which are broken rather than things which are working. And IPv6 just working is the experience I have most of the time when connected to networks with native IPv6.
It would probably have been easier to come up with a weekly post about how IPv4 annoyed me in the past week. But if I want to make this a regular thing, I should focus on the positive things and not turn this into IPv4 bashing.
The hashtag is of course not only for me to use. I am not the only person who have had positive experiences with IPv6.
Jima 
kasperd
Jana
goetz 🚲