@paulehoffman @b0rk @spamvictim @andy

3) Having limited #IPv4 address can be really painful in cases where you need structure. For example, firewall rules and route table entries often want to work with prefixes. Each entry consumes resources against a limit (max number of FW rules, FIB/RIB/TCAM space, etc). Limited address space means things end up fragmented even with planning. This means ACLs are often for individual IPv4 /32 addresses, or routes are for small /24 subnets (whose sizing is a trade-off between inefficient use of a valuable resource and having lots of fragmented tiny subnets). This also means that as things scale up and you hit a subnet or reserved-for-ACL prefix size, you need to add another one or get stuck. I spend a disproportionate amount of my time trying to navigate this hell in IPv4 land to balance resource usage and scale.

In #IPv6 many of these problems go away. You can just assign a large enough prefix to a site to have confidence that you won't need to add another for a few years if ever. And you can create prefixes for use in firewall rules and ACLs and then rarely-if-ever need to update them.

@paulehoffman @b0rk @spamvictim @andy

2) Limited Public #IPv4 address space forces most organizations into CGNAT. This has lots of challenges (shared IP reputation, scaling/reliability/perf issues, etc). Those NATs can be fairly costly to operate as well. This also makes troubleshooting hard (eg, if a compromised or broken client is behind a NAT, it can be hard to chase the problem down and it can have impact to all of the other users behind that IP).

(Viet Nam has actually been making some great progress with their #Ipv6 transition and unlike some countries just talking about it, they seem to be following through so far: https://blog.apnic.net/2025/08/27/modernizing-viet-nams-internet-infrastructure-security-action/ )

@paulehoffman @b0rk @spamvictim @andy

There are many angles here, so I'll provide one or two.

1) Having a large amount of IPv4 space made address planning and structured addresses easy. For example, MIT used to split up 18.0.0.0/8 in a structured manner -- for example buildings often got a /16. My undergrad dorm didn't *need* 64k IPv4 addresses, but being able to look at the second octet to know where it was turned out to be super convenient.

This is actually one of the huge benefits of IPv6, especially when people treat it as its own things rather than just as "bigger IPv4". If you get you address plan right then you can have structured addresses. As a large scale operator this turns out to be super convenient.

For example, if an organization has a /32 then they can slice this up in various ways. For example:
* Have a /48 per site, and then have common structure within each site.
* Have a /36 per function (prod servers, lab/QA, clients, etc) then have a /48 per site within that.
That sort of structure makes IPv6 addresses actually easier to work with than IPv4 -- it's not like anyone managing a network with hundreds of thousands of nodes is typing IP addresses by hand or memorizing them.

While structured addressing sometimes happens in RFC1918 space (eg, for K8s clusters in net-10), it is much easier to run out of space in IPv4 this way in ways that get you stuck, especially if you ever need to connect multiple environments together. While 24M addresses in 10.0.0.0/8 sounds like a lot, it turns out to be not big enough for structured addressing in large compute environments, or even for unstructured addressing for large ISPs with many tens of millions of subscribers.

#IPv4 #IPv6

@worstprgr @leyrer ich schwing' einfach #Banhammer, denn es ist für Angreifer teurer und langsamer neue IPs zu bekommen als für mich diese zu sperren!

• Notfalls block' ich #IPv6 wenn da zuviele herkommen und mach' #IPv4-only!

#sarcasm #shitpost #WorksOnMyMachine #WorksOnMyNetwork