Follow

When I was a child it could be expensive to call people on the telephone outside your local area (which was free), and very expensive to call internationally. But there was a universal addressing and exchange system by which every phone could (in theory) call every other phone. Could we get back to that using lifetime IPv6 addresses as phone numbers, and what would be the privacy implications (if any)?

@strypey Do you mean literally? Why would you want to call a device and not a person?

@digicana because computers make more sense than most people ;P But seriously, the internet today works a bit like a "party line", which was a situation where everyone in your street shared a single phone line, with a single phone number. People had to take messages for their neighbours, or run up and down the street telling them to pick up their phone. ISPs only assign one IP address per customer (household, office etc), not per device, and using DHCP, so it can change at random.

@strypey I think the main deterrent to that is going to be the ISPs who seems to consider internet to the house as a service of consumption rather than distribution.

Right now, at least in the US, if you want static IPs and all ports unlocked for home hosting you're looking at needing a business line/contract service. The price these day's isn't that bad, but it's still more than "consumer" internet.

That way they can pocket some extra cash off of those of us who actually want to use the Internet as intended instead of just an alternative to TV.

So even if you could just assign each house 100 static IP addresses to do with as you wish, they'll rotate them every couple of months to keep you from actually using them.

@lordbowlich the ISPs adopted their current model because of the shortage of IPv4 addresses, and stuck with it because of the capital costs of upgrading their entire infrastructure to IPv6. I agree many of them also cling to it because extra profits can be extracted by doing so. But I think it's conceivable a brave vanguard of ISPs offering stable IPv6 addresses could outcompete and change the norm, just as we've seen unmetred internet gradually beat out charging per minutes/MB.

@strypey first of all, you're supposed to get not one IPv6, but a whole /56 prefix, i.e. 2^(128 - 56) addresses.

Now, there are two kinds of address pools: Provider Aggregatable (PA) and Provider Independent (PI).

PA prefixes are parts of a larger prefix owned by a particular ISP, which means that the ISP can aggregate them - they can announce their larger prefix to other ISPs, instead of announcing each customer's prefix separately. This makes for orders of magnitude fewer entries in the Internet's global routing table, and is essential for the Internet to scale.

OTOH if you have a PI prefix, it belongs to you, and you can take it to any provider and announce it through them... but:
- PI prefixes are expensive
- you need to apply to your RIR (regional internet registry, like RIPE, NANOG, etc) in order to get one
- the application needs to be sponsored by a LIR (i.e. an ISP who is a member of your RIR).
- it probably won't work on a customer-grade internet connection, you'll either need a BGP-enabled connection, or arrange with your ISP that they announce your PI prefix for you.

@strypey I'm not an expert on it, never done any of that, but I guess some people like @phessler @nihl or @aag know more about this stuff.

@Wolf480pl @strypey You explained it pretty well, you can also become a LIR and get an IPv4 /20 and an IPv6 /48, if you can justify it (at least that's how it works with the RIPE).
The thing is, going that way is costly, both in time and money, and not every one wants/can announce one or multiple prefixes. It would be nice if all ISPs could announce them for you and if it could work kinda like how phone numbers work today, but we're very far from that right now.
In terms of privacy I don't know if having a lifetime prefix attributed to you would be much worse than what we have now. Most of the traffic is web browsing anyway and there are many ways to track you without using your IP address.

@nihl @strypey
I thought you get a /32 of IPv6 if you're a LIR...

@Wolf480pl @strypey Yeah it might be a /32 for LIRs, I probably was mistaken.

@nihl @strypey
IIRC it was /32 for LIRs, /48 for big customers, /56 for small customers.
But some VPS/dedi providers, eg. online.net, will give you a /48 no questions asked.

@Wolf480pl @strypey You're right, it's a really big one for LIRs by default, and some LIRs will lend you some of their (IPv6) space if you ask them.
@Wolf480pl @strypey (note that I'm not an expert either, I only did some research on getting my prefixes/becoming a LIR a few months ago)

@nihl @strypey @Wolf480pl an LIR at RIPE currently gets a /22 of IPv4 and a /32 (or a /29 if you can justify it) of IPv6

@strypey
So basically, you could have your own IPv6 address space for a lifetime, but if everyone had that it'd be a disaster.

@tn5421 @strypey
well, it is future-proof assuming PI address space is hard to get (which it is) and IIRC you need to have a valid reason. So stuff like "I'm running a small cloud in my town" or "I'm a local ISP and want to go multi-homed" would probably work, stuff like "I'm a random person who thinks IPv6s should be like phone numbers" probably wouldn't.

@Wolf480pl @strypey IPv6 PI is not expensive — it costs an LIR 50 euros per year of fees, but the customer has to be able to justify why they need PI

@strypey IPv6 has "lifetime" addresses, it's a function of the MAC address on the Interface. The privacy implication is that you got a single address that can track an individual device, even across different networks.

By default, most IPv6 stacks configure that address (and listen on it, if any services are listening), as well as a randomized "privacy address" that's rotated with some regularity.

@r000t that's roughly how I was thinking about it. What do you think about the details @Wolf480pl laid out here?
niu.moe/@Wolf480pl/10256320191

@strypey @Wolf480pl
Realistically, you could get a /56 from a transit provider near you, and route subnets out of that to individual places, potentially using a site-to-site VPN. There are also official parts of the spec that allow subnets to "roam"

Assigning a prefix per person, to be kept for life, seems a bit silly though. This is why DNS was invented; there's no reason for individual people to remember "my friend's prefix"

@strypey @r000t
only the lower 64 bits of the IPv6 address is derived from the MAC address. The upper 64 bits are taken from the prefix announced by a router in Route Advertisements.

So if your lower half is 1234:56ff:fe78:90ab

and your router at home has a 2001:db8:11:200::/56 prefix from the ISP, then when you're at home, you'll have
2001:db8:11:200:1234:56ff:fe78:90ab

but when you're using wifi at an train station, and the station has 2001:db8:44:7700::/56 from the ISP, and that's 5th hotspot of that train company which announces announces 2001:db8:44:7705::/64 to whoever connects to it, then your IP will be
2001:db8:44:7705:1234:56ff:fe78:90ab

@strypey @r000t
there's also a thing called Mobile IPv6 [1] which allows you to use your home IP address wherever you go, but that relies on your home internet connection being up, or at least you still having a contract with your home ISP.

The leading bits of your IP address are like an area code in phone network. But while the phone network has so much headroom it can do away with area codes and just route each phone number individually, on the Internet that would be too much overhead. You need to aggregate routes into larger blocks that go in the same general direction, or things will become very slow.

[1]: en.wikipedia.org/wiki/Mobile_I

@Wolf480pl @strypey
(yeah definitely listen to this guy, he shits all over me in this particular department)

@Wolf480pl I clearly need to do some reading up on implementation. Can you suggest a primer for a semi-literate like myself? ;)
@r000t

@strypey @r000t
See, the problem is... I tend to combine scraps of knowledge from various sources and then forget which comes from where...

I guess the wikipedia article on IPv6[1] is a nice starting point,
especially the Addressing[2] section. Then let your usual wikipedia-traversal-tab-explosion take over, though I guess the articles about addressing[3] and NDP[4] are particularly noteworthy. When you have a good overview and want more technical details or an authoritative source, you can read the RFCs Wikipedia mentions.

Also, if you're more into the how ISPs work, there's stuff like ASNs[5], Provider-Independent[6] and Provider-Aggregatable[7] address space, peering[8], etc, and also some nice CCC talks about some of that stuff, which I could try to find if you wanted.

[1]: en.wikipedia.org/wiki/IPv6
[2]: en.wikipedia.org/wiki/IPv6#Add
[3]: en.wikipedia.org/wiki/IPv6_add
[4]: en.wikipedia.org/wiki/Neighbor
[5]: en.wikipedia.org/wiki/Autonomo
[6]: en.wikipedia.org/wiki/Provider
[7]: en.wikipedia.org/wiki/Provider
[8]: en.wikipedia.org/wiki/Peering

@Wolf480pl CCC talks, yes please. I just need a digestible overview.
@r000t

@strypey @r000t
well, I don't know of any IPv6-specific CCC talks. Also, I don't know what your level is.

There's "Internet - the business side" which talks about ISPs, their policies, and relationships with each other. IIRC I watched this and it was good, but I'm not sure this is what you're looking for.

media.ccc.de/v/35c3-10019-inte

Then there's "How does the Internet work" which is a Foundations talk, which means it's meant for complete beginners. I haven't watched it, but apparently it talks about DNS, IPv4, routing, and all kinds of basic stuff. I kinda thought you know at least half of it, but you consider yourself a total beginner wrt. network protocols, in theory this should be a good start.

media.ccc.de/v/35c3-10005-how_

@Wolf480pl I'll definitely have a look at the first one. I learned all the internet protocol basics in a course I did nearly 20 years ago, so maybe it wouldn't hurt to have a refresher, and I may be in a position to absorb a level of detail that was too much for me when I was first learning it all (and a new Dad to boot, suffering from major sleep dep ;)
@r000t

Sign in to participate in the conversation
Mastodon - NZOSS

This Mastodon instance is provided gratis by the NZ Open Source Society for the benefit of everyone interested in their own freedom and sharing with others. Hosting is generously provided by Catalyst Cloud right here in Aotearoa New Zealand.