- No more tradeoff between number of networks vs hosts, vastly simplifying planning in large networks. (/64 subnets gives you 10^19 networks each with effectively an infinite number of hosts.)
- Security/privacy. Try port-scanning a /64 subnet -- let me know when you're done. (BTW, that was just one network.)
- Host addresses can be encoded in the lower 64 bits, which allows for all kinds of efficiencies, like stateless autoconfiguration.
- ULA, which allows you to reserve a site-local (non-Internet-routable) address space, without an external registry, and with very high probability of global uniqueness. (Remember the time your company acquired that other company, and had to merge their 10.0.0.0/8 with yours?)
- Global unicast is a /3, which means if we screwed something up, we still have 7 more attempts (each with 10^37 addresses.)
The thing with having more bits is that it allows you to do more interesting things, without the pressures of scarcity.
Limitations are good. See the currently highly-rated top-level comment: "why can't every server get a /48 so I can perpetrate the most ridiculous waste of address space imaginable?"
The idea of 128-bit address space seems to be that people can waste it like crazy and there will still be plenty for centuries to come. But that underestimates people's ingenuity in coming up with nifty things they could do if they wasted even more address space, and with no obvious reason not to they'll do it, until we're back in the same situation. Really, one day people will be wanting a /32 so they can do something nifty, and then it'll become a common thing, and the situation will seem oddly familiar...
10 years ago I played graphically rich instant-response video games on a desktop computer with 512mb ram and 128mb video ram (and fairly powerful cpu and gpu for the time). I knew that in the coming years more memory and processing power would enable ever more detailed visuals. But I didn't know that I would use significantly more system and gpu memory than that, just to read email in a browser tab. Because why not I guess...
You forgot the one where you could use them as two 9bit/55bit fixed point numbers representing latitude and longitude and have your IP address identify where you are to within a couple of microns :-).
And computers have gotten so fast and memory so large and storage so cheap that nobody cares. I get it. During the IPV6 discussions at IETF people kept saying "but 64 bits is just twice as big as our current space, we'll run out in no time" and I kept saying "No its 4 billion times bigger". It is water under the bridge.
At some point I'm going to sit down and reason out the cost of 128 versus 64 bits (which is the inverse of 'why they are great' but more 'why they aren't great') but since I never expect that I'll get a chance to design network protocols at that level again its really just a hobby for me.
Well - realistically for many addresses 64-bits will be "device identity" and 64-bits will be "network identity", many clients set their lower 64 to the nic MAC.
Large address spaces give you more than just more addresses. There's room in IPv6 addresses to put meaningful information such as cryptographically significant identifiers. It also allows for stateless auto-configuration with ridiculously small chances of collision.
There are issues and missed opportunities in IPv6 but that isn't one of them.
I understand the argument, I just fundamentally disagree with all this "... There's room in IPv6 addresses to put meaningful information ..." part. I've never been a fan of the "IP address as the way we get the OSI object identifier concept foisted on to the TCP/IP crowd." :-)
One man's "meaningful information" is another mans "privacy leak." If I visit foobar.com and they can find out from my ipv6 address what make and model of motherboard I am running, is that really a good thing? There is a reason why MAC addresses were not included in ipv4.
The ipv6 designers seem to have hated the idea of network address translation (NAT). But a lot of people have come to depend on it for security. For example, with ipv4 my wireless router only exposes one IP address to the world, no matter how many devices are behind it. But with ipv6 in its default mode, all the devices are exposed. So if I visit evildude.com on my laptop, they will know my ipv6 address. This will then map back directly to the device (no NAT), and they can port scan me and try to do bad things to any ports I have open. You can fix this with firewalls or just with NAT, but you lose a lot of the supposed benefits of ipv6 by doing so.
I think there's a strong argument to be made that point-to-point communication is more useful for evil than for good. Most of the time when you're doing something legitimate you don't mind going through a gateway. For example, I don't need to talk to my bank's backend servers directly... I can just use their public IP address and let their load-balancer send me to some open server. But if I'm a hacker, maybe I want to target something deep inside the internal network, and ipv6 makes that easier.
> I think there's a strong argument to be made that point-to-point communication is more useful for evil than for good.
It's not true in meatspace. It's also not true in cyberspace.
> ...they can port scan me and try to do bad things to any ports I have open.
It's software that's behind those ports, and software that's the target of attack. :)
> For example, I don't need to talk to my bank's backend servers directly... I can just use their public IP address and let their load-balancer send me to some open server. But if I'm a hacker, maybe I want to target something deep inside the internal network, and ipv6 makes that easier.
...IPv6 still supports stateful and stateless firewalls. Those haven't gone away, yanno? What's more, ULA space exists for a couple of reasons. If you really want to give something a non-publically-routable IP address, creating a ULA prefix and going to town is the preferred way of doing this.
Can we please kill off this old, tired fallacy that NAT provides security? NAT is not the firewall, and nobody has ever suggest removing firewalls from home routers.
> all the devices are exposed
Please tell us which shipping IPlv6 home routers with the firewall disabled, so we can avoid their terrible products.
> So if I visit evildude.com on my laptop, they will know my ipv6 address
You must be really annoyed that you have to give Amazon a valid shipping address when you want them to ship you something. When you want to ask a remote computer to send you some data, you are going to have to tell them where to send it. If you don't want that to be your local address, use some sort of proxy (e.g. Tor).
> (no NAT), and they can port scan me
Again, stop conflating NAT with the firewall. They are totally separate features. If you only have a NAT and not firewall, you can still be port scanned if the router uses static NAT, and sometimes you can source-route packets addressed to an internal address, which most NAT-without-firewall routers will happily route to the internal network.... because you left out the part that filters packets.
Why bother? IPv4 NAT "works" right now, right? So there should be no harm in using it even if NAT provides no actual security benefits? While that's a popular belief, it isn't actually true. NAT has been and continues to be incredibly damaging to not only network-software, but also damages our freedom.
When considering how technology affects the freedom and security of the people that use it, getting rid of NAT is probably right next to "encrypt everything" as the most important change we need to make to the internet (we should have done it a decade ago). We are missing a huge amount of software that wasn't even started because you have to assume everybody on IPv4 is using a "party-line" that cannot accept incoming calls. Over two decades of network software was left unwritten.
Instead software was forced to rely on central servers with real IPv4 addresses. You see to have a lot of concerns about privacy - which is good - but advocating for an IPv6 version of NAT is the same as arguing that services should remain centralized. You are arguing that we should remove the most important feature of IP networking: that any network address can be a server, giving everybody the ability to publish without needing permission[1] from a central authority.
Unfortunately, this is an uphill fight, because far too much of the tech industry is currently finding the role of "central authority" to be very profitable[2], and so we have a lot of people that see NAT's limitations as a good thing.
