• bfg9k@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    I’m curious how you normally deploy since there’s a couple of ways to do it, I’ve mostly dealt with requesting a number of prefixes from the upstream router and delegating to each subnet/VLAN as appropriate, and each time I’ve done it it’s been a breeze

    Even if you need static addressing you can just set it manually and DAD will handle it if it ever conflicts with a DHCP address, at least in my experience

    • DefederateLemmyMl@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      It’s when you have to set static routes and such.

      For example I have a couple of locations tied together with a Wireguard site-to-site VPN, each with several subnets. I had to write wg config files and set static routes with hardcoded subnets and IP addresses. Writing the wg config files and getting it working was already a bit daunting with IPv4, because I was also wrapping my head around wireguard concepts at the same time. It would have been so much worse to debug with IPv6 unreadable subnet names.

      Network ACLs and firewall rules are another thing where you have to work with raw IPv6 addresses. For example: let’s say you have a Samba share or proxy server that you only want to be accessible from one specific subnet, you have to use IPv6 addresses. You can’t solve that with DNS names.

      Anyway my point is: the idea that you can simply avoid IPv6’s complexity by using DNS names is just wrong.