Is IPv6 actually desirable? (rfcat_vk)

Question

I've tried to follow rfcat_vk's excellent documentation of the current state of IPv6 in SFOS. And I've been feeling like I'm missing out that my ISP doesn't offer IPv6 (they've said "coming soon" for a year now, maybe more). But the more I look into it, the less benefit I see. I almost don't want it to drop at this point. 
 It avoids NAT, but NAT doesn't really slow things down and the only IPv4 workaround I'm familiar with that I need is SIP ALG (which in SOFOS appears to work well). With most all critical communications using TLS, it doesn't seem like IPv6 actually adds much for security. In fact, it seems like a security wash in some ways with ICMP becoming so critical to IPv6 working. 
 It provides a little tracking advantage with the ability to have different, changing IP addresses for each machine that communicates with the outside world. Which is cool. 
 But at a minimum, I'd have to run the XGS in dual-stack mode indefinitely. For example, I have a VPN and I may need to reach it from an area or an ISP that doesn't provide IPv6, so I'll need IPv4 for that pretty much until IPv4 is turned off in the Western Hemisphere. 
 My ISP will benefit from IPv6: smaller routing tables, etc. But it really doesn't feel like I have any real draw to get IPv6. An advantage here and there, a new adventure, but pretty much completely balanced out by disadvantages. 
 What am I not seeing? (Besides my ISP getting IPv6 and setting a deadline after which it won't support IPv4.) 
 Thanks!

rfcat_vk · Accepted Answer

Hi Wayne, 
 I am not an expert on IPv6. 
 The following are my observations as a home user and experimenter. IPv6 has built-in security which IP4 does not have (a search is required for specifics). Your ISP does not need to run CGNAT when using IPv6. My mobile phone provider has migrated to IPv6 only within its network and uses translators (whatever) to provide IP4 traffic to the greater world. 
 IPv6 NAT appears to be used when the firewall device does not fully support IPv6 features, compare the UTM with XG for example. Using your example of the VPN, if you have an external address (DNS) then the protocol should be hidden from your user and selected by the connections setup software. When your ISP/RSP moves to tIPv6 only traffic and you are in an IP4 only network then I would expect that your ISP/RSP would have translation gateway into their IPv6 network. 
 IPv6 was not designed with a NAT function, this was only added after to accommodate the lazy companies. You can accomodate both NAT and none Nat'ed traffic on your firewall. I haven't worked out how to setup hairpin in IPv6 because I don't have the ability to not use NAT. 
 Ian 
 Looking at IPv6 from an administrator's point of view, security requirement is a lot more work in configuration and management because your devices end up with at least two real addresses and a link local address unless you use static addressing. User management then comes into play to control access to the internet and application type filtering.

Is IPv6 actually desirable? (rfcat_vk)

Top Replies