Dual Stack home network pros and cons

Tech9

Part of the Furniture
Here, let's discuss the pros and cons of dual stack IPv4 and IPv6 home network.

I personally have IPv6 disabled on my firewall for easier control and security reasons. My ISP provides 2x external IPv4 addresses as well as 4x IPv6 addresses. I would like to hear the benefits of running dual stack on a home network with examples, if possible. Thank you!

@AntonK, @heysoundude, @jsbeddow, @CriticJay, @joegreat, @Clark Griswald, @SomeWhereOverTheRainBow, @GHammer, @Frank Monroe, @iJorgen

Below is what I found in my personal tests with IPv6 enabled on RT-AC86U (Asuswrt 386.45956) and RT-AC1900P (Asuswrt 386.45987) routers, freshly reset and configured manually, using TekSavvy ISP on Rogers Cable in Canada:

IPv6 connectivity score here
Potential benefits listed here
Potential drawbacks listed here

Wishing everyone all the best in 2022!

ips_fight.png
 
Last edited:

geobernd

Regular Contributor
I need IPv6 here in the US to connect to my parents network... Thankfully Comcast has native IPv6 so I am running full IPv6 and IPv4 here...
In Germany 1und1 only offers native IPv6 and does Carrier grade NAT for IPv4. I believe all new connections from T-Mobile are also IPv6 only....
 

Tech9

Part of the Furniture
I need IPv6 here in the US to connect to my parents network...

Your parent's ISP is using CG-NAT IPv4 addresses, I guess. Connecting to another network with no IPv4 external address is a valid reason, but how do you secure your own IPv6 devices and how do you prevent IPv6 leaks on VPN and DNS? OpenVPN in Asus routers was IPv4 only just a month ago.
 

geobernd

Regular Contributor
Correct on the parent's ISP.
Hmmm - Good question on my own security. I am assuming (maybe naively?) that my Asus Router Blocks all unsolicited IPv6 traffic like it does for IPv4....
 

Tech9

Part of the Furniture
The firewall is there and the number of IPv6 addresses is universe big for targeted attacks or scanning devices. My question is how do you make sure your traffic goes strictly through VPN tunnels and not around them and your DNS requests are made to services you prefer only? How do you feel about precise user profiling when your IPv6 devices connect straight to Internet? Your ISP for example can now see all your IPv6 devices, not just traffic coming from one IPv4 address. They see what devices you are using - iPad, iPhone, laptop and what brand it is, etc. Your IoT IPv6 capable devices connect straight to servers all around the world and identify themselves as IP camera, doorbell, smart switch, etc.
 

heysoundude

Part of the Furniture
like they said in the intro to the old TV show The Six Million Dollar Man, "we have the technology...we can rebuild (him)". Then there's The Matrix movies...

Is there a way to tell whether I'm seeing more traffic on the v6 side than the v4 side? Everything on my network has both addresses.
My speedtests of v4 vs v6 are inconclusive - sometimes v6 is the clear winner, sometimes it's a tie

As far as opsec/firewalling - as you may remember, I run unbound for DNS, and I believe that offers a certain privacy protection. I think that diversion also plays a part in that, as does my choice of browser, brave. beyond these, it's simply a matter of the Asus firewall (I may get back to SkyNet) and hoping to be a grain of sand indistinguishable from others on/in the IPv6 beach/desert, and I hope that the general whirlwind of the internet as a whole keeps my grains of sand in suspension and moving. This is why I encourage others to jump on board with v6 - adding more activity to hopefully further obfuscate my presence - but also to drag the users of internet technology further into the future (especially in our country - I feel we're somewhat behind, or shielded somehow)

I do know that I'm going to try to get a WireGuard Server peer working on my router for the devices that leave wifi here at the compound to connect back to the compound for the perceived security of the features I've listed - a personal VPN with endpoints in my control.

I also believe that like other countries, IPv6 will be ubiquitously preferred sooner than later - and it seems that Japan has figured out a way to roll out High Speed Internet service easily/quickly (they promised us world class affordable and accessible internet an election or 3 ago here) with IPoE, which is v6 only (as is wireguard iirc -it encapsulates v4 traffic in a v6 tunnel/protocol where possible as I understand it)...so maybe simplicity and elegance and security all rolled into the protocols and embedded in the kernel is what appeals?
 
Last edited:

CriticJay

Senior Member
One thing that might be interesting to the folks in this discussion (and respond to heysoundude's question) is a Chrome extension called "IPvFoo" which actually shows whether your current web page in Chrome is using IPv4 or IPv6. Or even which elements of that site are using one protocol vs the other. i.e. main website using IPv6 but advertising banners being loaded from an IPv4 site.

Check it out: https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffngcegjmadlcijfolapggal?hl=en

Personally, the only 2 entities which I have found to consistently use IPv6 is Google Inc. and Facebook Inc. (including Facebook's subsidiaries like WhatsApp).
Pretty much any other website I go to (even other Big Tech sites like Amazon, Microsoft) are a mixed-bag of IPv4 + IPv6 requests.

Obviously this is speaking from a website / web application perspective.
 

CriticJay

Senior Member
but also to drag the users of internet technology further into the future (especially in our country - I feel we're somewhat behind, or shielded somehow)

Canada / Canadian ISPs aren't in any danger of running out of IPv4 addresses anytime soon, so don't expect us to try to become another Japan in terms of IPv6 adoption

My signature is out of date; currently I have dual-stack enabled on my Teksavvy/RCable connection - but that's more for "fun" and to "play with" rather than actually use.
In other words, I have IPv6 disabled on my mother's router.
 

sfx2000

Part of the Furniture
Depends on the network hardware (e.g. router, modem, etc)...

I've been running dual stack for years...

Interesting note - TMobile's Home Internet Modems - they are IPv6 first (and only), and they use 464XLATE for IPv4 support - to the outside world, it looks like CGNAT, but it is not - and IPv4 is much slower on the service than IPv6...

All the major client OS's are good with IPv6 these days.

The providers - there are still inconsistencies there - so what works with one carrier might not work with another...
 

Tech9

Part of the Furniture
@heysoundude, with IPv6 disabled you can do exactly the same thing without I think and I hope part. If you have one of those Rogers modem/routers in bridge mode, LAN ports 3/4 provide IPv6 address only. Plug in your router there and see how much your network depends on IPv4. In Canada, you have opened just another path in/out of your network with own issues you have to deal with. There is no speed benefits, just the opposite - your DNS queries may be delayed as a result. What Diversion, Skynet and AiProtection are doing with IPv6 enabled? I don’t know. Do you know?
 

Wistuplu

Regular Contributor
The title says "pros and cons".
My 2cts. IP V4 only here (on the Asus AC-86U).

My cons for V6 are my lack of skills in V6 and my lack of desire to "manage" 2 "flavours".

I have some DNS settings (for adult content filtering). I have DHCP settings with specific V4 IPs for some clients. And some homemade V4 iptable rules for "parental control". I don't know how to "duplicate" that in V6. And no desire to learn that for now.

FWIW, my provider, in Belgium, has V6 enabled by default on the modem-router.
 

Tech9

Part of the Furniture
I will be good for everyone enabling IPv6 on Asus routers to know what happens with:

- AiProtection
- Parental Controls
- Adaptive QoS
- DNS Filter
- URL Filter
- Network Services Filter
- VPN server/client
- Guest Network
- AiCloud, Media Server, Samba, FTP share
- NAT acceleration

And to add complexity in Native and Passthrough mode behind another router.
Someone with more Asuswrt knowledge, please share the details. This way we can assess better the pros and cons.

Inviting @RMerlin, @john9527, @Jack Yaz, @thelonelycoder, @Martineau, @ColinTaylor, @eibgrad, @dave14305 to the conversation.
Thank you!

So far people who need IPv6 enabled are:

- accessing devices behind CG-NAT routers
- playing the same game on multiple consoles
- using ISP with IPv6 support only
- living in countries with limited IPv4 available addresses
 

SomeWhereOverTheRainBow

Part of the Furniture
I will be good for everyone enabling IPv6 on Asus routers to know what happens with:

- AiProtection
- Parental Controls
- Adaptive QoS
- DNS Filter
- URL Filter
- Network Services Filter
- VPN server/client
- Guest Network
- AiCloud, Media Server, Samba, FTP share
- NAT acceleration

And to add complexity in Native and Passthrough mode behind another router.
Someone with more Asuswrt knowledge, please share the details. This way we can assess better the pros and cons.

Inviting @RMerlin, @john9527, @Jack Yaz, @thelonelycoder, @Martineau, @ColinTaylor, @eibgrad, @dave14305 to the conversation.
Thank you!

So far people who need IPv6 enabled are:

- accessing devices behind CG-NAT routers
- playing the same game on multiple consoles
- using ISP with IPv6 support only
- living in countries with limited IPv4 available addresses
While I can see the benefit for some, and the necessity for others, if one is to use ipv6, it is much better on newer Linux kernels with better security/ kernel features enables. For the average home user that doesn't need it, then it doesn't necessarily need to be turned on. For those that game or have devices that do not efficiently make outbound connections over ipv4, ipv6 can be a dream especially on networks that have alot of such devices. Like any thing if it is not needed, why turn it on.
 

Tech9

Part of the Furniture
it is much better on newer Linux kernels with better security/ kernel features enables

I see many folks in Asuswrt-Merlin beta thread run IPv4/IPv6. If something about IPv6 is broken in Asuswrt, they must know.
 

SomeWhereOverTheRainBow

Part of the Furniture
I see many folks in Asuswrt-Merlin beta thread run IPv4/IPv6. If something about IPv6 is broken in Asuswrt, they must know.
I wouldnt say broken, more so lacking due to older kernal/ older implementations that lack certain capabilities that newer kernels allot. For this, whenever asus attempts to offer up something new for ipv6, it seems to break more than helps.
 

Christos

Regular Contributor
Let's say that I connect to 500 servers each day, for mail, web browsing, gaming etc
How many of them use IPv6? I believe only those who are behind cloudflare, do. So, I have disabled IPv6 for practical reasons.
If I enable Ipv6 only without Ipv4, internet will be unusable.
 

SomeWhereOverTheRainBow

Part of the Furniture
Let's say that I connect to 500 servers each day, for mail, web browsing, gaming etc
How many of them use IPv6? I believe only those who are behind cloudflare, do. So, I have disabled IPv6 for practical reasons.
If I enable Ipv6 only without Ipv4, internet will be unusable.
The only way I would see a percieved benefit was if the Servers you were connecting to only used ipv6 on the other end, or your outbound ipv4 was already congested to the point making it practically impossible to achieve adequate connection on additional connections.
 

CriticJay

Senior Member
Let's say that I connect to 500 servers each day, for mail, web browsing, gaming etc
How many of them use IPv6? I believe only those who are behind cloudflare, do. So, I have disabled IPv6 for practical reasons.
If I enable Ipv6 only without Ipv4, internet will be unusable.
On a dual stack network, all of your connections to Google and Facebook properties should be pure IPv6. As I mentioned earlier in this thread, they're pretty much 100% IPv6.
 

Tech9

Part of the Furniture
I don't use dual stack for number of reasons:

- IPv4 is well known, understood and predictable
- the limited number of IPv4 addresses has a working solution
- NAT is a small inconvenience, but also a layer of extra security
- IPv6 security has to be applied separately on routers/firewalls
- I would like my devices communicating with my router/firewall first
- I can remember easily 192.168.1.24, but not 2001:db8:1::ab9:C0A8:102
- IPv6 address contains fingerprinting/identifiable information
- IPv6 has multiple different implementations
- IPv6 supports encryption, but it wasn't made mandatory
- DNS queries to multiple servers may impact user experience
- there is no measurable network speed benefits with dual stack
- IPv6 scanning technics were invented, the address is predictable
- IPv6 adoption is low, we are fixing something not broken yet
- IPv6 global traffic data is incorrect, it's mostly server-server

Google/Facebook live on ads. They have to make sure the ads come to users' screens. Most users run IPv4 only. Google/Facebook problem. ;)
 

Tech9

Part of the Furniture
For this, whenever asus attempts to offer up something new for ipv6, it seems to break more than helps.

This is the major concern - we don't know what's broken. I did enable IPv6 on AC86U router yesterday to test, stock Asuswrt firmware. The router is in double NAT behind my ISP router, so IPv6 Passthrough configuration. OpenDNS IPv4 servers, OpenDNS IPv6 servers. The syslog was filled immediately with "kernel protocol 0800 is buggy", non-stop. I had to Google to find how to stop it. Turns out NAT acceleration is the issue. With NAT acceleration disabled the syslog is quiet. I don't know what exactly is buggy. Now I have a Gigabit router limited to 300Mbps WAN-LAN with IPv6. :rolleyes:
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top