
IPv6 xmas display uses 75 Internet's worth of addresses - fanf2
https://hackaday.com/2018/12/24/ipv6-christmas-display-uses-75-internets-worth-of-addresses/
======
brownbat
> Since the led wall was being flooded with inappropriate content we had to
> implement a whitelist system...

That was probably inevitable.

The last scrolling LED message I read was "Uncaught type error: Undefined is
not a function."

Is one of you out there trying to fuzz this poor tree? :)

------
walrus01
For fun, this is sort of a parody of ipv4 exhaustion counters:

[https://samsclass.info/ipv6/exhaustion.htm](https://samsclass.info/ipv6/exhaustion.htm)

I have two /29 of ipv6 and at current consumption rates they should last until
the end of human civilization.

For reference of size, a /32 of ipv6 is what any ISP can get from Arin or ripe
just for asking.

~~~
MikusR
[https://samsclass.info/ipv6/exhaustion-2016.htm](https://samsclass.info/ipv6/exhaustion-2016.htm)

~~~
devereaux
Who doesn't like fitting a power law!

------
xvilka
Sadly at the same time in many countries IPv6 is next to non-existent[1]. I
follow closely when China will adapt it, since was announced long time ago,
but seems no progress since.

[1]
[https://www.google.com/intl/en/ipv6/statistics.html](https://www.google.com/intl/en/ipv6/statistics.html)

~~~
jjpprrrr
The three major ISPs in China just deployed IPv6 in most cities, though IPv6
based routing and DNS is still suboptimal. I don't know how Google generate
the ipv6 statistics, but in the case of China it may not be very accurate.
Most Google services are blocked there.

~~~
xvilka
I live there and I don't see a change. Other, non-Google counters are also not
very optimistic.

EDIT: My bad, I just checked today and there are positive changes - all my
connections are now IPv6, mobile and fixed line. The IPv6 speed as opposing
IPv4 one is very low though...

~~~
em-bee
which isp do you have? a small local one or one of the three big ones
(telecom, unicom or china mobile)?

~~~
xvilka
China Telecom.

------
scarmig
A thought: you could address all the bits in a 1TB hard drive with 8e+12 IPv6
addresses. Meaning you could do this with up to 4.25e+25 1TB hard drives.

Someone think of something cool to do with that.

~~~
xhrpost
Twitch builds a TIFF image?

~~~
iforgotpassword
A partition table and file system first, please.

------
edoloughlin
Makes me wonder if this could be used as an obfuscated comms channel? (I'm
sure there's a term covering it, steganography doesn't quite describe it). If
you owned a bunch of ipv6 addresses on multiple ISPs, you could use the timing
of pings from these addresses as a comms protocol. You could even rotate IP
addresses and use the modulus of the address to add a layer of obfuscation.

~~~
blattimwind
Quiet hosts with an unpublished v6 address are AFAIK impossible to discover in
a better-than-linear-scan fashion from other networks (e.g. The Internet).

------
nikanj
What would be grandma-proof equivalent of the implicit firewall provided by
ipv4 NAT?

The Right Way would be to make informed decisions per-port and per-protocol,
but that's a nightmare to set up, and to maintain.

~~~
zamadatix
The "implicit firewall by IPv4 NAT" is functionally the same as:

Outbound allow Deny all

In any stateful firewall implementation. The only difference from IPv4 is the
ruleset doesn't have the NAT statement.

~~~
lloeki
Definitely.

I suppose this was meant to say "outbound allow all / (inbound) deny all".

Nitpick: please make sure ICMPv6 is allowed inbound though, else you'll get
PMTU issues among other things.

~~~
zrm
This is true of IPv4 ICMP as well. Same PMTU issues, but many IPv4
implementations fallback to allowing in-path packet fragmentation by the
routers (which IPv6 discontinued), which is less visible breakage but still
inefficient/problematic.

It's also _slightly_ more complicated than "outbound allow, inbound deny"
because you want to accept reply packets to the outbound ones, using something
like the iptables "-m state --state related,established" match.

------
progval
/r/place with ICMP as user interface/API, I love it

------
em-bee
how about a new message protocol: IP over ping. 255 addresses, each ping sends
one byte. bytes are ordered by the pings timestamp

~~~
Intermernet
Already exists

[https://en.m.wikipedia.org/wiki/ICMP_tunnel](https://en.m.wikipedia.org/wiki/ICMP_tunnel)

~~~
em-bee
that's different. that puts data into the ICMP Echo payload.

IPing packets contain no data at all, but the data byte is encoded in the
destination address

------
dishwasher1999
I remember the original IP v6 xmas tree. The one you see when you visit the
site but get redirected soon.

It is truly something that got me involved and learning networking to say the
least and what a fun way to put it accross.

This one is like 10 times more dank.

------
devereaux
It is nice because it's a xmas display, but it's nothing magic. IPv6 lets you
do many things very simply, and it can get very messy too (which is fun by
itself!)

They got a /48, and they got some inspiration. You too can get a /48 easily if
you want to play! Even if you don't get a /48, you can do some messy play very
easily.

My personal experience being messy: when I had to handle multiple containers
on one actual computer, I had enough IPv4 addresses (like A.B.C.D) to give one
per container, but just a single regular W:X:Y:Z/64 (the suggested minimum
default for IPv6, like with SLAAC, while a /56 is often better even for a home
network)

The provider wanted some insane amount of money for a decent IPv6 allocation
while usually it's the opposite, and IPv4 is expansive but IPv6 is mostly
free. I didn't want to use tunnelbroker to keep the latency low.

So I simply assigned W:X:Y:Z:A:B:C:D to each container -- because, why not?
Yes it's wasteful, but it's easy to figure out which is which!

IPv6 make many creative things possible and simpler than what the equivalent
IPv4 solution would be, simply because of space constraints.

After reading [https://blog.donatas.net/blog/2018/12/14/geodns-
ipv6-failove...](https://blog.donatas.net/blog/2018/12/14/geodns-
ipv6-failover/), among my new year resolutions is setting up a CDN using IPv6.
It's mostly to play with BGP.

~~~
qlk1123
> So I simply assigned W:X:Y:Z:A:B:C:D to each container -- because, why not?
> Yes it's wasteful, but it's easy to figure out which is which!

It makes me curious. Did you apply any service-discovery mechanism in your
IPv6-based container cluster? I wonder if IPv6 makes orchestration easier,
tougher, or actually things just work transparently.

~~~
devereaux
No, I didn't do anything that fancy even if it's what I really wanted in the
first place :-)

Full story: initially I wanted to do SLAAC with different subnets for the
different physical computers.

To do that and use the MAC address of the containers in a "standard" way, I
would have needed a larger subnet that what the provider even had for sale -
but then everything would indeed have been much easier and automatic.

In case it's not clear, imagine having W:X:Y::/48 like the xmas tree example,
then using Z to identify which physical computer the container is on: then
A:B:C:D are automatically derived from the hardware address of the (here
virtual) interface.

It's also very handy if you have multiple networks - say a wired and wireless
setup: use a different value for each network on each site say Z=1 for your
wired netword, Z=2 for your wireless, etc.

Then you can automatically populate AAAA records like
computername.connection.site.yourdomain.com. Why is it cool? Then if you need
to check connectivity or push updates or whatever, you can ping6
ceolaptop.wifi.nycoffice.yourdomain.com- but don't worry, that IPv6 address
will not be leaked if you are using the privacy additions (lft=0 aka
deprecation): this laptop will use a "throwaway" IPv6 access so it can't be
tracked (well, at least the mac address part, but good luck finding the needle
in a haystack!)

See
[https://en.wikipedia.org/wiki/IPv6_address#Stateless_address...](https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration)
: A 64-bit interface identifier is most commonly derived from its 48-bit MAC
address. A MAC address 00-0C-29-0C-47-D5 is turned into a 64-bit EUI-64 by
inserting FF-FE in the middle: 00-0C-29-FF-FE-0C-47-D5. When this EUI-64 is
used to form an IPv6 address it is modified:[1] the meaning of the
Universal/Local bit (the 7th most significant bit of the EUI-64, starting from
1) is inverted, so that a 1 now means Universal. To create an IPv6 address
with the network prefix 2001:db8:1:2::/64 it yields the address
2001:db8:1:2:020c:29ff:fe0c:47d5 (with the Universal/Local bit, the second-
least-significant bit of the underlined quartet, inverted to 1 in this case
because the MAC address is universally unique).

------
Midnightas
I'm not very experienced when it comes to such low-level networking, but I'm
curious as to how they claimed all those _contiguous_ addresses. Is there some
fundamental difference between IPv4 and IPv6 that let's you do this?

~~~
Dagger2
Not as such, it's just that v4 is so small that most ISPs don't bother to give
routed prefixes -- or rather they can't, since there aren't enough addresses
available to do so. In v6 it's typical to get something like a /56 from your
ISP, which is 2^(128-56) = 2^72 addresses.

(v6 also has a protocol, DHCPv6-PD, to manage prefix delegations
automatically, whereas v4 requires manual config or some custom mechanism.)

You could argue that the difference between 2^32 and 2^128 is big enough to be
considered a fundamental difference.

(Also: "lets".)

------
jsjohnst
Anyone have details on how they did the networking part of this?

I can think of several approaches (all using a single PC for all the IPv6
addresses), but curious which they chose.

~~~
zamadatix
This is a PDF presentation from how the original tree worked in 2016
[http://mum.mikrotik.com/presentations/NL16/presentation_3994...](http://mum.mikrotik.com/presentations/NL16/presentation_3994_1479721384.pdf)

I imagine it works the same way now just with the added x y coordinates.

~~~
jsjohnst
You sure that’s the right link? The presentation slides link on that page
didn’t seem related.

Edit: n/m, watching the video made more sense. That said, it wasn’t simply
“adding the X Y coordinates”, the Christmas tree example didn’t use IPv6 or
Ping, but I’m sure the process was likely similar.

tl;dr They use a Microtik firewall which uses an rsyslog forwarder with an
Arduino to control the Christmas lights.

------
Eliezer
And people say that Moore’s Law has broken down! Sure, processor speeds aren’t
increasing as fast, but that’s more than made up for by the incredibly rapid
increase in the number of Internet addresses per device.

~~~
zamadatix
What does the density of transistors in a circuit have to do with switching to
larger addressed v6 which was standardized and first implemented in the late
90s?

------
exabrial
Ipv6: making it trivially easy for Facebook and Google to track individual
devices!

(I certainly understand the problems with ipv4, but ipv6 reveals far too much
information in it's current state).

~~~
InGodsName
Last 64 bits in ipv6 address is your MAC address.

Ipv4 did not have this. Many users were allocated IPs temporarily from IP pool

So it was difficult to track inviduals devices as IP would change all time.

~~~
pawal
Please go ahead and Read RFC4941.

------
Aeolun
If we keep going in this direction we will quickly run out of adresses again.

~~~
xnxn
Your concern is, um, addressed in the article.

~~~
kortilla
It says you get up to 10^27 of them. While that’s a lot, it’s right back in
the ballpark of usable v4 space.

~~~
hopler
V4 is 2^32 or 10^11. You could fit an entire IPv4 with an entire IPv4 nested
inside each one, throw them all away and repeat every day for 300 years.

~~~
KMag
Screw math. I'm still with the OP's darn rec'n'n, it's more truthy!

------
hoppelhase
If this becomes more common, the IPv6 address space will be exhausted pretty
quickly. There already was a proposal on encoding phone numbers in IPv6
addresses.

~~~
xionon
There are 2^128 available addresses in ipv6. Encoding phone numbers isn’t even
remotely a problem.

~~~
hoppelhase
Well, the proposal was controversial.

There was an article about this recently on the German news site Heise:
[https://heise.de/-4196981](https://heise.de/-4196981)

Translation:
[https://translate.google.com/translate?sl=auto&tl=en&js=y&pr...](https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fheise.de%2F-4196981&edit-
text=&act=url)

------
TekMol
Everybody seems to make a big fuzz about ipv6. Yet for some reason, it seems
to be of no importance to my life at all.

I'm a fulltime native of the web and yet I don't even know if I have ipv6.

I just typed 'do i have ipv6' into Google and the first page I landed on says
"0/10 You appear to be able to browse the IPv4 Internet only.".

I doubt I am missing out on anything. I'm sure I would have noticed.

I also make a living from the web, yet I don't even know if my websites
support ipv6.

Let me type 'test website for ipv6' into Google and see what happens ...

...ok here we go:

"No AAAA record. This website is not ready for IPv6."

I get that for all my websites.

Again, I would be very surprised if that has any impact. Somebody would surely
have told me that my websites don't work for them. They are constantly in the
press and on social media. Some users would surely mention it if they had
problems accessing them.

~~~
progval
IPv4 is not sustainable, we're already running out of IPv4 addresses.

Unfortunately, some ISPs only provide IPv4 support, so (almost) all websites
have to support IPv4. And as all websites support IPv4 there is no insentive
for ISPs to add IPv6 support. Repeat ad infinitum.

~~~
mac01021
I would pay an extra $X per month for a handful of public, statically
allocated ip addresses for the boxes in my house.

Ipv6 would make that easy for my isp, but they're still never going to do it.

~~~
vegardx
You can always get a tunnel from one of the many tunnel brokers. Some are even
free. I've used he.net back in the days before my ISP had native IPv6 support.

~~~
aaronmdjones
I'm still using my HE.net tunnel, and have been using it for more than 4
years. My ISP started BGP-advertising 2 IPv6 /32s 2 years ago... still no
news. I fully expect that when they do deploy IPv6 to their customers (at this
rate, it will be some time in the 2030s) that they'll only give you a single
/64; they're that annoying.

Very excellent tunnel service too. I'm pretty sure it's gone down less than 8
times in that interval.

