Hacker News new | past | comments | ask | show | jobs | submit login

>The ISP should give every SOHO/residential customer a /60.

The ISP should give every residence 295 quintillion IPv6 addresses? I know there is an abundance of ipv6 addresses but that seems like a lot of waste.

Even assigning a /96 would provide 4.3 billion ipv6 addresses (which is the same number as all ipv4 addresses in existence)

And since available ipv6 space is basically 4.3 Billion^2, assigning an ipv6 /96 would be like assigning a /32 in ipv4 terms of total ipv6 space utilization.




/64 is needed for SLAAC to work and is basically the default.

Anything larger (usually /56, sometimes even /48) gives the customers a chance to segment their LAN.


Like other person said, /64 is the minimum subnet size. And submitting in ipv6 is best done 4 bits at a time. A /60 is overkill for residents, but because it gives 16 subnets, not because it gives excessive addresses.


There's no minimum subnet size.


/64 acts as a soft limit due to the prevalence of SLAAC. Which is good in a way, since it means ISPs have to give out at least /64, which means you're always able to subnet (although you can't use SLAAC and must use static addresses or DHCP) unlike IPv4 where you have to pay for extra addresses.


Yes, you can't use SLAAC feature, but there's no subnetting limit in IPv6. Any subnet size works.

Writing to you from /72.


You're technically correct, but ISPs best practice is to hand out a /64.


The purpose of SLAAC intends to have many customers in one /64 network though.


No, just many devices.

You can DoS your whole subnet by pretending to be a billion devices. In IPv4 you can do it by occupying all the IP addresses. Therefore putting several customers on one network is a bad idea, just like in IPv4.


The purpose of SLAAC is to make it "easy" for a client to get onto the network without something like a DHCP server tracking addresses. If you set it up, it generally just works.


Previously it worked by putting the MAC address in the last 64 bits.


Yes, that was before privacy extensions. It hasn't been like that (in most implementations) for a very long time.


And you get no privacy if /64 prefix is a stable identifier of one customer.


This doesn't seem like an IPv6-specific issue. For most broadband customers, your external IPv4 address is also generally stable. Mine hasn't changed in years.


That's not how you're supposed to use IPv6. It would just be 64 bits if that was the case. Instead, 99% of the time, it's a 64 bit subnet ID and a 64 bit device ID.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: