Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Robert Graham Profile picture
@ErrataRob
Aug 14, 2021 21 tweets 4 min read Read on X
This is wrong. You shouldn't know more about IPv6. But in case you wanted to know more, I thought I'd write up a quick thread.
The reason for IPv6 is to preserve the "end-to-end" feature of the Internet, so that anybody can send a packet to anybody.

It's not for more addresses. IPv4 doesn't need more addresses. We have more than 20-billions devices on the IPv4 Internet, and have no upper limit.
You of course know an IPv6 address is 128-bits, and that we like to represent it as hex, and that in an URL, it's surrounded by [] brackets, like this:
https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/

It's not just you, nobody can read hex gibberish like this.
So we try to find shorter forms, such as removing zeroes at the start of numbers, and a long string of zeroes in the middle, so:

2001:db8:0000:0000:0000:0000:0002:0001

becomes:

2001:db8::2:1
Like IPv4, routers don't look at the entire IPv6 address, but only the prefix, using the same CIDR notation as IPv4. So this represents a 48-bit prefix, where the router ignores the remaining 80-bits.
2001:db8:1234::/48
Normally, subnets are divided precisely in half, with the network prefix being the first 64-bits, and the host portion being the final 64-bits.

Comcast home users only get a single IPv6 subnet, a /64 delegation. Business class users get a /60 delegation, or 16 subnets.
Thus, Internet routers might see a Comcast address with a /48 prefix, but Comcast's own routers see finer grained prefixes like /60 or /64 when routing packets to customer subnets.
Your home router handles this, getting a delegation from Comcast, then providing one or more subnets downstream.

The next step is to get an IPv6 address automatically assigned to your computer. Multiple ways are used simultaneously, so you usually get multiple addresses.
One way is DHCPv6, which works just like DHCP, assigning addresses from a small pool. It results in addresses like the following, with only the lower 16-bits being used.
2001:db8:1234::014b
Another way is "SLAAC", which assigns the lower 64-bits of the address using your 48-bit MAC address, with FF:FE inserted in the middle to pad it out. My current Raspberry Pi does this, see how the 'ether' address matches the IPv6 address? Image
There's another 'static' address technique that simply chooses a random number and broadcasts on the local network to test for duplicates, then (because 'static' and not 'dynamic'), stores to disk for future use.

..so what's 'dynamic' vs 'static'?
Static IPv6 addresses are always the same, so is a security risk, because websites track you and such. So your computer also generates a new dynamic IPv6 address (random 64-bit host portion) every few minutes and uses that instead for outgoing connections.
Thus, we preserve the end-to-end nature of servers, that receive incoming connections to a known, static address, while clients get some of the anonymity of NATs, able to use ever changing outgoing addresses that later can't be used to attack them.
Then there are the "local only" addresses. With Ethernet and IPv4, we learned all about ARP (no IPv4 header) or DHCP (using IPv4 address of 0.0.0.0 and 255.255.255.255).

IPv6 changes this to using valid addresses and not broadcasts.
Like SLAC, your computer creates a local-only address based on MAC address. Prefixes of fe80:: will not be routed. Thus, you always have a valid IPv6 address for the local subnet, for making things like DHCPv6 requests. Image
In addition, instead of "broadcasts" on the local subnet (like 255.255.255.255), IPv6 uses "multicasts", meaning, if that if you aren't interested in a type of multicast, your battery-powered devices won't get woken up to process it.
DHCP on IPv4 assigns not only the address, but also gives you config info, like router and DNS server.

On IPv6, you can get them from DHCPv6, but you usually get them with a separate "Neighbor Notification" protocol (using the local address) that tells you router and DNS info.
Thus, standard configuration gets:
- static local FE80 address
- static self-assigned address
- static (somewhat) DHCPv6 address
- new dynamic addresses every few minutes
- local router address
- DNS resolver address
This is the standard configuration. There are deviations from this that'll get you confused, like low-power IPv6 networks (battery devices). I can't help you there.
There is also the weirdness that while a new dynamic address is selected for clients every few minutes, it can't release old ones until the 'sockets' are freed by the apps using old addresses. So you might find your computer right now has 100 IPv6 dynamic addresses.
Note: I wrote my own IPv6 stack for 'masscan', so I'm an expert in areas that you would never care about.

On the other hand, I'm as clueless as everyone else trying fix some weird IPv6 edge case configuring my local network. Like with Ubiquiti.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robert Graham

Robert Graham Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robert Graham Profile picture
Jul 19
Okay, here's how this lie works:
1. everyone agreed that Russians did not hack election infrastructure
2. everyone agreed Russia meddled with the election in other ways, such as hacking the DNC and releasing emails from Podesta et al

Tulsi intentionally confuses the two.
Tulsi deliberately creates a false narrative.

She correctly notes that the intelligence community concluded that Russia '"did not impact recent U.S. election results" by conducting cyber attacks on infrastructure'.

She then correctly notes the next day they discussed election "meddling".

She then says the claims of "meddling" contradict the "no infrastructure attacks" claims. This is false.

They are two different things, they don't contradict each other.
Read 4 tweets
Robert Graham Profile picture
Nov 16, 2024
🧵So let's talk about the difficulties Netflix is having streaming the Tyson v Paul fight, how the stream gets from there to your TV/computer. This will a longish thread.
In 1985 on his first fight, TV technology was based upon "broadcasts". That meant sending one copy of a video stream to thousands, often millions of receivers. A city would send the signal to a radio tower and broadcast that signal across a wide area.
In today's Internet, though, everybody gets their own stream. There is no broadcasting, no sharing of streams. Every viewer gets their own custom stream from a Netflix server. That we can get so many point-to-point stream across the Internet is mind boggling.
Read 24 tweets
Robert Graham Profile picture
Sep 17, 2024
By the way, the energy density of C4 is 6.7 megajoules/kilogram.
The energy density of lithium-ion batteries is about 0.5 megajoules/kilogram.
C4 will "detonate" with a bang.
Lithium-ion batteries will go "woosh" with a fireball, if you can get them to explode. They conflagrate rather than detonate. They don't even deflagrate like gun powder.
To get a lithium-ion battery to explode (in a fireball) at all, you have to cause physical damage, overcharge it, or heat it up.
Causing heat is the only way a hacker could remotely cause such an event.
Read 8 tweets
Robert Graham Profile picture
Jul 21, 2024
I don't want to get into it, but I don't think Travis is quite right. I mean, the original 25million view tweet is full of fail and you should always assume Tavis is right ....

...but I'm seeing things a little differently.
🧵1/n
2/n
 DON'T TRY THIS AT HOME

I'm a professional, so I can take the risk of disagreeing with Tavis. But this is just too dangerous for non-professionals, you'll crash and burn. Even I am not likely to get out of this without some scrapes.
3/n
 To be fair, we are all being lazy here. We haven't put the work in to fully reverse engineer this thing. We are just sifting the tea leaves. We aren't looking further than just these few lines of code. Image
Read 14 tweets
Robert Graham Profile picture
Jun 18, 2024
The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem:

You: The Internet is down
IT: How do you know the Internet is down?
You: I can't get email.
IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser?
You: Yes, I can visit the twitter website.
IT: Is there any reason other than email to believe the Internet is down?
You: The last time I couldn't get email it was because the Internet was down.

The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through.
A lot of good replies to my tweet, but so far this is the best:
I very much like this rebuttal. I was think of "driving a car" analogy, but this tweet says it much better.
Read 5 tweets
Robert Graham Profile picture
Apr 12, 2024
Uh, no, by any rational measure, only Trump has had respect for the forum.

Televised debates aren't about "debate" but charisma and media training, where they craft an answer regardless of whether they believe it.

Trump is the only candidate who gives sincere answers.
Trump is pure evil, the brutality of his answers appeals to ignorant brutes who reject all civilized norms.

But the yang to Trump's yin is a liberal elite like Rosen whose comfortable with the civilized norm of lying politicians who play this game of deceitful debates.
To be fair, Biden (and Obama and Bush before him) have stood up for important democratic principles, the ones that Trump flatly reject. But still, the system has gotten crusty. There's no reason to take presidential debates seriously as Rosen does.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(