(Sorry if this is too off-topic:) ISPs seem designed to funnel people to capitalist cloud services, or at least I feel like that. And it endlessly frustrates me.
The reason is even though IPv6 addresses are widely available (unlike IPv4), most ISPs won’t allow consumers to request a static rather than a dynamic IPv6 prefix along with a couple of IPv6 reverse DNS entries.
Instead, this functionality is gatekept behind expensive premium or even business contracts, in many cases even requiring legal paperwork proving you have a registered business, so that the common user is completely unable to self-host e.g. a fully functional IPv6-only mail server with reverse DNS, even if they wanted to.
The common workaround is to suck up to the cloud, and rent a VPS, or some other foreign controlled machine that can be easily intercepted and messed with, and where the service can be surveilled better by big money.
I’m posting this since I hope more people will realize that this is going on, and both complain to their ISPs, but most notably to regulatory bodies and to generally spread the word. If we want true digital autonomy to be more common, I feel like this needs to be fixed for consumer landline contracts.
Or did I miss something that makes this make sense outside of a big money capitalist angle?
There are some good ISPs out there. My ISP in Australia (Leaptel) gives me the option to enable static IPv6 /48 for free.
No german ISP that i know of does this, it’s awful. One doesn’t even offer reverse IP ptr entries whatsoever, even if you had a static IP.
You know, what’s kind of encouraging is that I posted something similar to this complaint on reddit, and 100% of the responses were corporate apologia how it would apparently be so much work and so much more expensive to provide a static instead of a dynamic IP, or how routing through VPSes is so much better anyway. I hadn’t realized the reddit to lemmy brain drain was so bad, which seems good for decentralized morally good hosting.
Cries in American 🇺🇸😿
You’re not wrong. And the line between evil and laziness here is too messy for me to sort out. We got into this mess because the internet was originally designed as a communication tool between business, university, and government. Specifically, Bell Labs connecting universities as part of the military project DARPA. Since they were connecting dozens of sites, the 4 billion addresses (2^32) seemed like plenty.
Skipping over dialup and forward to early broadband, the issue of the number of addresses problem was ‘solved’ by a clever firewall technique network address translation (NAT). It was adversited as a security feature, but it allowed ISPs to give one public IP per customer. This standardized things for them - they give you one IP and you multiplex it as you wish. However, since the average customer wanted a turnkey solution, the ISPs would then toss in the modem as a rental. (Also, as enshitification hit this rental modem started getting more user hostile.)
But at this point ISPs are engorged and lazy and redoing everything is a chore, so they got one IPv6 space for everyone, and set up their IPv6 servers to assign chucks of that space based on your assigned IPv4 address. Easy-peasy! Now none of their other management or billing systems have to change! Of course, now your v6 space moves anytime your v4 space does but -they always have those business accounts to sell you …
A diamond in the rough: When I was younger, working at a data center and IPv6 was new, I found this gem coupled with IPv6 world day (via Reddit): https://tunnelbroker.net/
Hurricane Electric was/is happy to give you a free static IPv6 /48 prefix, and you could tunnel your home connection directly to this (like a site to site VPN). Their catch is if you start pushing significant traffic you’ll have to pay market rates. But if your goal is to add a free static IPv6 frontend to your home network, this has been here the whole time.
Similarly, I’ve read Cloudflare’s Terms of Service [privacy policy, et al.] and they’re fairly tame compared to many. I’m also partial to their WARP technology. The idea is the end user’s traffic is encrypted and sent to any of Cloudflare’s servers and from there they can then bounce to anywhere in the world (a handy trick if you need to get around a great firewall or other tools of censorship). If your home lab uses Cloudflare’s tunnel, and your phones use WARP, the only thing a third party can see it that you’re using the largest CDN in the world - which is sorta a ‘well, duh’ statement. Cloudflare’s schtick is they don’t need limits - they can flood you home connection and it wouldn’t be a blip on their radar. However, they need to run variations of these technologies to operate their primary business. So making a copy for you to use is almost trivial. (And if you go viral and suddenly need a CDN, I’m sure they can sell you some)
Tl;dr: you’re not wrong, but the desert has water in it, if you know where to look.
Use hostnames and dynamic prefixes or addresses don’t really matter. Haven’t had an issue in years and my last isp changed prefixes multiple times a week. I mean technically it would not be available for five minutes when IP changes but never noticed.
Most users have no use for a static adress space. Those are usually business or power-user needs.
This you are classified as that. A power-user.The reason they have no use for a static address is because applications haven’t evolved to work that way. Roll back the clock 30 years, do IPv6 seriously so that everyone has static assignments by the time the Y2k problem has come and gone, and you have a very different Internet.
In fact, many applications, like VoIP and game hosting, have to go through all sorts of hoops to work around NAT.
There’s pretty much no use for a normal person, just for business and power users like the person above you.
For your couple examples, nobody at home actually runs VOIP except a couple nerds just like nobody has home phones except a couple of old people. And quick game servers don’t need statics, and if you are hosting something long term that would push you into the power use space.
. . . nobody at home actually runs VOIP . . .
Plenty of people used Skype and Vonage. Both were subverted because they have to assume NAT is there.
. . . quick game servers don’t need static . . .
But they do work better without NAT. That’s somewhat separate from static addresses.
My old roommate and I had tons of problems back in the day when we tried to host an Internet game of C&C: Generals behind the same NAT. I couldn’t connect to him. He couldn’t connect to me. We could connect to each other but nobody outside could. It’s a real problem that’s only been “solved” because a lot of games have moved to publisher-hosted servers. Which has its own issues with longevity.
Fyi, Skype was officially killed by Microsoft on May 5th, earlier this month.
As far as I’m aware Skype does not support actual VOIP calling anymore, at least according to Microsoft and the couple forums i just skimmed through. But it’s been probably 10+ years since I’ve actually used it or interacted with anyone who used it haha
And I was talking about static IPs, which are different. And at least in the US (in single family homes) its crazy unlikely that your router is behind any NAT. Unless you’re talking about CGNAT but anything short of a dedicated fiber run or dedicated wavelength (which are not options for residential people) you will be behind a CGNAT anyways. Even if you have a public IP.
And, anecdotally. In the last 5-8 years I don’t think I’ve had any issues with NAT when hosting games, it’s just firewall rules or my public IP changed. But ymmv on that one when playing 22 year old games haha
Skype won’t be supporting anything at all very soon.
What happened with Vonage is something that could happen with any kind of instant messaging, including things like Discord.
With everything directly addressable (not just static addresses, but directly addressable), an IM/VoIP service can simply connect to the recipient. No servers are necessary in between, only routers. That doesn’t work with NAT (CG or otherwise), so what you have to do is create a server that everyone connects into, and then that forwards messages to the endpoint. This is:
- More expensive to operate
- Less reliable
- Slower
- A point for NSA eavesdropping (which almost certainly happened)
This is largely invisible to end users until free services get enshittified or something goes wrong.
Yes, it’s only tangentially related to static addresses, but it’s all part of the package. This is not the Internet we should have had.
And at least in the US (in single family homes) its crazy unlikely that your router is behind any NAT
Your router has NAT. That’s the problem. CGNAT is another problem. My C&C: Generals issues did not have CGNAT.
All routers have NAT, that’s sort of their entire role. Are you maybe talking about “double NATing” where you have your router behind the ISP modem/router?
That’s not the point of a router. It is one feature that most of not all now have, but it’s not their primary purpose.
No they fucking don’t, that’s not what routers do. You don’t know what you’re talking about.
And don’t fucking tell me NAT is for security, either.
I think you need to take the tin foil hat off mate.
IPv4 in many places has RAN OUT. No more, zilch.
Most people can get a fully functioning CGNAT address and surf the IPv4 web just fine.
Most VPS providers will give you IPv4 and IPv6 just fine.
So really the only issue is for the 10-20% of people who need to host an online service, security camera or online game system that doesn’t have a server or rendezvous service.
You can get IPv6 addresses. What you can’t get, in many cases, is a static IPv6 prefix assignment.
CGNAT is not fine. Its problems are simply hidden from most people. ISPs have to have more equipment that’s less reliable, increases latency, and is potentially a bandwidth bottleneck.
If you’re looking for sympathy, you got it. Fuck the state.
If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.
use a cheap $5/mo VPS that exists purely as your gateway host
Now, why so expensive?
https://racknerdtracker.com/?sort=price
Disclaimer: I never used Racknerd (nor any other VPS).“JUST $10.28/YEAR - WOW!!” Laughed out loud at that, and I’ll have to give this a look. Currently I just use nginx and duckdns to expose my home IP for my self hosted stuff.
I’ve used them for years with literally zero issues. Performance a for a cheap VPS. And since all the real work happens on my machines, if they enshittify, I can easily move elsewhere.
Thank you sir!
Didn’t dig in too far into the options, but those prices are crazy low. Thanks for pointing us there.
Thanks king, this actually makes sense!
Is there a more detailed guide to this practice and the pros/cons?
This is @Shimitar@downonthestreet.eu‘s work, not mine - but it’s pretty similar to how I’d set things up:
https://wiki.gardiol.org/doku.php?id=networking%3Assh_tunnel
Really appreciated the reference!
Good to know my wiki is of any use to somebody.
:)
I basically do exactly this, but I am running the reverse proxy on my home computer: the VPS is literally just acting as a proxy, for which I use wireguard to tunnel the connection. So far it’s worked great, though initial setup was a pain.
So you essentially have a DMZ between your VPS and home network that is divided by your reverse proxy?
This is a great suggestion!
Lest anyone miss the buried lede, this approach means that traffic is pre-encrypted as it passes through the gateway VPS - so even if your VPS gets hacked, it’s way harder to steal credentials and break into the services running on your home network.
It’s a pain but also it’s no surprise that DNS and ipv6 are premium when ipv4 and dynamic IP works so well for 99% of us. Even if you wanna host something publicly there are totally free services and software tools to cover most if not all caveats of not using ipv6 (for now).
I have selfhosted for years and only paid for a domain name recently.
<<<< has ipv4 static ip to my house. I do pay a small premium though. Like $15 bucks.
$5 for mine
My ISP is a local deal, well-known for protecting privacy, and run by an absolute nerd (in the best way possible, also outspoken about privacy, FOSS, and other such things). Their customer service is second-to-none; I had an issue with my static IP a couple years back, and had an actual engineer on the line within a few hours. On a weekend.
It’s XMission. I dropped Comcast for them once they were in my area. Comcast can climb up a cactus.
I’m jealous. Xmission is all around me but not in my area. Luckily I have another local ISP (and not Comcast) but they want $10 a month for a static IP.
I pay $89/mo total for symmetrical gigabit via UTOPIA, no monthly cap, and my static IP. I was paying Comcast a hair over $60/mo before this for 400/20 via cable w/1.2TB cap.
Absolutely worth it.
Pete Ashdown’s a badass. Big up XMission.
Hell yeah. I don’t normally simp for companies, but I will happily support locally owned alternatives to big, faceless corporations, even if it costs a bit more. Usually.
Vodafone gave me an IPv4 in Germany no problem. I asked and they gave it to me. They said it’s not static, but it hasn’t changed for me in years.
Xfinity in the states is like that too. Technically I don’t have a static but it’s only changed twice in 4 years or so.
Once was during a really really bad storm which took power down in my state for days so I don’t blame them, and the other one was when they did work on my local node but they sent out an email and a letter before hand lol
I think you’re giving their ability to coordinate too much credit. Best guess the ISPs are just withholding anything that requires investment to deploy or that they can monetize themselves. Everybody else is just bottom-feeding by selling workarounds wherever the ISPs can’t or won’t.
The invisible hand of the market sucks at creating optimal solutions, but it does great at creating scammy crap that will take your money, no conspiracy necessary.
Yepp, Hanlon’s razor: they are mostly just lazy and maybe incompetent, not necessarily evil, that’s just a side effect. E.g. in my country if you call them that you want to get out of CGNAT they’ll just do that for you. My IP haven’t changed in years, but I don’t pay for fix IP. But it may be different in each country, I have mostly good experiences with local ISPs here.
Asymmetric bandwidth is literally designed to ensure you remain a consumer and is actively inhibiting the collaborative, communal web utopia we were told was going to be the future.
I think really it’s designed because you’re a consumer. Most people consume far more bandwidth than they upload, so asymmetry is more efficient.
is that because asymmetry is the norm due to these ISPs’ practices or because people just don’t upload things often as a common behavior?
i recall a lot of my peers hosting mail and web servers among other things when broadband started to become more common, before they started blocking common ports as “security” and “antivirus” measures designed to extract more money from you.
For shared lines like cable and wireless it is often asymmetrical so that everyone gets better speeds, not so they can hold you back.
For wireless service providers for instance let’s say you have 20 customers on a single access point. Like a walkie-talkie you can’t both transmit and receive at the same time, and no two customers can be transmitting at the same time either.
So to get around this problem TDMA (time division multiple access) is used. Basically time is split into slices and each user is given a certain percentage of those slices.
Since the AP is transmitting to everyone it usually gets the bulk of the slices like 60+%. This is the shared download speed for everyone in the network.
Most users don’t really upload much so giving the user radios equal slices to the AP would be a massive waste of air time, and since there are 20 customers on this theoretical AP every 1mbit cut off of each users upload speed is 20mbit added to the total download capability for anyone downloading on that AP.
So let’s say we have APs/clients capable of 1000mbit. With 20 users and 1AP if we wanted symmetrical speeds we need 40 equal slots, 20 slots on the AP one for each user to download and 1 slot for each user to upload back. Every user gets 25mbit download and 25mbit upload.
Contrast that to asymmetrical. Let’s say we do a 80/20 AP/client airtime split. We end up with 800mbit shared download amongst everyone and 10mbit upload per user.
In the worst case scenario every user is downloading at the same time meaning you get about 40mbit of that 800, still quite the improvement over 25mbit and if some of those people aren’t home or aren’t active at the time that means that much more for those who are active.
I think the size of the slices is a little more dynamic on more modern systems where AP adjusts the user radios slices on the fly so that idle clients don’t have a bunch of dead air but they still need to have a little time allocated to them for when data does start to flow.
A quick Google seems to show that DOCSIS cable modems use TDMA as well so this all likely applies to cable users as well.
I recall a lot of my peers hosting mail and web servers
I don’t think that’s representative of the global population. There’s more people streaming movies than hosting private blogs.
Huh???
Honestly I don’t see your problem, a nuance? Sure! An unsolvable problem? For sure not.
If you want to have your system reachable from the Wan then you will need a domain name. If you have a domain name then it is needed to be resolved by a dns server.
If there is a dns resolver then you would able to update it dynamically every time your ip changes.
True that the time alive of the dns records must be low enough to ensure that an ip change does not let your system down for an unacceptable amount of time.
The big issue is that your network provider is also the physical provider, and there’s no real competition as a result.
When most people got their Internet service over telephone lines, your ISP didn’t need to also own the telephone lines, they just needed some telephone numbers.
When the telcos themselves got into the business of providing internet access, they pushed out the competition.
The 1996 Telecommunications Act, written by a Republican Congress, and signed into law by a Democratic president (Clinton) is largely responsible for the current state of affairs.
The “Information Superhighway” is a toll road, built by taxes, but owned by private corporations.
What’s crazy is that the government paid these corporations to build this infrastructure.
When your government pays, say, a road building company to build roads, one doesn’t then grant the ownership of those roads to that company.
But that is EXACTLY what we did with our communications infrastructure.
I think there are still enough v4-only systems out there that you don’t really want to host a mail server on v6. You are right though that it would be nice to be able to get static v6 (or for that matter v4) addresses from home isp’s. Some do offer that of course.
Another issue can be that the average home internet user has no idea keep even a client system secure. So ISP’s might use NAT and default firewall configurations partly to stop incoming connections on the theory that they are likely to be malicious. On home routers you can usually open ports if you know what you’re doing. I don’t know if that’s even possible on mobile phones.
IP blocklisting is still very much a thing as well so you can expect any mail originating from a residential IP to be rejected due to their /24 or larger having previously sent spam, and that assumes you can send server-to-server mail (destination port 25/tcp) in the first place since many ISPs and server providers block traffic destined to that port by default to prevent users from getting their IP blocklists. My home ISP blocks outbound SNMP traffic (or at least did 10 years ago) presumably to also prevent abuse. That said, things like blocking inbound port 80/tcp and 443/tcp is purely a measure to prevent people running servers at home which I’m not a fan of.
Yes, that too. I hadn’t even thought about trying to send email from a home ISP. Everyone knows you basically can’t. I thought the idea was to receive email rather than send it, so you wouldn’t be relying on some bigtech company to store it for you.
