Quick IPv6 question - granularity of addresses

Discussion:

(too old to reply)

David

2024-09-18 17:27:56 UTC

Capturing this thought in passing.

IPv6 was designed (IIRC) so that users would never ever run out of IP
addresses.

So each smart device in your home could have their own address, no need to
share using NAT.

For a PC such as this (and no, VM don't support V6) would you expect the
PC to have one unique address, or for programmes running on the PC each to
have their own IP address?
For example Chrome and Edge to have different IPv6 addresses?
WhatsApp and Signal to have different IPv6 addresses?

TIA

Dave R

--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64
--
This email has been checked for viruses by Avast antivirus software.
www.avast.com

Ian

2024-09-19 07:32:22 UTC

Permalink

Post by David
Capturing this thought in passing.
IPv6 was designed (IIRC) so that users would never ever run out of IP
addresses.
So each smart device in your home could have their own address, no need to
share using NAT.
For a PC such as this (and no, VM don't support V6) would you expect the
PC to have one unique address, or for programmes running on the PC each to
have their own IP address?
For example Chrome and Edge to have different IPv6 addresses?
WhatsApp and Signal to have different IPv6 addresses?
TIA

One* (global) address per PC** would be usual. Theoretically, you could allocate
multiple global IPs and get each application to bind to a specific one, but I
dobut malware like Chrome/Edge/WhatsApp/Signal etc. exposes this functionality.

* One of the irritating "design" decisions fo IPv6 was to normalise having
multiple addresses per interface. You get a link-local and a global IPv6 address
just for starters.

** Strictly per interface, but a "PC" will typically only have one interface.

--
Ian

"Tamahome!!!" - "Miaka!!!"

Daniel James

2024-09-19 11:13:38 UTC

Permalink

Post by Ian
** Strictly per interface, but a "PC" will typically only have one interface.

True, but it's not uncommon for a PC to have WiFi (and also wired
ethernet) and so two addresses. Even Raspberry Pis (those that have a
wired network port) do that.

--
Cheers,
Daniel.

Theo

2024-09-19 14:16:06 UTC

Permalink

Post by Ian
One* (global) address per PC** would be usual. Theoretically, you could allocate
multiple global IPs and get each application to bind to a specific one, but I
dobut malware like Chrome/Edge/WhatsApp/Signal etc. exposes this functionality.

You often have more than one IPv6 address. One stable one for 'incoming'
traffic (servers running on the machine) and another for 'outgoing' traffic,
that changes regularly. This prevents fingerprinting you based on the IP
(where otherwise websites would be able to 'see behind' the router and
fingerprint devices, whereas it all appears from the same NATted IPv4).

Because you may have pre-existing connections from an old outgoing IP, that
may hang around even if new connections use its successor(s). So your
interface may have a series of addresses associated.

If you wanted to keep them separate, you could coerce say Facebook and
Whatsapp apps to use different outbound IPs so they couldn't correlate traffic
between the two. That would either require some tweaks with the network
stack, or have them run in containers and then pass through traffic.

Post by Ian
** Strictly per interface, but a "PC" will typically only have one interface.

More than you think - wifi, ethernet, LTE, bluetooth, USB network adapters...

Theo

David

2024-09-20 11:51:45 UTC

Permalink

Post by Theo
Ian

Post by Ian
One* (global) address per PC** would be usual. Theoretically, you could
allocate multiple global IPs and get each application to bind to a
specific one, but I dobut malware like Chrome/Edge/WhatsApp/Signal etc.
exposes this functionality.

You often have more than one IPv6 address. One stable one for
'incoming'
traffic (servers running on the machine) and another for 'outgoing' traffic,
that changes regularly. This prevents fingerprinting you based on the
IP (where otherwise websites would be able to 'see behind' the router
and fingerprint devices, whereas it all appears from the same NATted
IPv4).
Because you may have pre-existing connections from an old outgoing IP,
that may hang around even if new connections use its successor(s). So
your interface may have a series of addresses associated.
If you wanted to keep them separate, you could coerce say Facebook and
Whatsapp apps to use different outbound IPs so they couldn't correlate
traffic between the two. That would either require some tweaks with the
network stack, or have them run in containers and then pass through
traffic.

Post by Ian
** Strictly per interface, but a "PC" will typically only have one interface.

More than you think - wifi, ethernet, LTE, bluetooth, USB network adapters...
Theo

Very interesting, thank you.

I cam across this through trying to tie an IPv6 address to an end user -
seeing if the same IP address was always used, and if not, was the user
moving between locations or just changing IPv6 address for the same PC (or
phone/tablet).

Cheers

Dave R

--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64
--
This email has been checked for viruses by Avast antivirus software.
www.avast.com

Richard Kettlewell

2024-09-19 14:11:05 UTC

Permalink

Servers sometimes use different addresses to different services, but for
desktop applications that would be unusual at best, and they don’t
generally have any mechanism to bind their outbound connections to a
specific local address - they will use whatever source address the OS
gives them.

Virtual machines and containers are sometimes given their own public
addresses, and depending on platform it may be possible to use the same
underlying mechanism to achieve the same effect for desktop
applications. For example under Linux you should be able to do it by
running the application in a suitably configured network namespace.

--
https://www.greenend.org.uk/rjk/