For the past few years I’ve been building and maintaining website/blog at www.pragmaticcoding.ca. It’s mostly about programming, and more specifically it’s ended up having a lot of content about JavaFX with Kotlin.
Lately, I’ve been spending all of my time building out my own homelab and self-hosting the services that I need. I’ve got a little stack of M910Q’s running in a Proxmox cluster with an HP T740 running OPNSense.
Since I’ve been spending all - and I do mean all - of my time futzing about with this self-hosted stuff, I thought I’d try to add some content to my website to help people doing the same thing. My idea was to make it more “bloggish”, talking about the tricky things I’ve had to master along the way as I implement various services.
But I feel like there also needs to be some foundational content. Articles that explain concepts that a lot of people, especially people without professional networking experience, find difficult to grasp. So I’ve started working on those.
While I think of myself as mostly a programmer, my career (now, thankfully over) had me as an “IT Guy” more often than not. I spent 24 years at the same mid-sized company with a tiny IT department and simply had to get involved with infrastructure stuff because there was nobody else to do it. It was very hands-on at first, but as we grew I was able be limit my involvement to planning and technical strategy.
Since the mid 90’s, we went from self-hosted physical servers, to colocated servers, to colocated virtual servers to cloud servers and services. So I feel like I have the insight to provide help.
Anyways, this is the first article in this new section. I’ve seen a lot of people posting questions about how VLAN’s work and I know that it’s mystifying to many. So I wanted to push it out before I have the supporting framework put together on the website, and it’s just sitting there as the first post that’s not about programming.
My goal is to provide practical, pragmatic advice. I’m not particularly worried if some particular facet of an article isn’t 100% totally correct on some obscure technical level…as long as the article gives solid practical advice that readers can act on.
Anyways, take a look and let me know if you think this kind of article might me of use to yourself or other people getting started on self-hosting.
I know that people often find IPv6 confusing and that’s fine, but at the very least you need to explain that you’re specifically talking about IPv4 IP and Subnetting configuration and that is very much how things used to be done. IPv6 is finally gaining real adoption and can make a lot of things confusing.
For example, until I got a handle of IPv6, my Android phone never had proper ad-blocking from my Pi-Holes because Google would make Android auto-configure an IPv6 DNS address that would bypass my IPv4 DNS addresses. Even if I filled every IPv4 DNS slot, my phone would still automatically make a slot for the IPv6 DNS and fill it with a Google-chosen DNS. There were two ways to fix this, and I’ve done both: Set up IPv6 and fill that slot with my Pi-Hole IPv6 DNS address, and/or setting up a VPN that hands out the Pi-Holes as DNS and bypasses Google’s auto-configurations entirely. I ended up with both because I also use the VPN to keep ad-blocking functional on my phone while I’m away from home.
Especially in keeping with your “Zero trust” idea, you can’t have rogue IPv6 traffic all over your network unless you’ve managed to disable IPv6 on every network interface and the traffic is just being dumped since it’s disabled. (Also, personal opinion, subnetting on IPv6 is so much more elegant and straightforward than on IPv4)
Finally, you mention “bytes” (it’s actually bits) and CIDR notation, but that’s probably more confusing than illuminating if someone has no idea that an IPv4 address has four sets of octets (eight bits) for a 32-bit addressing scheme. You might consider expanding on how IPv4 addresses function to make that a little clearer.
I’ve been trying to get my Unifi infrastructure force IPv6 addresses to all my devices at home (mainly laptops, PCs, phones and tablets, potentially media devices as well), but it has proven a huge challenge for me because of my ignorance on IPv6 and how it differs from v4.
For the time being, I have disabled everything v6 in my network, including my ISP provided ONT, but that leaves me with only the option of a commercial VPN when I’m not at home to try and block as much as possible (together with NextDNS for some added blocks).
I know I’m currently open on that front, and would love it if someone could tell me where I can go to try and understand v6 so that I can then make an informed implementation across the board.
Thank you beforehand.
https://www.oreilly.com/library/view/tcp-ip-illustrated-volume/9780132808200/
The thing to know about IPV6 is that while being able to read the addresses and memorize the different kinds seem daunting, the implementation behind it is actually much simpler than IPv4 today.
The biggest mental hurdle to get over is that the way we use IPv4 today is informed by our need to work around the global lack of IPv4 addresses. With IPv6, it sorta turns back the clock to when every machine could just have a globally routable IP address. Private reserved ranges for local lans, NAT, etc aren’t necessary with IPv6
Where would a guy go to learn more about IPv6? Trapped behind CGNAT, have gotten exactly as far as getting my public IPv6 address. Can’t as much as ping it, “name or service not known”
https://ip6.wtf/#/learn This is the best resource I’ve found so far and I can see the advantages, but am getting absolutely nowhere
Thanks for the feedback. I will make some changes to the article. IPv6 wasn’t even on my radar since I haven’t got around to using it myself yet.