La séance de questions et réponses d’aujourd’hui nous est offerte par SuperUser, une sous-division de Stack Exchange, un groupe de sites Web de questions-réponses dirigé par la communauté.
Image reproduite avec l'aimable autorisation de Ministerio TIC Colombie (Flickr).
La question
Le lecteur SuperUser AJS14 souhaite savoir pourquoi des adresses publiques IPv4 et IPv6 lui sont attribuées sur son réseau d'origine:
For my home network, my public IP address “displays” as IPv4 on some websites, yet as IPv6 on others. I have read this SuperUser thread and understand that it is possible for my Internet service provider to have assigned me one of each type.
- What is the purpose of assigning one of each type to me?
- Can disabling IPv6 from within Windows on a local host guarantee that only an IPv4 address is used from that computer? I ask as I have read about security concerns in relation to certain VPN protocols used in combination with IPv6.
Pourquoi les adresses publiques IPv4 et IPv6 seraient-elles attribuées au même réseau domestique?
La réponse
Le contributeur de SuperUser, Bob, a la solution pour nous:
What is the purpose of assigning one of each type to me?
Ideally, we should be moving towards greater IPv6 rollout due to IPv4 exhaustion. However, a lot of servers still do not support IPv6. There are many workarounds, none particularly great, but they generally involve tunneling through an intermediate server that can translate between the two. Your ISP provides you with an IPv4 address for compatibility reasons.
What many ISPs do now is implement CGN, where many people share a single “public” IPv4 address. There are many reasons why this is a bad thing (1), but it is necessary simply because there are not enough IPv4 addresses to go around. This is why we need IPv6, and probably why your ISP provides it.
Can disabling IPv6 from within Windows on a local host guarantee that only an IPv4 address is used from that computer?
Yes, however, this is generally not a good idea. Alternatively, you can disable IPv6 at the router level, which is a bit better, but again this is not a great idea. We cannot continue to use IPv4 forever.
I ask as I have read about security concerns in relation to certain VPN protocols used in combination with IPv6.
That is typically due to broken VPN clients and configurations. It is getting better now, though. If you do not use VPNs, it will not affect you. If you do use one, you should do some research first to see if it supports IPv6 correctly (modern VPNs should by now). One of the biggest issues was with VPN clients ignoring IPv6 entirely, so IPv6 connections bypassed the VPN, but hopefully that has gotten better now that there is more attention focused on the issue (see also: IPv6 security vulnerability pokes holes in VPN providers’ claims).
(1) For example, one of the consequences of CGN is that home users can no longer reliably host a server. Traditional NAT was bad enough (and again a consequence of the IPv4 shortage), but with CGN port-forwarding it is also no longer possible. There are techniques for working around it, such as NAT hole-punching, but they require external servers and will not always work depending on the service required. Having a unique IPv6 address works around this limitation.
Avez-vous quelque chose à ajouter à l'explication? Sound off dans les commentaires. Voulez-vous lire plus de réponses d'autres utilisateurs de Stack Exchange doués en technologie? Découvrez le fil de discussion complet ici.