Why didn’t IPv6 work in my home network?
44 points by gowthamgts
44 points by gowthamgts
that is terrible and adguard home should be ashamed of themselves
I don't think that setting is on by default.... Also using adguard home, and it's disabled here, and I'm quite sure I hadn't touched that (as I just replaced the config/router less than 2 weeks ago).
For what it's worth, I use adguard on my home network and don't use IPv6 and this setting is unchecked by default (I have never changed it)
Why does this exist...
Because the dns Adblock communities in general (Adguard, pihole, and others) have historically had a very antagonistic relationship with IPv6 and dual-stack networks. "Disable IPv6" is still the first recommendation to any support request with these services, both from official support channels and the project communities in general out in forums, discords, and subreddits.
That's interesting... is there a documented reason?
(good thing my main home network is not dual stack (as in, NAT64-only) /jk)
My experiences have been primarily with Pi-hole and its community, but I think the dynamic is shared among many of these projects.
Dual stack networks generate a significant support burden on network services and stacks that were designed and built to operate in legacy IPv4 networks by developers who have little experience with IPv6 or dual stack. The Pi-hole community has spent years fielding support requests and user confusion that stems from DNS requests bypassing the DNS Adblocks because the blocking resolvers don't exist in the IPv6 path for DNS resolution. This means users show up and create a support burden that is trivially resolved by just instructing the users to disable IPv6 which "solves" the failure mode completely and has no immediately obvious downsides that would deter that solution.
Honestly a reasonable solution. No downside for users, significant reduction in necessary development resources.
I'd push back on the "no downside for users" assertion. There are many benefits for users and the internet as a whole to deprecate and move past legacy technologies like IPv4 and NAT, both of which are the source of considerable developer friction and unnecessary development work.
Moving past IPv4 and NAT is a fantasy. It's not happening. IPv4 is here to stay. IPv6 is less certain.
IPv6 is better, and we should all have switched years ago.
I don't understand why a vocal subset of the tech community has decided that IPv6 is The Devil and must be complained about at every opportunity.
IPv6 solves real problems with IPv4 and we should all have switched years ago. But we didn't. And we aren't going to. As a result, the problems v6 were meant to solve remain unsolved, and we all have to choose between dealing with the immense technical complexity of dual stack networking or being v4-only.
Since being v4-only works just as well as dual stack and avoids a ton of complexity, I don't see the value proposition of dual stack.
I've had the mere presence of v6 cause so many weird issues. I've had systems where I have to enter a v4 address instead of an mDNS address because mDNS sometimes resolves to a v6 address which sometimes causes some program to take a long time. I've had a stock Ubuntu + NetworkManager box just accrue v6 addresses over time, ending up with ridiculously long lists of addresses reported by ip addr. I always have to google (and eventually give up) whenever I need to navigate to a v6 address in a browser. I still don't understand how SLAAC is supposed to work without NAT (I just see v6 proponents say both "v6 eliminates NAT" and "SLAAC eliminates DHCP" and I don't think it's logically possible for both to be true at once?).
And any time mDNS isn't an option for whatever reason, I can type in a v4 LAN address easily but v6 addresses don't fit in my short term memory. (Though in fairness, this is less of an issue with dual stack and more of a blocker for a hypothetical v6-only future)
IPv6 is already the majority of devices, endpoints, and traffic. IPv4 is dying a slow death, but it's nonetheless dying.
Regarding SLAAC: basically, IPv6 has Router Advertisements, which are like DHCP but much much simpler. The router just says "I'm here, this is the globally routable IPv6 prefix you can use".
It's then up to the devices to generate an address with the given prefix and assign it to themselves. (Typically that's prefix::mac address)
And that's it, no need to do a handshake, no need to do anything, you're now online and can send and receive packages to and from any other computer.
I don't think I ever use any device or online service which doesn't support v4. I use plenty which don't support v6.
I use plenty which don't support IPv4. Just due to the simple fact that I can host a billion billion servers at home, all able to utilize whatever ports they like, while I can't even get a single stable IPv4.
"Internet" by definition means that each participating device is a peer, that each client can also be a server. If you've got NAT, it's not any different from MSN or CompuServe.
That's not a definition of the internet I've ever heard. NAT does not make you drop off the internet.
It's an old definition, sure.
But it's the one thing that sets the internet apart from all the other networks that came before.
Which is why many older universities still hand out public IPv4 & IPv6 addresses to all end user devices, which is why so many game servers are hosted in university dorms.
And it's a property absolutely worth preserving. For applications such as VOIP, for game servers, for education, for digital independence, and for use cases we can't even imagine yet.
Without NAT, most of the complexity of WebRTC just disappears. No more STUN or TURN servers, no more NAT hole punching or UPnP.
Building VOIP apps stops being an expensive project where even computer clubs struggle to get good audio/video quality, suddenly it's as easy as hosting a static page.
I'm happy with old definitions, but I literally can't find anything that claims this one. Can you corroborate your definition somehow?
Not a "definition" per se, but here's what the creator of IPv4 has to say about it (emphasis added)...
When Vint Cerf and Bob Kahn (co-creator for the TCP/IP protocol) were doing the original design, Cerf said, they hoped that this approach would lead to a kind of organic growth of the Internet, which is exactly what has been seen.
They also envisioned another kind of openness, that of open access to the resources of the network, where people were free both to access information or services and to inject their own information into the system. Cerf said they hoped that, by lowering the barriers to access this technology, they would open the floodgates for the sharing of content, and, again, that is exactly what happened.""
When you try to explain that they can't really expand the Internet effectively relying solely on cascading NAT boxes they kind of glaze over. Sadly, now that we really are in the IPv4 end-game, there is not much choice but to deploy NATs to try to make dual-stack work as a transition plan. If ISPs had started implementing IPv6 5 years ago we would not have this problem. I think only pressure from consumers, businesses and governments to demand IPv6 implementation will help. Even then, I can imagine the bean counters insisting that there be incremental revenue for implementing IPv6 despite the simple fact that the only serious path to supporting smart devices (including smart grid, mobiles with IP addresses, etc) is through implementation of IPv6.
Ref: Vint Cerf on Open Networking and Design of the Internet
Related, the EU regulation mentioned by @muemo in this comment also supports this perspective and interpretation.
You host a billion billion servers at home??? I only host a few, I've never even been close to exhausting the 10.0.0.0/8 space!
Oh that's awesome, how do you route the 10.0.0.0/8 range publicly if I may ask? (Sorry for the snark)
I've got a few dozen devices that need to expose the same ports, in protocols that can't use SNI or virtual hosts.
And that's the nice part about actual internet, I don't have to configure UPnP, or reverse proxies, or NAT hold punching, or anything. I can just host things as I wish.
Oh that's awesome, how do you route the 10.0.0.0/8 range publicly if I may ask? (Sorry for the snark)
Port forwarding, various host-based routing solutions like reverse HTTP proxies, that sort of stuff
I've got a few dozen devices that need to expose the same ports, in protocols that can't use SNI or virtual hosts.
That sucks. I acknowledge that IPv4 + NAT doesn't really work in that context. I don't happen to have that need.
I don't happen to have that need.
I'll bet you do have software you use on the internet that is currently relying on a Rube Goldberg mess of UPnP, NAT-PMP, STUN, WebRTC, and other hacks to work around the fact that fundamentally you need bidirectional traffic on the internet to do the things you do.
Hooray for the clever people who have come up with all these hacky workarounds. I wish that we could rid ourselves of the need to employ them, which is the promise of IPv6.
I wish that too. But we can't.
What do you mean we can’t? We are. IPv6 has consistently grown every year as a proportion of total internet traffic.
And it's just about 45% today, after 30 years. We haven't even begun tackling the long tail. We can't rid ourselves of the IPv4 hacks until roughly everyone can access IPv6-only services and roughly every service is available through IPv6, which is not the situation today and won't be for a looooong time.
The part about SLAAC makes sense. I didn't know that, I had the impression that it's more or less just a globally unique self assigned address. Now I wonder if my ISP actually gives me a /64 or not... it seems like devices need to support DHCP6 in any regardless just in case an ISP doesn't give you a full /64? Seems like a pretty significant complexity spike to support DHCP4, normal DHCP6, DHCP6 with PD, and SLAAC.
I've never had to support DHCP6, and assigning less than /64 isn't even really supported in IPv6. All consumer ISPs I've used assign me a /56, server hosters typically a /48.
Can I make a product which doesn't support DHCP6 and be confident that it won't cause issues in IPv6 contexts? If not, I don't really care what you personally have happened to "support".
I just see v6 proponents say both "v6 eliminates NAT" and "SLAAC eliminates DHCP" and I don't think it's logically possible for both to be true at once?
v6 eliminates the need for NAT, since every device gets a bunch of publicly routable addresses - no need to mess with outbound traffic to make it look like it's from the gateway device.
SLAAC eliminates DHCP since it's a different way to assign addresses to devices.
What you're not saying, but which is implied in a v4 network, is that a NAT proxy in effect acts as a firewall that prevents access to local addresses (modulus hole punching, UPnP, etc). In a v6 network you might want to have an explicit firewall functionality (probably in your router) to stop non-local devices from being able to connect to local devices.
Is this last point what makes you think there's a contradiction?
v6 eliminates the need for NAT, since every device gets a bunch of publicly routable addresses - no need to mess with outbound traffic to make it look like it's from the gateway device.
I had a dual ISP setup at home for the longest time and the solution to this has been to … disable IPv6 on both of them because I just could not get internal IPs to work well. The alternative apparently would have been NAT66.
I'm not sure what the modern solution is but NATs still are pretty neat. Also won't go away thanks to VPNs and all kinds of other stuff.
Speaking of internal addresses, IPv6 has a much larger address space for private networks. This solves the problem of "my home network, my office network and my VPN all use 192.168.* addresses, and now nothing works". Each of the local networks (and tunnels) have 40 bits of randomness in the address, so risk of collision is minuscule.
Haven't had multiple ISPs, so I can't say I have practical experience of that situation.
If you have multiple routers announcing addresses in your network I think your devices will get addresses from all of them, IIRC. mDNS+DNS-SD should have no problem providing all of the relevant addresses when looking up local names.
IPv6 has a much larger address space for private networks. This solves the problem of "my home network, my office network and my VPN all use 192.168.* addresses, and now nothing works"
While that is true in theory, in practice I have not ever seen an internal IPv6 deployment and VPNs are basically stuck in an IPv4 world from my experience. So while all of that might be true in theory, in practice I still need to provision my AWS infrastructure away from everybody else's IP local IP ranges :D
Each of the local networks (and tunnels) have 40 bits of randomness in the address, so risk of collision is minuscule.
The birthday paradox means that “minuscule” is one in a million, and as Terry Pratchett liked to joke, one in a million chances happen nine times out of ten!
I think you’ll need quite a few networks before birthday paradox is down to one in a million, since you start out with one in 1,099,511,627,776. I don’t know how to do that math, but it looks pretty safe for a handful of nets :)
I think the only people who really care about IPv4 vs IPv6 is a very vocal subset of the tech community that really wants IPv6 to happen. The rest of the world for the most part does not really care for as long as their networking works. Right now both protocols will be here for a very long time to come.
For me personally I had plenty of cases where turning off IPv6 solved issues for me, at no point did configuring IPv6 ever solve anything for me. I think that experience is one that quite a few people have made over the years.
Who are you trying to convince, me or you?
Meanwhile, my local ISP doesn’t even offer public IPv4 addresses to residential customers, just CGNAT. From my perspective, IPv4 is the technology that’s suffering from age and seemingly losing utility every year.
Until essentially all clients support IPv6, both a static IPv6 block and CGNAT'ed IPv4 offers around the same amount of utility; you can make outbound connections but not accept inbound connections.
What clients do you use that do not support IPv6? From my perspective, "essentially all clients" have supported IPv6 since 2011 or so.
I mean client in a server/client perspective, where you're hosting stuff for other people ("clients"). Clients on non-v6 networks don't support v6. A lot of ISPs don't supply v6, and a lot of people whose ISPs deliver v6 still have home network setups with broken v6.
Yup. I do host a v6-only service from my dual-stack home, but it's basically a toy for me and my tech-savvy friends. When I direct random other folks to it there's only about a 50% chance they can access it.
I think it's always hard to talk in absolutes. The present state is that both IPv4 exists and IPv6 exists and that will probably continue to be the case for a long time. For me: in my country (Austria) we have a legal right to a non CGNAT IPv4 address but I do not have a legal right to a non prefix rotating IPv6 address. As a result I found it much easier to not use IPv6 at home (I use IPv6 at our holiday house with a mobile data plan and phone) because otherwise all internal IPs change every ~24 to 48 hours.
You can end up on either side of the equation depending on how things are.
It just seems less and less likely that either one of those protocols will disappear.
Seems fair to point out that my difficulties with IPv4 are the product of fundamental IPv4 insufficiency and technical limitations, but your difficulties with IPv6 are the product of stale legislation.
Presumably the same motivations that led to your Austrian laws governing CGNAT would lead to similar legislation to achieve the same goal on the IPv6 side.
but your difficulties with IPv6 are the product of stale legislation.
My difficulties with IPv6 have been so numerous over the years, none of which have to do with state legislation but mostly with the insane complexity that comes from IPv6 and bad implementations all over the place. The only issue with NAT is that internal devices are not reachable on the public internet and on home networks that barely matters these days. In particular not now that we virtualize traffic so much with tailscale, VPNs and other things.
I can only speak to the issue you specifically mentioned in your comment upthread, which is the result of stale legislation.
I don't share your views about the "insane complexity" of IPv6, which mostly just leads me to believe you lack familiarity with the technology and perhaps your resistance is simply an aversion to the unfamiliar and a desire to avoid having to learn the new tools.
The fact remains, IPv6 is on the cusp of surpassing IPv4 in overall internet traffic, so clearly it's not as broken as your perception of it.
I can only speak to the issue you specifically mentioned in your comment upthread, which is the result of stale legislation.
I'm not sure if state legislation created an issue here. I don't think in any country you have a right to a non rotating IPv6 prefix, maybe if there was such a law, then IPv6 would work a bit better?
I don't share your views about the "insane complexity" of IPv6, which mostly just leads me to believe you lack familiarity with the technology and perhaps your resistance is simply an aversion to the unfamiliar and a desire to avoid having to learn the new tools.
I tinker with it all the time :) But at the end of the day I just want my home network to work, that it's wife approved and that Sonos speakers continue to connect, that my kids can play their games and everything just works, and whenever I have IPv6 in the mix on our network it just is noticeably worse. Note that we're running a consumer grade home network, pretty basic stuff.
But on the "you just don't understand / want to avoid having to learn": despite being a tinkerer I really do not care that much about my home network. I just want that I don't have to deal with it, and that state is pretty achievable with IPv4 and it continues to not be as easy with IPv6. That's my passing bar. Given that we're living in a world of basically eternal coexistence I just found that disabling IPv6 makes one worry go away and I don't really suffer from any negative consequences. You can see that as resistance, for me that's just pragmatism :)
I'm not sure if state legislation created an issue here. I don't think in any country you have a right to a non rotating IPv6 prefix, maybe if there was such a law, then IPv6 would work a bit better?
I say stale (not state) because I assume that the same motivations that led your lawmakers to pass those consumer-protection laws that provide you a significantly better IPv4 experience than many of us out in the rest of the Internet experience will/would/could also encourage the same protections applied to your IPv6 experience.
I'm happy for you that your IPv4 experience is as solid as it is. Those of us living in less consumer-friendly places, without the forward-thinking law that you are benefitting from, are suffering the downsides and breakage that CGNAT entails. It's your local lawmakers you have to thank for your smooth IPv4 experience, not the protocol's health or modernity.
Please take a moment to have empathy for those of us out here on the internet who do not have consumer-friendly lawmakers and do not enjoy an IPv4 experience that's backstopped by the laws you have in Austria.
Your "no CGNAT" laws are simply stale, and need updating to protect you from needlessly rotating IPv6 prefixes. My ISP here in the US doesn't offer IPv6 at all. I'm stuck behind CGNAT with no option to escape. At my last house, I had IPv6 from the ISP and a stable prefix that didn't change in 8 years of living there.
There is no technical reason for you to have ephemeral and unpredictable IPv6 prefixes. That's not a shortcoming of IPv6.
There are technical reasons why I'm stuck behind CGNAT. That reality is the result of IPv4 shortcomings.
You live in an IPv4 bubble where it works well, not because the technology is sufficient but because your lawmakers are consumer-minded and forward-thinking.
I say stale (not state) because I assume that the same motivations that led your lawmakers to pass those consumer-protection laws that provide you a significantly better IPv4 experience than many of us out in the rest of the Internet experience will/would/could also encourage the same protections applied to your IPv6 experience.
CGNAT was enough of a frustration for some, that they lobbied. On the other hand people really do not care about IPv6. The only improvements about IPv6 actually came from law enforcement because in order to better identify customers ISPs are now forced to issue you an IPv6 address whenever they are using CGNAT and you did not opt for a public IPv4.
You live in an IPv4 bubble
I don't think so. I live in a "I do whatever works for me and is the path of least resistance bubble" and quite frankly that's the bubble most people are in. Very few people in the world actually care about any of this.
I don't think so. I live in a "I do whatever works for me and is the path of least resistance bubble" and quite frankly that's the bubble most people are in. Very few people in the world actually care about any of this.
You live in a bubble in the sense that your circumstances have led you to the false impression that IPv4 is successfully keeping up with the demands of the modern internet. I assure you, out here in other places it absolutely is not and IPv6 can't come soon enough.
Your kids are enjoying their games, mine are still grumpy that they can't host their Java Minecraft servers for their friends since we moved.
CGNAT was enough of a frustration for some, that they lobbied. On the other hand people really do not care about IPv6.
These two statements appear to fundamentally contradict each other. We can't all just outlaw CGNAT. CGNAT exists because we can't all get an IPv4 on the internet in 2026. We just can't. There aren't enough of them.
You live in a bubble in the sense that your circumstances have led you to the false impression that IPv4 is successfully keeping up with the demands of the modern internet. I assure you, out here in other places it absolutely is not and IPv6 can't come soon enough.
I made no such statement. In fact, I said the precise opposite. I mentioned that one should not talk in absolutes and I gave you a counter example of a place where IPv4 works better than IPv6.
These two statements appear to fundamentally contradict each other.
How so? What happened was pretty simple. Mobile phone providers started rolling out CGNAT, Austria has a lot of rural homes that use unlimited LTE and 5G plans. That broke connectivity for some services, particularly during covid so people complained at the regulator and the regulator forced ISPs to allow people to get a public IPv4 address. People did not ask for an IPv6 address, they asked for a public IPv4 address. In fact, some ISPs only wanted to give out an IPv6 address because it was cheaper and the regulator pushed back and said that IPv6 is at present not adequate.
particularly during covid
The relevant decision by the RTR was in December of 2017. Covid did not play a role in this.
Mobile phone providers started rolling out CGNAT, Austria has a lot of rural homes that use unlimited LTE and 5G plans. That broke connectivity for some services, particularly during covid so people complained at the regulator
These are people who "care about IPv6" which is the long-term solution to the dilemma and loss of functionality they faced when they were pushed behind CGNAT. These people were not asking for "a public IPv4 address" they were asking for the broken connectivity to be restored. your lawmakers have created a small pocket of the internet in your region where carriers are now limited in their ability to solve IPv4 exhaustion with CGNAT, which is great for people who live in your bubble.
The rest of us out here without those consumer-protection laws aren't and will never be able to solve IPv4 exhaustion in the same way. Our path forward, to fix the broken connectivity inherent in CGNAT is IPv6.
You live in a bubble here, truly, and do not understand the reality of the IPv4 internet for many of us who endure the broken connectivity of CGNAT with no remedy in sight other than IPv6.
in my country (Austria) we have a legal right to a non CGNAT IPv4 address
This is fascinating. What's the background to this legislation?
Sweden has nothing like it, but some ISPs compete by offering the service to consumers.
This is the interpretation of an EU regulation that requires that ISPs must enable their customers to "provide applications and services" on the internet. The regulation entity in Austria argues that this requires a public IP address. This decision is from 2017, and IPv6 is not mentioned once in the decision (German!). As a reference, Google had about 20 % of IPv6 traffic at that point, it's low usage/availability probably lead to only IPv4 being considered.
The RTR reaffirmed the IPv4 decision a few times since. For instance this is the RTR net neutrality report from 2021:
allerdings ist die reine Zuteilung einer IPv6-Adresse – zumindest aktuell – noch nicht ausreichend, da weite Teile des Internets noch über keine IPv6-Konnektivität verfügen. Die Zuteilung einer IPv4-Adresse hingegen ist angemessen, da praktisch das gesamte Internet über IPv4-Konnektivität verfügt. […] Im Sommer 2020 bestätigte das Bundesverwaltungsgericht diese Entscheidung der Regulierungsbehörde. […] Im Frühjahr 2021 erging auch gegen einen anderen ISP eine gleichlautende Entscheidung der Telekom-Control-Kommission.
The latest case I found is R 1/23 - 15 from 2023 which again mentioned that an ISP is required to provide a public IPv4 address and they specifically looked into IPv6 again.
This is fascinating. What's the background to this legislation?
Weird interpretation of EU net neutrality rules is my guess by the regulator. In practice I'm quite happy with that arrangement. I think in part the motivation here comes from law enforcement because law enforcement hats CGNAT. Which is also why if you do not opt for a non CGNAT IP address the ISP is required to issue you an IPv6 prefix as well.
For good reason.
Why?
Because from a consumer point of view there is nothing to be gained from IPv6 but a lot of complexity and failure scenarios are added. More importantly though for ad block services and VPN you are better off not having IPv6 because it makes it easier to block down ad network due to the smaller space. Similar reasons why most of email is stuck with IPv4 because IPv6 drives up the cost of reputation management.
I use this feature (tough on openwrt, not adguard home). I only get IPv4 by my ISP, and am getting IPv6 connectivity via some tunneled solution. This leads to annoying behavior when browsing the web, since latency is higher, I get more captchas and so on. Filtering out AAAA responses leads to my homelab being globally routable and yet my browsing remaining IPv4 only.
I just debugged the inverse problem: IPv4 isn't working on my home network.
It's an IPv6-only service with DS-Lite for IPv4 connectivity. With DS-Lite, the home router tunnels IPv4 packets to a NAT at the ISP called AFTR. The domain of the AFTR is provided via DHCPv6, and is in my case of the form something.aftr.kabelbw.de. This domain currently does not resolve, as denic has some trouble with its DNSSEC configuration.
Luckily I did not disable IPv6 anywhere, so everything except github is working fine!
I tried to get IPv6 working from my home office so I can test an IPv6 deployment that I’d like to do at $WORK.
I got zero help from my ISP, but I managed to set up my gateway (Unifi cloud gateway) so it obtained the IPv6 addresses. But it consistently stops working about 24h later, the local IP addresses just disappear.
I’m at a loss to understand how to fix this, suspect it’s the ISP. At one point they claimed to support v6 but there is zero documentation and I suspect it’s broken.
But more to the point, I really wonder how the hell we are ever going to get broad consumer deployment of IPv6 when someone as technical as me - who used to help run an (ipv4) ISP! - isn’t able to make it work, get support, or even work out what’s going on.
My ISP (AT&T) does support IPv6, and I'm using it now from my home network. The only down side is that they will occasionally re-assign the IPv6 (and IPv4). There's no reason to recycle IPv6 addresses, so I suspect it's done because that's how it's always been done (for IPv4), and for "security" reasons. If I could opt out of those "security" reasons, I would.
There's no reason to recycle IPv6 addresses
I am pretty sure renumbering makes it operationally easier for an ISP.
I think it requires more engineering to renumber an IPv6 setup than it is to just serve a static IPv6. A /64 IPv6 address (generally the smallest CIDR block that's assignable) still leaves 18,446,744,073,709,551,615 possible customers.
I think it requires more engineering to renumber an IPv6 setup than it is to just serve a static IPv6.
That does not make a ton of sense to me. Not guaranteeing you a specific prefix means the system is quite stateless and allows you to rebalance everything anywhere. If you need to guarantee a static assignment, particularly not if you re-home it means that you can assign static prefixes to parts of your network topology. In particular it means you don't really need to pass state around. If you guarantee stable prefixes you need some sort of customer id to prefix mapping that all parts of the ISPs network can access. If I don't need to guarantee prefixes then I can just split a BNG in half and just randomly reassign customers and you get BNG local prefixes.
Aside from that it also gives you a nice upsell opportunity for business customers for whom renumbering is too frustrating.
At least in the old EdgeRouters, you could manually set the TTL for IPv4 and IPv6 addresses. The default is far too high for shitty ISPs that still cycle through IPs daily.
My provider does not have native ipv6, but every year or so I configure a tunnel solution to enable ipv6 for my net, and every year I’m running into the same problems, with captchas, weird geoblocks, and resolving delays. Disable it after a couple of days every time, and wait for my provider to get into the 21 century :-/