[HN Gopher] IPv6 Watch
___________________________________________________________________
IPv6 Watch
Author : DanAtC
Score : 115 points
Date : 2021-07-28 16:46 UTC (2 hours ago)
(HTM) web link (ipv6.watch)
(TXT) w3m dump (ipv6.watch)
| bsdubernerd wrote:
| I've supported v6 on a few small sites hosting OSS projects for
| almost a decade now, and I kept statistics over the years. The
| increase in v6 adoption has been glacial. Less than 1% increase
| per year.
|
| My own connectivity at home doesn't support v6 due to my ISP. At
| work, v6 is so badly managed it's the first thing we rule out
| when diagnosing connectivity issues.
|
| Kind of a sad state really. I wish v4 prices increased tenfold,
| not barely double.
| jtchang wrote:
| IPv6 has barely a carrot and no stick.
|
| Does anyone give me more money for using IPv6? Sure I might be
| able to save some money by not using IPv4 but that is rare.
|
| Government doesn't incentivize it. Ad networks don't either.
| There is very little penalty (financial or otherwise) for not
| going to IPv6.
|
| IPv6 will not happen until those sticks and carrots get bigger.
| floatboth wrote:
| Just now on the frontpage also: a link to Hetzner's
| announcement of v4 address prices. Stick is coming on the
| hosting side.
| tialaramex wrote:
| It's actually crazy how late this was. Because customers
| don't like to see forty surcharges, you have an incentive to
| bundle relatively cheap things most or all customers want.
|
| What gets bundled and what doesn't is somewhat+ a matter of
| company preference. And once IPv4 exhaustion was on the
| horizon, charging IPv4 separately made a _lot_ of sense yet
| very few providers did it.
|
| + The EU hates "hidden fees". If your product claims to cost
| EUR100 but actually there's no way to only buy the EUR100
| product, you need "delivery" for EUR25 more because there's
| no practical way to avoid getting it delivered - that's not
| legal. Likewise if you claim it costs EUR100 but there's no
| way to pay cash, and all card payments have a 5% surcharge,
| you're going to either have to eat that surcharge, or
| advertise the price including the card surcharge.
| oofabz wrote:
| IPv6 is faster and more reliable because the user can connect
| to your site natively instead of going through NAT and CGNAT.
| post-it wrote:
| The only NAT between most users and most sites are the users'
| modem/router combos, and those are pretty fast and reliable.
| hansel_der wrote:
| tend to agree, but can't help questioning how prevalent
| CGNAT really is?
| admax88q wrote:
| Saving money vs someone giving you money is the same result for
| you.
|
| The stick will grow as IPv4 addresses get more and more
| expensive.
| fintler wrote:
| A basic understanding of what an IPv6 world will look like really
| didn't click for me until I read the IPv6 Address Planning book
| by Tom Coffeen. Before that, I really just saw it as IPv4 with
| longer addresses.
|
| Once you dig into the details, you come to the realization that
| it's a nearly complete reinvention of IPv4. Network planning
| looks quite different (especially when it comes to subnets) when
| you plan them with only IPv6 in mind.
|
| Earlier this year, I was like:
|
| "Wow, Comcast gives me a /60! That should be more address space
| than I could ever want or use."
|
| Now, I'm thinking:
|
| "A /60 is way too limited, I wish I had a /52 or a /56 instead --
| why is Comcast so restrictive with giving out address space?"
|
| I'm currently reading the IPv6 for IPv4 Experts book to try to
| fill in more details:
|
| https://sites.google.com/site/yartikhiy/home/ipv6book
|
| The more I read about it, the more I feel like I have a long way
| to go before I really get an intuitive understanding.
| Scene_Cast2 wrote:
| Could you give a brief overview of your current understanding?
| I'm curious as to why /60 would be too limited, and how it's
| different from IPv4.
| [deleted]
| amarshall wrote:
| Probably because /64 is the smallest recommended subnet size,
| and a /60 has "only" 16 /64 subnets within it.
| ATsch wrote:
| IPv6 has Stateless Address Auto-Configuration (SLAAC) as
| preferred method for address assignment. This allows clients
| to generate addresses for themselves as needed. For that to
| work efficiently, the address space needs to be sufficiently
| large that collisions are unlikely even in larger networks.
| Because of that, it mandates a subnet size of /64.
|
| More generally, a big difference in v6 is that you no longer
| have to plan subnet sizes at all. Whereas previously you'd
| carefully choose the next available address to minimize
| address waste, with v6 you can just assign the addresses in
| whatever way makes sense to you.
| gorgoiler wrote:
| [not OP, but hey...] There's no need for DHCP with IPv6.
| Clients choose the last 64 bits of an address randomly. The
| address space is huge -- zero probability of a _duplicate
| address_.
|
| The first 64 bits therefore identify the network. If your ISP
| routes a /60 to you then you get to split that into 16x /64s.
|
| That's probably fine, but the IETF recommendation is to dish
| out a /56 to small sites and give them a /48 if they ask for
| it. ISPs usually have multiple /32s at their disposal.
|
| It's not about number of available addresses or networks. The
| joy of IPv6 is the addresses are so wide you can bring back
| hierarchical addressing. No internal routing chicanery is
| needed.
|
| If your site has 64 buildings then a /56 lets you assign a
| /62 to each, with 4x VLANs in each building eg for printers,
| guest net, phones, lighting, admin, with even a subnet for
| each business function in the building.
| selfhoster11 wrote:
| Some way of automatically propagating that network prefix
| to anything connected to the network would be nice.
| Otherwise we're just stuck punching in IP addresses like
| barbarians.
| ATsch wrote:
| Not sure what you mean, but there's definitely no need to
| type addresses anywhere.
|
| Router Advertisements propagate the subnet information
| (prefix, dns server, etc.) to clients in the network.
| Prefix delegation allows downstream routers to request
| subnets from upstream routers. MDNS lets network devices
| announce their services to the subnet.
| fintler wrote:
| The idea is that there's SO much address space -- you should
| never need to consider a question like: "is /60 to /64 enough
| for all of my subnets?" when planning your network. Subnets
| should be created because they make sense from an
| organizational point of view. The amount of available bits
| shouldn't be a practical consideration.
|
| Also, remember, NAT is highly discouraged, so you'll (maybe)
| eat up another subnet if you run something like Minikube on a
| laptop.
| adkadskhj wrote:
| How useful would that book (IPv6 Address Planning) be to
| someone not working specifically in networking/ops? I like
| developing applications and i manage, of course, my home
| network.
|
| I'd love a book that gives me everything i need to know about
| IPv6. From justifications, to things to know when working with
| it, implementing it, using it in my local network, etc.
|
| I don't perhaps need or care to learn it at a super low level,
| but i do want a complete understanding of it for my specific
| use cases. Applications and home networks, i imagine. For a
| novice in networks, to be clear.
|
| Thoughts?
| fintler wrote:
| I would guess that the first two chapters would be useful.
|
| Honestly, if your first thought isn't "oh wow, I would love
| to learn how to plan out IPv6 networks", it might not be
| worthwhile.
| zamadatix wrote:
| For home you probably care about SLAAC, PD, the standard
| subnet size of /64, and possibly the Link Local differences
| (more out of curiosity of what those addresses show up on
| your machines for than needing to know to do anything with
| it). Also DNS is going to have AAAA records instead of A
| records and reverse lookups use a different zone, the changes
| in DNS are pretty 1:1 translational for admins though. If you
| want to go full on v6 you'll want to read about NAT64 so you
| can still reach the v4 internet from your v6 only home
| network. Also take a look at http://shouldiblockicmp.com/
| even if you don't go down the path of v6.
|
| For applications programming you'll want to have a feel for
| the above, IPv4-mapped IPv6 addresses, and review link local
| again to in particular note how to encode the interface in a
| socket call (useful for configurationless cluster
| communication).
|
| Most every other detail of IPv6 changes should only matter to
| that that write networking stacks or make routers.
|
| For all of the above info I'd recommend just reading the
| Wikipedia article on IPv6. Most of these are straightforward
| wrote memorization of best practices or background reasoning
| things so it's not "read a book" worthy if you're not trying
| to do this for a living IMO (coming from someone who does
| networking for a living).
| whoknowswhat11 wrote:
| They should have had either a smaller scope / simpler extension
| to IPv4 with a better backwards compat story for IPv6 only
| clients (some have since shown up a bit).
|
| Or really done the reinvent - there were some interesting ideas
| especially for folks with lots of link handoffs (ie cell phones
| driving down a road etc) - can't find the write-up quickly.
| mgbmtl wrote:
| Do you mean Mobile IP?
| https://en.wikipedia.org/wiki/Mobile_IP (part of IPv6)
| divros wrote:
| The low Ipv6 domain adoption is due (in my opinion)
|
| To not every one have Ipv6 so in your dns you need to have
| ipv4,to not lost this audience.
|
| After it can be related to protection system like waf. The
| majority of isp give a /60 cidr to every one so it's easy to have
| a lot of ip. Some company like cloudflare have a mapping system
| from Ipv6 to ipv4 (of course with a lot of collision) and low
| number of procetion service provide a good detection system for
| Ipv6 one So majority of system in customer stack is not ready for
| Ipv6
|
| I can understand you will not consume some time for low number of
| benefits.
|
| (Ipv6 it help a bit all tracking system )
| Fidelix wrote:
| The lack of IPv6 support this site shows is mainly due to lack of
| support from CDNs.
|
| They won't run out of IPv4s anytime soon, so don't expect this
| list to change drastically in less than 10 years.
| wmf wrote:
| What CDNs don't support IPv6?
| ATsch wrote:
| At this point most of them do, but also require customers to
| explicitly opt-in. I think cloudflare is the only exception
| there, it won't even let you opt out unless you're on a paid
| plan.
| hansel_der wrote:
| > it won't even let you opt out unless you're on a paid
| plan
|
| kinda ironic how this paints ipv4-only with a premium flair
| berniemadoff69 wrote:
| the 'funny' factor is totally unnecessary.. "yes" "no" or
| "somewhat" would have been much better and straightforward if you
| wanted to convey some information about the ipv6 status of these
| sites.
| Naac wrote:
| That table isn't very helpful. What does it mean for Arch Linux
| to have IPv6 support? When you say "Amazon" doesn't have IPv6
| support, do you mean AWS, the retail store?
|
| It would be better if instead of linking to say, archlinux.org,
| you link to the actual page describing what specifically about
| Arch is IPv6, same for all the other endpoints. I would also
| replace the support sentence with a green/yellow/red color
| checkbox, and get rid of the twitter link.
| capableweb wrote:
| Link to the source is in the bottom of the page.
| hosts: - www.archlinux.org -
| aur.archlinux.org
|
| https://github.com/andir/ipv6.watch/blob/bd581ac70b900ba0c1c...
| hosts: - amazon.com - www.amazon.com
|
| https://github.com/andir/ipv6.watch/blob/bd581ac70b900ba0c1c...
|
| Generally, when people write "Amazon" they mean the store
| (amazon.com) and when people write "AWS" they are referring to
| the infrastructure provider.
|
| I agree that the URLs being tested should be visible on the
| page, so you don't have to lookup the source.
|
| With that said, not sure how useful it is to say that
| (aur.)archlinux.org has IPv6 enabled, what you really care
| about is the repositories and so on, but those are all spread
| out so it'll be hard to test all of them. At least could test
| the official mirrors.
| kd913 wrote:
| How accurate is this? Steam I know has some ipv6 support for
| downloads whilst here it says it has no support at all.
| ntrz wrote:
| Seems like it tests a limited list[0] of domains associated
| with the site or service, with the final result based on a
| check of their DNS records. For Steam, looks like it only
| checks <store.steampowered.com>, <steamcommunity.com>, and
| <help.steampowered.com>.
|
| It'd be nice if the site provided an explanation of the
| process, maybe with some way to expand a particular entry and
| see which associated domains were tested and which
| succeeded/failed.
|
| [0] https://github.com/andir/ipv6.watch/blob/master/conf.yaml
| pfranz wrote:
| Like another commenter mentioned, it would be nice if there was
| a detail page showing what no, partial, or full support means.
| I plugged a few of these into
| https://ipv6-test.com/validate.php (a random site I found) and
| store.steampowered.com has no AAAA record, twitter.com has no
| AAAA record (this site says it has partial support),
| www.ubuntu.com has an AAAA DNS record, an IPv6 webserver, but
| not an IPv6 DNS server (this site says its supported).
| lovecg wrote:
| There's probably a good reason for it, but I've never understood
| why IPv6 couldn't be fully backwards compatible. Then there would
| be no need to migrate - everyone would be already on IPv6 by
| definition.
| bejelentkezni wrote:
| If I recall correctly, ipv6 addresses beginning with 0::0:ffff
| are mapped 1-to-1 with ipv4 addresses.
| lovecg wrote:
| I'm mostly still annoyed about the colon. Come on, ip:port is
| a pretty widely used convention people! The number of parsing
| bugs I had to fix with the migration...
| duskwuff wrote:
| How does an IPv4-only host send a packet to an IPv6-only host?
| whoknowswhat11 wrote:
| They could have at least let ipv6 only folks talk to ipv4
| more easily. Something like 464XLAT maybe built in out the
| gate more? You go ipv6 until next hop is IPv4. If you are in
| IPv4 mapped address space translate to IPv4 there and
| continue.
| p1mrx wrote:
| NAT64/464XLAT exists and it works. It can't really be "part
| of the protocol" because it depends on stateful IPv4
| devices in the middle of the network. Ultimately it's up to
| the ISPs which IPv4-as-a-service mechanism they want to
| deploy.
| duskwuff wrote:
| > They could have at least let ipv6 only folks talk to ipv4
| more easily.
|
| And how do the IPv4 hosts talk back?
|
| 464XLAT is one solution, but it requires infrastructure to
| be in place to perform the protocol translation. The
| protocol alone isn't enough to allow interoperation.
| hansel_der wrote:
| it doesn't
| fulafel wrote:
| You can't fit the bigger address into the v4 address field, on
| the wire or in API/ABI. Also, conflating them would bring
| massive confusiin when v6 and v4 hosts can't reach the same
| addresses.
| jaredandrews wrote:
| > Nope. Ever thought about gardening instead?
|
| I'm not really a backend/server person... Is this an inside joke
| that I just don't understand?
| dylan604 wrote:
| Nope. Ever thought about gardening instead? ;-)
| obedm wrote:
| Can someone explain to me what does IPv6 offer that's IPv4
| doesn't? Apart from way more addresses. A good article would
| suffice.
| hansel_der wrote:
| ipv6 has most of the smartphone population
| loeg wrote:
| > A good article would suffice.
|
| https://en.wikipedia.org/wiki/IPv6#Main_features
| peanut-walrus wrote:
| None of that is actually true though?
|
| > It simplifies aspects of address configuration
|
| I assume this is referring to SLAAC? SLAAC is...fine. Most
| managed networks will want the extra control offered by DHCP
| though and DHCPv6 is currently in a much much worse state
| than DHCPv4. Also a single interface having at least 2,
| usually 3 or more (link-local, autogenerated, privacy) v6
| addresses on the network is definitely not simpler in any
| way. Also clients still have not figured out which
| configuration methods they should actually support - Linux
| network managers generally default to SLAAC-only and DHCP
| needs to be explicitly enabled, for Windows setting managed
| flag in RA works, I believe. Android does not support DCHPv6
| at all.
|
| > network renumbering and router announcements when changing
| network connectivity providers.
|
| Absolutely not. Network renumbering is a breeze when all you
| need to change is the public address of your gateway and the
| local network keeps the same local addresses. Prefix
| translation is awful and no firewalls have good tools to
| handle changing your v6 prefix.
|
| > It simplifies processing of packets in routers by placing
| the responsibility for packet fragmentation into the end
| points.
|
| With respect to fragmentation - yes, but overall this
| statement is blatantly false. v6 packet processing by routers
| is much much harder due to the variable length headers.
|
| > The IPv6 subnet size is standardized by fixing the size of
| the host identifier portion of an address to 64 bits.
|
| Ok, this one is true. Not entirely sure why the author
| considers this better, but sure, I'll agree.
| cranekam wrote:
| Not running out of addresses is the primary (and significant)
| offering.
| MayeulC wrote:
| This. It's liberating to assign a single IP to every service.
| You can move the IP around with the service, get rid of extra
| reverse proxies, SNI, etc.
|
| I'd prefer it if I could _really_ move around while keeping
| the IP, that 's (among others) what yggdrasil offers.
| teddyh wrote:
| _The Case for IPv6_ (1999):
|
| https://web.archive.org/web/20100805233650/http://go6.net/ip...
| adev_ wrote:
| Random one :
|
| "When you go SLAAC, you never go back"
|
| (sorry for that ).
|
| IPv6 does not need DHCP on L2.
|
| If you even experienced a DHCP clusterfuck, you do start to
| appreciate the stateless auto-configuration that IPv6 provides.
| citrin_ru wrote:
| You still need DHCP for more than one reason: 1. Prefix
| delegation 2. DDNS (DHCP server can register a client IP in
| DNS)
|
| I've used SLAAC in my home LAN when used IPv6 ISP. Now I use
| IPv4-only ISP (in my area no ISP supports IPv6) and don't
| miss SLAAC at all.
|
| Over the years I've used DHCP in many smallish LANs (<=100
| hosts) and never had any problems with it.
| t0mbstone wrote:
| It simplifies aspects of address configuration, network
| renumbering, and router announcements when changing network
| connectivity providers.
|
| It simplifies processing of packets in routers by placing the
| responsibility for packet fragmentation into the end points.
|
| The IPv6 subnet size is standardized by fixing the size of the
| host identifier portion of an address to 64 bits.
| TekMol wrote:
| I will start thinking about supporting IPv6 when Docker supports
| it out of the box.
|
| Hopefully, then I can test an individual application by running
| it in a container with "docker run -p [::1]:80:80 ...".
|
| I don't want to go down the rabbit hole of fiddling with the
| docker demon and setting up a custom network.
| nicolaslem wrote:
| I host Internet facing docker containers that support IPv6 with
| '--net=host'. For those who don't know, this allows to run a
| container with exactly the same characteristics as a normal
| process network wise.
| laszlokorte wrote:
| It says the O2 (ISP) has no IPv6 support but as a O2 DSL customer
| in Germany I have an IPv6 address for at least a few years.
| Aissen wrote:
| Yet their website is not available over IPv6:
| https://github.com/andir/ipv6.watch/blob/master/conf.yaml#L3...
| quantico wrote:
| It feels ironic to post this on a site which itself does not
| support IPv6.
| amarshall wrote:
| It does support IPv6, though. $ dig +short
| ipv6.watch aaaa 2a01:4f8:1c1c:4b9f:: $
| curl -6Is https://ipv6.watch/ | head -1 HTTP/1.1 200 OK
|
| Unless you mean HN? Feels strange to me to make that
| comparison.
| quantico wrote:
| I was referring to Hacker News' lack of support for IPv6,
| however it is nice to see that ipv6.watch does support it.
|
| To elaborate: I feel that the irony comes from an apparent
| desire by this website's users towards supporting IPv6, as
| evidenced by a few articles about the topic on the first page
| today; Raising awareness of IPv6 support on a site that does
| not.
| laumars wrote:
| In other news, Google "recommends" Duck Duck Go and Bing...
| if you happen to type them into the Google search engine as
| a search term. /s
|
| Point being, the items on HNs front page are user
| aggregated content and has naff all to do with HN itself.
| woxko wrote:
| In what way would using ipv6 enhance your experience using this
| site?
| slater wrote:
| One less reason to take up gardening? /s
| axiosgunnar wrote:
| In what way would using ipv6 enhance your experience using
| the sites listed on the site?
| woxko wrote:
| None, I also think the site is stupid.
| FranchuFranchu wrote:
| Obviously, anyone already using this site can already afford
| IPv4
| MayeulC wrote:
| The site becomes reachable to IPv6-only hosts.
|
| Some servers can work reliably with only IPv6, for instance,
| until you need to contact IPv4-only servers.
|
| I would like my mail server to be IPv6-only, but that's not
| currently possible, for instance.
|
| I wonder how many customers can realistically hide behind a
| single IPv4 (CGNAT), given that there are 65535 TCP/UDP
| ports.
| p1mrx wrote:
| > I wonder how many customers can realistically hide behind
| a single IPv4 (CGNAT), given that there are 65535 TCP/UDP
| ports.
|
| In theory, one IPv4 address can maintain 65535 connections
| with every HTTPS server (TCP port 443) on the Internet
| simultaneously. The main cause of port depletion would be
| when lots of users connect to the same server.
|
| A reasonable number is 1000 users with 64 ports each, but
| you could probably squeeze in another 10X.
| cbg0 wrote:
| It seems this site relies on a check for the domains' AAAA
| records to see if they support IPv6. Doesn't have anything to do
| with IPv6 in the products/apps that those sites offer.
| junon wrote:
| That's a bit of an unfair argument. The site's intent is to
| show the general population's ability to organically reach
| those sites with ipv6.
|
| AAA records are necessary for that to happen.
| joeframbach wrote:
| You and I have very different opinions about what constitutes a
| major website. Gentoo isn't exactly on a lot of people's
| bookmarks bar. Maybe try https://www.alexa.com/topsites instead,
| and you can give adoption statistics by hits/population rather
| than number of sites.
| hawkice wrote:
| Just to check, I can make my website available only through IPv6
| and this won't cause any issues?
| [deleted]
| ATsch wrote:
| That is not advisable right now as you'll cut off a lot of
| users. Some providers like unglei.ch do offer an IPv4->IPv6
| proxy if you absolutely don't want to deal with IPv4 though.
| MrksHfmn wrote:
| I always use: https://www.mythic-beasts.com/ipv6/health-check?
___________________________________________________________________
(page generated 2021-07-28 19:01 UTC)