[HN Gopher] IPv6 Progress Top Sites 2021
___________________________________________________________________
IPv6 Progress Top Sites 2021
Author : Sami_Lehtinen
Score : 39 points
Date : 2021-10-28 18:44 UTC (4 hours ago)
(HTM) web link (www.6connect.com)
(TXT) w3m dump (www.6connect.com)
| exabrial wrote:
| I'm going to hold off as long as possible before being forced by
| silicon valley giants to use ipv6. I do not wish anyone to know
| how many devices or which device I'm browsing from. NAT is a
| casual layer of privacy and provides commonplace plausible
| deniability. IPv6 eliminates that for no personal benefit.
| mappu wrote:
| This issue was addressed with IPv6 privacy addresses since
| Windows XP / Android 4.
| jabl wrote:
| Don't all OS's in wide usage use the IPv6 privacy extensions by
| default these days? That is, random addresses, regularly
| rotated.
| awestroke wrote:
| Why can't you NAT with ipv6?
| Sunspark wrote:
| The internet is supposed to work on a server-client model where
| you can FTP to someone's site, etc. NAT is nothing but a
| workaround that has caused problems.
| torcete wrote:
| I wonder if all those companies stalking movie downloads and
| ready to harass you are keeping an eye on IPv6 too.
| tadfisher wrote:
| Makes no difference, you are just as identifiable by your
| gateway's IPv4 address as you are by your ISP-assigned IPv6
| prefix.
| TravisHusky wrote:
| Wow; that is a lot worse than I thought. I really wish IPv6 was
| better understood than it is now, it really is quite a good
| standard, but it is also quite a bit different than IPv4 which I
| think scares people away (it can also be hard to remember longer
| IPv6 addresses).
| tialaramex wrote:
| Same with Security Keys, there are a bunch of technologies like
| this, where you can literally write documentation explaining
| "This is what we did at our multi-billion dollar business to
| successfully solve the problem" and people will walk past,
| fingers stuffed in their ears, hoping that some day the problem
| will be solved somehow, but, like, _magically_ without them
| having to change or learn. Just keep doing what they 're doing
| and then, somehow magically it'll be fine. See also: Climate
| change.
| notreallyserio wrote:
| For most people, IPv4 is a solution to a problem that didn't
| require change or learning. It's just what is used behind the
| scenes to make the web and chat and email happen. And happen
| it all does, without trouble, so why lots of money to replace
| it?
|
| What is the sales pitch you would bring to the CEO of a
| Fortune 500?
| throw0101a wrote:
| > _What is the sales pitch you would bring to the CEO of a
| Fortune 500?_
|
| When you buy or merge companies, and they both have RFC
| 1918 addresses, you'll probably have a conflict between the
| two entities. You'll probably have to implement NAT _with-
| in your own network_ and hope the two sides don 't have to
| talk to each other that much. (Or you completely re-IP the
| acquisition.)
|
| With IPv6, either the companies will be using their own PI
| IPv6 space and/or they will be using unique ULA prefixes,
| so the chance of conflicts will be very small.
|
| This at least was one of the business cases for Wells
| Fargo, "the fourth largest bank in the United States by
| total assets and is one of the largest as ranked by bank
| deposits and market capitalization":
|
| * https://www.youtube.com/watch?v=EzTWjNUb4H4
| dcow wrote:
| There isn't one until IPv6-only ISPs (or plans) pop up
| offering cheaper connectivity because you don't need an
| expensive v4 address. NAT sucks and everyone's job would be
| easier if they didn't have to deal with it, but the CEO
| likely doesn't care about that and probably just sees the
| "add IPv6 support" scope and cost estimate and NOPEs out.
|
| I love IPv6 btw. I just don't think you'll see anything
| meaningful happen until FAANG drop IPv4 support. Imagine
| that. People would convert pretty quick if Google couldn't
| crawl your site or you couldn't buy an iPhone without
| IPv6...
| sedachv wrote:
| > There isn't one until IPv6-only ISPs (or plans) pop up
| offering cheaper connectivity because you don't need an
| expensive v4 address.
|
| This has been happening for years with VPSes.
| semi-extrinsic wrote:
| An IPv4 address still isn't very expensive. I'm paying
| about $1.30 per month to have a static IPv4 address from
| my home ISP.
| p1mrx wrote:
| Your ISP probably hasn't tried to acquire IPv4 addresses
| recently. https://ipv4.global/reports/ shows prices
| around $40/address, so it would take 2-3 years to break
| even at $1.30/month.
|
| (Although, people rent apartments with break-even periods
| well beyond 10 years, so maybe 2-3 is fine.)
| p1mrx wrote:
| Over time, ISPs are pushing more users to IPv6 + CGNATv4
| because they don't have enough IPv4 addresses.
|
| If an internet service needs to distinguish users by IP
| address, say for spam fighting reasons, then IPv6 will
| provide finer granularity because the addresses are not
| shared by multiple users. Depending on how the ISP
| implements CGNAT, IPv6 may also improve performance and
| geolocation accuracy.
|
| (They'd also be doing those ISPs a favor, because
| offloading traffic to IPv6 lowers the operating costs of
| CGNAT.)
| seiferteric wrote:
| > it can also be hard to remember longer IPv6 addresses
|
| mDNS helps since you can use hostname.local without having to
| set up a DNS server. I was going to make a joke blog post about
| using ipv4 addresses as hostnames so you can "keep using ipv4"
| while actually using ipv6, but I found you can't have "." in
| hostnames, so maybe instead use "-".
| arianvanp wrote:
| Problem is .local domains don't resolve everywhere . E.g. on
| mobile or chrome's own DNS stack :(
| rhn_mk1 wrote:
| Does mDNS work across VPN tunnels? The main reason I delay
| IPv6 is because I access hosts across the VPN by their IPs,
| and I don't want to publish their DNS records.
| mustardo wrote:
| If you run your own internal DNS server:
| https://en.m.wikipedia.org/wiki/Split-horizon_DNS
| megous wrote:
| Not currently. ff02::fb is used, which has link-local
| scope.
| sneak wrote:
| HN is still v4-only, the only site I use super regularly that is.
| naranha wrote:
| I'm running my home network IPv6-only since some time and it
| works fine thanks to DNS64/NAT64. I think once more ISPs start
| offering DNS64/NAT64 internally the transition will be quite
| unnoticeable for endusers.
|
| Software that still does not work because it uses hardcoded ipv4
| addresses or sockets: Steam, WoW (probably many other Games too),
| node/npm (before version 17), but for the most part it works! The
| offenders can also mostly be fixed using clatd.
| tialaramex wrote:
| WoW used to work. A bunch of people at my (IPv6 friendly) ISP
| used to play it and made a big deal about the fact that WoW was
| actually IPv6-enabled. At some point they broke it
|
| [Edited to clarify: Blizzard broke it, not my ISP]
| phaer wrote:
| > The offenders can also mostly be fixed using clatd.
|
| I had not heard of https://github.com/toreanderson/clatd
| before, might be new to others as well:
|
| " It allows an IPv6-only host to have IPv4 connectivity that is
| translated to IPv6 before being routed to an upstream PLAT
| (which is typically a Stateful NAT64 operated by the ISP) and
| there translated back to IPv4 before being routed to the IPv4
| internet. "
| naranha wrote:
| I think Android includes it too, because some services bind
| to clat-like ipv4s. But I have not investigated this further
| so far.
| gorgoiler wrote:
| My cell provider does the same thing.
| slownews45 wrote:
| How did you get your ISP to give you a static IP block or
| prefix? I can get an IPv4 block, but despite the yelling of the
| IPv6 fanatics regarding how many IPv6 addresses are available,
| I can't get anyone to allocate me even 20 or so (much less a
| prefix!).
|
| Is there something in the spec that makes this hard to do. It's
| been 20 years.
| naranha wrote:
| Luckily here in France there are 8 static /64 prefixes
| included in a standard DSL or Fiber offering. Just luck i
| guess...
| zamadatix wrote:
| You don't need a static address or block to NAT.
| LeoPanthera wrote:
| I want to do this, but Comcast's prefix isn't stable, I get a
| different one every time my lease renews, which means it is
| impossible to have a static IP for all my network devices,
| since neither pfSense nor OPNsense support NPTv6 to a dynamic
| prefix.
| gerdesj wrote:
| That is pretty dreadful. You may be able to use RFC 4193
| (ULA) addresses to get some stability but then what you get
| is a sort of buggered up IPv4 experience with really long
| addresses.
|
| It would make a worthy challenge, the struggle would be
| legendary etc 8)
| sedachv wrote:
| > the struggle would be legendary
|
| You just assign a ULA address to an interface and that's
| it. There is no "struggle."
| throw0101a wrote:
| > _neither pfSense nor OPNsense support NPTv6 to a dynamic
| prefix._
|
| If you wish to keep track, I believe this is where pfSense is
| working on this:
|
| * https://redmine.pfsense.org/issues/4881
| naranha wrote:
| Hmm yes I have several static prefixes, so that helps. I'm in
| the EU though...
| amaccuish wrote:
| I did this with bind and static routing but Spotify refused to
| work :(
| mey wrote:
| What network equipment do you use inside your home? Ubiquity
| has driven me nuts with the poor IPv6 support. I expect the US
| consumer home network gear is in just as bad of shape. Trying
| to upgrade my Comcast modem to IPv6 gave me a device that hard
| crashed every 6 days to 1 month, that had to be replaced 6
| times until they finally would give me the next model up to fix
| the problem properly.
|
| Edit: This is for a business modem owned by Comcast, needed
| because of a static IP config.
| naranha wrote:
| Just a $40 openwrt router basically. It uses Jool.mx for
| NAT64. And I simply use Google or Cloudflare for DNS64.
| fnord77 wrote:
| my isp (google webpass) is v4 only and I read someplace they will
| probably never go to v6
| ok123456 wrote:
| IPv6 will never be universally adopted because they chose to make
| baroque auto configuration features, and the propeller heads, who
| are forcing this on everyone, gaslight us by telling us we
| shouldn't rely on having a private address space as a way of
| having control over your own network.
| slownews45 wrote:
| My current setup is comcast and att to the net. Internally I've
| got a DHCP server, with reservations for key equipment (ie do a
| certificate issuance for these as well) - think proxmox / esxi
| web interfaces). A few items x.x.x.20 and less static IP (ie,
| gateway etc).
|
| This system works great. Comcast down? No worries, failover to
| ATT (and visa versa). Everything works through the NAT,
| failover is seamless.
|
| I've spent a bit of time naively trying to get ipv6 to work as
| smoothly. The way IPv6 addresses are handed out, auto-change,
| are typed etc. It's just no where near as smooth.
|
| We needed IPv5 - I basic extension to address range - that's
| it. Just add another 0-255 at the beginning or end of things
| and be done.
|
| My other complaint. Desite supposedly having more ipv6
| addresses, my ISP _WILL NOT_ give me a static block / prefix
| etc.
|
| In other words, there are enough IPv4 addresses that I can get
| a block of 5 static IPv4 addresses, but CANNOT pay for a static
| IPv6 block. What's the limit / issue with giving me a static IP
| prefix if I'm willing to pay? Seriously...
|
| I feel like proponents of Ipv6 have not actually tried to use
| it at the consumer / prosumer / small business level.
| nrabulinski wrote:
| To answer your last point - it's not IPv6's fault but ISP's.
| In most of the EU it's trivial to get even more than one
| static v6 prefix and I wish I didn't have to deal with NAT or
| even double NAT as it's more and more common and instead
| could just run v6 only.
| slownews45 wrote:
| Awesome! I'm in the US.
|
| I gave up on some SIP/VOIP stuff because this (and other
| protocols) generate lag etc when you are going device > NAT
| > server > NAT > device route, vs device to device.
|
| I just need ONE prefix, but a group of 5 or 8 would be
| amazing (then you could use the default IPv6 scheme for
| addressing things).
|
| Maybe there is hope, the US lags in some of this a fair
| bit. There should be enough space it would seem.
| Spivak wrote:
| I'm so confused, why can't you have a private network? It's the
| best way to run it. You get a pool of public addresses to use
| from your ISP that you can use for anything! and then you give
| yourself the entirety of IPv6 private address space for your
| internal network.
| ok123456 wrote:
| But now you're relying on your ISP to do your network
| addressing for you. What happens when you have multiple
| sites? Now you have to do more ipv6 epicycles.
| Spivak wrote:
| Sorry, guess I wasn't clear. I'm talking about using NAT
| with IPv6 being the best way to set it up. Your ISP gives
| you a whole pool of public addresses you can use for
| hosting stuff publicly or forwarding or high availability.
| None of your devices will have public addresses. Then you
| use all of the private address space for your internal
| stuff.
| marcosdumay wrote:
| Well, why don't you just do that?
|
| I mean, there's a huge set of local IPv6 addresses for
| you to use, and odds are all of your computers are
| already using some (maybe more than 1). You don't need a
| NAT box at the network edge to set a private network. And
| iptables support what you described without a problem.
|
| But most people prefer to allocate the public addresses
| to the actual computers, not route them by demand. So the
| edge machine acts only as a firewall. It's easier, and
| there are enough addresses.
| slownews45 wrote:
| I tried this. It doesn't work. First, which ISPs give you
| the static IPv6 blocks? Its pretty easy (for $10/month)
| to get a block of IPv4, but I had a hard time getting
| anyone to find any free IPv6 addresses (oddly).
| znpy wrote:
| Ironically you have more than one way to address stuff locally.
|
| And of course they don't necessarily work with each other.
| throw0101a wrote:
| > _IPv6 will never be universally adopted because they chose to
| make baroque auto configuration features_
|
| What is "baroque" about it? It probably takes less
| infrastructure than IPv4.
|
| In fact there are standards in the embedded space that use the
| auto-config features to reduce the infrastructure needed to
| work:
|
| * https://en.wikipedia.org/wiki/NMEA_OneNet
|
| * https://en.wikipedia.org/wiki/ISO_15118 (EV charging)
| TekMol wrote:
| Was IPv6 needed at all?
|
| What problems would occur if we were just nat-ing everyone behind
| those 4 billion IPv4 addresses?
|
| I run a popular website and I have never heard anyone being
| unable to use it because it is IPv4 only.
|
| I just tried test-ipv6.com and it gives me a score of 0/10,
| saying "You appear to be able to browse the IPv4 Internet only.".
| I basically _live_ in the internet. And I am not aware of any
| problems this causes me.
| throw0101a wrote:
| > _What problems would occur if we were just nat-ing everyone
| behind those 4 billion IPv4 addresses?_
|
| Because we're running out of IPs _even with_ NAT, so entire
| ISPs have to implement it:
|
| * https://en.wikipedia.org/wiki/Carrier-grade_NAT
|
| There are entire swaths of IPv4 addresses (100.64.0.0/10)
| reserved _just for ISPs_ to assign to their customers ' WAN
| interface which will not interfere with the RFC 1918 addresses
| people use on their home networks:
|
| * https://datatracker.ietf.org/doc/html/rfc6598
|
| We're doing NAT-upon-NAT.
|
| Good luck doing hole punching on your personal firewall to
| allow connections in for games or VoIP.
| mishafb wrote:
| With IPv6, you don't have CG-NAT, or double NATting, at the ISP
| level. If both sides are behind CG-NAT, then direct peer-to-
| peer communication is impossible or at least unstable to
| establish.
| TacticalCoder wrote:
| > What problems would occur if we were just nat-ing everyone
| behind those 4 billion IPv4 addresses?
|
| Even with NAT'ing we're running out of IPv4 addresses.
|
| Now I NAT on IPv4 at home, even though my router/ISP supports
| IPv6. First thing I do on any Linux install at home is get rid
| of IPv6. I don't see where the problem is. I really don't see
| why my home machines should have an IPv6 IP: the outside world
| sees my router's IP and that's it. Now I'm certainly
| misunderstanding all the benefits and security that IPv6 would
| bring me at home but meanwhile I'll stay on IPv4 and I really
| don't see what the problem is either.
| tadfisher wrote:
| Not a networking expert by any means, but having built out a
| home network, my understanding is as follows:
|
| Benefits-wise, your devices are addressable on the Internet,
| so it becomes simpler to create peer-to-peer connections,
| firewall traffic, and create segregated subnets.
|
| Security-wise, your devices are addressable on the Internet,
| so all the workarounds to punch through NAT with terrible
| security implications aren't needed (I'm thinking UPnP
| mostly, but STUN/TURN/ICE are easy to get wrong).
| Essentially, under IPv4+NAT, your devices are already
| "addressable" via a combination of your router's IP and some
| form of session token, but securing such traffic depends on
| the successful implementation of a NAT-traversal protocol by
| a third party.
| throw0101a wrote:
| > _Security-wise, your devices are addressable on the
| Internet_
|
| Nope. By default home routers (e.g., Asus) will block
| incoming connections just like with IPv4. It _may_ allow
| pings (ICMP) in, but that 's usually it.
|
| You have to manually go in and tell the router to allow new
| connections in (either generally, or per service/port),
| just like the "DMZ" functionality with IPv4 many routers
| have.
| rafaelturk wrote:
| I'm puzzled Canva.com is top 25?! kudos
___________________________________________________________________
(page generated 2021-10-28 23:01 UTC)