[HN Gopher] The IPv6 Transition
___________________________________________________________________
The IPv6 Transition
Author : todsacerdoti
Score : 83 points
Date : 2024-10-20 05:54 UTC (17 hours ago)
(HTM) web link (www.potaroo.net)
(TXT) w3m dump (www.potaroo.net)
| Kelteseth wrote:
| I've mentioned this previously. Without government-mandated
| standards, implementation could take years. We apply this
| approach to numerous areas; why should IP be an exception?
| robocat wrote:
| A world of being told what to do was not the "dream" of freedom
| for the internet.
|
| If you want the government to mandate standards, vote with your
| feet and move to China where it has been mandated.
|
| I thought the point of the article is that perhaps IPv6 is
| ultimately unnecessary: worse is better?
|
| Why are we engineers so attracted to authoritarianism? The idea
| of just telling everyone to use the new version seems
| attractive to me too. Then again I often deeply admire
| practical engineering compromises. (edited: clarified)
| Kelteseth wrote:
| Agreeing on a common standard is not authoritarianism.
| x3n0ph3n3 wrote:
| Governments _mandating_ it sure is.
| robocat wrote:
| You said "government-mandated" - do you think your words
| matter?
|
| That doesn't sound like agreement.
|
| Agreement is how we have arrived at the imperfect solution
| we have now... Agreement between various technical and non-
| technical parties.
| kortilla wrote:
| We have agreed on a common standard. It's IPv6.
|
| Forcing people to use it is authoritarianism.
| Kelteseth wrote:
| You are also forced to use a seat belt. Calling it
| authoritarianism when we want to enforce a standard is
| absurd.
| kortilla wrote:
| Seat belts have a reason. If I want to communicate with
| some computers using IPv4 or IPX, that's my choice.
| Putting laws on what I can put inside of Ethernet is
| absolute stupidity
| agubelu wrote:
| I fail to see how mandating ISPs to implement and use
| IPv6 is equivalent to "putting laws on what you can put
| inside of Ethernet"
| xnyan wrote:
| This seems like an extremely broad statement. You
| probably don't think all use of force is authoritarian,
| or not allowing any and all protocols to be used on the
| internet is force. Maybe, but not necessarily. Why
| specifically would retiring IPv4 be authoritarianism?
| Affric wrote:
| Pick up the benefits of ending IPv4 development sooner.
|
| One less thing to ship with every bit of network software.
|
| One less learning outcome taught in every networking course.
|
| One less piece of organisational complexity in every ISP.
|
| Fewer rent seekers in the IP address space.
|
| But these benefits are network effects and we only achieve
| them once IPv4 is relegated to the archaics of the internet
| tech stack.
| jonathanlydall wrote:
| While legislation would be way to actually make IPv6 transition
| happen, what is the justification for such legislation and cost
| it would impose on the industry?
|
| And that is the point of this article, for most participants of
| the internet the benefits don't presently justify the involved
| cost.
|
| Peer to peer networking is important to rare users like me so I
| can do things like host a private Minecraft server from my
| house for my brothers and I to play on, but this is not yet a
| problem for me on IPv4.
|
| Interestingly a few years back while I was moving and had no
| internet for a few weeks I temporarily moved the Minecraft
| server to my brother's house and we discovered he was on CG NAT
| which was a total nonissue before then.
|
| I sent an email to the ISP saying we wanted to expose a port
| and asked how to do so and they changed my brother's account to
| be given a public IP no questions asked or extra costs. And I
| found this policy okay because probably 99.999% of internet
| users don't do anything over the internet where a public IP
| would make any difference to their life.
|
| I expect once enough of the internet is on IPv6 the cost
| benefit pendulum will swing the other way, but we're not there
| yet and it's not clear when it might happpen.
| Affric wrote:
| Static IP here in Australia costs AUD 5 per month for
| residential users... I think it's just a price signal to
| entirely disincentivise it to anyone who doesn't need it.
| thayne wrote:
| In the US, if you want a static IP you often need to
| purchase a business connection, which is usually
| significantly more expensive (and residential connections
| are already expensive), and may not even be available if
| you live in a residential area.
| candiddevmike wrote:
| There's plenty of justification around the value of IPv6, but
| it will be lost on most users. But the same scenario has
| played out before where things that folks don't understand
| were enforced, like leaded to unleaded gasoline or removing
| CFCs.
|
| Fastest way to get IPv6 going in the US is to mandate all
| government usage be IPv6 only by 20XX. Any supplier or vendor
| must work over IPv6. You'll see the industry fall in line
| very quickly, no one wants government money to be shut off.
| AndrewDucker wrote:
| The DoD mandated v6 a few years back. The US government could
| easily dictate that all of their supplied software had to
| support it.
| gorgoiler wrote:
| > _In 2024 it's estimated that 20 billion devices use the
| Internet, yet the Internet's IPv4 routing table only encompasses
| 3.03 billion addresses ... sharing each individual IPv4 address
| across an average of 7 devices._
|
| ...but the graph below that text shows 40% of traffic is IPv6, so
| the v4 space is only shared across 12e9 devices?
|
| In my experience the big holdouts these days are corporate
| networks. All my domestic ISPs (cell, home, data centre) provide
| IPv6 and most devices use it by default. Meanwhile at the office
| we're struggling to bring up a new internal service because our
| v4 IPAM is a legacy mess where the most you can calve off is a
| "class A" /27.
| alexchamberlain wrote:
| FWIW, domestic ISPs in the UK are lagging on IPv6; I'm with
| Vrigin Media and, afaict, there is no immediate plan to deploy
| it either.
| Woansdei wrote:
| Last time I called Virgin media to get from the loyal
| customer (extra high) rate to something closer to what new
| customers get they just said no.
|
| I switched to Vodafone which is cheaper and double the speed
| and got me IPv6. I think it might just be Virgin sitting on a
| large amount of IPv4 addresses and not wanting to spend any
| money on supporting v6 when they can just overcharge their
| loyal customers.
| smallupdate wrote:
| Both BT and Sky are fully IPv6, many altnets are too, it's
| actually Virgen Media that is the problem in the UK. In the
| case of Sky they are now running MAP-T and starting the
| transition to IPv6 only.
| Semaphor wrote:
| Germany, Vodafone. They support it, so I could get v6, but
| chances are that that'll switch me to CGNAT for v4, so I'm
| not willing to risk it.
| redprince wrote:
| Weird that you have to do an extra step for IPv6. Other
| ISPs in Germany have enabled it for every customer at some
| point. Unless your router asks for IPv6 addresses, nothing
| really changes anyway. So maybe just enable IPv6 on your
| router and see what happens?
|
| On a side note, there seem to be ways to get out of CGNAT
| when you got condemned to use it: It is sometimes an
| annoying source for client VPN instabilities and from what
| I heard, users can just ask to be switched over from DS-
| Lite to classic dual stack to improve application
| compatibility.
| Semaphor wrote:
| No, I have to ask customer service to enable it, my
| EdgeRouter X supports IPv6.
| pantalaimon wrote:
| Must be an old contract, all new contracts appear to be
| CGNAT/native IPv6 across ISPs
| gorgoiler wrote:
| Virgin nee _ntl:_ has always been complete trash. Are they
| representative of UK ISPs in general? BT and Sky completed
| their v6 rollout years ago and they account for over half the
| market.
| robertlagrant wrote:
| Anecdata: having switched between Vodafone, Virgin and Sky
| as my last three ISPs, Virgin was by far the best.
| Latty wrote:
| When I was in Cambridge Virgin Media used to throttle to
| dial-up speeds at peak times. Meanwhile, I was still
| getting advertising leaflets from them through the door
| trying to sign new people up. Active fraud selling people a
| service you _know_ you can 't provide, and had no timeline
| to fix.
|
| On the upside, a _lot_ of the UK is getting small fibre
| companies rolling out 1G symmetric lines all over the place
| now. I 've got that in my new place and it's been great
| (IPv6, CGNAT IPv4 by default but you can pay PS5 for a
| static IPv4 too).
| kortilla wrote:
| The types aren't exclusive. In the US most ISPs are dual stack.
| That 60/40 split pretty closely aligns with traffic stats a
| dual stack operator sees in their network.
| dfboyd wrote:
| https://cr.yp.to/djbdns/ipv6mess.html still as relevant as the
| day it was written
| Plasmoid wrote:
| Time has not been kind to this article. It's basically a
| compete list of fallacies that people believe about ipv6.
| x3n0ph3n3 wrote:
| Oh, is IPv6 now backwards compatible with IPv4? No? I guess
| not a complete list of fallacies.
| growse wrote:
| I can route to v4 endpoints on my v6-only network just
| fine. _Shrugs_
| kortilla wrote:
| They aren't compatible. There is a device in the middle
| doing a translation for you.
|
| That's like saying HTTP can talk to FTP servers as long
| as there is an HTTP to FTP proxy.
|
| The only thing that makes them seem compatible is there
| is a well formed address space in v6 that clients send v4
| requests to. But it's still v6 and a 64 proxy needs to
| have an actual IPv4 address to translate the source to
| before sending it via v4 to the actual destination.
| growse wrote:
| I'm aware there's a middle box. My point is that the
| middle box is a compatibility layer which, by definition,
| has the effect of enabling compatibility (at least in one
| direction).
|
| The usual "they should have designed it to be compatible"
| nonsense usually comes from the crowd with zero
| suggestions of how to have a 32-bit addressed device send
| to packets to something with an address outside its
| universe.
|
| Point is that djb was as wrong then as they are now.
| throw0101c wrote:
| > _They aren't compatible. There is a device in the
| middle doing a translation for you._
|
| Which was true of all the IPng candidates, and not just
| the one that ended up being chosen for "IPv6".
|
| There is no way to expand the addresses space (as found
| in IPv4) to something greater that 32-bits in a
| compatible: new API calls, data structures, DNS records,
| _etc_ , were always going to be needed.
|
| To list "not compatible" as a con of IPng/IPv4 is non-
| sensical.
| kstrauser wrote:
| Which is to say, not.
| commandersaki wrote:
| DJB point about the _magic moment_ makes sense to me. What is
| the point of a separate network that has 33% adoption? It has
| virtually no impact to alleviate IP address exhaustion, and
| therefore there is no incentive.
| commandersaki wrote:
| > _This is the same as looking at a linear trend line placed over
| the data series used in Figure 1, looking for the date when this
| trend line reaches 100%. Using a least-squares best fit for this
| data set from January 2020 to the present day, and using a linear
| trend line, we can come up with Figure 2._
|
| > _This exercise predicts that we'll see completion of this
| transition in late 2045, or some 20 years into the future._
|
| Anyone willing to place a bet on this?
|
| > _While the design of IPv6 consumed a lot of attention at the
| time, the concept of transition of the network from IPv4 to IPv6
| did not._
|
| > _Given the runaway adoption of IPv4, there was a naive
| expectation that IPv6 would similarly just take off, and there
| was no need to give the transition much thought. In the first
| phase, we would expect to see applications, hosts and networks
| adding support for IPv6 in addition to IPv4, transforming the
| internet into a dual stack environment. In the second phase we
| could then phase out support for IPv4._
|
| I really don't understand this, how do you not make a transition
| plan the #1 requirement for selecting the next IP. (But the
| article goes on to say...)
| kortilla wrote:
| > Anyone willing to place a bet on this?
|
| Ill bet against it. The tail on this one is going to be super
| long.
|
| There are embedded systems today that are shipping in things
| expected to last 30 years with IPv4 only.
|
| The logistics of the bet are going to be hard. I do see a world
| where IPv6-only becomes the default for ISPs and IPv4 becomes
| an add-on you pay for either from your ISP or from another via
| a tunnel. Does that world mean v4 is dead yet?
| vaylian wrote:
| GitHub is still not accessible on the IPv6-only internet:
| https://isgithubipv6.live/
| AStonesThrow wrote:
| Yes, but what we really want to know, is Abe Vigoda still with
| us?
| mannyv wrote:
| He is always with us.
| kijin wrote:
| I think the article's diagnosis is spot on.
|
| The urgency of IPv6 adoption was predicated on the assumption
| that every connected device, both server and client, needs a
| unique and stable IP address. Back when IPv6 was first discussed,
| you couldn't even host two HTTPS sites on the same IP/port
| combination! That was such a colossal waste of IP addresses.
|
| Another thing that changed on the server side was that, thanks to
| AWS and the like, it became trivial to set up a massive private
| network. Nowadays you can have a cluster of thousands of virtual
| machines that communicate with one another entirely within a VPC.
| Only machines that need to communicate with external entities get
| a public IPv4 address. This kind of setup not only frees up a
| /20, but also has the benefit of being more secure.
|
| Meanwhile, on the client side, the rise of mobile internet means
| that devices can no longer assume that it will have any given
| address for any length of time. Even if we had plenty of
| addresses to go around, like with IPv6, what can we do when the
| device moves across the country? It's easier to assign a new
| address than to try to route the old address to an entirely
| different ISP. Reducing the complexity of the routing table was
| one of the goals of IPv6, after all. Insisting on a unique and
| stable IP address for each mobile device would defeat that
| purpose.
|
| As a result, most new applications are being built with the
| assumption that the IP address doesn't matter. You rent a few
| ports on someone else's IP for a few minutes to fire off a bunch
| of requests, just like you'd rent CPU cycles on someone else's
| machine to run some functions.
| somat wrote:
| it is unfortunate that tcp and ip are as interlocked as they
| are, by which I mean, there is no way to keep your tcp
| connection while swapping out the underlying ip addresses.
|
| This is not actually a real problem, we do just fine without
| it, it can be solved at higher or lower layers. But it would
| have been nice to have.
| kijin wrote:
| Yeah, it would have been nice to have, but that's all.
| Instead of requiring IPv6, the internet has evolved in a
| direction that tolerates disconnects and reduces its own IPv4
| address consumption. It will probably work fine for the next
| 20 years at least.
|
| In the 19th century, New Yorkers worried that the city would
| soon be buried in horse shit because of increasing demand for
| transportation. The horse shit apocalypse never materialized,
| because transportation evolved in a way that stopped relying
| on horses. Now we have a different problem, of course.
| throw0101c wrote:
| > _it is unfortunate that tcp and ip are as interlocked as
| they are, by which I mean, there is no way to keep your tcp
| connection while swapping out the underlying ip addresses._
|
| Multipath/homing, with different IP addresses, exists with
| TCP and SCTP:
|
| * https://en.wikipedia.org/wiki/Multipath_TCP
|
| * https://en.wikipedia.org/wiki/Stream_Control_Transmission_P
| r...
| toast0 wrote:
| MPTCP addresses this, Apple uses it (or used it, I haven't
| looked in a long time), and there's some way to enable it for
| applications on their OSes, but you also need to make it work
| on a server OS... I don't think it's been merged into
| anything but patches are around.
| edf13 wrote:
| Exactly this... which raises the question- do we need ipv6 at
| all?
| dopylitty wrote:
| > Another thing that changed on the server side was that,
| thanks to AWS and the like, it became trivial to set up a
| massive private network. Nowadays you can have a cluster of
| thousands of virtual machines that communicate with one another
| entirely within a VPC. Only machines that need to communicate
| with external entities get a public IPv4 address. This kind of
| setup not only frees up a /20, but also has the benefit of
| being more secure.
|
| This is something that people who are too deep in the weeds of
| legacy networking don't realize. The future is to not use IP at
| all within enterprise and not use the Internet at all for B2B
| communication. In fact the future is to not use any networking
| abstraction at the application layer.
|
| To start with every device can be in VPCs with the same private
| /16 because they can easily communicate securely within the
| cloud environment via services like VPC lattice or using S3/API
| gateway both within and across companies. Let the cloud
| provider handle the undifferentiated heavy lifting of figuring
| out how to get data from one device to another. In time third
| parties will establish cross provider bridges.
|
| Then you can start to ask yourself why your applications need
| the "networking" abstraction at all. If you want to send some
| bits to an application either within or across companies it
| should be just a matter of putting the bits in some location
| the receiving application has access to and the cloud providers
| can figure out how to actually make the bits accessible to the
| other application. Think writing to an S3 bucket using a VPC
| endpoint but with less HTTP/TCP/IP cruft in the middle.
|
| As a benefit the identities on both sides will be established
| by the cloud providers so you don't need to worry your devices
| are reachable by malicious actors. Then you can start to get
| rid of all this cyber security nonsense that has grown up
| around the ridiculously insecure protocols that were developed
| in the 70s for connecting trusted machines and somehow are
| still in use today.
|
| Internet service providers and cloud providers may or may not
| use IPv6 but enterprises, schools, and end users certainly
| won't need to.
| AdamH12113 wrote:
| I've often wondered if going with 64-bit addresses with a dotted
| quad hex notation would have eased the roll-out. I remember a lot
| of resistance when IPv6 was first announced along the lines of "I
| can't memorize/type in giant addresses and I don't want to have
| to use DHCP and DNS everywhere." It felt like IPv6 never
| recovered from a bad first impression.
| growse wrote:
| I'm not sure I've ever heard this view expressed by serious,
| competent network engineers. I have heard it a _lot_ from the
| home hobbyist though, but I 'm not sure how much that
| demographic matters in the grand scheme of things.
| chgs wrote:
| The vast majority of ip4 only networks are enterprise, that's
| where I hear the complaints from. The people who say autoconf
| (dhcp etc) is bad and that dns is bad.
| nikanj wrote:
| Serious, competent network engineers are not created in
| vacuum from platonic ideals and TCP fragments. They're home
| hobbyists who grew up hating ipv6, and won't magically learn
| it overnight when their previous networking guy quits and
| they get handed the keys to the server cage
| growse wrote:
| These people are neither competent nor serious.
|
| In the real world, people who design and operate large
| networks are the very same people who staffed the working
| groups who designed IPv6. It's _their_ design.
| zaphoyd wrote:
| I also find it really weird as the killer (only?) app for
| IPv6 is that home hobbyists can run servers with low
| overhead!
|
| Additionally, like a sibling comment notes, a home hobbyist
| has full control over at least half, often more, of their
| addresses and can easily choose addresses for their network
| that are as short or shorter and easier to remember and
| organize vs a v4 network where you have no letters to work
| with much more strict subnet size rules, etc.
|
| IPv6 is a dream for home hobbyists! The complaining from them
| about "unmemorable" addresses just makes no sense.
| growse wrote:
| > I also find it really weird as the killer (only?) app for
| IPv6 is that home hobbyists can run servers with low
| overhead!
|
| Well, the non-trivial percentage of large orgs that have
| _literally run out_ of RFC 1918 space would disagree.
|
| But yes, you're right. There's a weird Stockholm syndrome
| thing some people have with NAT.
| Dylan16807 wrote:
| Couldn't anyone in that position use 2xxx:yyyy:zzzz:ww::1,
| 2xxx:yyyy:zzzz:ww::2, etc. and get the same effect?
| hairyplanter wrote:
| I have fully implemented IPv6 in my home network.
|
| I have even implemented an IPv6-Only network. It fully works,
| including accessing IPv4 only websites like github.com via DNS64
| and NAT64 at my router.
|
| The only practically useful thing about my IPv6 enabled network
| is that I can run globally routable services on my lan, without
| NAT port mapping. Of course, only if the client is also IPv6.
|
| Other than this one use case, IPv6 does nothing for me.
|
| It doesn't work from most hotels, nor from my work lan, nor many
| other places because most "managed" networks are IPv4 only. It
| works better at Cafes because they are "unmanaged" and IPv6 is
| enabled by the most common ISPs, like ATT and Comcast and their
| provided routers.
|
| Based on this experience, I think IPv6 is less valuable than us
| HN audience thinks it is. Private networks, NAT, Carrier Grade
| NAT are good enough, and internet really doesn't care about being
| completely peer-to-peer.
|
| I think the adoption rate reflects this--it's a linear growth
| curve over the last 25 years. It should have been exponential.
|
| I think cost of IPv4 reflects this--it is now below the peak, and
| has leveled off.
|
| As surprising as it seems, IPv4 exhaustion has not been a serious
| problem. Internet marches on. IPv6 is still a solution looking
| for a problem, and IPv4 exhaustion wasn't one of them.
| Dylan16807 wrote:
| NAT is mostly okay, but carrier grade NAT where you can't
| forward a port causes real problems.
|
| IPv4 exhaustion _is_ a real problem, it 's just not enough to
| motivate people much.
| saurik wrote:
| Have you tried using PCP to forward the port? I was under the
| (maybe-incorrect, and if so I would really like to learn)
| impression that most major CG-NAT setups supported it.
| Dylan16807 wrote:
| I suppose I can try that some time. I can find absolutely
| zero mentions of that for the ISP, just the option of
| buying a static IP.
| kortilla wrote:
| Nah, many carriers don't support it. I've always had to
| resort to STUN
| kijin wrote:
| If it was a real problem, market pricing would reflect the
| increasing severity of that problem.
|
| The truth is that people who care about port forwarding are
| such a small minority -- especially now that P2P file sharing
| has lost its hype -- that they don't make a visible dent in
| the rate of IPv4 exhaustion.
| Dylan16807 wrote:
| The market price is only something like 5 or 10 dollars a
| month, but anyone having to pay that to be accessible is
| _an embarrassing failure of the system_. It doesn 't matter
| whether it's a big dent in the number of IPs or not.
| kijin wrote:
| There are billions of people out there who can access the
| internet, and make themselves accessible through the
| internet the way they want, just fine without a dedicated
| IP address.
|
| Maybe you have a definition of "access" that is different
| from the usual one. That's fine, but let's be honest,
| it's not the usual definition.
| Dylan16807 wrote:
| Someone being able to connect to their device is the
| definition I use. What's your definition?
|
| Being able to relay through a third party is a different
| thing.
| Hamuko wrote:
| Doesn't CGNAT also mess up things like Nintendo Switch
| online multiplayer?
| electronbeam wrote:
| Nintendo should really enable IPv6 on the Switch to help
| with this
| AStonesThrow wrote:
| The truth is that major cloud providers such as Amazon AWS
| have begun to charge [more] for static, routed IPv4
| addresses.
|
| Last I checked (a few years ago, I suppose), AWS APIs were
| incapable of using IPv6 internally, so a VPC still needed
| to dual-stack it in order to use AWS cloud features. That
| may have changed by now.
| kijin wrote:
| IPv4 prices peaked during the Covid pandemic, presumably
| because of sudden high demand. Amazon took this as an
| opportunity to increase prices.
|
| Now IPv4 prices are returning to pre-Covid long-term
| trends. But of course Amazon won't reflect that in their
| pricing table.
| throw0101c wrote:
| > _Amazon took this as an opportunity to increase
| prices._
|
| IPv4 prices peaked in early 2022; AWS started charging
| for public IPv4 in 2024 (announced in 2023):
|
| * https://aws.amazon.com/blogs/aws/new-aws-public-
| ipv4-address...
|
| If they had increased prices in 2022 (or at least
| announced in 2022), then I could see some kind of
| correlation, but give it was 1.5-2 years after, I doubt
| there is a connection.
| thayne wrote:
| Yep, lots of AWS apis don't work over ipv6, and many
| require making requests outside the VPC, so you need to
| have at least one ipv4 address for a NAT.
| BrandoElFollito wrote:
| I had to reluctantly deploy ipv6 on my home network because of
| ISP requirements + will to use pihole.
|
| Ipv6 is hard. I had to learn quite a bit to make it work and
| not only I see no value, but it is significantly more difficult
| to use dire to the address length.
|
| I think IPv6 is a missed opportunity, it was probably designed
| by experts that did not take into account the population that
| will use it (not the one users who do not care, but the layer
| above them)
| qwertox wrote:
| What requirement could an ISP impose on you for you to be
| forced to migrate the intranet to IPv6 (because of PI-hole)?
|
| You could always place a small NAT-enabled router between
| your ISP's device and your home network.
|
| The only problem I could see would be the lack of a
| (semi-)static public IPv4 address, which one could solve by
| renting a VPS.
| BrandoElFollito wrote:
| My ISP is the French "Free". They provide a router that is
| difficult to swap with my own (it is possible, but it is
| way easier to switch it to a bypass mode). With this router
| comes a TV box that requires IPv6 to work.
|
| When I replace DHCP/DNS with Pihole I need to account for
| that. While this is not a complex setup once you understand
| IPv6 you still need to learn it.
|
| I work in IT so I tried to get myself to IPv6 several times
| but never had any reason to do so (despite self-hosting a
| lot and generally being a nerd). I had to do that this time
| and my uninformed opinion is that it could have been done
| so that it is much simpler for advanced users (but not yet
| networking experts)
| unethical_ban wrote:
| I struggled to get IPv6 running on my home network, then had
| issues with DNS dual stack once I got it going, so I turned
| it off.
|
| That said, I think the difficulty of IPv6 is in the UI of the
| home routers that implement it, and a lack of sane defaults.
|
| The ISP should give every SOHO/residential customer a /60.
| The router of a simple IPv6 should do prefix delegation. The
| router should default to SLAAC for local IP addresses, and
| configuring DNS with Router Advertisements. And residential
| routers can be set up to have an internal DNS server which
| populates the ".internal" domain with hostnames from the
| network.
|
| As a network admin, you have to learn new things like the
| uses of IPv6 multicast, and ND, the lack of ARP, and some
| other things. Home users shouldn't have to care about that.
| erinaceousjones wrote:
| Fun reasons why my home network is still on IPv4: IPv6 drains
| my girlfriend's phone battery :-)
|
| Something to do with Router Advertisement intervals being too
| short, though I don't get why that only affects her ~5yo
| android phone. And IPv6 is so complex, I haven't figured out if
| the RA interval is something I can or should tweak, whether
| that comes from the PiHole or whether I'd have to flash OpenWRT
| on my router, or whether my ISP ultimately controls that
| upstream. Like, I can't figure out as easily where the boundary
| between me and "the internet" ends with things like the /64
| prefixes and SLAAC and RDNSS and all the other acronyms.
|
| Yeah, yeah, I should RTFM, and eventually I might figure out
| what makes a "good" home IPv6 network. But I can't be arsed to
| do that in my free time yet, and neither can most software
| companies _cough cough Google /Android and that one guy causing
| IPv6 drama in the android team_
|
| Like.... Ehhh... I'll come back to it in a few more years. "Are
| we IPv6 yet?"
| BonoboIO wrote:
| Never would have guessed that ipv6 could be a battery drain
| yjftsjthsd-h wrote:
| > I have even implemented an IPv6-Only network. It fully works,
| including accessing IPv4 only websites like github.com via
| DNS64 and NAT64 at my router.
|
| What did you use to implement that? I found it surprisingly
| difficult to find software to do NAT64 on Linux.
| russfink wrote:
| This was true 25 years ago and is still as true today.
| throw0101c wrote:
| > _Private networks, NAT, Carrier Grade NAT are good enough,
| and internet really doesn 't care about being completely peer-
| to-peer._
|
| CG-NAT adds a cost that not everyone can easily afford:
|
| > _We learned a very expensive lesson. 71% of the IPv4 traffic
| we were supporting was from ROKU devices. 9% coming from
| DishNetwork & DirectTV satellite tuners, 11% from HomeSecurity
| cameras and systems, and remaining 9% we replaced extremely
| outdated Point of Sale(POS) equipment. So we cut ROKU some
| slack three years ago by spending a little over $300k just to
| support their devices._
|
| > _First off I despise both Apple and that other evil empire
| (house of mouse) I want nothing to do with either of them. Now
| with that said I am one of four individuals that suggested and
| lobbied 15 other tribal nations to offer a new AppleTV device
| in exchange for active ROKU devices. Other nations are facing
| the same dilemma. Spend an exorbitant amount of money to
| support a small amount of antiquated devices or replace the
| problem devices at fraction of the cost._
|
| * https://community.roku.com/t5/Features-settings-
| updates/It-s...
|
| * "Roku devices don't support IPv6 in 2023 and it's costing
| ISPs", https://news.ycombinator.com/item?id=35047624
| WarOnPrivacy wrote:
| > Grade NAT are good enough
|
| CGNAT would cripple every customer I've ever had, going back to
| the beginning of broadband. Everyone one has had something on-
| premises that needs to be accessible. Nearly always, it's
| multiple things that are critical to operations.
| However. if someone wants to forever keep 100% of their
| accessible data in someone else's silos... and be
| forced to pay 3rd parties to access anything located on their
| own premises (ex:cameras) then imprisonment
| behind CGNAT might feel 'good enough' to them.
| koyote wrote:
| I recently moved to a 'cheap' ISP because I could get double
| the speed for half the price. They use CG-NAT and it's been
| awful.
|
| I don't need to forward any ports but seemingly because I share
| an IP with a billion people I get Captchas everywhere (Google,
| Cloudflare etc.). I was even blocked from accessing Reddit
| without an account at some point.
| NelsonMinar wrote:
| Starlink uses CGNAT. It's awful, I'm regularly getting
| CAPTCHAs on random websites.
|
| They now support IPv6 but only with dynamic address
| allocations so you don't get a lot of advantages from it.
| thayne wrote:
| Well there are serious network effects at play.IPv6 would be a
| lot more valuable if it was more broadly deployed.
| tims33 wrote:
| What do you see as the key points that create a lot more
| value?
| Uptrenda wrote:
| These charts that show IPv6 adoption really don't mean shit. The
| thing is: every single device out there isn't being used directly
| by a human bean (and a real hero.) They include things like
| sensors, smart lights, fridges, washing machines, a huge huge
| number of mobile devices, company networks, ... apparently even
| tooth brushes? Look at another sector and the story is ((quite
| horrible.)) I'm talking a regular fixed home network.
|
| Start by looking at routers for IPv6 support. And what do you
| see? Total crap across the board. Here's some of the issues I've
| seen. Routers that have no IPv6 support (common for ISP provided
| routers.) Routers that have NO FIREWALL for IPv6. Routers that
| crash every 3 minutes after assigning an address. Routers that
| don't support the exact combination of network details to setup
| IPv6 on your network (there are multiple ways to deploy IPv6.)
|
| What about if you want to use features like UPnP with IPv6
| (something that would probably be useful for some software given
| that IPv6 is supposed to give you public addresses but firewall
| it on the router.) What I've found is there's really just one
| UPnP library that every router uses even though it sucks.
| miniupnpd. This is a library that can barely manage to handle
| different types of addresses. It's really a mixed bag whether an
| IPv6 firmware will have miniupnpd enabled and if its built for
| IPv6 (and if anyone bothered to test it.) The odds go down
| dramatically.
|
| If you manage to get a router with IPv6 at home working alongside
| other useful Internet standards made for it (since 2010) color me
| impressed. You probably buy a lottery ticket at that point.
| Because if testing IPv6 deployments for the past 2 years has
| taught me anything: its that no one really cares about this shit.
| Present day, present time. You still hear people telling others
| to turn IPv6 off for some vague reason ('security', 'bad',
| 'problems.') These people don't really have a clue. It's all just
| a massive cope because they tried to get it to work and failed.
| And after the shit I've said I can't say I blame them. But I also
| want to note that their conclusions are BS.
| brnt wrote:
| > They include things like sensors, smart lights, fridges,
| washing machines,
|
| Now you gave me an excellent reason to make my home network
| v6-only.
| jeroenhd wrote:
| All routers I've ever encountered have a default deny rule for
| IPv6, replicating the port forwarding setup people have come to
| expect from NAT. Except you can use multiple Xboxes in the same
| network now, of course.
|
| Even the mini router I bought for 15 bucks five years ago does
| IPv6 addressing just fine. Just announcing a prefix (or two,
| local network stuff over ULAs and all that) is enough to make
| SLAAC do its thing. Never had any problem with DHCPv6 PD for
| automatic subnetting either.
|
| I haven't looked into UPnP on IPv6 much, but the ones that did
| UPnP all seem to do IPv6 fine after 2015 or so. I usually turn
| it off because I don't want random crap manage my firewall
| unauthenticated (and many router manufacturers have had
| vulnerable implementations that would accept UPnP packets from
| the internet so screw that).
|
| Brands that I've successfully used IPv6 with without any hassle
| include TP-Link, D-Link (don't buy from them), AVM, Mikrotik,
| and Netgear.
|
| The most annoying part I find about routers is actually that
| they don't let you disable ALGs anymore it seems. Every few
| years Samy Kamkar writes up a way to bypass most IPv4 firewalls
| by abusing the hackery we've accumulated around NAT and the
| easiest fix ("let FTP/SIP/H363/PPTP be broken on IPv4") doesn't
| seem to come with routers anymore.
|
| It took a while, but router manufacturers seem to have realised
| that the world is moving towards "CGNAT or IPv6" and not having
| usable IPv6 breaks networks in those cases.
|
| The most broken IPv6 deployments I've seen were from people who
| tried to turn it off though weird hacks like firewall rules
| which subsequently got IPv6 from their ISP. Had they actually
| disabled IPv6 they would've just been stuck OK IPv4 like
| regular, but their weird hacks made half the TCP connections
| need to time out before they could access the internet.
| throw0101c wrote:
| > _I haven 't looked into UPnP on IPv6 much_
|
| Added as an appendix in 2011:
|
| * https://upnp.org/specs/arch/UPnP-arch-
| DeviceArchitecture-v1....
| kalleboo wrote:
| What's funny is the last consumer router I bought had the
| opposite problem. It had a ridiculously low limit on DHCP
| leases, something like 32 devices. And one time, IPv4 routing
| just crashed completely and I had to reboot it. Meanwhile IPv6
| was always rock stable. The crash was a weird one to debug at
| first since so many online properties work with IPv6, at first
| I blamed DNS
| kalleboo wrote:
| The internet stopped being a network of peers where everyone
| needed an address and is now a split into producers (a handful of
| large companies) and consumers (everyone else).
|
| The consumers are not expected to need a public address where
| they can be reached - in fact, having a public address is
| actually a security and privacy risk.
| redprince wrote:
| That was in fact one of the promises of IPv6: Restore the
| network of peers where every host is in principle a server and
| a client and communication between peers is unhindered unless a
| policy is enforced saying otherwise (on the machine, on a
| firewall, etc.).
|
| > having a public address is actually a security and privacy
| risk.
|
| Services can be turned off or a firewall instructed not to pass
| traffic from the internet (by default). That represents exactly
| the same attack surface as having a service enabled and nobody
| being able to get to it from the internet because of NAT.
|
| The privacy risk is mitigated by RFC4941 "Privacy Extensions
| for Stateless Address Autoconfiguration in IPv6". Granted that
| does not deal with the (delegated) prefix staying the same and
| when there are only one or very few users in that prefix, some
| individual behavior could be inferred. Because of that at least
| in Germany we have the peculiar horror of getting the IPv6
| address and all delegated prefixes changed on every redial.
| That eliminates all privacy concerns while also continuing to
| make residential internet connections useless for hosting any
| services.
|
| Anyway. The internet is already way down the road of
| functioning only as the delivery conduit for a few cloud /
| service providers mediating all user communication and access
| to content.
| Affric wrote:
| > in Germany we have the peculiar horror of getting the IPv6
| address and all delegated prefixes changed on every redial.
|
| This is oh so very German.
|
| In normal times it is massively overkill. I have to wonder
| if, heaven forbid, the things these sort of German things are
| meant to mitigate come to pass again if they will make any
| difference or if they are a largely symbolic act designed to
| demonstrate ideological opposition to such things.
| bigstrat2003 wrote:
| > in fact, having a public address is actually a security and
| privacy risk.
|
| I strongly disagree with this. Privacy (not that it's a big
| deal imo) is well handled by the temporary address extension,
| and security is not an issue if you run a firewall. And you
| should be running a firewall even if you use v4, because NAT is
| not an acceptable security measure.
| FridgeSeal wrote:
| Whilst I agree with you, I rather depressingly suspect a lot
| of people equate NAT with "security".
| xnyan wrote:
| > The consumers are not expected to need a public address where
| they can be reached - having a public address is actually a
| security and privacy risk.
|
| 100% of consumer routers and OS level firewalls deny new
| inbound connections by default. There are upsides and downsides
| to static vs dynamic ISP-provided addresses, but the only
| difference between IPv4 and IPv6 in this regard is that IPv6
| has a vastly larger address space and offers an ISP far more
| capacity to randomize a customer's host address for a far lower
| cost than IPv4. CGNAT is available for 4 or 6 if such is
| desired.
| Animats wrote:
| China's IPv6 transition is 74% complete.[1] Conversion to IPv6
| was specifically called out in China's 14th Five Year Plan, which
| gives the goal high visibility within the government and the
| Party. Conversion is quite far along. The current goal is
| everything IPv6 enabled by 2025, IPv4 turns off in 2030.
|
| 99% of the top 100 mobile applications in China are on IPv6.
| China Mobile's backbone is now IPv6 only.
|
| [1] https://www.china-ipv6.cn/#/
| abhinavk wrote:
| India is also around 75%. Both of them cover quite a bit of
| humanity. The regions where growth is going to happen don't own
| a lot of blocks so they will focus on IPv6.
| throw0101c wrote:
| Vietnam (pop. 98M) has mandated moving to IPv6, with goals
| for migration between 2025 and 2030:
|
| * https://www.theregister.com/2024/10/14/vietnam_digital_infr
| a...
| imaguska1 wrote:
| All big German internet providers (DTAG, Telefonica, 1&1,
| Vodafone) are IPv6 Dual Stack or CGNAT'ed for many many years
| now. Same for all mobile providers.
|
| So everybody is using IPv6 in their home networks without
| problems.
| Semaphor wrote:
| Legacy account on Vodafone (from Kabel Deutschland days), no
| v6, no CGNAT.
| Kelteseth wrote:
| Our local German teledata internet provider uses CGNAT, and it
| is a mess of random timeouts.
| froggerexpert wrote:
| In spite of its wider adoption issues, it's valuable for my
| personal infrastructure: each of my services/machine has an IPv6
| globally routable address.
|
| Why bother, when I could just do TLS SNI reverse proxying via
| nginx?
|
| * Some services don't use TLS, or even TCP.
|
| * A reverse proxy is yet another intermediary in the chain.
|
| * Plain IPv6 routing is simpler than reverse proxying, and I
| already need a network layer anyway.
|
| There are downsides:
|
| * some software doesn't support IPv6. I haven't experienced this
| on the Linux servers I run.
|
| * in a dual stack network, now you have two networks! I use
| NAT64/PREF64 like
| https://labs.ripe.net/author/ondrej_caletka_1/deploying-ipv6...
| to have most clients only be on IPv6. They get IPv4 connectivity
| over IPv6 via NAT64.
|
| * If I'm in another country then I often don't have IPv6
| connectivity. In this case I use any VPN that offers IPv6 (and
| have one available via my home, via Wireguard).
|
| * Learning IPv6 takes time, but not much. It's one-off. It's not
| more complex than IPv4, but it is different. If anything, it's
| simpler. (SLAAC rather than DHCPv4; IP reachability rather than
| NAT/port forwarding).
| kjuulh wrote:
| I'd like to use ipv6, if only to avoid having to pay for an ipv4
| address for some private vpcs (with public address for reasons).
| I remember having issues with fly.io as well, because they're
| ipv6 by default if I remember correctly.
|
| Currently Denmark has worse support than I expected:
|
| > Liste over danske udbydere (List of Danish providers)
|
| > Internetudbydere pa listen: 41 (ISPs on the list)
|
| > Internetudbydere med fuld IPv6-understottelse: 17 (41%) (ISPs
| with full IPv6)
|
| > Internetudbydere med delvis IPv6-understottelse: 10 (24%) (ISPs
| with partial IPv6)
|
| > Internetudbydere uden IPv6-understottelse: 14 (34%) (ISPs with
| no IPv6)
|
| source: https://ipv6-adresse.dk/
| shmerl wrote:
| It's ridiculous how slowly it goes.
| uobytx2 wrote:
| People posting have mentioned that IPv4 is working for what they
| use the internet for. But of course it is. When NATs has been
| required for your whole life, how could the internet have built
| features that needed p2p routing? Just convince businesses to
| build something that requires special router configuration? And
| still wouldn't work on phones or with ISPs that require CG NAT?
| You got what worked out of the box. You obviously couldn't use
| what didn't exist.
| theamk wrote:
| [delayed]
| nemetroid wrote:
| If the US had the same IPv4 scarcity as the rest of the world
| (specifically, if major US ISPs were using CGNAT), the IPv6
| transition would be happening much faster.
| freeone3000 wrote:
| The addresses were allocated equally geographically, and then
| sold. The US will hit ipv4 scarcity when the US stops being the
| richest country.
| WarOnPrivacy wrote:
| Fiber providers here are incapable of providing IPv6.
|
| Frontier, Optyx, Sumo, Evolution, Intellipop, Starlight, Legacy,
| Yandoo, Voonami, Infinity all serve this area. Zero have IPv6.
| briffle wrote:
| Should probably clarify the location of 'here'
| WarOnPrivacy wrote:
| Does that change the point of the discussion? Because all of
| those ISPs are in multiple markets.
|
| The point being that ISPs remain a primary stall-point of
| IPv6 adoption. There is eagerness to hand-wave that away -
| and that is part of the reason IPv6 stays underdeployed.
| TacticalCoder wrote:
| One of my biggest issue is: how do you even detect exfil when
| ICMP is _mandatory_ in IPv6 for the other protocols to even just
| work?
|
| IPv6 looks so Rube-Goldbergy to my eyes that if I squint just a
| little tiny bit and put a very thin thinfoil hat on, I could
| nearly swear this complexity is there by design. For example so
| backdoors allowing exfil through ICMP are impossible to detect.
|
| IPv6 is chatty. So chatty.
|
| There are networks where a single unaccounted for packet means
| something abnormal is going on (and at the very least requires
| enquiry): how does that work with IPv6?
|
| An issue with these big design-by-committee thinggies is that
| often one or two in the committees are little rats working for
| the man.
| thayne wrote:
| My ISP is only couple years old. And yet, surprisingly to me,
| they don't support IPv6, only ipv4.
| gosub100 wrote:
| Pardon if this is an ignorant question, but could the "backhaul
| providers" help expedite v6 by simply adding a small-but-annoying
| tax on carrying v4 traffic? I know it sounds ridiculous to want
| to pay more, but it might help "rip the band-aid" off if, in
| order to keep costs down, ISPs had to pay a little more for the
| deprecated protocol.
| skywhopper wrote:
| The premise is completely wrong here. IPv6 is not just an
| "incremental change" that would have represented an easy uptake.
| Instead, pretty much every practical detail of existing IPv4
| infrastructure, both hardware and software, was broken. Massive
| swaths of extra management and security tools were rendered
| useless. It was a massive miscalculation.
|
| In the meantime, we figured out how to make things work without
| the extra address space. And the dream of a point-to-point
| Internet turned out to be a terrible idea after all. IPv6 pushers
| love to hate on NAT, but it's actually a really good design
| choice that's fundamental to basic network security.
| tptacek wrote:
| _The original "end-to-end" architecture of the Internet assumed
| that every device was uniquely addressed with its own IP address
| [...]_
|
| That may indeed have been an assumption of the original
| architecture, but it's orthogonal to the _end-to-end argument_ in
| Internet design, which is about moving logic out of the network
| entirely and into applications (more precisely, about recognizing
| that the boundary between network and application is productively
| debatable, and had, up to the point where Saltzer and Clark and
| Reed wrote the paper, been defaulting too much towards the
| network). An end-to-end-architected networking application can be
| oblivious to its addressing, or even the network layer below it.
|
| If anything, my intuition is that the unreasonable effectiveness
| of CGNAT --- which is exactly what Huston is writing about --- is
| strong evidence that the end-to-end paper was deeply correct.
| akira2501 wrote:
| Isn't the encoded assumption here is that clients rarely act as
| servers? This may be either because that's outside the typical
| use case or because providers explicitly do not want them to,
| but this factor is the reason CGNAT can be viewed as
| "effective."
| Schnitz wrote:
| Asus routers still ship with IPv6 disabled by default, to this
| day. It makes perfect business sense, as everything still works
| just as well with v4 but single stack is less complexity so less
| support costs, etc. I've been running my home LAN dual stack for
| close to a decade, so I have native v6, but then on the other
| hand I ignore it for my networking stuff, ie I only set an A
| record in my dynamic DNS and never bothered figuring out how to
| make phoning home from other networks work over v6. It's just not
| a priority and my lack of deep v6 knowledge would make it likely
| less secure.
| rr808 wrote:
| When AWS started charging for IPv4 addresses I started switching
| to IPv6. I spent a few days getting it all up and running. I
| thought it was OK but my router kept crashing every day, then I
| noticed I can't get working from some places like my office. Gave
| up, never again its just not worth it. I moved to another hosting
| service that didn't charge.
___________________________________________________________________
(page generated 2024-10-20 23:00 UTC)