[HN Gopher] I tried living on IPv6 for a day
___________________________________________________________________
I tried living on IPv6 for a day
Author : speckx
Score : 55 points
Date : 2025-07-31 15:15 UTC (2 days ago)
(HTM) web link (www.xda-developers.com)
(TXT) w3m dump (www.xda-developers.com)
| sybercecurity wrote:
| Thread was pretty much a greenfield deployment at the time, so it
| use of IPv6 was easy to specify. There was now legacy IPv4 to
| support or otherwise it would probably be a mess as well.
| WarOnPrivacy wrote:
| _turning off IPv4 ... was harder than I expected it would be_
|
| This is followed by reasonable reasons they struggled to unwind
| themselves from IPv4 (for the experiment) - but eventually got it
| worked out.
|
| Conversely: When I hotspot from my phone, T-Mobile frequently
| makes that an IPv6-only experience.
| evaXhill wrote:
| 'Considering the pool of available IPv4 addresses has been
| exhausted for quite a while now, and was running out for public
| use years ago' I thought it was logical that most systems that
| have adopted IPv6. Crazy to think that it turns out it wasn't,
| but shout out to apple and their stringent dev requirements bc
| they require support IPv6-only networks.
| redox99 wrote:
| Nowadays I consider IPv4 address scarcity almost a feature,
| because of rate limiting and DDoS mitigation in general.
| PaulKeeble wrote:
| I recently switched ISP to one that supports IPv6 and I have had
| nothing but problems. I have had DNS servers going missing from
| OpenDNS, I have seen all sorts of really weird routing errors and
| transient problems, its barely usable at all. Linux seems to be
| more strict about how it handles IPv6 and I found my server
| couldn't find its upgrade packages because some of their mirrors
| are broken for IPv6 routing. All in all it was a mess and I
| turned it off. My ISP must be partially at fault but it was clear
| Debian was too as was OpenDNS and most of my problems no one
| could explain what was happening or why.
| commandersaki wrote:
| Hehe, it's kind of funny to contrast the IPv6 evangelists and
| the Linux desktop evangelists push hard for adoption, only for
| it to fall flat for ordinary users.
| thescriptkiddie wrote:
| i have at&t fiber and their ipv6 worked perfectly fine for
| _years_ , until a one day they started dropping packets like
| mad and it never got better
| erinnh wrote:
| I find these experiences really interesting, because in Germany
| all major ISPs have been doing IPv6 for years and years now.
|
| I dont think any normal person thinks about IPv6 or IPv4 here.
| throw0101d wrote:
| > _I recently switched ISP to one that supports IPv6 and I have
| had nothing but problems._
|
| I was previously with an ISP that support IPv6 and had zero
| problems.
|
| In fact IPv6 worked "too well" at one point: I had put
| "facebook.com" in my _/ etc/hosts_ file pointing to 0.0.0.0 at
| one point to reduce tracking. I then noticed I got the little
| FB icons again at some point and couldn't figure out why things
| were 'broken' (i.e., not blocking).
|
| Turned out that after IPv6 was enabled I had to add ::1. That
| blocked FB again. IPv6 made connectivity to FB work again.
| mindcrime wrote:
| Not sure what specifically happened in your case, but FWIW...
| My ISP (Spectrum, previously Time Warner) has supported IPv6 at
| my location for a decade or more now. And I have been running
| with IPv6 enabled on my router, and on all my Linux boxen, and
| have had approximately zero problems related to IPv6 in that
| time. During that time I've had boxes running various Fedora
| versions, and PopOS and both have handled IPv6 just fine.
| bityard wrote:
| I couldn't say what your issues are, but I have been on ipv6
| (dual stack) on Comcast for over a decade and have had none of
| those problems. I've always had open source routers and plenty
| of Linux scattered around the house.
| lgats wrote:
| exact same issues
|
| centurylink ipv6 via their tunnel
| throw0101d wrote:
| > _Thankfully, Verizon FiOS rolled out IPv6 support to my area a
| while ago; otherwise, this whole thing would have ended here._
|
| Hurricane Electric (for one) offers IPv6 tunnels:
|
| * https://ipv6.he.net
|
| You can configure it on your router:
|
| * https://openwrt.org/docs/guide-user/network/ipv6/ipv6_henet
|
| * https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunn...
|
| * https://docs.opnsense.org/manual/how-tos/ipv6_tunnelbroker.h...
|
| Or an individual host:
|
| * https://wiki.archlinux.org/title/IPv6_tunnel_broker_setup
|
| * https://docs.rockylinux.org/guides/network/hurricane_electri...
|
| * https://genneko.github.io/playing-with-bsd/networking/freebs...
| john01dav wrote:
| When I used a small local ISP that did not support ipv6 before
| switching to AT&T fiber1 I tried to set this up, but they
| demand an email on a non-gmail domain, and I wasn't going to
| pay to set that up nor was I going to use my work email. It's a
| bad assumption that any non-malicious user cares enough about
| websites to have one.
|
| 1: I'd prefer to have stayed with the local ISP despite the
| lack of ipv6, but they wanted $8,000 to bring fiber to my new
| place and that was not worth it with at&t fiber being present.
| johnklos wrote:
| Gmail is a cesspool, and Google couldn't give the slightest
| bit of a shit. So does it really surprise you that people who
| share free services might not want to give those free
| services to people who use the cesspool service that doesn't
| care about abuse?
| dazilcher wrote:
| GMail is the most popular email provider by a wide margin.
| Denying service to the largest cohort of email users is
| indeed surprising, ridiculous, and self-defeating.
| redserk wrote:
| I love that Hurricane Electric provides this service but I
| found a few video streaming sites ended up blocking it last I
| tried a couple years ago.
|
| That said, if it isn't blocked for the services you use, I
| found it pretty straightforward to use.
| duhast2020 wrote:
| These tunnels are blocked by so much of the v6 world, its not
| worth using in most cases.
|
| - Cloudflare won't route to them. - Streaming services, such as
| Netflix, block them - They trigger extra validation all over
| the Internet
|
| I used to have these on select hosts on my network and it was
| never a good experience.
| ghusto wrote:
| What are the advantages of IPv6 if I don't want direct routing
| (NAT is a feature for me, not a workaround)?
| wmf wrote:
| None.
| eddythompson80 wrote:
| Cheaper IPs?
| yjftsjthsd-h wrote:
| If someone doesn't want direct routing, why would that
| matter?
| wmf wrote:
| IPv6 is cheaper but also you can't access half the
| Internet.
| rasguanabana wrote:
| The only thing that comes to mind for me is simpler header, but
| not sure if it makes much of a difference anyway.
| some_bird wrote:
| Yes, it makes a difference: about 8 milliseconds. Properly
| implemented IPv6 has a lower latency. (and is more efficient,
| though i believe the energy savings are negligible) See this
| map: https://stats.labs.apnic.net/v6perf
| yjftsjthsd-h wrote:
| > NAT is a feature for me, not a workaround
|
| NAT can be fine, but why would it be a _feature_? (I guess
| maybe some privacy by way of sharing a public IP?)
| progbits wrote:
| People grow up with (CG)NAT and mistake it for a firewall.
| kortilla wrote:
| It is an inadvertent firewall. It doesn't allow unsolicited
| connections to whatever software is running is running on all
| of the crap in your house.
|
| IPv6 requires a stateful firewall on the router to provide
| the same protection. Then if you turn that on, it kinda
| defeats the point.
| hnlmorg wrote:
| NAT requires a stateful firewall too. In fact all router
| firewalls are stateful otherwise you'd have to have large
| ranges of ports permanently open to incoming connections.
|
| So you don't actually need anything different nor special
| to have the same level of security with IPv6 vs IPv4 + NAT.
| unethical_ban wrote:
| Having a default deny policy for traffic to your network
| doesn't defeat the point of IPv6 or direct routing.
| silotis wrote:
| If your ISP issues you a routable IPv4 address then not much.
| Otherwise IPv6 lets you avoid CGNAT and all of the issues that
| come with that.
| hnlmorg wrote:
| It depends what you want NAT for.
|
| If it's for security then most of the actual security provided
| by NAT routing is actually just the routers firewall itself. So
| a good ipv6 firewall provides the same level of security.
|
| If it's just because you're a bit of a control freak and like
| to manage the assignment of IP addresses (and I fall into that
| category too) then my understanding is that you can also do
| this with ipv6 as ISPs typically hand you a wider subnet range
| (unlike ipv4 where you get just 1 IP). However I've tried a
| couple of times to adopt ipv6 into my stupidly bespoke home
| networking stack and failed each time.
|
| I really do want to adopt IPv6, if only because I like fiddling
| with tech, but, like yourself, I keep getting stuck on the "how
| do I integrate IPv6 into the infrastructure I already have"
| problem.
|
| Edit: if anyone has any recommended guides to configuring IPv6
| using ISC dhcpd and unknown addresses supplied by your ISP,
| then I'd be interested to read them.
| simoncion wrote:
| To be clear, what you have is a router that's asking your ISP
| for a DHCPv6-PD prefix, assigning slices of that to one or
| more interfaces on that router, and what you want is for your
| dhcpd on that router to assign prefix-oblivious addresses to
| specific hosts on your LAN?
|
| In other words, you want things to work like this?
| ISP-provided-PD-prefix 2001::/64 + Host address ::22 =
| Assigned address 2001::22 ISP-provided-PD-prefix
| 2001:1:/64 + Host address ::22 = Assigned address 2001:1::22
|
| If so, I'll poke around the docs to see if this is possible.
| I'm running both dhcpcd and ISC dhcpd on my LAN and have a
| hobbyist's experience with them.
|
| But -honestly- what I've done is just relied on SLAAC to
| handle the globally-routable addresses, and advertised a ULA
| prefix for stable addresses. These go into my local DNS, but
| you could just as easily use that for DHCPd.
| hnlmorg wrote:
| Not sure if this is what you were describing, but my dhcpd
| server is a separate machine to the router.
|
| I'm just using an off the shelf ASUS router because it's
| actually surprisingly good at the basics. But I wanted PXE
| booting so set up ISC dhcpd on a home server.
|
| To be fair, it might actually be possible to do this on my
| ASUS router. I've not actually checked. I've had the same
| setup up for years. Easily more than a decade. Only
| updating hardware when necessary. So I might be missing a
| trick with these latest ASUS routers.
| simoncion wrote:
| > Not sure if this is what you were describing, but my
| dhcpd server is a separate machine to the router.
|
| That was not what I was describing. I was figuring that
| your DHCPv6 client (that talks to your ISP) and your
| DHCPd would be on the same machine, but maybe that's
| okay. How does your dhcpd server get its address? A
| DHCPv6 request to the router? If so, the following report
| might (might!) be useful to you:
|
| So, while I DID find out about dhcp-eval(5), it doesn't
| look to me like ISC DHCPd will do what you want. I didn't
| see any parameters documented in the dhcpd.conf manual
| that looked like they were prefix-independent.
|
| Probably your best bet is to template your dhcpd.conf and
| known_hosts files, then use your network manager's [0]
| "on address change" hooks to fill in the currently-
| assigned prefix, write out new files, and bounce dhcpcd.
|
| [0] NB: NOT (neccessarily) NetworkManager (that nasty,
| wretched thing), but maybe like dhcpcd's run hooks.
| everforward wrote:
| > If it's for security then most of the actual security
| provided by NAT routing is actually just the routers firewall
| itself. So a good ipv6 firewall provides the same level of
| security.
|
| Nitpicky, but I think this is not true. NAT's security is
| based on the router not knowing where to route the traffic
| and dropping it, where the firewall intentionally drops the
| traffic.
|
| Agreed that it's functionally equivalent, though.
| Spooky23 wrote:
| Very little. I started using it with Spectrum after upgrading a
| firewall and found. Lots of weird gotchas with DNS.
| the8472 wrote:
| When I was on an ISP with DS-Lite the IPv4 functionality
| regularly failed because the AFTR's port mapping saturated
| (equivalent to reaching ip_conntrack_max on linux). IPv6 wasn't
| affected since it doesn't involve a stateful middlebox that I
| don't control.
| IshKebab wrote:
| I feel like a more interesting question is what proportion of
| users can connect to an IPv6-only server?
| some_bird wrote:
| Almost 50% according to google:
| https://www.google.com/intl/en/ipv6/ (But other measurement
| statistics project a lower value.)
| tialaramex wrote:
| When I bought a new gaming PC recently it default configured on
| my home network with IPv6 but not IPv4. It was interesting which
| features Microsoft considers crucial (and so worked on IPv6) and
| which were not important (and so they just didn't function,
| claiming that there's no Internet even though of course there is
| and e.g Google works)
|
| Advertising for example, was essential. Spewing garbage I don't
| want, absolutely critical to Microsoft's bottom line apparently.
| But registration so that I can turn _off_ that advertising? Not
| important, so that was not available until I gave the machine
| IPv4.
| herczegzsolt wrote:
| My networks are IPv6 only for a couple of years, but I do have to
| run NAT64 (jool) and use a DNS64 resolver (i use a google-
| provided, but you could run your own)
|
| It had very little benefits at the beginning, but having
| dedicated publicly routed addresses started to become really
| conevinent.
|
| IPv6 with a regulary changing dynamic prefix still sucks though
| to this day ... :-(
| hnlmorg wrote:
| How do manage dynamic prefixes? This is the problem that's
| prevented me from adopting IPv6.
| mshroyer wrote:
| You can additionally set up ULA:
| https://en.wikipedia.org/wiki/Unique_local_address
|
| The way I do this, my internal DNS resolves hosts to their
| fixed ULA addresses. For the handful that are accessible
| externally, public DNS resolves to their address on the
| current public prefix.
| herczegzsolt wrote:
| I did try that, but it ended in an infinite fight with the
| source address selection algorithm and DNS caches. Also,
| unique-local addresses are deprecated as far as I know.
| throw0101d wrote:
| Note that currently with ULA if you have dual-stack IPv4
| will be given priority over ULA. There is a late-stage--
| Submitted to IESG for Publication--draft that will change
| this:
|
| * https://datatracker.ietf.org/doc/html/draft-ietf-6man-
| rfc672...
| tcfhgj wrote:
| for dyn-dns? what's the problem exactly?
|
| You just update the IP (or just the prefix) when the IP
| changes
|
| Perhaps keep in mind that the interface id of the device the
| DNS entry should point is different for every device in the
| network.
|
| Some use the router to update the IP and put the interface id
| of the router into the update url...
| hnlmorg wrote:
| The problem is I run my own DCHP server (mainly because I
| have stuff like PXE booting set up).
|
| I can configure the ISC dhcpd for IPv6 but I wouldn't know
| what prefix to use in any automated way. So whenever the
| modem disconnects/reconnects, for whatever reason, I then
| need to somehow manually update the DHCP server.
|
| Not an issue for ipv4 with NAT. But enough of a problem
| with IPv6 that I gave up on it. However I do accept that
| this is a problem of my own making (ie not using ISP
| provided equipment).
| herczegzsolt wrote:
| Your other problem would be Android not supporting
| DHCPv6.
|
| If you need IPv6 on Android, your only option is SLAAC.
| herczegzsolt wrote:
| With the risk of self-promotion, I did write a blog about the
| issues and mitigations: https://herczegzsolt.hu/posts/soho-
| ipv6-in-2025-still-dicey/
|
| But I have to admit, that I ended up buying my own IPv6 block
| from a local ISP and tunnel to them. They have great
| interconnections, so bandwidth is not an issue, and latency
| penalty is less then 2 ms an average.
| hnlmorg wrote:
| Thanks. A quick glance of that looks very promising. Lots
| of detail on the problem.
|
| I'll have a proper read of that tomorrow morning :)
| herczegzsolt wrote:
| TLDR: Turn the frequency of your RA-s waay up (3-5s) and
| their valid lifecycle way down (10-30s). There's still
| gonna be a hickup, but it should be tolerable.
| mshroyer wrote:
| Huh, why IPv6 only instead of dual stack? Assuming you're
| talking about a home or small business network
|
| The (occasionally, on Comcast) changing dynamic prefix was a
| pain for me too, when accessing things externally. For internal
| use I additionally set up a fixed ULA prefix.
| hdgvhicv wrote:
| Why double your workload and risk by having to run dual
| stack. All the downsides of both.
| apitman wrote:
| IPv4 is never going away barring massive adoption of p2p
| protocols to drive the switch. Sadly NAT and SNI solve most of
| the problems well enough for things to limp along indefinitely.
| The only orgs with the power to fix this from the top down are
| incentivized to maintain the centralized status quo.
|
| So get out there and p2p
| Hizonner wrote:
| NAT and SNI are some of the major things that _prevented_
| widespread adoption of P2P to begin with.
| apitman wrote:
| Yep. And the reason they were successful is because you can
| solve the problem on your end without the other end needing
| to do anything. IPv6 requires both parties to do something.
| So now we're stuck with NAT and SNI.
| throw0101d wrote:
| > _IPv4 is never going away_ [...]
|
| This was considered likely when IPng was being discussed in
| 1990s: Furthermore, we note that, in all
| probability, there will be IPv4 hosts on the Internet
| effectively forever. IPng must provide mechanisms to
| allow these hosts to communicate, even after IPng has
| become the dominant network layer protocol in the Internet.
|
| * https://datatracker.ietf.org/doc/html/rfc1726#section-5.5
| habibur wrote:
| Maybe it's me, but I think IPv6 should have been 8 bytes instead
| of 16 and somewhat backward compatible with IPv4.
|
| Like how 2-byte Unicode was struggling and UTF-8 saved it.
| yjftsjthsd-h wrote:
| > and somewhat backward compatible with IPv4.
|
| How would it be at all backward compatible other than what
| NAT64 already does?
| Dylan16807 wrote:
| It's you.
|
| 8 versus 16 bytes barely matters for using the addresses,
| especially because if you're assigning IPs to your devices you
| can have the second half of the address start with 6-7 zero
| bytes and collapse them all with ::
|
| And I challenge you to name a way to be "somewhat backward
| compatible" that would actually function _and_ IPv6 doesn 't
| already do.
| saulpw wrote:
| The design of IPv6 is for computers, not for humans. How do
| you even say an IPv6 address aloud? You need to be able to
| communicate "192 dot 168 dot 50 dot 1" over a voice medium.
| Dylan16807 wrote:
| That has very little to do with 8 versus 16 bytes.
|
| Edit: And not only can you make your own addresses short,
| if I look up some IPv6 addresses meant to be
| said/remembered (public DNS IPs), none of them make you
| type more than 8 bytes (and that one repeats a cluster to
| make it easier) and some make you type as little as 4
| bytes.
| herczegzsolt wrote:
| If your IPv6 address is more complicated than your
| password, you have bigger problems.
|
| Remembering and communicating mildly complex byte sequences
| should be an issue which is solved already.
| saulpw wrote:
| It's not just you, I completely agree. 128-bit addresses are
| overkill. 64-bit would have been fine, and yes, backwards-
| compatible would have gotten us there that much sooner. For me,
| it's a deal-breaker that I can't reasonably speak an IPv6
| address aloud (for instance when doing tech support over the
| phone).
| SoftTalker wrote:
| Work is exclusively IPv4 and nobody's talking about changing.
| Everything at home is IPv4 and I'm not even curious about IPv6.
| When I have to be, I'll figure it out. Until then, things seem to
| be working fine.
___________________________________________________________________
(page generated 2025-08-02 23:00 UTC)