Roses are red, violets are blue, everyone is using IPv6, why aren't you?

As a networker, ipv6 is the future. I'm a fan of it, but I don't really talk about it anymore because there's no point.

I threw in the towel after an ISP messed up so badly that I just couldn't bother anymore.

At a previous job a client I was doing some work for got a new internet connection at a new site, the ISP ran brand new fiber for it. This wasn't a new building or anything, but the fiber was new. They allocated them a static IPv4 thing as usual, and I asked the tech about V6, and they said we would have to take it up with the planning team, so I did. I was involved in the email chain at the end of the sales process to coordinate the hookup. So I asked. After many emails back and forth, I was informed the connection was allocated.

They allocated one single IPv6 subnet directly off of their device. I couldn't even.

For those that don't understand, the firewall we had connected to the device is an ipv6 router. What normally happens, especially in DHCP customer connections, is that the router will use DHCP-PD to allocate a subnet for the router to use on the LAN, and automatically set up a route to say "reach this subnet we allocated for this router, via this router" kind of thing. I'm dramatically simplifying, but that's the gist. In DHCP-PD, the router will also have an IPv6 address on the ISP-facing link to facilitate the connection. In the case of the earlier story, they gave us an entire subnet to communicate between the ISP and the router, and didn't give us a subnet for the client systems inside the network.

I did ask about this and I can only describe their reply as "visible confusion".

I know many who will still be confused by this point are people who have not used IPv6; to explain further: the IP on your local (LAN) systems needs to be a public IP address, because the router no longer does network address translation when sending your data to the internet. So the IP on the router has no bearing on your computer having a connection to the internet over v6. If your local computer does not have a globally unique ipv6 address, you cannot use IPv6. There are ways around this, NAT66 exists but it's incredibly bad practice in most cases. The firewall I was working with didn't really support NAT66 (at least, at the time) and I wasn't really going to set that up.

ISPs are the reason I gave up on IPv6.

I'll add this other story to reinforce it. I'll keep it brief. A different ISP for a different company at a different site entirely. The client purchased a static IPv4 address, and I asked about IPv6, as you do. To preface, I know this company and used them for my own connection at the time. They have IPv6 for residential clients via DHCP-PD. I was told, no joke, that because of the static IPv4 assignment, and how they execute that for businesses, that they couldn't add IPv6 to the connection, at all.

The last thing I want to mention is a video I saw, which is aptly named "CGN, a driver for IPv6 adoption" or something similar. It's a short lecture about the evils of carrier grade NAT, and how IPv6 actually fixes pretty much all the bs that goes with CGN, with fewer requirements and less overhead.

IPv6 is coming. You will prefer IPv4 until you understand how horrific CGN is.

But new IPv4 allocations have run out. I've seen ISPs that won the lottery in the 90s/2000s (when the various agencies controlling IP allocations just tossed them around like they were nothing) selling large blocks for big money.

Many ISPs offer only CGNAT, require signing up to the higher speed/more expensive packages to get a real IP, or charge extra on top of the standard package for one. I fully expect this trend to continue.

The non-move to IPv6 is laziness, incompetence, or the sheer fact they can monetize the finite resource of IPv4 addresses and pass the costs onto the consumer. I wonder which it is.

IPv4 dried up a long time ago. But it's different for every country. Countries like US and UK simply took over large blocks of IPv4 addresses and countries like Brazil got fucked. So, if you're in a country with a large pool, you won't notice any issues today, but if you're not so lucky, a lot of internet services are not accessible to you because some dickhead got IP banned and that IP is shared by thousands if not millions of users in your country.

The adoption of IPv6 on some segments of the Internet has lessened the crisis around IPv4 availability.

Imho

Ipv4 and peak oil are similar.

We're constantly running out; but every fes years, we figure out a new way to extract more oil/make do with the addresses we currently have.

Someone sells of their underused block, or more people move to the services with excess IP addresses if they need one.

Who needs an IP address anymore? What year is it? You want to connect to your friend's computer and exchange some information via computer system, seriously? Just use Cloudflare, Google or Azure and route everything through them.

it's y2k, but not 2k, it's just y.

Yes but IPv4 is becoming expensive and it's annoying having to use a middleman to clone github repos on a v6-only VPS

IPv6 is not hard, there is no excuse not to have it

Honestly this isn't even true anymore. Most major ISPs have implemented dual stack now. The customer doesn't know or care because it's done at the CPE for them.

I use a browser extension which tells me if the site I'm at is 6 or 4 or mixed. In 2024 most major sites support V6. A lot of this is due to CDN supporting it natively.

The fact that GitHub doesn't is quickly becoming the exception.

If IPv6 is done right you don't even know you have it. If you use a cell phone or a home Internet, there is a high chance you are already using IPv6.

This sums it up. I'm too lazy and there's too little incentive.

I don't have IPv6, but I can still reach IPv6 only sites if I use MullvadVPN (and probably also with other VPN providers).

I've tried multiple times to go IP6 only. I mostly thought, despite my reasonable understanding of IP4, that I was the problem in trying to set it up. I found my dns host was being forgotten multiple times a day, set to something invalid, then it would time out and revert back to the working one. I couldn't figure out how to connect two computers together for Minecraft.

Now I hear it was just garbage consumer hardware and software? Fuck me. So much wasted time and effort to say nothing of believing I had turned into a tech idiot.

That is not the case for every country though. In France and Germany for example almost 3/4 of google requests are via IPv6.

What's “here”? Here in Germany, mine has it for maybe 10 years or so. Basically since launch day.

And new ISPs only have v6 since all legacy (v4) blocks have been sold years ago.

Because people in countries with ISPs that are unable to provide IPv4 (e.g. too expensive) can't access GitHub easily.

even easier then fingerprinting.

than*

the only reason i can think of is cgnatting ipv4 because of depleted pool. otherwise yea.

i believe you can NAT ipv6 too, i mean so you use the router's address only?

that’s our ISPs’ problem

If the Internet means for you a way to access Facebook, Netflix, Google and YouTube, yeah.
But if it means a network to send something to another computer then it's a huge problem.

Because ISP won't care if you can accept connections or not. They don't care about decentralization and being able to host stuff yourself. Most consumers just want a pipe to big services and not to their friend's house.

That's the dumbest thing I've read today... Your ISP is fleecing you and you're happy with it.

Mine provides a connection, but doesn’t expose ports on v6. So I can access v6 services but can’t self-host any.

Time to shift providers. Vote with your wallet

Roses in summer, violets in spring, it’s trivially easy this rhyming thing

IPv4 isn't depreciated, it's exhausted. It's still a key cornerstone of our current internet today.

We still have "modern" hardware being deployed with piss-poor IPv6 support (if any at all). Until that gets fixed, adoption rates will continue to be low. Adding warnings will only result in annoying people, not driving for improvement.

You shouldn't need to remember IP addresses, they invented DNS to solve that problem lol

Even so, the addresses can be even easier to remember because we get a-f as well as digits, my unique local subnet is fd13:dead:beef:1::/60 cause I like burgers haha

Assign a DNS name

hosts.txt

dns, VPN setups. ETC we live in 2024, there are solutions to this problem.

Since I bought a domain name I do not remember IP addresses. Just like I don't remember password since I installed password manager or not remember phone numbers since I have a smartphone.

It's only annoying when being on someone's else computer without my clipboard sharing setup and need to copy an address by hand. But that's an issue when setting something up. I would take this inconvenience while setting up than all everyday inconveniences that IPv4 created in last years.

You can shorten them sometimes, the neatest trifk I saw was putting leetspeak words in the address.

Ok. So a device didn't get a dhcp address? No problem... It creates it's open IP address and starts talking and try to get out on internet on its own....

Its not that different from a conceptual point of view. Your router is still the gate keeper.

Home router to ISP will usually use DHCPv6 to get a prefix. Sizes vary by ISP but its usually like a /64. This is done with Prefix Delegation.

Client to Home Router will use either SLACC, DHCPv6, or both.

SLACC uses ICMPv6 where the client asks for the prefix (Router Solicitation) and the router advertises the prefix (Router Advertisement) and the client picks an address in it. There is some duplication protection for clients picking the same IP, but its nothing you have to configure. Conceptually its not that different from DHCP Request/Offer. The clients cannot just get to the internet on their own.

SLACC doesn't support sending stuff like DNS servers. So DHCPv6 may still be used to get that information, but not an assigned IP.

Just DHCPv6 can also be used, but SLACC has the feature of being stateless. No leases or anything.

The only other nuance worth calling out is interfaces will pick a link local address so it can talk to the devices its directly connected to over layer 3 instead of just layer 2. This is no different than configuring 169.254.1.10/31 on one side and 169.254.1.11/31 on the other. These are not routed, its just for two connected devices to send packets to each other. This with Neighbor Discovery fills the role of ARP.

There is a whole bunch more to IPv6, but for a typical home network these analogies pretty much cover what you'd use.

Generally, a device cannot get an internet facing IP address unless something else on your network is advertising the prefix. In fact, I'd argue there's little point using DHCPv6 now. Some devices are only interested in SLAAC. But, if you have a router that gets an IPv6 prefix from your ISP (usually /48 or /64, but you can get other sizes) it will usually then advertise that onto your local network.

As for the IP addresses. I would say that you should definitely still have a firewall in place. But the setup is the same as IPv4 just without NAT. e.g. you set a blanket rule for your prefix to allow outbound and block unrelated inbound. Then poke holes through for specific devices and services.

By default, IPv6 implementations make an assumption that they're not going to be a server (if you want a device to be a server, you can just set a static IP) and their "main" IP will be a random looking one (and the configuration will depend on whether it uses an interface identifier to create the address, or if it is random) within your (usually huge) allocation. But more than that, they will usually be configured to use the IPv6 privacy extensions (RFC4941). This generates extra temporary addresses per device, which are used for outbound connections and do not accept incoming connections. That is, people cannot see your IP address on their host from your connection and then port scan you, since no ports will respond. You could still have ports open on your "real" IP address. But, that one isn't ordinarily used for outgoing connections, so no-one will know it exists. To discover it they would need to scan your whole prefix (remember that the /64 allocation you will generally get is the internet * the internet in terms of address space, that is much harder to brute force scan).

I think the differences between IPv4 and IPv6 might seem scary, but most of them are actually improvements on what we had before, making use of the larger pools we have available. Once you work it out, it's really not so bad.

I would like to see routers setup to firewall ipv6 by default to give the same protection as NAT though, meaning users need to poke holes into the firewall for incoming connections. Maybe some do. I know mine did not and it was one of the first things I did.

Those are just the same networking concepts as v4. Just 128 bits instead of 32. The hard thing can be ULA or SLAAC, which are like "yeah, just some random address to not get conflicts" and "yeah, first half your ISP gives you, second is taken from MAC address".

We even get rid of a bunch loaded crap that holepunching v4 and making it work developed through years.

Maybe it seems hard, because what was used before was not really learned how it works but just relied on hacks.

I feel you, moved ISP maybe 3 months ago, only to find out I'm behind CGNAT and no IPv6..

This. And also disable https. Those things just break all the time.

Just under half of the Internet: https://www.google.com/intl/en/ipv6/statistics.html

You do as well, if you run any operating system newer then the last 10 years.

Same. I have disabled it on my devices since it mostly just causes problems.

IPv6 changed some things. First and foremost it has a huge address space:

• IPv4: 4294967296 (2^32)
• IPv6: 340282366920938463463374607431768211456 (2^128)

Then they simplyfied some things:

• Removed Broadcast in favor of Multicast and Anycast
• Added autoconfiguration without a DHCP server
• Better subnetting support

And much more

Their ranges are running dry. Nearly all address spaces are taken, so we will need to migrate eventually. However, since almost everyone still supports both, and ipv4 is much easier to read and maintain, adoption of IPv6 has been slow.

Imagine getting out of phone numbers, so the solutions is for everyone to call the last remaining people with public/routable numbers 24/7 so those people would redirect messages to others.

With Internet, users does not see that easly, but if you host anything for others it's getting harder and harder to accept incoming connections without many layers of hacks to bypass hacks that ISPs do to keep IPv4 network working.

IPV4 has a static ceiling for how many addresses can exist. We're concerningly close to that ceiling already. If we were to run out, internet suddenly becomes a fucking nightmare.

What do you do on the yggdrasil network?

You are not expected to remember a v6 address - or even v4 for that matter. They are designed for machines. DNS is designed for humans.

github.com doesn't have a AAAA DNS entry. So it's not serving anything directly over IPv6. Likewise, ping -6 github.com fails. So, what are you seeing that is supporting ipv6?

Who??

what

As far as I can tell it's the other ways around: IPv4 is getting more costly

Example: AWS started to charge for IPv4 addresses a few months ago - a IPv4 address now costs around $3.6 per month

"everyone", tell that literally to every isp my country that doesn't even provide ipv6 support.

In the USA they charge extra for IPv6? I'm in the UK and while there are some ISPs that don't provide IPv6 at all, and some that do shitty things like dynamic prefixes on IPv6, I've not seen anyone charging for it.

Likewise, server providers generally don't charge for it. In fact, they will often charge less if you don't need IPv4.

Meanwhile me who needs to pay 97 EUR / year for two V4 to V6 proxies so people not having (or disabling, ugh) V6 can connect to my stuff.

Actually those proxies are still cheaper than renting v4 address space for all my servers.