Admittedly I am new to IPv6 but: when AWS announced they were going to start charging for IPv4 addresses, I set about controlling costs by enabling IPv6 on our instances and then making sure I could reach them at their IPv6 addresses (e.g. via SSH). After some troubleshooting I discovered that IPv6 wasn't enabled on my local office router/gateway; it's about 10 years old (still works great btw). I went into the web-based control panel and found the "IPv6" section and didn't know what any of the settings did. Eventually I stumbled onto a config that allowed me to reach my remote IPv6 destinations without breaking IPv4. I confirmed my results with https://test-ipv6.com .
Then, I used test-ipv6.com from my home network and found, again, that IPv6 wasn't enabled.
From my standpoint, it doesn't matter that I, a techie, can get IPv6 working by doing one or two things. The VAST majority of people out there wouldn't know where to start. If it's not enabled in their router by default it's not getting enabled. Maybe newer devices are getting shipped with it enabled by default, I don't know. But LOTS of people have modems and routers that are going to be in the same state as mine, and best I can tell, they won't be able to reach my websites if I turn off IPv4.
If I'm misunderstanding the state of things, I would greatly appreciate it if someone could illuminate me.
Nobody is proposing to deploy services as IPv6-only today in 2024.
Deploy it dual-stack so that people on IPv6 can reach it natively, and people on IPv4 can reach it natively. More and more people have their IPv4 connections going though CGNAT or NAT64 which can be a bottleneck, so IPv6 is faster and more efficient when available.
45% of people online have working IPv6 today (according to statistics from Google). This number has been continually growing.
> If I'm misunderstanding the state of things, I would greatly appreciate it if someone could illuminate me.
Yes — the misunderstanding is that in most cases the CPE is either fully managed by the ISP, or gets sufficient provisioning information to know whether to enable IPv6. For home networks, in most cases if the ISP enables IPv6, it simply works out of the box.
> from my home network and found, again, that IPv6 wasn't enabled.
> I, a techie
You being a techie probably configured your home network manually to some degree? It's likely your device(s) are now operating in a semi-manual mode where they don't pick up IPv6 provisioning from the ISP. Sadly, knowing and doing more results in less functionality.
> local office router/gateway; it's about 10 years old
OTOH this is in fact the main blocker to IPv6 adoption: small to medium company networks. Both outdated equipment as well as insufficient management lead to IPv6 being close to non-existent there. It costs employee/consultant/service time and/or new hardware. It's a sad state but I don't know what to do about that…
> You being a techie probably configured your home network manually to some degree? It's likely your device(s) are now operating in a semi-manual mode where they don't pick up IPv6 provisioning from the ISP. Sadly, knowing and doing more results in less functionality.
It's a 3rd party wifi router I bought on Amazon or Best Buy or whatever like millions of other people have. It's sitting in front of the ISP's modem which is in bridging mode. So many people have this configuration (or they're doing double-nat, no bridge) and have never configured anything manually.
I just checked on xfinitywifi, and see that I get an ipv6 address there, so I assume Comcast has it turned on for customers that are using the ISP provided gateway at least. I don't know how common that setup is, but I'd guess the population that opts to buy their own equipment these days is more likely to be the type to mess around with their settings.
I've had some gripes with Comcast/Xfinity in the past (as many have) but I feel like they are in the lead as far as residential IPv6 deployment (on by default), and I was originally using their own gateway, which as you mention just works with IPv6.
When I switched to my own modem and router (Arris and Ubiquiti/Unifi), I really wanted to dig in and understand IPv6 thoroughly. The modem acts as a bridge and the router gets a single /128 address, and then uses IPv6 Prefix Delegation (PD) over that link to request additional address space for clients (from a different subnet).
The Xfinity gateway only has one local network to support so it requests a single /64 PD, and then clients can use SLAAC (and optionally the privacy extensions) to acquire one or more addresses out of the /64.
When I switched to the Unifi equipment, through some trial and error I found out I could request up to a /60 from Xfinity. Some ISPs will do more, some will do less. No way to really tell, just request larger prefixes and see what you end up getting. Anyway, my /60 gave me 16x /64s to play with. It is wild that my address space is 68,719,476,736 times larger than the entire IPv4 address space.
I have a few VLANs, each of which gets assigned a /64 out of the /60, but even if I'm not using all 16 of them, Xfinity's routing table will send the entire /60 to me. So beyond my VLANs and directly-connected devices, I have the rest of the /60 to use for VMs, Kubernetes pods, etc. and I can add routes to direct that traffic to its next hop. It was a learning curve and a little unsettling that every VM or pod has a publicly routable address. But NAT != Firewall, so unsolicited inbound connections are still blocked, and not having to deal with NAT is very cool! Even though many networking people have it ingrained that private devices should have private addresses.
I think you're right up to a point. For my office router I'm indeed using my own gateway in front of their modem which is acting as a bridge. But for my home network, it's the default gateway that came with my fiber service ~8 years ago that a ton of people still have.
My sense is this transition is going to take another 10+ years to get done. The big web properties where most people spend most of their time have the IPs to maintain IPv4 indefinitely, which will slow it way down. It's the smaller apps who are going to want to deploy IPv6-only who will generate consumer complaints: "I don't understand, why does Google work but this app doesn't? Why does it work from my phone when I'm out and about, or from work, but not from home?" The consumer won't exactly know who to direct these complaints to, the cause is non-obvious to most "tech support" people, and the fix is either too complex for consumers to implement or involves getting new equipment.
IPv6->IPv4 failover where the IPv6 DNS records are busted make a whole lot of sites unusable.
Basically, the AAAA record provides some broken IP6 address, and the browser then just "site not found, NXRECORD", even if there's a perfectly valid A record for the same.
If a company doesnt have an AAAA record, it works fine. Its when the AAAA record is busted (but present) is where you will see loads of weird and bad stuff.
Too many IoT devices don't support it. Sure, we could probably isolate them in their own little world, but - what a mess that would be. IPv4 still works just fine for our internal network, so...never touch a running system.
I taught some networking back in the mid- to late-90s. I remember being all enthusiastic about IPv6, and how it would soon take over the world. Didn't happen. Why? Because it was incredibly stupid not to make IPv6 backwards compatible.
It's not incredibly stupid, because making it backwards compatible is impossible. How could IPv4 devices ever use IPv6 addresses? They simply don't have enough space to store the bits in the address.
Yep, you can't make a 32 bit number contain the same amount of information as a 128 but number. You have to use NAT64 to have the two things talk to each other.
> Sure, we could probably isolate them in their own little world, but - what a mess that would
No, it's IoT devices being on the public internet that is a mess. The "S" in IoT stands for Security.
> how it would soon take over the world. Didn't happen
It's at 45% on the public internet and growing. The majority of LAN connections are probably also IPv6 (mediated automatically through zeroconf without people even being aware)
Honestly not sure why my comment is being downvoted. IPv6 became a standard in 1998. If it had been backwards compatible, it would have been adopted in just a few years.
> Because it was incredibly stupid not to make IPv6 backwards compatible.
Without providing a non-stupid solution to a problem not solved for decades, and likely not solvable. (Also I assume you meant ipv4 forward compatible, you can name ipv4 hosts on ipv6)
Because it gets repeated on every thread on IPv6. IPv6 is perfectly backwards-compatible with IPv4 (you can run an IPv6-only host and still access hosts from the IPv4-internet). The issue however is that IPv4 is not forwards compatible.
IPv4-only hosts cannot initiate communication with next gen protocol only hosts by design.
- If your IP transit provider doesn’t support IPv6 there is FA you can do about it. Linking to HE is just a bad joke. Not only are they a bottom of the barrel provider, they also have a very sparse network of POPs.
- not all vendors support IPv6 and, yes, there are bugs.
- if there is no RoI in moving to IPv6, pouting about it isn’t going to make a difference.
Having made some major efforts with ipv6 makes you appreciate ipv4 - a few visionaries built something that worked amazingly well. Kind of mind blowing that the experts out there on committees came up w the dumpster fire of ipv6 - the pain of can be seen everywhere. And I still can’t get a static IPv6 block as easily as an ipv4 block
* Literally any problem ipv6 has, has already been solved and the solutions work just fine. Here we are. Literally everything is working fine.
* Literally offers no upsides to the consumer, only potential downsides
* ipv6 enabled devices don't live up the promise of "data center free vacuum robots", even though that's what everyone is screaming is the purpose
* Private devices should not be exposed to the internet anyway, nor individually identifiable when they use the internet
* IPv6 Privacy protections are less powerful than ipv4 NAT.
* Google/Facebook/Everyone pushing ipv6 the hardest has reasons to invade your privacy, therefore I suggest we do the exact opposite of what they want us to do with our personal lives and networks
I'm not opposed to new tech, but ipv6 for ipv6's sake is stupid. I just block it everywhere I can and move on with life.
> Literally offers no upsides to the consumer, only potential downsides
Having globally routable addresses is a pretty big upside. For nerdy types, it means you can run web/game servers at home (i.e. without needing a credit card), which is a way for kids to develop their technical interests.
For the rest of society, getting rid of NAT is a requirement to allow seamless p2p apps to work without needing to use giant corporations in the surveillance business as an intermediary. Instead of being jerked around with Google moving people onto their 15th video chat app with potato quality, we have the necessary foundation to be able to directly connect with your counterpart. This could be completely seamless with e.g. a DHT to locate your contact's devices (or gossip if you can reach at least one that you already knew about, to maximize privacy) and uPnP or hole punching to their address to open your router's firewall.
NAT forces centralization for our foundational ability to communicate, which robs everyone of their autonomy in ways that are so pervasive it's increasingly hard to imagine another world. But that other world is still possible.
Agreed! But as IPv4 with NAT has an implicit "deny all inbound" firewall rule, in the IPv6 world many routers will default to "deny all inbound" to any "inside" IPv6 addresses. So game servers may benefit from an outside coordination server (so bidirectional traffic can flow) but unsolicited inbound traffic to web servers would still require some configuration at the firewall.
Absolutely in the P2P case it is fantastic. IPv6 effectively guarantees direct connection for WebRTC audio/video, VPNs like Tailscale, etc. However there is still some necessity for video services that can provide a Selective Forwarding Unit, for instance once you get 5+ people in a video chat, you want a server in the middle to mediate and rescale video to manage the experience for all participants. But for sure it is better for everyone for 1-on-1 chats to be able to establish the connection without an intermediary, and that underscores what the Internet is all about.
1. This is not true. IPv4 address exhaustion has not been "solved". NAT _works_, but causes tons of problems.
2. Also false. Upsides include more speed (due to ISPs usually having newer infra for IPv6), cheaper addresses (for people who want static ones), and I'm sure there are more benefits I can't think of.
3. This one is true, but I've never heard anyone say that's why we need IPv6 (that could just be me though).
4. Then don't expose them to the internet. Your network is still behind a router/firewall, and the device in question (hopefully) can be configured.
5. I'm not sure what you mean by "less powerful" here - NAT was never good at protecting privacy anyways. Anyone who wants to track you has been doing it without IP for a long time. Further, you can still have a NAT if you want one, and IPv6 offers random/temporary addresses.
6. True! Big tech has a vested interest in undermining our privacy, but please see above. I also think, in this instance, it's genuinely because IPv6 is better than 4.
IPv6 has tons of improvements over IPv4. It seems like you're opposed to v6 because of the work you need to do in your systems to make them v6 ready. Does it cost you anything, really?
Then, I used test-ipv6.com from my home network and found, again, that IPv6 wasn't enabled.
From my standpoint, it doesn't matter that I, a techie, can get IPv6 working by doing one or two things. The VAST majority of people out there wouldn't know where to start. If it's not enabled in their router by default it's not getting enabled. Maybe newer devices are getting shipped with it enabled by default, I don't know. But LOTS of people have modems and routers that are going to be in the same state as mine, and best I can tell, they won't be able to reach my websites if I turn off IPv4.
If I'm misunderstanding the state of things, I would greatly appreciate it if someone could illuminate me.