That's a hurdle to moving clients from dual-stack to IPv6-only, but it's not a hurdle to moving clients from IPv4-only to dual-stack, which a lot of ISPs still haven't done yet.
I know the Azure Application Gateway is meant to be getting ipv6 support later this year, it is certainly the reason why my services are ipv4 currently.
I’d expect GitHub to have moved to Azure since the buyout.
The IPv6 adoption seems more tied to Azure/AWS/GCP support than anything else.
I like it, but you could do it without a brownout. Similar to the ipv6 test websites, have the major site check ipv6 and put up a banner with your message.
What? The google ipv6 tracking page shows linear growth. Iirc we are close to tipping over to 50% of users on ipv6. Especially with the development of Asia and Africa, ipv6 still looks like it will eventually be the default.
Citation "IPv6 was designed to restore the end-to-end model of communications with all nodes on networks using globally unique addresses. But considering this, IPv6 may imply privacy concerns due to greater visibility on the Internet."
First, the IPv4 address space is tiny. Say, a PING packet is 84 bytes, so pinging the entire IPv4 address space will take you all of 336GB of traffic each way (not even accounting for the reserved parts). That can be done in the space of an hour in a decent connection. So things can and are being trivially found by brute force. If a vulnerability is found in something interesting you can bet that by tomorrow lots of nefarious people figured out who can be broken into.
Second, IPv6 has the privacy extensions, which means that even if somebody knows your address today, this has a very limited lifetime to it. Privacy extensions regularly randomize your IP address.
Under IPv6 even normal people can get more address space than can be reasonably scanned. This makes it harder to identify machines permanently, makes it harder to figure out how many machines there are and makes brute force scanning extremely impractical.
The only difference is, that you're not "protected" by nat, so packets going back to you, can go back to you (but this is solved by a simple firewall installed by default on pretty much any ipv6 enabled CPE).
With ipv6 privacy extensions, your IP address changes every few minutes (withoin the same /64 network) so it's not a lot different (privacy wise) than today, wher that whole network would be hidden behind a single IPv4 address.
Every consumer router I have seen blocks all incoming connections on ipv6 by default in pretty much the same way nat does. The only difference being that the UI allows multiple devices to listen on the same port now.
You have your stateful firewall that does default-deny, only allowing in packets that are replies to internally-initiated sessions. If you need to do hole punching you have UPnP or PCP (which also allows for authentication of requests):
NAT is not a firewall. NAT is a 'hack' that some firewalls use. My university only used routable IP addresses, but due to the wonders of firewalls, you could not connect to the HP printers in the library over the internet. Even though it had a routable IP.
The virtues of NAT lie more in their nature of being blanket blacklist firewalls by default.
This can indeed be replaced with firewalls on each IPv6 client, but you have to concede that just putting a router between your computer and modem adds a ton of security for very little effort or know-how.
But NAT in itself is a workaround for IPv4 limitations with significant problems, which has become permanent because there's nothing as permanent as temporary solutions.
You're not supposed to care about it. IPv6 really has two motivating factors: the first is to simplify the IP stack, the second is to increase the scale of the address space. It's not supposed to be exciting, it's supposed to be a change we make because it obviously makes sense to do.
I also don't think IPv6 is a "failed technology" at all. If you've used almost any zeroconf service on an Apple product recently (AirPlay, AirDrop, AirPrint, HomeKit, so on) then you've been almost certainly using link-local IPv6. If you've used Spotify Connect or Sonos, there's a very good chance that's been over link-local IPv6. If you have any Thread or Matter smart home appliances, they generally communicate using IPv6 too. Most devices connect to Chromecasts over link-local IPv6. You've quite likely been connected to IPv6-capable Wi-Fi networks before and you probably never noticed. IPv6 is actually pervasive in all sorts of places.
My ISP offers a plan without IPv4 at a lower price. v4 websites only are served through their NAT64/DNS64 infrastructure and it works really well except for some dumb applications that hardcode the IPv4 instead of using domain names (yeah, and also the ones that rewrite the entire stack in C and only support AF_INET...)
I am dual stack at home. While my xbox will happily display its ipv6 address my traffic logs still show it heavily preferring ipv4 when actually doing anything.
1. It works
2. The internet today would not function without it
3. There are several IPv6 only deployments (primarily mobile carriers)
It being "interesting" has nothing to do with it being successful. I'm not interested in any new 120v electrical deployments or any new 4g LTE deployments but both of those technologies are very successful.
Not to invalidate your feelings, but that seems quite normal. I feel the same.
IPv6 has been mature for over 15 years and is slowly making its way. Most major LTE carriers have deployed it, most home broadband providers have the infra in place, they're just waiting to flip the switch. We're in the boring, uneventful, slow deployment phase.
Setting up IPv6 on my home network was fun and exciting now it's just boring. The only time I've noticed it was was once when IPv4 broke (dhcp server issue) and another time when IPv6 itself broke (radvd issue).
All that said I do sort of wonder when or if we'll ever move off dual stack. I think there's a strong argument that running two protocols at once is riskier then the combined risks of the two.
Anecdote: a company I used to work for was growing rapidly by acquisition, which ended up being the motivation to go ipv6 internally. With IPv4 every new company was basically guaranteed to have an internal network that conflicted with one of our existing subnets, so we either had to re-ip them, which was brutal or put crazy NATs on our VPNs alongside dns insanity. Going IPv6 meant that getting them on our mesh was simple. Just enable IPv6 on their network (which was far easier than most network admins fear it will be), then join their IPv6 network to the mesh, let their IPv4 be whatever it was. Update all DNS servers to have AAAA records. No more conflicts!
And even then they can just have a small number of IPv6 terminate on some load balancers and small SNAT groups. Almost everything inside the data-centers will likely remain IPv4 for quite a while.
It doesn't matter. IPv6 is happening, its way past the point of no return. Nobody is entertaining the idea of dropping ipv6 and doing something else. Any remaining problems that IPv6 has are more realistic to deal with within ipv6 than scrap the whole thing and start again from scratch.
Definitely not a failed technology in my personal experience. As mentioned in the report Arcep mandates IPv6 for 5G licensees. Turns out they put out the work and 4G has IPv6 retrofitted basically everywhere as well as a side effect.
ISPs have deployed IPv6 quite successfully now. Barring some legacy connections (DOCSYS 2 or something mostly) that still get no IPv6, basically all new connections have IPv6 as a default, and old ones have either already been migrated (including DSL) or are in the (sometimes long) rollout process. Some tied the IPv6 migration with an IPv4 CGNAT move, which makes IPv6 very attractive: hobbyists have to ride on IPv6 for external reachability, while casual uses like gaming, voip, conferencing, and whatnot benefit from relay-less p2p connections by preferring IPv6.
For the four major ISPs, this report from 2021 shows 89, 71 and 49% active IPv6 on mobile (not just 5G), with a 1% outlier that should have gotten its act together by now, and 99, 89, 53 and 22% for landlines, and projects 99, 93, 80 and 40% deployment in 2023 (which sounds about right for today in my experience), and 99, 97, 95 and 85% deployment for landlines in 2025, at which point CGNAT won't be an issue for most and IPv4 basically becomes legacy technology provided things also move forward server side.
I recently moved, and was mildly annoyed to find that my ISP didn’t assign me an IPv6 address. Then I remembered that, in order to get one at my previous location (same ISP), I had to call and specifically request it. That was six years ago. If they haven’t defaulted to giving out IPv6 addresses by now, it’s never gonna happen.
I honestly can’t figure out why they don’t, as it has to be cheaper to just do it than make customers call and speak to a representative, given that the technology is clearly in place already. Honestly, though, it’s been over three months and I still haven’t called, as there has been absolutely no reason for me to bother doing so. Like you, I also used to be interested in the rollout of IPv6, but now I just don’t care.
I will be calling to complain if I am not assigned an ipv4 address by default. Very first thing I do whenever I move or get a new router is disable all ipv6. All of my client devices have ipv6 disabled. ipv6 takes a very simple addressing schema and unnecessarily turns it into an entire beeping protocol for no reason.
I don't care if I have to write angry letters to senators to pass laws forbidding the sunsetting of ipv4, this is 100% an issue I will go down fighting tooth and nail until I die or ipv6 dies, whichever first.
Does anyone know why German universities are so slow to deploy IPv6?
Almost none has their website reachable over IPv6 or IPv6 on their internal network.
Depends on the technical expertise of the staff, I guess.
My alma mater (FAU Erlangen, https://fau.de ) did have some internal and external IPv6 already back when addresses were still 6bone 3ffe::, 20 years ago. Don't know since when the main website has been IPv6-reachable, but it has definitely been over 10 years.
Most German universtities have applied at an early stage for a class B network block therefore they have little pressure.
When I asked the IT staff at my university years ago, they said that there are still some very old routers without IPv6 support in use. And since everything seems to work with IPv4 for the university administration, there is no money for new ones.
> Why do you need that? What's wrong with SLAAC and RDNSS?
It's handy in many situation where you want to assign specific devices specific addresses, or at least make a log of dynamically chosen addresses (e.g., networks with auditing requirements).
Is there a breakdown by network type? e.g. Cellular Network, VPS Provider, Home ISP, IoT, etc... The reason I ask is that last numbers I saw somewhere were thrown off by VPS providers and cellular providers. Cellular had no choice but to go IPv6 due to sheer numbers of users. VPS was easy due to the ephemeral nature of VM's. People could slowly adopt it at their own rate.
> The reason I ask is that last numbers I saw somewhere were thrown off by VPS providers and cellular providers.
How are these situations "throwing off" the numbers?
There seems to an underlying assumption in this statement that if you (e.g.) stream a Youtube video from your cell phone (over IPv6) it is "invalid" (less valid) but if you stream it on your desk/laptop from your (IPv4-only) home or work's ISP it is (more) "valid".
> Cellular had no choice but to go IPv6 due to sheer numbers of users.
Of course they have a choice: they could spent millions of dollars getting IPv4 address for their customers, or they give IPv4 shared space [1] to all the devices and spend millions on CG-NAT equipment. No IPv6 needed.
Every IPv6 connection is just as valid as every IPv4 connection.
How are these situations "throwing off" the numbers?
I know many will disagree with me and that is fine, but cell phones will not drive adoption since they have to add plumbing for IPv4 regardless. The phone just has to route to the destination. Adoption will come when businesses are required to have IPv6 to make money, or conversely will lose money when they lack IPv6. I personally would exclude cell phones and VPS providers from numbers to get a real snapshot of meaningful adoption. Home ISP's and commercial businesses are probably more useful to see how far along IPv6 adoption is progressing.
In my opinion and experience when people are given a temporary work around such as ipv6toipv4 gateways, that work around becomes permanent and will stall adoption of the long term solutions.
Of course they have a choice: they could spent millions of dollars getting IPv4 address for their customers
Probably up to a point. They would have eventually hit a wall from port depletion as CG-NAT on gateways only scales so far. It works on home end-points because there are not typically tens of thousands of people at a home. It falls apart quickly when used on a gateway. Anyone that has managed many SNAT pools or a WAN optimizer in large companies has seen this first hand and can share their pain.
If you want to spin up (or expand) as an ISP or a cloud provider there's CapEx associated with getting IPv4 addresses (or if you're a 'regular' business that wants to multi-home with multiple ISPs). I don't see how that can continue indefinitely give the finite 2^32 addresses available.
I don't see how that can continue indefinitely give the finite 2^32 addresses available.
Agreed. I think that's why we don't see a lot of new ISP's starting up and instead there are resellers provisioning on existing networks. The big kids are sitting on a lot of IPv4 space and there is no longer a way to pry it from their hands and now that to your point the IP's are worth more they will kick and scream if someone tries to take the unused space. In the early days ARIN and RIPE would harass people that didn't actively use their space but that stopped and I have no idea why. I remember having to set up Labrea to make several /16's, /17's and /19's pingable so they would leave me alone but that isn't a thing any more.
When changing my ISP I suddenly jumped in the world of IPv6 without any warning.
Oh boy.
I've been working in IT for 30 years, managed plenty of servers, host services at home, develop FOSS and whatnot but never got interested in IPv6.
And I must say that this is a scary world. Some of my devices suddenly were getting their DNS settings from something else than the DHCP, I had to learn quickly about RA and other anagrams. I was super worried about the exposition of my services - something I completely controlled in IPv4.
With this in mind, I think that IPv6 is too complicated. It does not have that sweet spot between "plug the green cable to the socket called ETH" and "I am going to try to squeeze some extra bits into the datagram".
Alas, publicly traded companies....