IPv6 Adoption Hits 32%. Will Stats Show How Many Returned to the Office?

Long-time Slashdot reader Tim the Gecko writes: Google's IPv6 connectivity stats topped 32% last Saturday for the first time.

But the main story has been the midweek stats. Most mobile phone networks and a good chunk of residential broadband have migrated to IPv6, but the typical corporate network where people used to spend their 9 to 5 is largely IPv4-only. There used to be a big dip in the IPv6 stats during the working week, but widespread working from home has halved that dip, with the typical midweek IPv6 connectivity for Google queries moving upwards from 26% to 29%.

Looking at this graph will be a good way of checking how fast people are returning to the office.

Stupid question...

[aaarrrgggh]

Is there really a need for businesses that can justify a /29 to go to ipv6? We have a few vendor systems that are not v6 tolerant, but once they go we could flip the switch.

Re:Stupid question...

[Bert64]

There are many reasons...

Using the latest available technology is a best practice, why would you knowingly deploy a legacy technology?

In the interim you should at the very least be deploying a dual stack environment, and ensure that anything new is being accessed over ipv6 unless it absolutely has a need to talk to your legacy equipment. The only things that will need legacy ipv4 are devices which communicate directly with your aforementioned non-ipv6 legacy equipment, and border devices (web proxy, mail server etc) that need to communicate with external parties. Your average desktop or internal company server has no real need for legacy ip.

Microsoft consider ipv6 an integral part of windows since vista, and turning it off is officially unsupported (you can do it, but things are likely to break) - however, connecting a modern windows system to a legacy network that lacks ipv6 support can be a security risk:
https://blog.fox-it.com/2018/0... [fox-it.com]
MacOS lets you disable ipv4, but you cannot disable ipv6, so it's clear the way os vendors are moving.

Interconnecting with other companies will have virtually no chance of address conflicts (think being bought and merged with a larger company, or vpn connections to vendors or from users etc). Address conflicts are common with legacy ipv4, the recent increase in home working has forced people to reconfigure their home networks because they used the same 192.168.x range as something on their corporate network which causes problems for vpn users.

Using ipv4 with public cloud providers can be dangerous, and requires a lot of extra care and causes hassle...
If you use ipv6 with aws you will get your own block, its easy to keep track of and anything you setup will be in that block.
If you use ipv4 you get random addresses all over the place, much more difficult to keep track of... Zoom is a good example:
https://support.zoom.us/hc/en-... [support.zoom.us]
75 ipv4 blocks, vs 1 large ipv6 block
You can also see easily who the address belongs to, imagine if you are monitoring traffic and suspecting some malicious activity - random addresses belonging to aws could be any one of millions of aws customers (including malicious actors), but a single address block registered specifically to zoom is pretty obvious what the traffic is.

With major providers, ipv4 addresses are also recycled out of necessity, so if you shut down a machine with such a provider you need to be very careful to make sure that anything which was pointing to it (dns records, firewall rules etc) have been cleaned up... If your old address is recycled and gets allocated to someone malicious, they can use it for malicious purposes, and this is already happening:
https://www.theregister.com/20... [theregister.com]

You can no longer practically use ip based blacklists because carrier grade nat is common...
Most mobile operators use cgn for ipv4 traffic, and in third world countries pretty much all connections typically go through cgn.
I was working with a client who were getting brute force attacks against their email service, their initial response was to block the source of the attack - which rapidly caused a flood of helpdesk calls because they blocked the cgn address of the telco their corporate mobiles used...
Turns out both the attackers and their own remote staff all originate from the same cgn address, the telco logs can probably differentiate the users but the end company can't.

The hardware to implement cgn is expensive to both acquire and operate, and it generates a huge amount of logs because it needs to track connections for legal reasons. It's a significant overhead, and probably the biggest reason why ipv6 is much more prevalent on mobile networks.
By implementing ipv6, they sh

Re:Stupid question...

[Antique Geekmeister]

> Using the latest available technology is a best practice, why would you knowingly deploy a legacy technology?

Permit me to disagree with this? Using a technology simply because it's new is expensive and destabilizing.

Supporting a new technology that successfully addresses a major flaw of the old technology is useful. In this case, the much larger address space creates difficulty scanning internal networks and encourages exposure of IP addresses rather than filtering their traffic through a restricted external proxy or NAT.

Re:

[Darinbob]

IPv6 is not just newer than IPv4, it is better! IPv4 has so many problems it's ridiculous that it's still in use except for the inertia of infrastructure companies and IT staff.

Re:

[Antique Geekmeister]

Please believe that I'm quite familiar with the technological distinctions. The critical limitation of IPv4 that is forcing the migration is the lack of available /16 address spaces for network providers, and of /24 address space for smaller network businesses. IPv6 has issues, much of which come from the necessity for backwards compatibility with long-term IPv4 based infrastructure and the computational requirements of larger and unnecessarily complex, grossly mis-allocated routing tables.

Re:

[kqs]

Yeah, I ran into a few of those problems 15 years ago when I helped implement IPv6 for my then-$DAYJOB; mostly old piece-of-crap hardware. It took a bit of effort to fix or work around, but really not that much; a few routers didn't get fixed until the next upgrade cycle a few years later.

Re:

[Antique Geekmeister]

There were very powerful issues with scaling up the routers. When going from 32 bit arithmetic to 128 bit arithmetic, it required much more than merely a 4-fold increase memory, even though I encountered engineers who believed that scaling up could be done that easily. There have been a few generations of routers since I was compelled to walk an engineer through the idea that 64-bit hardware took extra resources to handle 128-bit addresses.

Re:

[Train0987]

"Using the latest available technology is a best practice"

Not if you've ever worked in the real world it isn't You lost me after that.

Re:

[Bert64]

How is it not a best practice?
That you may have factors preventing you from complying with best practices is a separate issue, which doesn't change the fact that newer technologies are generally better and bring improvements, and you'll be better off if you're running the latest versions.

Look at SSL/TLS for example, it has been through multiple versions...
SSL2/SSL3 have known flaws and pretty much everyone is recommending against using them, these versions are deprecated if not entirely removed from current

Re:

[Hayjumper]

A fair degree of effort & thought seems to have gone into this post, so I would like to reply in kind:

I generally agree that IPv6 support should be baked in to anything (apps, libraries, networks) starting now (actually, starting several years ago). There are certain features implemented differently in v6 that have the benefit of many years of experience with the shortcomings of v4 (multicast & IPSEC come to mind).

That said, this comment presents an argument fueled by an agenda of absolute adoption

Re:

[Bert64]

> MacOS lets you disable ipv4, but you cannot disable ipv6, so it's clear the way os vendors are moving.
Is there a source/support for this? I have disabled ipv6 on MacOS before. Here are several sources:

On the two macs i have here, one running catalina and one running mojave, under system preferences you have "dhcp, bootp, manual, off" options for ipv4, and "automatically, manually, link-local only" options for ipv6 - there is no "off" for ipv6.
It may well be possible to do it manually from the cli, but the intent of apple is clear - you are not expected to turn off ipv6 but they do expect people to turn off ipv4... The same as with windows, technically you could but it's not supported, not recommended, st

How many wasted IPv4 blocks?

[Way Smarter Than You]

One of my companies got a /20 they never used. Did the forms, paid the fees, got the assignment, went unused for at least 9 more years that I know of.

If they actually enforced use it or lose it for v4 I'll bet there'd still be plenty of free v4 space to go around.

Re:

[Great_Geek]

There is a shortage of free IPv4 addresses.

Just charge a dollar per year for an address. Watch the addresses get freeed; plus it will generated so much money for ICANN.

Re: How many wasted IPv4 blocks?

[Wycliffe]

Yes, itâ(TM)s stupid that they donâ(TM)t charge for a scarce resource. My cloud provider charges me $1 per month per IP and many home internet providers charge $10 per month or more for a static IP.

Re: How many wasted IPv4 blocks?

[Wycliffe]

The other thing you could do is slowly up the cost. Start at $1 per month per IP and raise the fee by $1 each year and companies would have an incentive to migrate.

Re:

[Applehu Akbar]

Or we could have the cost of the remaining addresses priced by open-market forces. I thought up a great term for this too: "auction."

Re:

[Generic User Account]

The what? There are no remaining addresses. ICANN has run out of addresses 9 years ago! ARIN, the American Registry for Internet Numbers, has run out more than 4 years ago. RIPE, the European registry, ran out last year. Running out of addresses doesn't mean they don't have any at all left, but there aren't anymore to be had if you already have some. The remaining few are reserved for future service providers who would otherwise not be able to provide working internet service. None of the registries have mo

Re: How many wasted IPv4 blocks?

[Wycliffe]

Assuming there were some remaining, only auctioning off the remaining doesnâ(TM)t solve the problem of all the companies who got them for free but donâ(TM)t need or value them. Domains are $10/year and basically unlimited. It seems reasonable to charge $10/year for IPs which are not unlimited. It wouldnâ(TM)t affect most people or companies that were using them right. Many ISPs and cloud providers are already doing this.

Re:

[Applehu Akbar]

Sure. That's why Zimbabwe, Venezuela and the Soviet Union are on top of today's world.

Re: How many wasted IPv4 blocks?

[Way Smarter Than You]

Bah, at that /20 place, the finance team would just blindly play it. AP never looked closely at anything under $50k or so they'd seen before.

If we'd received a serious notice about losing it then maybe someone would've funded that project or just let it go.

Re:

[thegarbz]

And then what? Suppose the GP's /20 only actually uses 2 addresses. What happens with the other 4094? Are you proposing that it get divided up and each address given out to anyone who would be willing to pay? Suppose that means 4094 different people suddenly end up with 1 IP address each. Now we had what was previously routable with a single entry in a routing table suddenly need 4095 entries.

IPv4 was designed to be routed in pre-fixes. The internet's routing tables are insanely large as it stands and tethe

Re:

[Jeremi]

You're not actually solving the IPv4 problem, you're kicking the can down the road and at the same time creating another bigger problem.

There ought to be some kind of rule of thumb: if a proposed solution to IPv4's problems would be more difficult/expensive to implement than just transitioning everyone over to IPv6, then we should just go ahead and transition everyone over to IPv6 and be done with it, rather than implementing the proposed solution.

Re:

[kqs]

The problem with that is that for many people, the difficulty/expense of "admitting I was wrong" is damn near infinite. Huh, same problem as politics, really.

Re:

[Yaztromo]

Now we had what was previously routable with a single entry in a routing table suddenly need 4095 entries.

This is my constant frustration with people who seem to think we never have to move from IPv4. They only think about ensuring machines have addresses, and _never_ consider how in hell you're actually going to route data to those addresses.

Yaz

Re:

[thegarbz]

If they did that the internet would grind to a halt. IPv4 was designed to be routed in blocks. Just because someone has a large block doesn't mean freeing it up will save the world and we can all live happily ever after.

Every address that it assigned outside of the block needs to be routed somehow. https://blog.apnic.net/2020/01... [apnic.net] this site explains the problems and shows some pretty graphs as well. The routing table size is becoming and actual physical problem due to IPv4 addresses being broken up and rou

Re: How many wasted IPv4 blocks?

[Way Smarter Than You]

Who said divvy it up 1 IP per request? You can't route like that anyway. But if it was returned then some company that actually needed a /20 could have one or there could be a bunch of routable /24 blocks available. An ISP can chop up the /20 into however many(I'm too lazy to do the math) /29 or /30 blocks for a bunch of smaller customers.

Re:

[Bert64]

If they returned it, then the company that was using the 2 addresses from the block would need to reconfigure their setup, causing disruption.

Also you need your own address space to do proper multi homing via bgp, and you preferably need a block larger than /24 because some routers filter smaller prefixes (because the fragmented ipv4 space results in a HUGE routing table that is too big for some routers to handle so they filter smaller prefixes out).

Re: How many wasted IPv4 blocks?

[Way Smarter Than You]

Uh,,please read my original post. My company had a full /20 and literally did not use a single IP from it. It could have gone out to others who needed IPv4 blocks as anything from a /20 to numerous /30 (via an ISP intermediary).

Re:

[bbn]

That IPv4 block can still be used. It is worth approximately 6000 USD. Sell it.

Aside from that, anything smaller than /24 is unroutable. Basically everyone filters more specifics and it is going to be as hard to change that as to implement IPv6.

Re:

[thegarbz]

Who said divvy it up 1 IP per request? You can't route like that anyway.

No one said it, but the reality is if you're just moving a /20 around that isn't solving anything. The biggest problems for IPv4 address exhaustion is that it's not one person looking to buy a large block anymore, but rather thousands looking to buy tiny blocks. As you said the ISP could chop up the /20 that means that ISP needs to own all /20, that doesn't help a customer on another ISP.

The reality is IPs *are* being divided up. The graphs of BGP routing table size over time is in the above link. So even i

Re: How many wasted IPv4 blocks?

[Wycliffe]

Again, a simple solution. Give discounts for purchasing larger blocks and even bigger discounts or even rebates if you trade in a large block for a smaller block. Basically, give market incentives for companies to give up unused IPs

Re:

[thegarbz]

Basically, give market incentives for companies to give up unused IPs

And do what with it? If the company gives it up that may help me, yay me, but then what about you? If we both are to benefit then that means splitting the block and increasing the routing table size. Then what about some dude in China?

That's the core issue here: IPv4 shortages are not one large customer needing another /8 somewhere. The IPv4 shortages are across many millions of customers scattered in millions of networks around the globe. Freeing up large blocks will cause massive problems for routing tabl

Re: How many wasted IPv4 blocks?

[Wycliffe]

The solution to fixing the routing tables is a separate but complementary issue to fixing the ipv4 shortage. Once you start freeing up IPs you also obviously need to defragment the blocks. This isnâ(TM)t a hard thing to do and they already do it. Multiple times Iâ(TM)ve had a service provider require me to swap to a new set of IPs.

Re:

[31eq]

Great, your company has a /20 they could share. That would mean 16 different companies could have their own /24.

Currently, the USA has nearly 5 IPv4 addresses per head of population. There's some waste here: maybe a modern, post-industrial economy would function efficiently with 4 addresses each. IPv4 has a hard limit of 4.3 billion addresses. The current global population is 7.8 billion. Give everybody 4 addresses (still less than the USA currently enjoys) and we'll be short of nearly 78 billion addre

Re:

[bloodhawk]

Their are only a bit over 4 billion IPv4 addresses, even if every address is used efficiently there isn't enough in this age of smart devices and everything connected. NAT has staved off the crisis for a long time but there is only so far you can kick this can down the road. ISP's are enforcing CG-NAT more and more and charging to be excluded from it, we need to move on.

Re:

[Yaztromo]

If they actually enforced use it or lose it for v4 I'll bet there'd still be plenty of free v4 space to go around.

No there wouldn't. If somehow we freed up all the unused IPv4 space, and then re-allocated it all to ensure efficient routing, it would be gone in a day. There is a massive waitlist of organizations willing to pay for IPv4 address blocks which simply haven't been able to get them for the last year (or more).

Yaz

IPv6 WHERE?

[darkain]

"a good chunk of residential broadband have migrated to IPv6"

Comcast: only with certain hardware, and it was a very shitty implementation that wouldnt allow delegation (yes, this is available in SOME places, and someone will surely come in and correct me, but the deployments I manage dont allow it)

Centurylink: They only offer IPv6 over IPv4 tunneling, and it has not worked in the past year-ish.

Google Fiber: true dual-stack IPv6. Works perfectly as expected.

Rainier Connect: no IPv6 offering at all, despite having multiple IPv6 peers in their data center.

Click-Network: No IPv6 offering at all.

So basically 1 out of 5 that I've used in the Pacific Northwest in the past decade has IPv6.

Re:

[thegreatbob]

I know Comcast's older SMC D3G routers had issues with IPv6 (it seemed like only the first DHCP leased machine after a reboot could use it); these were also one of their only rental routers (required for static IPs because of their silly way of applying these) that didn't have horrible performance/reliability issues. The Cisco DPC3939/3941 both had the Intel Puma 6 chipset, and exhibited extremely erratic latency and packet loss, seemingly influenced primarily by congestion on the external network. Netgear

Re:

[thegreatbob]

I left out the rather relevant context that this was Comcast "Business Class" service, which is no different from their residential service, but with modest improvements in support/service availability, and no SLAs... nothing like $3 bill credits for that 6 hour outage!

Re:

[Tim the Gecko]

Comcast: only with certain hardware, and it was a very shitty implementation that wouldnt allow delegation (yes, this is available in SOME places, and someone will surely come in and correct me, but the deployments I manage dont allow it)

Akamai's stats [akamai.com] say Comcast has an IPv6 adoption of 69.4%, but that's across the whole US, and the Pacific Northwest's mileage may vary.

Re:

[Bert64]

As far as i understand it, comcast's network wasn't originally built as a single network... Rather it's a combination of different companies that were merged, builds that took place at different times with different equipment etc. There are likely to be significant differences in regions.

I'm not in the US, so i have limited exposure to what's going on there... I do know a (non technical) friend of mine had a dsl from AT&T several years ago and it came with native ipv6 which worked by default without him

Re:

[thegarbz]

I'm quite annoyed at UPC. I had an IPv6 / IPv4 dual stack when I first got internet, however the IPv4 was behind CG-NAT and that simply will not do. So I asked them and they said, sure just register as a business. So I did, got a fixed IPv4 address ... and that's it. Nope apparently business plans do not support IPv6 addresses.

WTF ISP!

We are ready, not made the jump

[jfdavis668]

At work, we have made sure everything we have purchased for over a decade has been IPv6 ready. All our software has been updated to handle it. Yet, we haven't made the switch. I guess there just hasn't been a driving need to do so. We have been using private IP ranges for all our internal networks, so only external routers and proxies have real IP addresses. Working that way has just taken the wind out of the push to switch.

Re:

[WindBourne]

suggest to your bosses that NOW is the time to switch, esp. if you have many ppl working from home.
In fact, if you have a large number of ppl at home, this will make it easy to bring ppl back slowly and make sure that all computers work within the network.

Hmm. great time for offices to update to IPv6.

[WindBourne]

Seriously, this would be a good time for companies to move their internal networks over to IPv6. This way, they can get better control of routing, security, etc. Likewise, being able to give up IPv4 would be awesome.

Re:

[ledow]

Take a typical example.

Say 1000 machines, behind a single corporate firewall.

What's the point?

Just change the default gateway / NAT to be a 4/6 gateway and stay NAT.

Not one other machine need be changed/updated, you can work with 4 or 6 internally or externally, and you gain... nothing.

Exactly the same as you would gain by making internal machine 6, except it would be significantly, cheaper, faster to do, and easier to manage.

Your phone has IPv6 now - that's why these stats are high.
It's a mandatory

Re:

[kqs]

Your phone has IPv6 now - that's why these stats are high. It's a mandatory part of 4G and DOCSIS protocols. What advantage does it give? Nothing.

The reason that your phone has IPv6 is because a single company with more than 4M devices (in an ideal world; far smaller in real world conditions) has incredible pain managing them without IPv6. Even many of the ISPs which don't offer IPv6 use some IPv6 to manage devices.

Re:

[Dagger2]

Address shortages, NAT, RFC1918 clashes, split DNS, and (partially) VPNs. These things cause a lot of headaches and cost a lot of time and money to deal with. The point is to avoid them.

You do need to deploy v6 inside your network to connect to v6 peers. v4 doesn't have enough space in its header to fit v6 addresses (which is sort of the whole problem in the first place). You can't just magically make your router act as an intermediary, unless you feel like using a proxy server for everything (which pretty

Okay, what am I missing?

[fahrbot-bot]

I'm pretty sure all my home systems are IPv6 capable and enabled, along with IPv4, but I have IPv6 disabled on my router/firewall. I actually like using NAT to hide things behind the router. So, (a) is this sort of thing possible with IPv6 and (b) what am I missing by staying with IPv4 and/or using NAT? I'm not sure I gain much by exposing my local IPv6 addresses to the Internet. I've read though several articles on IPv6 and they all seem pretty dense and it seems way more complicated than IPv4 -- also IPv6 addresses are ridiculous. :-)

Re:

[Joerg Sonnenberger]

"Hiding" the network behind the router would pretty much defeat the purpose of dropping NAT in first place. It is also the wrong objective. The IPv6 Private Extension in combination with an inbound connection filter pretty much provides all that NAT ever did without many of its problems. PE essentially means that a client will have two or more IPv6 addresses at all time. A stable address for incoming connections, e.g. based on the MAC address, and one or more temporary random addresses for outgoing connecti

Re:

[Z00L00K]

The point with a NAT is to hide how many devices you have.

I can agree that to some extent NAT is a limitation as well, but for the perspective of not revealing your inside infrastructure it's one of the more useful tools. The ability to map an inside network structure is one of the more useful things that an intruder can use since then they can over time learn which network segments that contains the most interesting information and then try to focus their attacks on those segments even physically.

Re: Okay, what am I missing?

[BAReFO0t]

Did you somehow not read his comment?

The router system would have a prefix. A HUGE prefix as large as the entire IPv4 Internet. And behind it, systems would get ever-changing IPs inside that prefix. Plus static IPs that nobody could just guess, but would have to already know.
How in the world would someone be able to map out your internal network from that?
Scan the entire 16.7 million internal IPs of your /64 prefix? If he can do that, without rate limiting dragging it out to forever, and him being blocked f

Re:

[Z00L00K]

The point is that you don't have to scan, you only have to do statistical analysis of the traffic to deduce number of devices and what kind of devices that there are. If there are rare re-uses of the IP addresses for different devices then it doesn't matter because each device will basically have its own set of addresses with a certain pattern.

Re:

[Yaztromo]

The point is that you don't have to scan, you only have to do statistical analysis of the traffic to deduce number of devices and what kind of devices that there are.

That doesn't work with modern operating systems, which will assign temporary IPv6 addresses that expire after a few hours, at which point a new address is assigned.

And as IPv6 allows you to have multiple addresses bound to a single interface, you can have lots of temporary addresses at once, used by different applications. A traffic analysis is only going to (at best) tell you how many temporary addresses (and if you're allowing some incoming connections, perhaps secured addresses) you have assigned. This

Re:

[Z00L00K]

I'd say that it's exactly why it would work.

Statistical analysis is a great tool to find unexpected patterns.

Re:

[Bert64]

No the point with NAT is a kludge to extend the useful life of a limited address allocation by allowing a large number of machines to share a small number of addresses. Disguising the number of internal devices is a side effect, as is extra complexity, breaking of certain applications, extra requirements for logging etc.

With ipv4, your network segments are small and quite easily for an intruder to map simply by scanning every address.
With ipv6, your network segments are huge and scanning is no longer practi

Re:

[ledow]

You bought into the shitty hype.

There's nothing about IPv6 that prevents, hinders or otherwise affects NAT operations. Never was. It was an entirely separate issue, and most people don't use NAT to "save IP addresses", they use it to form a separate address space so that internal and external addresses are clearly identified, in the process giving them a pseudo-firewall in the way of the necessary connection-tracking (and also rejection of non-local-initiated connections).

IPv6 is just IPv4 with bigger add

Re: Okay, what am I missing?

[BAReFO0t]

You seem to have missed how the creators of IPv6 specifically set out to kill NAT, hated NAT, and said so.

They always saw it as a crutch. Because it is one.
And random IPs out of a /64 (16.7 million) prefix are vastly more obfuscating than random ports out of 65535 ports. Apart from one running out of ports too.

Re:

[kqs]

All that is true, but the point is that NAT is still possible on IPv6. Idiotic, confusing, and far less secure than the privacy-enhancing randomized addresses, but just as easy as on IPv4.

Re:

[Joerg Sonnenberger]

IPv6 is not IPv4 with larger addresses and never was. That's BS that has been repeated over the year mostly by people that refuse to work on updating their networking knowledge and often also still talk about network classes because they haven't heard of CIDR. The reason why IPv6 has been fighting since the beginning against stateful (!) NAT is that it breaks one of the core goals of a good network, end to end addressing. I find it amusing to see you ramble about STUN etc. as it is a horrible hack around th

Re:

[Dagger2]

IPv(whocares) network + IPv4/IPv6 gateway -> outside world. Which means changing/updating/managing THOUSANDS of devices on an internal network just to get online via IPv6.

Who cares? People who want it to work. You need v6 on your network to connect to v6 peers on the internet. v4 doesn't have enough space in its header to fit v6 addresses (which is sort of the whole problem in the first place).

You don't need to upgrade thousands of devices to use v6. Most devices already do it; any remaining v4-only devices won't get v6, but that's not a blocker to deploying v6 on your network. You'll eventually throw those legacy devices away as they age out or become obsolete, so there's n

Re:

[thegarbz]

I actually like using NAT to hide things behind the router.

NAT is possible with IPv6, but you'd be mad to use it. People can identify your internet connection endpoint as it is, beyond that they don't care if your device is your iPad or your laptop. You can assign IP addresses how you like behind it, you can even NAT if you want to avoid the major benefit of IPv6 which is that endpoints can be communicated with directly once more, but quite critically: you're more than capable of running a stateful firewall even without NAT.

(b) what am I missing by staying with IPv4 and/or using NAT

The internet is broken. You are basically

Re:

[locofungus]

NAT is possible with IPv6, but you'd be mad to use it.

A 1-1 mapping can make a lot of sense. From the outside your network looks like it occupies a 2001 /48 but inside it's on a fd00 /48 instead.

Then changing isp or whatever just means changing a couple of rules in the firewall (plus any dns entries that external clients use) and everything just works.

I wish I'd done this. I've now 'acquired' rather a lot of places where my /48 is baked in and changing it isn't as simple as changing radvd.conf and rebooting

Re:

[Yaztromo]

A 1-1 mapping can make a lot of sense. From the outside your network looks like it occupies a 2001 /48 but inside it's on a fd00 /48 instead.

Sure, but you don't need NAT for this in IPv6. Just assign ULA addresses (which are globally unique but only locally routable), and use them internally. You can keep the same ULA addresses if you move ISPs without renumbering the vast majority of your systems.

And FWIW, fd00:: is a /8. The ULA reserved space is actually fc00::/7, but one bit (the 'L' bit) is reserved to designate whether or not the ULA is guaranteed unique by an external registry, and as such a registry has never been setup, that bit can'

Who [or what] are the 32%?

[LionKimbro]

I... what....

32%..?

Is it possible that we'd all be using IPv6, and I wouldn't even notice?

How is it that "The graph shows the percentage of users that access Google over IPv6." ..?

Who are these 32%, such that they are using Google over IPv6? Where are they? Because I don't think I know any.

Re:

[Train0987]

Your cell phone. If phones weren't included that number would probably be less than 10%. Include LAN's and it proibably drops below 2%.

And this level of adoption took what, 20 years? That should be the first clue to IPv6 proponents that nobody really wants to deal with this and it's time to come up with a better IPv8.

Re:

[Tim the Gecko]

And this level of adoption took what, 20 years?

There wasn't a shortage of IPv4 addresses for the first 11-15 years of that 20 years. Without a financial driving force it's hard to get companies to put in resources to bring up IPv6. Adoption has gone from 5% to 30% in the last five years, and if the price of IPv4 addresses goes up then that will further drive IPv6 adoption.

Re:

[Train0987]

I was around 20 years ago and vividly remember the doom predictions about running out in 5-10 years that necessitated switching to IPv6 as soon as possible back then. Here we are 20 years later, with the same 5-10 year prediction being used and in this very thread are people mentioning having thousands of unused public IP addresses.

In those 20 years there have been countless articles here saying exactly the same as this and the comments all share the same theme. None of the proponents can answer the simpl

Re:

[Tim the Gecko]

if IPv6 is so fantastic and easy then why is there still so much push-back from the people on the ground who would have to implement and support it?

If you already have a working IPv4 setup then it is extra work to set up IPv6, and there are costs associated with training employees, paying people to set up security and new router configs, re-engineering IP address management systems, logging, etc. There are risks that some of these might go wrong and there will be outages. So without a driving force nobody in their right mind would move to IPv6. The driving force comes when you want to get more IPv4 addresses, and you need to pay for them. Those people

Re:

[Train0987]

You can go back and find an identical reply from 1998.

Re:

[Tim the Gecko]

I'm not sure I understand. You could just ask for addresses from a registry in 1998, whereas now you have to pay for them. I believe that makes a huge difference, and is a large motivation for mobile phone networks across the world to move to IPv6 with 464XLAT [ietf.org] address translation.

You mentioned predictions. Here are some from 2005 [semanticscholar.org]. They actually made a good attempt at forecasting when free IPv4 addresses would be exhausted. Of course one of the problems with exhaustion is the Voyager "are we there yet?" issu

Re:

[Train0987]

1999: "IP Address Shortage"
https://slashdot.org/story/99/... [slashdot.org]

2003: "The Impending IP Crisis"
https://slashdot.org/story/03/... [slashdot.org]

2005: "The exhaustion of IPv4 address space"
https://slashdot.org/story/05/... [slashdot.org]

2010: "NRO Warns They Are On Final IPv4 Address Blocks"
https://tech.slashdot.org/stor... [slashdot.org]

2014: "Whatever Happened To the IPv4 Address Crisis?"
https://tech.slashdot.org/stor... [slashdot.org]

2015: "North America Runs Out of IPv4 Addresses"
https://tech.slashdot.org/stor... [slashdot.org]

Every one of those says we'll run out in 5-10 year

Re:

[Tim the Gecko]

The killer quote from the 2003 article is the following:

As Internet use has blossomed around the globe, and as more people sign on using many kinds of devices and stay connected for longer periods, the number of available IP addresses has dwindled to the point that some expect them to run out by 2005.

which is a seriously bad prediction (albeit with the weasel phrase "some expect"). But I think you have misinterpreted what I said. In 2020 we are in a world where all the space has been allocated (the old meaning of "running out of addresses") but there is a market for IPv4 blocks. So you can buy new gear (though IPv6 has been supported in Cisco, Juniper, etc. for many years), or you can buy IPv4 addresses from someone else, or you can stick with what

Re:

[Train0987]

I missed the most important point you made when I was copy/pasting all those links. There MAY have been a legit shortage when IPv4 addresses were handled by a central authority with all the power and no accountability. Once market economics is applied the problem was able to work itself out.

Re:

[Tim the Gecko]

Yes - it will be interesting to see whether companies rent or buy. That will tell us something about where people think the future lies.

Re:

[Dagger2]

it hasn't been able to work itself out though. We still have widespread NAT everywhere and we're suffering from all of the problems that causes -- and no amount of shuffling around v4 allocations can ever fix that.

Re:

[Dagger2]

Some people are masochists, yes, but I think most people are just scared of the unknown and unable to consider long-term cost/benefit tradeoffs.

Re:

[bbn]

No the problem did not work itself out. We no longer have enough IP addresses that every user can be assigned one. We used to have this and now we don't.

IPv6+NAT solved the problem, not market economics.

Re:

[bbn]

Some of you got IPv6 without even noticing it. There is a reason the number is 32%. It is not like 32% of people have any idea what IPv6 (or IPv4) is.

Re:

[drinkypoo]

I find I don't suffer much from NAT any more. It was a big problem with common protocols back in the early days, but modern protocols are designed with NAT in mind, and I rarely have trouble that isn't trivially cured.

With that said, it's time to just force the change. Nobody is using hardware for which there isn't an OS with IPv6 support, most people are already using an OS with support for it, and we can all bloody well adapt. This address scarcity doesn't benefit The People.

Re:

[Yaztromo]

Every one of those says we'll run out in 5-10 years

And we did. The IANA ran out of addresses to give to the RIRs back in 2011. The RIRs (other than AFRINIC) ran out starting in 2011 (APNIC) through to 2015 (ARIN). AFRINIC still has 0.1213 of a /8 (just over 2 million addresses).

LIRs are also starting to run out of addresses, and many ISPs who can't get new addresses are simply relying on CG-NAT. If you start up a new Internet company today that needs a large number of addresses (like a datacenter), you're likely SOL on getting addresses. The RIRs have

Re:

[Bert64]

That's very short sighted however..
Because *you* have a working ipv4 setup and don't want to implement ipv6, you are preventing others from doing so too.
There are millions out there who are hindered in various ways because of ipv4, wether that's the cost of addresses, the hassle of managing multiple levels of address translation, the inconvenience, cost and risk of being locked in to a single provider, the inconvenience of being stuck behind cgnat etc.

Even your working ipv4 setup will have cost you more in

Re:

[bbn]

No here we are 20 years later and indeed we did run out of IPv4 long ago. There are no more predictions, we are out, its gone Jim.

So what are we doing? Old companies made sure to grap enough IPv4 for their own use for decades. Said companies are not going to bother, but neither do we care. New companies are getting IPv6 and if they need any IPv4 at all, they will have to buy a tiny fraction from vultures. The IPv4 vultures got theirs through various means, not all moral or legal.

New internet service provide

Re:

[Jeremi]

it's time to come up with a better IPv8

... which would then have to fight for mindshare with two established protocols, and would therefore fare even worse than IPv6, even if it was technically better in some respects.

Due to network effects, the only options are stay with IPv4 forever, or migrate to IPv6 eventually. There is no "third way".

Re:

[Yaztromo]

Is it possible that we'd all be using IPv6, and I wouldn't even notice?

Yes -- depending on what sort of user you are. There are ISPs and ISP provided modems that will provide an IPv6 block automatically. All modern computer OSs support IPv6 natively, and will get and use an address if your router and ISP and providing a prefix. If you're the kind of user that doesn't mess with their ISP configured equipment, then yes -- you could very well be using it without knowing. In addition, most mobile phones (and 4G LTE cellular tablets and other devices) use IPv6 connections -- IP

Re:

[slack_justyb]

Because I don't think I know any

Now you do. Home network has been pure IPv6 for the last two years. The router has a function to access IPv4 should it be needed. But everything on the inside is IPv6.

GCE: still no ipv6

[nyet]

and yet GCE still doesn't support ipv6

pathetic.

Yet still no actually working prefix delegation.

[BAReFO0t]

At least on Linux.

No, whatever you suggest, will not automatically update the IPs and prefixes of the clients if it itself gets a new prefix from its parent router. And openwrt's solution is not really simply portable to other distributions. Last time I tried, every solution I could find, resulted in a trainwreck.

(If you think I am very wrong, don't downmod, but comment and tell me, please. Downmodding won't help anyone like me change his view.)

Re:

[Joerg Sonnenberger]

I have no idea what you mean. Prefix Delegation has been working exactly as intended for many users in different networks for years. Please don't confuse Prefix Expiration with Prefix Delegation. They are not the same thing. The former happens if your ISP likes to cut your link for some reason and then isn't willing to give you back the same prefix. So the router is between the hammer and the anvil, it can't retroactively reduce the announced life time of the prefix and always sending a much shorter life ti

Re:

[bbn]

I believe your router could technically broadcast a RA (router announcement) packet with a prefix lifetime of zero to cancel a prefix. I can't think of a mechanism that allows a DHCPv6 assigned prefix to be force cancelled before expire however.

Re:

[cciechad]

I believe it can just immediately send out a RA with the new prefix. This will cause the hosts to change. This is advertised as an advantage of IPv6 that it is supposed to make it very easy to readdress an entire subnet with little impact.

IPv6 failed

[backslashdot]

The numbers are too hard to memorize, they should have come up with a more human friendly IP numbering scheme at least for the early number assignments. For example they could have made the first billion numbers mimic'd IPv4 address with maybe a letter in front to indicate IPv6.

Re:

[Jeremi]

they should have come up with a more human friendly IP numbering scheme

The user-friendly scheme is DNS. It lets you specify a semantically-meaningful string (like "slashdot.org") so that you won't have to memorize an IP address.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[backslashdot]

2600:1700:1304::63a3 is harder to remember than 129.135.104.95, by a lot. they should have initially made most addresses like 129:135:104:95::::, then progress to numbers over 255 like 260:300:123:123:::: on until the full 128 bits were needed.

Re:

[Dagger2]

I don't think those particular addresses are a fair comparison, because in practice NAT ends up being a requirement on many v4 networks. A better comparison would be something like 2600:1700:1304::63a3 vs 129.135.104.95+192.168.63.103, at which point the v6 address is actually shorter and thus presumably easier to remember.

...which is irrelevant anyway, because you don't need to remember IPs. DNS is a thing. If you refuse to use the thing that's designed to stop you from needing to remember addresses then y

Re:

[bbn]

In many cases, including the example 2600:1700:1304:: only the first 48 bits are decided for you. That is 12 characters at worst you need to remember which is the same as for IPv4 addresses. Are hex characters harder to remember? Sure, I mean there are 16 different values instead of 10 for decimal. But then the example did not contain any non decimal values, so why would that number be harder for you?

The remaining part of the address is something you or your equipment has control over. You can override the

Re:

[Dagger2]

That's not really how exponential works... but in any case, you don't need to remember IPs. We've been using the HOSTS.TXT file to give easy-to-remember names to hosts since the 70s, and DNS (which allows the hosts database to scale to the size of the internet) has been around since the 80s. You haven't had to remember IPs in a long time.

Re:

[thegarbz]

The numbers are too hard to memorize

If you're trying to memorize a number then you have no business at all touching your network settings. Please leave networking for people who know what they are doing.

No thanks

[OrangeTide]

I'll wait for IPv10. Every time I try to follow the latest technology, someone replaces it with with something only slightly better.