Vietnam Plans To Convert All Its Networks To IPv6

Vietnam will convert all its networks to IPv6, under a sweeping digital infrastructure strategy announced last week. From a report: The plan emerged in Decision No. 1132/QD-TTg -- signed into existence by permanent deputy prime minister Nguyen Hoa Binh -- and defines goals for 2025 and 2030. By 2025, the nation intends to connect two new submarine cables -- an important local issue.

Earlier this year, internet speeds slowed when three of the five cables connecting the country broke. Also by 2025, the country wants "universal" fiber-to-the-home, 5G services in all cities and industrial zones, and work to have commenced on an unspecified number of datacenters capable of running AI applications and operating with power usage effectiveness index (PUE) of less than 1.4. [...] Vietnam's population exceeds 100 million and it already has 140 mobile subscriptions per 100 inhabitants. IPv4 with network address translation can scale to those levels -- if Vietnamese carriers have secured sufficient number resources.

Re:Starlink

[rabbirta]

Fiber is faster, more reliable, and doesn't fall out of the sky automatically. I wouldn't push anyone to Starlink unless they had no alternative.

Re:Starlink

[AmiMoJo]

Starlink doesn't work in towns and cities either, it has a limited number of users it can serve in a given geographic area.

Re:

[DesScorp]

Just switch to Starlink.

Maybe not an option for their people? It's a one-party "Market Socialism" state. And Hanoi decides what the markets are. I know there are some negations underway between Starlink and Vietnam, but I don't think anything is settled yet.

Re:

[whitroth]

You're an idiot. Still an admirer of Dilbert Stark?

Re:

[thegarbz]

Just switch to Starlink.

It's fitting that someone named "backslashdot" would propose a solution that is worse in reliability and speed than what many people have had for well over a decade now.

Re:

[Darinbob]

A completely different topic than migration to IPv6. I assume of course that Starlink being new uses IPv6 always by default, because that makes sense.

28 years ago..

[mrthoughtful]

Okay, so it has been a ratified standard for seven years, but it's been a draft standard for 28 years. What is wrong with us? The real news is that the rest of the planet seems to be stuck in a time loop.

Re:28 years ago..

[StormReaver]

What is wrong with us?

Our ISP overlords have decided that there is too much money to be made in the artificial scarcity of IP addresses, and our political overlords have decided that such behavior is A-OK in their corrupt books.

Re:28 years ago..

[Arnonyrnous Covvard]

The IPv6 proponents shoot their own feet more than enough. No need to blame anyone else. The original addressing schemes with permanent unique addresses everywhere, OMG. The insistence that there be no NAT with IPv6 and the expectation that end-to-end connectivity be restored are major problems with IPv6. Multihoming still has no workable solution with IPv6, network renumbering and multiple prefixes cause endless problems. Support for workable addressing schemes in widely used network configuration tools and firewalls has only become available in the last 5 years, and I wouldn't call the current implementations finished. In the end, IPv6 becomes feasible because everything is HTTP/QUIC anyway, and name based virtual hosting and reverse proxies solve all the problems. Unfortunately for IPv6, they also solve the problems with IPv4 scarcity. IPv6 adoption only happens where it's automatic. Hardly any normal person chooses to use IPv6. It has come far enough along that you can use it now, but you get no benefits from it. Yes, you can get addresses cheaply, but if you have no IPv4 addresses at all, you're still fucked. For far too many people, that means you're offline.

Re:

[tlhIngan]

The insistence that there be no NAT with IPv6 and the expectation that end-to-end connectivity be restored are major problems with IPv6.

And with firewalls breaking end-to-end default connectivity anyways, you're still ending up with the same issues you have on IPv4.

IPv6 fixes a few issues, introduces others, and still isn't a huge net benefit. Especially since IPv4 is still around, and you need IPv4 anyways, so IPv6 ends up being a nice to have since you're still dealing with the same issues between the two

Re:28 years ago..

[swillden]

The insistence that there be no NAT with IPv6

What is the benefit of NAT with IPv6? I don't see it. The security arguments for NAT are silly -- you can do exactly the same thing with a stateful firewall without translating addresses. So, that aside, what purpose does NAT serve for IPv6?

Re:

[strikethree]

What is the benefit of NAT with IPv6? I don't see it. The security arguments for NAT are silly -- you can do exactly the same thing with a stateful firewall without translating addresses. So, that aside, what purpose does NAT serve for IPv6?

It gives ISPs a default block against their customers offering any services to the world.

Re:

[swillden]

What is the benefit of NAT with IPv6? I don't see it. The security arguments for NAT are silly -- you can do exactly the same thing with a stateful firewall without translating addresses. So, that aside, what purpose does NAT serve for IPv6?

It gives ISPs a default block against their customers offering any services to the world.

You don't need NAT for that, just a stateful firewall that blocks inbound connections by default. It's cheaper in router RAM/CPU than maintaining an address translation table.

Re:

[Anonymous Coward]

Hardly any normal person chooses to use IPv6.

That swings both ways, normal people don't choose IPv4 either. It's technical people that decide these things.

I'd like to have IPv6 support but my regional ISP doesn't and I'm not willing to tunnel over IPv4. I'd also like it if everyone else was using IPv6. I'd like it if my VOIP adapter could be locked to only allowing access to/from IPs belong to my provider. Same with servers I run remotely. I'd like to be able to block all addresses from hosting providers that allow malicious activity. I'd like t

Re:

[nightflameauto]

What is wrong with us?

Our ISP overlords have decided that there is too much money to be made in the artificial scarcity of IP addresses, and our political overlords have decided that such behavior is A-OK in their corrupt books.

Money to be made = our government bows before the almighty profit and tells the populace to just buckle down and do good work, because "the economy" (big business and Wall Street) is doing great, and the rest of us just need to keep working harder to earn our share!

Re:

[thegarbz]

Our ISP overlords have decided

Bullshit. Slashdot is full of technical people who have nothing but complaints about IPv6. The ISPs aren't to blame here, we are, the technical people who think we can just NAT our way out of every problem, the technical people who think remembering IP addresses is what being a network engineer is about and who can't cope with an IPv6 address, the technical people who for some ungodly reason think that NAT needs to be part of IPv6, who think the ability to directly address a machine is a security risk (seem

Re:

[Darinbob]

IT inertia. It's a lot like physics inertia, except that in IT inertia an object that is at rest tends to move backwards.

NAT is a HACK, plain and simple.

Re:

[dstwins]

I think you also have to remember that we have a LOT of legacy infrastructure that doesn't use IPv6 (everything from banking systems to inter-country routing, etc...) and so FINDING all those systems that would be orphaned or disrupted is a challenge.. even things people don't think about like DNS records, certificates (x509 and others), and especially IOT devices (printers, fax machines, even some older cell phones)..

So while a mass move might be easier with Vietnam (an advantage of being "younger" in the

Re:

[bill_mcgonigle]

> What is wrong with us

v6 suffers from "never let a crisis go to waste."

If it had been a v5 - v4 with 128-bit addresses then it would have been done ten years ago.

Then we could have reengineered to v6 but they knew correctly that nobody would bother once we had v5 and no crisis.

So "what an opportunity!" Hence networking gear just five years old today that does v4 in ASIC and v6 in software on a CPU.

And apparently since Vietnam doesn't have a money tree if you want to serve people there for the next seve

Re:

[Tim the Gecko]

By 2030 v6 might be dominant.

Extrapolating this graph [google.com] suggests 60%-70% by 2030, starting from 46% (weekends) or 42% (weekdays) now. That difference is due to more people being on corporate networks during the week (largely IPv4 as they have no particular reason to change) and mobile and residential broadband pulling ahead at the weekend. For the latter IPv6 can solve a couple of problems - not needing to buy IPv4 ranges to expand, and (for Comcast) managing large numbers of cable modems without overlapping IPv4 private addresses.

Re:

[Bert64]

Vietnam already has more than 60% of its users with IPv6:

https://stats.labs.apnic.net/i... [apnic.net]

And the 7 largest providers in the country all seem to have IPv6 deployment with thousands of users. Assuming that these providers have v6 by default on all their services, those not using it will be the long tail of legacy devices and a small handful of users with misconfigured equipment.

With the typical setup of native IPv6 and legacy IPv4 through CGNAT, access to sites over v6 is significantly faster, and anything t

Re:

[DesScorp]

Okay, so it has been a ratified standard for seven years, but it's been a draft standard for 28 years.
What is wrong with us? The real news is that the rest of the planet seems to be stuck in a time loop.

The rest of the planet doesn't care because IP4 works fine for landside networks, and is a known quantity. Like it or not, all of IP6's growth in industrialized countries will be in the mobile phone sector. ISP's are used to NAT in households, and it simply isn't a big deal.

Re:

[Darinbob]

It's the status quo. And status quo is all about solving the problems of today, not the problems of tomorrow. So smart phones aren't built off of IPv4, because the status quo doesn't work for them - IPv4 has too few address, and they can't slap a NAT in front of every user (thus NAT is for the smart phone using your wifi); plus the status quo doesn't deal with mobility. IoT sort of did both - consumer IoT uses a server for the most part, the intermediary that may be a hundred miles away so that you can t

Re:

[guruevi]

The 'problem' is that we solved the issue of IPv4 shortages with NAT, 4-to-6 gateways and for security it is pretty much required to use proxies, VPN and other technologies that 'hide' a client.

Most people these days don't ever 'need' more than a handful of IP addresses, even large organizations can get away with less than a /24, there is no good reason to be on the "public" Internet unless you're a carrier, my personal devices are continuously cloaked behind a VPN, whether that is my business one or my own

Re:

[omnichad]

"Solved" except for all the web sites that force endless captchas if you're on a CGNAT sharing your IP with a lot of others.

Re: 28 years ago..

[Jeremi]

IPv6 isn't much more complex to implement than IPv4; in many ways it's simpler.

Getting both IPv4 and IPv6 working at the same time on the same hardware, OTOH, is more complex -- at least twice as complex as supporting either one, and often more due to interaction issues.

Re:

[Bert64]

If you're starting from equal levels of knowledge, IPv6 is actually easier to implement.
Consistent subnet size, no need to worry about NAT, no need to conserve address space, it makes many things a LOT easier.

Re:

[guruevi]

Subnet sizes aren't consistent, you can buy various sized subnets, I get a /64 from my provider, some people get a /48 or /56, IPv6 still allows/has NAT, it just allows for 1:1 NAT which makes it a little easier I guess.

Re:

[Bert64]

Each subnet is /64, if you have a larger allocation it just allows you to create more /64 subnets.

There are significantly less use cases where you'd need to use NAT, so you can avoid the headaches and extra complexity it causes.

Re:

[guruevi]

Some people get SMALLER subnets from their providers. The /64 is a suggestion, it is not required. I've seen people complain getting a /96 from their hosting provider.

Re:

[AmiMoJo]

IPv6 is just not very good. I mean it has some technically nice stuff, but it's not intutitive or easy to use.

IPv4 just works for most people when they set up their internal network. The private ranges are big enough for all but the largest organizations. So there isn't much incentive to switch to v6. Maybe I'm wrong and someone can tell me why I should make the effort to master v6 and convert my home network over.

Re: 28 years ago..

[Jeremi]

I don't know if it matters to you, but as an embedded device programmer the one thing I really like about IPv6 is its self-assigned addresses (ie fe80::*). Because IPv6 addresses are have so many bits available, all they needed to do in order to give every device a unique local IP address was embed the Ethernet MAC into the fe80 address, et voila, you have simple and reliable plug-and-play LAN communication without having to mess around with ZeroConf or DHCP or etc. It makes setting up devices on a privat

Re:

[AmiMoJo]

That's a nice feature, certainly. Might actually use that one.

Re:

[Cyberax]

Okay, so it has been a ratified standard for seven years, but it's been a draft standard for 28 years.

IPv6 only solves the address scarcity problem, and creates even more issues with network management than IPv4. It's also badly designed (just look at the extension headers). So there's no real incentive to use it as long as NAT is an acceptable alternative.

/64 Prefix delegation

[aaarrrgggh]

For some unknown reason my ISP still only provides a /64 for residential customers. I have ~16 subnets, so that is pretty much a deal killer for IPv6.

Re:

[Seven Spirals]

Yep. Without a good solution for protocol bridging (and there isn't one) it's going to be a total conversion or no conversation.

Re:

[Bert64]

There are multiple solutions - dual stack, NAT64 etc.
A lot of mobile networks are IPv6-only, and access to legacy sites goes through NAT64. The entire legacy address space is mapped into a tiny section of the v6 space, and any traffic sent there is automatically NAT'd out through a gateway. DNS is then used to automatically translate legacy addresses into their NAT64 equivalent.
iOS and Android both handle this transparently so users have no idea it's happening.

There are also many other fixed line networks w

Re:

[Seven Spirals]

There is nothing that I'm aware of that lets current IPv4 users access IPv6 systems transparently. Yes, you point out some potential solutions, but they aren't anything that makes it easy to transition legacy IPv4 users. Bidirectional NAT with an IPv6 overlay might work, but it'd still require a lot of changes to existing systems and I can see potential problems with that, too. For one, who pays for the bandwidth on the bridging systems? Unless every ISP had little portions of the v4v6 NAT, then whoever ran

Re:

[Bert64]

No there's no way for legacy users to access a much larger address space, that's an inherent limitation of the legacy system.
There are multiple transition mechanisms that allow v6 users to access legacy sites.

You can still run 32bit apps on a 64bit system, but you can't run 64bit apps on a 32bit system.

You deploy v6, and then you use a transition mechanism to access legacy sites until all those sites have upgraded and the transition mechanism is no longer needed. Such systems are extremely common these days

Re:

[Seven Spirals]

NAT64 helps v4 users as you point out. Once the concentration of v6 clients reaches a tipping point, I think you're going to see a lot more momentum toward v6. IPv4 access from an IPv6 client is a lot easier to manage than the reverse situation.

Re:

[Darinbob]

IPv4 addresses can be encapsulated into IPv6, though I haven't ever used this and suspect many generic ISP routers won't implement it (or implement it right).

Re:

[celocanth]

/64 is twice as many addresses as the entire IPv4 space. You can effectively subnet within a /64 with some restrictions; SLAAC won't work for instance, DHCPv6 will.

Re:

[XanC]

It's 4 billion times as many addresses as the entire IPv4 space.

Re:

[DarkOx]

and that is the problem!

The dream of ipv6 was you dont have to manage addresses carefully. So now the isp gives you a single /64 no subnetting unless or no autoconfig.

Your answer is dhcp6, which for a long time was resisted by the standards authors. Frankly in a commercial environment I'd never want to use slaac, centralized address management is too useful there; but in at home, that is one less server daemon to not have to worry about, one less type of message to not have some host firewall causing issu

Re:

[brickhouse98]

That's pretty ridiculous. The IPv6 space is so huge there's zero reason not to allocate a /56 to each customer.

Re:

[Bert64]

Yes this is a problem for many, the standards say to delegate a /56 to residential customers.

Re:

[Mousit]

For some unknown reason my ISP still only provides a /64 for residential customers. I have ~16 subnets, so that is pretty much a deal killer for IPv6.

Forgive my ignorance; I am no expert on IPv6 so maybe there's some fundamental detail I'm missing. I'm legit curious though: a /64 can be divided into sixteen /68 subnets, with each one of those having over 1.1 quintillion usable addresses available within them. How in the world is having "only" a /64 from your ISP a deal killer in your configuration?

Re:

[Cyberax]

Forgive my ignorance; I am no expert on IPv6 so maybe there's some fundamental detail I'm missing.

Yep. The IPv6 stateless autoconfig can only work with /64 subnets. So if you have smaller nets, you need to use DHCPv6 which is not widely supported (e.g. Android doesn't support it). It's recursive stupidity from the IPv6 standard authors.

Re:

[Mousit]

Huh, I did not know that about SLAAC. Yeah, that does seem like a particularly stupid design decision since subnets smaller than /64 are perfectly valid otherwise. Hell, given the shear size of the address space within just a single /64, an end-user further sub-dividing that one /64 for their use makes very logical sense to me, vis a vis my previous post above. Rather idiotic not to have made such obvious use cases simple to implement by design.

Re:/64 Prefix delegation

[Cyberax]

Yeah. The initial IPv6 authors had this dogma that the second /64 of the address should be derived from the MAC address, and Bluetooth has 64 bit MACs. So they resisted all the attempts to change SLAAC. Even though nobody uses MACs for SLAACs anymore due to privacy concerns.

There is a proposal from _this_ _year_ to change it: https://datatracker.ietf.org/d... [ietf.org] - but even if it's accepted, it's going to take another decade for the changes to percolate down to actual devices. On the other hand, it's not like IPv6 deployment is associated with any sense of urgency.

Re:

[Darinbob]

This is mostly a clash between IPv4 thinking and IPV6 thinking. Do you need subnets within your residence? I suspect the ISP doesn't understand that maybe someone wants that, or they want to give you 16 different /64 addresses along with the associated higher cost.

You could also generate local addresses that aren't the same as the built-in 32-bit host ID that each endpoint has. The full 32-bit device ID is still there for link-local but isn't required that it stays the same across all networks.You can alw

Re:

[aaarrrgggh]

The subnets are used for segregating untrusted and trusted devices. For IoT crap I actually use (IIRC) 5 different subnets based on equipment needs. With IPv6, matters actually get worse because host-based firewall rules don't work without breaking other things.

IPv4.5 with base-16 rather than base-8

[Seven Spirals]

Some networking guy was showing me how he thought we should just convert IPv4 addresses to use a different base number scheme (hex rather than octal). He pointed out how many more addresses would fit into the same human-readable format (dotted quads). Ie.. instead of something like 192.168.255.1 you get something that looks like this: "FFA.123.AB8.22E". He insisted the code-changes would be minimal (doubtful) and that any IP with a letter in it, could just be auto-extended onto the "bigger Internet" rather

Re:

[fred6666]

Of all the reasons why IPv6 isn't anymore common, the fact that it is a pain to read or write by humans isn't worth mentioning. Especially with shortcuts such as ::1

Re:

[Seven Spirals]

Found the guy who never works with routers.

Re:

[Darinbob]

That ::1 is the simplest thing though. All "::" means is that they're all 0s in the middle Sort of like saying 127::1 instead of 127.0.0.1. You don't need the ::. you can do the full 1234:5678:9abc:def0:0000:0000:0000:0001 if you like.

The whole reason :: exists is to make addresses easier to read. For IPv4, the only reason it has periods is to make addresses easier to read: 127.0.0.1 is simpler than 2130706433.

Often the reason that corporate addresses are easy to remember is that they're pre-simplified

Re:

[XanC]

it could have been made backwards compatible

How?

Re:

[guruevi]

One simple way would've been to use the same IPv4 header and then extend it into the 'data' section for IPv6 use cases similar to how PPPoE or any of the other oE works. (call it IPv6oE4)

That way large organizations could've continued routing IPv4 while routers and clients that were capable being involved in translating the "extra" IPv6 stuff out of it after which they can use the new scheme until they hit another translation layer. It would require 32-bits out of the 128-bits to be used solely for 'legacy

(hex rather than octal)

[rossdee]

" instead of something like 192.168.255.1"

That's not octal, that's decimal

Re:

[Seven Spirals]

It's a decimal representation of four octets. Internally, the math is octal.

Re:

[Bert64]

That gives you 12 bits per quad, so a total 48 bit address space so you'd just be kicking the can down the road and hit exhaustion a few years later.
You would still need a completely new stack, because the address space would now be 48 bits which would not be compatible with the legacy 32bit space. You would still need code changes because everywhere that assumes an address is 2^32 would need to be changed to support 2^48.
You'd have at least the same amount of work as IPv6, only you'd need to do it again in

Re:

[Seven Spirals]

You bring up some good points. Confusion with DNS and the expansion of the address space would both be a big issue and just to get from 32 to 48 bits isn't really worth it. I think he thought that one could just convert a few variables to larger ones (ie.. change a long to a long long, etc..) and somehow it'd be easier to convert existing IPv4 stacks. I didn't think too hard about it, but the first thing that came to my mind is the heavy use of macros in the IPv4 BSD stack which is fairly ubitquitous. Those

Re:

[DarkOx]

not just code, but all the l3 switching, routing, and firewalling hardware out there with custom chips expecting to do bit operations on 4byte values.

His plan would be anything but easy it would break just about everything EXCEPT the python/bash/perl/ruby/vbs/psh/etc.. scripts out there using string-y format address, and it would create uncertainty around what is and isn't broken. Basically the only stuff not broken would be the cheapest easiest stuff to fix. - DUMB

Re:

[Darinbob]

IP anything doesn't use base number schemes, it uses bits. The hexadecimal vs octal vs decimal is purely for the humans. IPv6 uses hex because it's much easier to read long numbers that way, IPv4 uses decimalis because other bases would confuse some people (they're not octal). The "dots" there are just convention, the split between network and host doesn't have to be on a period when subnets are in use.

Re:

[Seven Spirals]

You are right, of course, but it doesn't make what I'm saying wrong, either. Let me show you what I mean. Here is code from 4.3BSD Tahoe where most folks appropriated their IP stack from. First example is the actual 32-bit declaration of the address.

struct in_addr { u_long s_addr; // 32-bit IPv4 address }; So, first problem is that you cannot hold a 48-bit address in a 32-bit u_long. Second issue would be stuff like this:

#define IN_CLASSA(i) (((long)(i) & 0x80000000) == 0)

This macro operates on the premise that the address is a 32-bit value. It appl

Re:

[Darinbob]

This is a complex solution in many ways. You need to have all the new nodes recognize this format. The big snag is the adoption problem, which is a huge snag considering that IPv6 is already adopted and standardized :-)

But you also cannot just add another 2 bytes to the address. You either get a new protocol altogether (and you can't use 4, 5, or 6 for the version number if you stick with IP), you probably can't use the one remaining reserved Flags bit in IPv4. Probably you could use the Options field t

IPv6 adoption has stalled on Google

[xack]

It's been hovering between 45-47% for over a year now. I have heard that many isps have sold many of their IPs for money and CGNATed the rest. Many of the new "altnet" isps in the United Kingdom are CGNAT only unless you pay an extra fee. Legacy ISPs such as Virgin Media still have a hoard of IPv4 and still show no signs of switching to IPv6. We have a right mess with IPv6, too many unpatched issues in the spec means that just paying for a v4 is easier for many networks than getting a "free" ipv6 subnet.

Re:

[Bert64]

It's not financially viable to set up a new ISP today without using CGNAT. This applies to new providers in developed countries, and pretty much all providers in developing countries. The cost of getting a non-CGNAT legacy IP will keep going up if it's an option at all.

Google stats have slowed, but it's still an upwards trend.

The problem is twofold:

1) the benefits are largely transparent to users, most sites and services will continue to work with legacy ip, the performance differences are often small and t

Old news

[celocanth]

Our estate has been dual-stack for nearly 20 years. It really isn't a big deal.