Now currently I’m not in the workforce, but in the past from my work experience, apprenticeship and temp roles, I’ve always seen ipv4 and not ipv6!
Hell, my ISP seems to exclusively use ipv4 (unless behind nats they’re using ipv6)
Do you think a lot of people stick with the earlier iteration because they have been so familiar with it for a long time?
When you look at a ipv6, it looks menacing with a long string of letters and numbers compared to the more simpler often.
I am aware the IP bucket has gone dry and they gotta bring in a new IP cow with a even bigger bucket, but what do you think? Do you yourself or your firm use ipv4 or 6?
IPv6 was “just around the corner” when I was studying 20+ years ago. I kept a tunnel up until the brokers shut down.
I’ve been hosting some big (partly proprietary) services for work, and we’ve been IPv6 compatible for a decade.
My ISP finally gave me native IPv6 earlier this year, which gave me the push to make sure my personal hosting does IPv6 as well. Seems like most big players services support it today. It’s nice to not have the overhead that CGNAT brings.
IPv6 got a bit of a bad reputation when operating systems defaulted to 6to4 translation but never actually managed to work.
It fixes must about every gripe I have with IPv4. It closes the hidden security holes NAT introduces. It pretty much configures itself. It allows you to use multiple Xboxes or Playstations within the same network and play online without faffing about! You can also disable the firewall entirely and basically never get scanned because scanning 2^64 addresses to find one computer is infeasible for bots (though you shouldn’t).
The addresses are longer, that’s for sure. But you shouldn’t be remembering those anyway. That’s why DNS exists! If you don’t have a local DNS server for some reason, just use mDNS, every device supports it out of the box. yourcomputersname.local will work in place of an IP address in just about everything since Windows Vista.
IPv6 was severely underdeveloped when the Necromancy Address Translation kept IPv4 usable twenty years ago, but we’re beyond that now. We have been for a while, actually.
Unfortunately, a lot of network people are the type that learned how networks worked in school forty years ago and decided that this is the way things are and they should never change again. That’s how you get things like “TLS 1.3 pretends to be a TLS 1.2 session resumption or half the internet will break” and “only port 80 and 443 are usable on the internet”. They even brought DHCP back when IPv6 works perfectly fine without it! At least Google did the right thing and refused to play ball with that malarkey in Android.
The whole address reserve argument never helped much. Super expensive cloud providers are now charging extra for IPv4 addresses but if you’re using Amazon AWS you’re used to paying through the nose anyway. CGNAT is a much worse problem, with thousands or hundreds of thousands of people sharing the same IPv4 address and basically being forced to solve CAPTCHAs all day because one of their IP coinhabitors has a virus.
As the comments here show, plenty of people can’t be bothered. That’s fine, legacy websites and devices can just use IPv4, that’s the beauty of it.
CGNAT is a feature – organizations tracing an IP back to source have to play bingo with a host of households who may / may not have downloaded that 1 torrent.
If organisations track your IP back, they can get your ISP to give them your contact details. CGNAT doesn’t protect you from carriers and legal means.
I want to love IPv6 but it’s unfortunately still basically impossible to get good proper IPv6 in the first place.
At home I’m stuck with fairly broken 6rd that can’t be hardware accelerated by my router and the MTU is like 1200 which is like 20% bandwidth overhead just for headers on the packets.
On the server side, OVH does have IPv6 but it’s not routed, so the host have to pretend to have all the IPv6 addresses and the OVH routers will only accept like 8 of them in use before its NDP table is full, so assigning an IPv6 to every Docker container fails miserably.
IPv6’s main problem is ISPs are so invested in NAT and IPv4 infrastructure they just won’t support IPv6. Microsoft, Google and Apple need to team together and start requiring functional IPv6 to create user demand, because otherwise most users don’t know about CGNAT and don’t care. Everything needs to complain about bad IPv6 connectivity so users complain to ISPs and pressure them into fixing it.
We were offered a /3(?) for like 1000$/yr… sounds like a good deal tbh
IPv6 or IPv4?
A /3 of IPv4 for that price is impossible, that’d be 10% of the entire IPv4 space. A /29 (32-3) would be more reasonable but 1k for a block of 8 IPs would be a massive ripoff.
Doesn’t make sense for IPv6 either, as that’d be exactly the global unicast range (2::/3), but makes sense they’d give you like a huge block in there, maybe a /32 as that’s what they assign to an ISP. As an end user you usually get a /48.
On my local network I want governance over my devices. I want specific firewall rules per device, so I can, for instance, block YouTube only on the kids devices. I want this to be centrally managed, so configured on my opnsense router. I want all devices to use IP6. Unfortunately none of this is possible.
To setup firewall rules I need DHCPv6, not SLAAC so my IPs on my local network that I manage are well known and fixed. Android devices don’t support DHCPv6. And the designers of IP6 were daft enough to set the priority of IPv4 above that of their new protocol. So basically if you have any IPv4 addresses on a device, they’ll be preferred by basically all operating systems - because that’s what the spec says. So you can’t run dual stack in a meaningful way.
TL;DR: IPv6 on a local network has not been thought through at all even though it’s incredibly old, it’s really immature.
IPv6 is now twice as old as IPv4 was when IPv6 was introduced. 20 years ago I worried about needing to support it. Now I don’t even think about it at all.
If you’ve never thought about it, there’s a good chance your actually using it. ISPs around the world have been turning on IPv6 for their customers. About half the internet is using IPv6 these days, so there’s a 50/50 chance you’re part of that.
I suspect my cellphone does, but not my work or home internet.
You can always check https://ifconfig.co if you want to be sure.
We are going full v6 with SIIT-DC (rfc7755) with our next hardware refresh. Our mother site doesn’t but we don’t care what they do as that’s not our problem
a teammate implemented it because he thought it would be a good resume project. it added more maintenance work to a lot of pieces, forever. there is no measurable benefit to the business
I think djb was right, over twenty years ago: The IPv6 mess
The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space.
There was an alternative proposal that was backward-compatible with IPv4, but I’ve forgotten the name now.
Oh man, that would have been so great. Think of all the networking stacks that could have just been silently upgraded. Just some letters/numbers appended to the front or back. If you only get x bytes then prepend with zeroes. Adoption would have been mostly transparent.
Yup. For those that don’t know, that’s essentially how utf-8 works -
forgotten the name
I’m gonna guess… IPv5That wasn’t it. I wanna say “IPvX”, but my web search comes up empty, so it must have been something else.
Both my employer and my home ISP use IPv6 since many years now and so does all my own stuff, it’s wonderfully convenient to have a globally unique address for everything that I connect to the network.
Cloud infra engineer here.
Answer: I don’t think about it. Nothing fully supports it, so we pretend it doesn’t exist.
Which is why “nothing” supports it
That’s exactly my experience with it.
Some certificates are even annoyed by IPv6 and they won’t install until i remove any trace of it from the DNS. This should also pretty much be the only occasion I’m forced to deal with IPv6, instead of glancing over it while working on the server configs.
In next 10-20 years everyone will use IPv6
With NAT existing, I’m not sure there’s a significant reason to switch anymore.
Plus the “surprise” privacy and security benefits of just… not having every network connected device directly addressable by anyone else on the global network. The face of the internet and networking in general, plus the security and safety concerns around it, have changed dramatically since v6 was first created.
NAT is just security by obscurity and actually not really security at all. What’s protecting you from incoming scans, etc is your network firewall. That firewall works just the same for IPv6. Blocking incoming traffic for your home network is usually the default setting in your ISP issued router anyway.
Working as a network engineer, NAT in a large scale customer environment can quickly devolve into a clusterfuck. Many times we had week long reachability issues due to intermediate ISPs NATing unexpectedly.
My nemesis is GCNAT, which adds another layer of NAT because some ISPs don’t have enough public IP space for all their customers to go around.
I have a customer where their ISP just assigned one of their locations public IPv4 addresses. Neither the customer, nor the ISP owned that address space. Their logic was that this address space is registered on a different continent, so it’s basically fair game to use it themselves. Granted, they only route it internally for a MPLS network, but still…
What I’m getting at is that NAT increases complexity and breaks properly routed end to end connections. Everyone kinda fucks up with NAT, especially ISPs (in my opinion anyway).
I can really recommend the IPv6 study material from the major internet registries (took the v6 courses from RIPE NCC myself).
IPv6 is so much simpler for subnetting, writing firewall rules,… IMO the addresses just look kinda clunky.
deleted by creator
You can pry my v4 addresses from my cold dead hands.
Just annoyed when I need to specify port when using IPv6. Needs to add square bracket to workaround ambiguity of colon is kinda bad. How can they decide to use colon instead of another special character??
Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.
