back to article You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking

Uncle Sam has finally had enough: 15 years after it put out a memo telling its federal organizations they had to start moving to IPv6, it has decided to give sluggish bureaucrats a kick in the ass. The Office of Management and Budget (OMB) this week published “updated guidance” on the next-gen internet protocol. It wants the …

  1. Martin Summers

    In all of this intervening time no-one apparently has thought it fit to come up with a standard the world could easily adopt without the unnecessary complexity of IPV6. If it had been acknowledged early on that IPV6 is a turkey then by now we could have moved on to bigger and better things. Why so much protectionism for something so unloved? It's crap, it always has been and always will be.

    1. batfastad

      > It's crap, it always has been and always will be.

      Care to justify this opinion?

      1. Anonymous Coward
        Anonymous Coward

        @batfastad - Erm...

        its healthy rate of adoption perhaps ? After all, millions of companies can't be all wrong.

        1. bombastic bob Silver badge

          Re: @batfastad - Erm...

          "millions of companies" = "straw man" [you assume they are making conscious 'we will NOT do IPv6' decisions when, in fact, it may simply be a lack of knowledge or even the unavailability of IPv6 blocks from their intarweb providers].

          Besides, the "bandwagon technique" hardly proves ANYTHING. "Millions of people around the world eat bugs". Does not make me want to do it.

          The biggest hurdle I have seen to general IPv6 adoption is a lack of direct support from ISPs. When the ISP gives you a router that has all of the IPv6 stuff working, and they officially support it (even via PPPoE), then you'll see a LOT more people using IPv6. Until then there are the free tunnels, for however long THAT will last. Setting them up requires at least some network knowledge beyond "average", in my opinion.

          In any caae, anti-IPv6 FUD and "fake news" is (probably?) NOT helping.

    2. Snake Silver badge


      Quite. To start, the non human-parseable addresses are utterly and completely uncalled for; certainly someone older than 6 years could have been brought into the meetings to figure out an address design that isn't such a botch job. Designing an address paradigm that is, essentially, only functional in the space using lookups is, therefore, never expecting/understanding that those can and do break.

      And then what? Your log has an entry showing a 128-bit IP and it's up to you to figure out where, and why, things went TITSUP.

      Good luck with that without a handy cache of tools just to find which route it failed on!

      1. borkbork

        Re: Crap

        You could always invent your own representation, as long as it packs in the required number of bits (eg: for ipv4 ping is perfectly happy to work with decimal, octal and hexadecimal notation, alongside the more usual dotted decimal). I suggest using unicode emojis - visit my website at tulip-eggplant-winky face-lobster-broccoli-automobile-man frowning-sock.

      2. Nanashi

        Re: Crap

        If you actually spend some time using v6, you'll find that v6 addresses can be parsed by a human easily enough. It's actually easier to parse subnet info out of them than with v4, because hex lines up with binary more readily than decimal does.

        1. werdsmith Silver badge

          Re: Crap

          My router at home doesn't even offer IPV6, or I would use it just for the exercise even though my internal IPs matter nothing to anyone. The broadband provider is using IPV4 on the outside.

          Anyone recommend an AP type router with good WiFii that uses IPV6 with an IPV6 DHCP server built in?

          It will need to be configurable for NAT and IP forwarding and I guess translation between 4 and 6.

          1. John Sager

            Re: Crap

            No point. Wait for your ISP to upgrade, which might be a long time. I'm posting this on Vodafone 4G, and I've got a V4 10 address. They took the short term view with CGNAT ☹️

            1. naive

              Re: Crap

              IPv6 is clearly a product of autistic tech thinking, striving for the technical perfect solution but ignoring the human aspect of losing control due to its inherent complexity.

              It a sign of the times, cars went the same way, full of crap and hard to fix. But that is what they want anyway, the more crappy the stuff is one makes, the more successful the company is due to repeated sales.

              It is to be seen if things change, loadbalancer technology like haproxy and nginx became very mature and accessible, offsetting address shortages significantly. From the market, the major networking equipment makers will likely continue to market their IPv4 conjuring technology, since that is a major part of their added value.

            2. Jim Willsher

              Re: Crap

              Same with me.My home internet connection is provided by EE over 4G, and there's no IPv6 option, just IPv4 and CGNAT.

      3. jason_derp

        Re: Crap

        ...the non human-parseable addresses are utterly and completely uncalled for...

        Of course. Unlike the IPv4 standard. 192 makes sense. It's obviously representing tower-shrimp-contortionist[facing left]! The meaning of those octets practically screams at you from the screen! Hex isn't scary, it's the same numbers as before but now there's a few letters. You know who used hex a lot back in the day? Children. Children using GameSharks/ActionReplays to hack games to find cheating methods.

        Just because it requires some effort, doesn't mean its useless. I hate putting on pants but, and trust me on this, society (or at least the portion of it surrounding my most frequented places) has almost unanimously determined that I should just suck it up and put them on (bastards).

        All joking aside, what would be better? "IPv4 is good enough now and will be forever" is a bs argument, and I've never seen a good proposal for how IPv6 should look. More octets of decimal? Won't that just mean that now you have more of those damned octets to memorize? I wonder how many of the people railing against IPv6 have ever seen their crotch without frosting, because all of the complaints seem to boil down to wanting to eat their cake and f*@#k it too. "The IPv6 solution is awful, we should do it this way, but I'll complain no matter what it is because change is hard!"

      4. steviebuk Silver badge

        Re: Crap

        Somewhat agree.

        I like knowing that is my router is my main PC is the spare PC is the NAS is the other NAS is a fanless 24 port managed switch. is another one

        Fuck knows what they'd be if all set to IPv6 and sod remembering them.

        1. SImon Hobson Bronze badge

          Re: Crap

          I like knowing that

 is my router ...

          You can do that in IPv6 if you want. You can use <prefix>::1 for your router, <prefix>::2 for your PC, etc if you really want to. As long as you get a static IP prefix, then you quickly learn the prefix or can copy/paste it. If you don't get a static prefix, you could use ULA (Unique Local Addresses) internally to have more control over it.

          But IMO it's easier to be able to just refer to "router", "PC", etc.

          That SHOULD be easy to arrange, that it isn't for most people isn't the fault with IPv6, it's a fault of crappy routers that (while also doing a mediocre job of general name lookups) don't have (either at all, or in an easily used way) any means of setting up a local zone.

          1. jason_derp

            Re: Crap

            ...that it isn't for most people isn't the fault with IPv6, it's a fault of crappy routers....

            In this day an age, it would baffle me that anybody on this planet with enough knowledge of IPv6 to hate it would be using a store-bought router to begin with instead of one they rolled themselves. If they are using a store-bought one WITH the original firmware that makes the experience a dreadful and taxing slog is not even believable to me.

        2. bombastic bob Silver badge

          Re: Crap

          you should use a Linux or BSD server on your network, and set up DHCP (including DHCPv6) and DNS. Then you can use names and won't have to remember the numbers [and IPv6 will become naturally available, depending]. I've been doing this for my own LAN since the early 2000's.

      5. Michael Wojcik Silver badge

        Re: Crap

        What really annoys me about IPv6 addressing (at the moment) is zone IDs for link-local and site-local addresses. "A printable representation of an IPv6 address will be at most INET6_ADDRSTRLEN characters, plus some arbitrary number for a percent sign followed by something that might be a decimal number or might be some arbitrary string."

        Well fuck whoever came up with that, eh?

        The whole idea of "each of these addresses will be unique, except for all the ones that aren't" is obviously the result of some mind-bogglingly braindead compromise. I expect IPv7 will introduce an "eat your cake and have it too" scheme.

    3. Kevin McMurtrie Silver badge

      It's the hardware

      IPv6 is trivial. I've been using in my home network and personal server for years. The only hard part is finding routers that aren't garbage. Even if the router hardware is good, someone is going to load it with firewall rules posted 10 years ago to a message board for "security." Imagine trying to get IPv6 passing through an old government building filled with 5 generations of routers configured by 4 generations of IT staff. Maybe they have a few coax and Cat-3 hops along the way.

      1. Doctor Syntax Silver badge

        Re: It's the hardware

        "IPv6 is trivial. I've been using in my home network and personal server for years."

        The rest of your post seems to contradict that, at least for anything less trivial than a home network.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's the hardware

          Oh, god, yes. We've been working with IT getting an IPv6-enabled VM lab and IPv6 connections enabled to select remote systems for testing the IPv6 support in some of our products, and it's taken a tremendous amount of work. Much (though certainly not all) of IPv6 may be straightforward in theory, but the actual implementations we're working with are mostly a mess.

        2. Joe Montana

          Re: It's the hardware

          For any non trivial network, IPv6 is much easier to manage than IPv4...

          You have end to end connectivity, with firewall rules allowing or blocking traffic as required. You don't have address translation confusing the matter.

          You have improved security because the rules are easier to understand, and when you allow or deny an address you're allowing just that address and not other things that might be behind it.

          The address you see in logs is the address of the host, not the address of an intermediate node doing address translation.

          You have a large enough address space to design everything properly without having to worry about address translation hacks.

          If you're merging multiple previously separate organisations, or establishing vpn connections to third parties you don't get address conflicts.

          IPv6 is better, IPv4 is old, broken and requires all kinds of nasty kludges to keep limping along.

          That's why microsoft are moving to ipv6 and ditching ipv4:

      2. Joe Montana

        Re: It's the hardware

        Well another requirement is to have actively supported equipment for security reasons, and routers which don't support ipv6 are long since end of life.

    4. tip pc Silver badge

      i fully agree

      They should have created a new better standard that people would have wanted to migrate too earlier.

      1. Warm Braw

        There's a lot I don't like about IPv6 and I was at one time a contributor to one of the alternative proposals. However, it's not the technical details of IPv6 that prevented its adoption.

        At the time IPv6 was being mooted, the Internet really didn't extend far beyond government and academia. There was already a problem with scaling, but that was largely related to the way IP addresses were divided into classes and to memory limitations in routers that were worsened by the need to have a routing table entry for every destination network.

        There was a quick fix for the two pressing problems - classless addresses allocated in such a way that routing tables could practically include only prefixes for groups of networks that had either geographical or carrier affinity.

        Then it came down to money. Was it worth vendors implementing IPv6 stacks if the immediate problem had been resolved? Would people buy routers that were going to be significantly more expensive owing to the cost of both processing and storing longer addresses? The answers to that turned out to be no and no. The routers did eventually get the grunt to handle IPv6, but that was largely a side effect of their having to deal with ever faster line speeds and ever more routes.

        Subsequently, the Internet has grown much larger and much more quickly that anyone at the time could possibly have imagined without IPv6 ever becoming a dominant component. It will, eventually, but it's now more of a tidying-up exercise than a technical necessity so progress will remain slow.

        Changing the bits on the wire might have created a technically better standard, but it would not have resulted in earlier migration by anyone*.

        *Edit: in hindsight it would probably have been possible to make changes to IPv4 (rather than IPv6) that would have made it easier to operate hybrid networks, bringing more IPv6 services online earlier. In reality, it would have been impossible to get anyone to invest effort in this at the time as the focus was putting an end to IPv4 not extending its useful life. We are where we are.

    5. SImon Hobson Bronze badge

      In all of this intervening time no-one apparently has thought it fit to come up with a standard the world could easily adopt without the unnecessary complexity of IPV6

      At the basic level, IPv6 really isn't complicated - you can (mostly) treat it like IPv4 but with longer addresses. However, it IS more complicated than IPv4 simply because it's been designed to not have the same constraints that IPv4 has. IPv4 really does have a lot of limitations, but most users never see them or the work that goes into "fudging" things to make it work in all the situations it's used in. Even without getting into particularly complicated networking I've come up against some of these limitations over the years.

      There are aspects to IPv6 I don't like - but I'd put up with those to do away with the mess of IPv4 !

      And pre-empting the usual complaint/comment - no there really is NO WAY WHATSOEVER to wave a magic want and somehow expand IP addressing without breaking compatibility with existing networking. You could try pinching a few bits from the port field - but that would break a lot of stuff and be, at best, a short term sticking plaster.

      Once you've made the decision that you can't realistically maintain backwards compatibility, then you might as well make a decent jump in size now and not have to worry about running out again in the foreseeable future.

  2. Throatwarbler Mangrove Silver badge

    I'll believe it when I see it

    Been counters are good at mandating that techies can't do anything, but forcing them to do something is a different kettle of fish, and the timescales described sound completely unrealistic.

    1. Anonymous Coward

      Re: I'll believe it when I see it

      The timetable was a lot more realistic when the major domo of US Government bean counters first issued it. Unfortunately it ran into the buzzsaw of Agency bean counters who saw it as an unnecessary budget item that could be put off.

      Without an external date to force the change (which got Y2K mostly addressed) I suspect Agencies will continue to ignore it and we'll get a new memo every few years.

  3. Anonymous Coward
    Anonymous Coward

    bwahahaha, all that will happen is the government departments will say to "The Office of Management and Budget", show me the (big bags of) money, because we don't have the budget to pay for it.

  4. Anonymous Coward

    Does the Office of Management and Budget actually have a working grasp of IT strategy??

    “Numerous technical and economic stop-gap measures have been developed in an attempt to extend the usable life time of IPv4, but all of these measures add cost and complexity to network infrastructure and raise significant technical and economic barriers to innovation.”

    My respect for the OMB has just gone up a notch. They are now at notch one. :)

  5. vtcodger Silver badge

    KInd of like Ada perhaps

    Frankly, I doubt these people know what they are doing. It's probably possible to move the federal government -- at least everything that doesn't face the public, to IPV6. But this doesn't sound like the way to do it. We'll ignore the lurking question of why on Earth one would want to spend considerable money and resource to "fix" something that very likely isn't broken.

    A few of you may recall the Ada fiasco of the mid 1970s. Back in the distant past, the US Department of Defense looked upon its ever growing IT budgets and said to itself. What we see is chaos. And it is growing. We must do something. We can't easily do anything about the hardware. We're stuck with what we own. But we CAN do something about the software. And we will. We shall convene a coven of wizards and have them conjure up a single computer language that will satisfy all our needs. Because we are such a large customer, we can coerce the craftsmen and their masters into using it for all purposes. And the economies of scale shall be enormous. And the OMB will be ever so pleased.

    So the wizards convened and conjured up Ada. Let me say that there is nothing especially wrong with Ada per se. People can and do use it today. And it works OK. It bills itself as being ideal for mission critical, safety critical, yada, yada, yada ... applications. And maybe it is. If suspect a lot of that is BS of various degrees of purity, but maybe I'm wrong. And it's certainly not unsuited to such applications.

    Having an Ada specification in hand, the DOD then told it's program offices (the folks who do procurement and manage development efforts). From this date forward, thou shalt use Ada or risk disgrace and being passed over for promotion. And the program offices told the contractors. Thou shalt use Ada. And the contractors looked around and said, "OK, where can we get an Ada compiler?" And they found that there were no Ada compilers. And it also turned out that writing an Ada compiler was a non-trivial job. So the contractors said to the program offices. "Look, we can do what you need when you need it, but not in Ada. How about writing us a waiver and we'll use Fortran (or whatever) and rewrite it later in Ada if you so desire?" So waivers were requested And granted. Lots of waivers.

    Ada compilers were eventually written. But by that time, the enthusiasm for Ada had passed.

    There was incidentally another problem with Ada -- which was that it somehow got advertised as a language for "embedded systems". What's an embedded system? The dimwitted, cheap little chips that run your coffee maker and the hygrometer in my bathroom and things like that are embedded systems. The military owns a LOT of those. And in the 1970s the digital hardware for them was extremely simple. Typically a few TTL chips, a bit of memory, and some custom circuits. You didn't program those in a higher order language -- especially not one with garbage collection which makes timing analysis next to impossible. You programmed them in assembler.

    Anyway, Ada was a near total flop from the DOD's point of view.

    I think this edict is likely headed down the same path. What would I do if anyone asked me (which they won't)? I'd take one government segment that no one cares much about. The folks building the border wall that no one but Donald Trump wants perhaps. And I'd promise them all the resource they needed and tell them to go 100% IPv6 and document all their problems (existing gear that CAN'T do IPv6 and has no off the shelf replacement for example) then write a conversion manual. Then I'd have two or three other organizations try to follow that conversion manual. Then I'd have them write a guide for the rest of the government. Then, and only then, would I start laying down mandates. And only if I still thought 100% IPv6 was a good idea.

    1. Baldrickk

      Re: KInd of like Ada perhaps

      Ada is still used for mission critical items - we use it for safety critical work in my company, as it's one of the few languages which can be verified to a high enough degree,

  6. Anonymous Coward
    Anonymous Coward

    What is the fucking point?

    When the standard first came in, it had the good shit, like VPNs (wasn't IPSec needed for ipv6 in the 90's). With no timeframe to kill IPv4 what does IPv6 give you? Sweet fuck all really.

  7. tip pc Silver badge

    I’ve often wondered why no other competing standard hasn’t popped up over the years. Surely Cisco, juniper, HP etc could come up with something better.

    It’s likely because the carriers use other addressing tools to shunt data around and about and don’t care as much as say Facebook, google etc. We only care about reaching the cdn’s and not so much the sources who could be on CGNAT, or just nat behind home routers or publicly accessible infrastructure.

    The privacy fubar of binding the Mac into the IPv6 looks to be addressed, but there are other privacy issues to come.

    Lastly IPv4 exhaustion suits ISP’s as it’s stops new entrants and stifles competition.

    Who, aside from some enthusiasts, actually wants ipv6?

    Consumers only need it to connect directly back to stuff in their homes, which we know is a bad idea anyway & firewalls will block potential unsolicited connections and we already have mechanisms in place to securely achieve inbound comms, so why do we really need IPv6 with all its problems and issues that have ensured it’s struggled for adoption for decades.

    1. Nanashi

      It's because it's hard to do better than v6, especially at this stage. v6 is already very close to "v4 but with longer addresses", and it already has support in most networking hardware and software. If you tried to come up with something different, you'd be starting from scratch on deployment (which we've already established takes a long time), and you pretty much have a choice of coming up with something that looks very much like v6, or something which is more complicated. Neither of those are likely to improve on the current situation by enough to throw away all of the work we've already done on deploying v6.

      > Who, aside from some enthusiasts, actually wants ipv6?

      ISPs do. CGNAT is expensive. Deploying v6 moves over half of your traffic off of your CGNAT infrastructure, which immediately makes it cheaper and reduces the need for future upgrades. It's also less complex than CGNAT, which is another cost saving.

      The complexity of NATed networks (taking RFC1918 clashes, split DNS, VPNs etc into account) is a driving force in many other places too.

      1. Doctor Syntax Silver badge

        > Who, aside from some enthusiasts, actually wants ipv6?

        ISPs do.

        Mine doesn't seem to want it.

    2. DougMac

      > Who, aside from some enthusiasts, actually wants ipv6?

      Anyone who is behind a massively overloaded CGNAT box that can barely keep up.

    3. EnviableOne

      The only difference is the stupidly large address space (and associated addresses) and the available AS numbers.

      There are enough IPv6 addresses to asign 7 to every atom in every human on earth...

      As it stands the only people that need IPv6 are those on the BGP backbone, as there arent any AS numbers left.

      the AS numbers part is the driving force behind the backbone requirement.

      with RFC1918, NAT and Dual stack, why bother changing yourt internal network? FFS the even the NHS doesnt even use the full

      1. SImon Hobson Bronze badge

        with RFC1918, NAT and Dual stack, why bother

        Dual stack includes IPv6 - so not sure what your argument is there.

        But NAT+RFC1918 is a massive PITA. Fortunately for most users, but unfortunately from the PoV of fixing anything, too many people think NAT works and the problem is "solved". NAT is broken - by design - and it takes massive amounts of effort to work around the breakage.

        But like so much in the IT world, us "geeks" are bad at marketing what's going on in the background, so users simply see "stuff that works" without seeing what's needed for that "just works" to happen.

        1. tip pc Silver badge

          Just how is Nat a pita and broken?

          Everyone reading this article is behind a nat before they reach the net and the server serving this site has nat’d the traffic too.

          LB’s effectively Nat and you’d never run a busy site without LB’s even with ipv6.

          People site Nat as a problem but it’s not when all you need is to connect out to something, it breaks incoming connections but who really needs unsolicited inbound now days?

          1. Joe Montana

            Hosting anything requires inbound, and because of the lack of inbound connectivity you end up with devices that proxy through a third party server run by the manufacturer - do you trust a chinese server having access to your CCTV more than you trust a firewall under your own control?

            P2p requires inbound - and p2p is not just for bittorrent, its useful for many things - especially reducing latency which is good for gaming and voip. With NAT you have to push your traffic through a third party server which increases latency and gives them leverage over you.

            NAT means you share an address with multiple users, if one of those users does something to get banned from a particular service then you are banned too. This is quite a significant problem in some countries where every isp uses cgnat.

            NAT makes it difficult to determine the true source of traffic. Someone complains that malware traffic is originating from your home address, you have 20 devices and occasional visits from guests, which of them is infected with malware?

            The ipv4 address space is too small that its practical to scan it all, so multiple strains of malware do so which at best just wastes your bandwidth.

            NAT gateways generally have specific kludges for protocols like ftp.

            NAT is _NOT_ a security feature, its broken.

            If you want to control inbound traffic, use a stateful firewall.

            NAT requires a stateful firewall, but a stateful firewall does not require nat. We were using stateful firewalls with routable ipv4 on both sides back when ipv4 addresses were plentiful, and we do the same thing today with ipv6.

            NAT is a dirty hack, it causes problems and breaks things. The sooner it dies the better.

  8. Anonymous Coward
    Anonymous Coward

    So would anyone actually put users real ipv6 addresses out on public? I am not talking about allowing incoming "connections" (ie. stateless)? Sometimes the expensive even if trivial is justified?

    Also most orgs that I have seen do split DNS using some other internal hostname system. Keeping the internal structure secret.

    And does IPv6 allow for mobility, NUP. So it's really nothing special.

    Full disclosure, I don't guve a shit about the RFCs and I NAT IPv6 connections and use private IPv6 addresses internally. Its because it worked so well for IPv4.

    As far as I can tell IPv6 means loss of privacy if done by the RFCs

    1. John Sager

      It's really no more 'public' than V4. The top 64 bits stay the same, just like your V4 address, and the bottom 64 bits are usually random, and change every so often.

      1. Anonymous Coward
        Anonymous Coward

        Really, so your provider can see each and every unique device behind your network? Ok, some of the protocols leak but you have that in IPv4 too.

        Also for servers you don't use a random address- - that's the place where you express you self in hex.

        1. CrazyOldCatMan Silver badge

          so your provider can see each and every unique device behind your network

          Not if you have an IPv6-enabled firewall and some careful network design..

          (It's the latter I lack at home. My network works in IPv4 but not in IPv6 and I can't be bothered to change everything..)

      2. Randesigner

        What is the point of random lower order bytes when the top 64 bytes uniquely identify me?

        1. SImon Hobson Bronze badge

          The full 32 bits of your IPv4 address uniquely identify your connection, so no difference there. Someone looking at your IPv4 address doesn't know which device behind your NAT the connection comes from.

          In Ipv6, you will have (as a minimum, it should be larger*) a /64 subnet to play in. Assuming you use privacy addressing, you therefore have 2^^64 addresses to play with, or 2^^32 times more addresses than the entire IPv4 address space. True, those top 64 bits* are as unique an identifier as a single IPv4 address - but you are no less worse off. But if done right, it will be impractical to try tracking multiple IPv6 addresses as a form of identification.

          But this is moot anyway. Hardly anyone tracks you by IP address - just look at how well honed the likes of Facebook have got their tracking.

          * Your ISP will get a minimum of a /32 allocation, and recommendations are to delegate /48 (or as a minimum, /56) blocks to customers.

          1. Anonymous Coward
            Anonymous Coward

            How much entropy is there is a single 32 address compared with a number of 64 bit random numbers? You leak information. FFS how long did it take to realize that the MAC address in the bottom 64 bits was dumb?

  9. EnviableOne

    other options

    I feel like this comes up far too often, IPv6 is about as good a replacement for IPv4 as DIAMETER is for RADIUS or SS7:

  10. Anonymous Coward
    Anonymous Coward

    That's good news!

    More IPv4 will become available for the rest of us. So those guys should start working on it right now.

  11. skyhisi


    In the UK, the ISP Andrews & Arnold provide a IPv6 address block (alongside a single IPv4 address).

    It seems to work well, quite a lot of my data goes out over IPv6 and it's seamless with the IPv4 connections being NAT'd.

    1. CrazyOldCatMan Silver badge

      Re: AAISP

      It seems to work well

      Sadly, anything other than a simple flat network isn't trivial to setup. Mine is as follows:

      VDSL-Router <---> Firewall <-> Internal networks

      IPv6 works between each adjacent two parts but the internal machines can't see the Internet via IPv6 - which means anything with IPv6 bound to the network stack will fail since all the OS's that I run seem to prioritise IPv6 if it's available. Windows 10's 'Internet detection' is particularly broken and will flip-flop between "you haz teh internetz" and "Oh noes - no internetz!".

      So I've got it turned off. And enjoy uninterrupted Internet access.

      1. Nanashi

        Re: AAISP

        That's a pretty trivial setup. DHCPv6-PD takes care of autoconfiguring both routers.

        If you can't use DHCPv6-PD for whatever reason, it's still easy; you just need a static inbound route, which is no harder to do in v6 than in v4. If it's not working for you then you messed up the config, which isn't v6's fault.

      2. Joe Montana

        Re: AAISP

        I have the same setup, it works fine because the allocation from the ISP is a /56 which allows me to assign a /64 to each internal network.

        As an added benefit, my hosts have the same addresses wether i'm connected to the home network, or accessing them remotely.

  12. CoffeeBlacker


    Ignoring issues where some sizable percentage of users will have issues with physical hardware and need to replace their voice, printers, routers, switches etc...It will cause all sorts of internal issues in software as well...(So is it driving innovation? Driving changes, not sure about innovation...depends on how you spin it i suppose). It seems to me its just making it harder to do networking manually while giving us the addressing that we need publicly. That's not all bad, mostly folks who need to have static addressing internally or externally facing are going to be savvy anyway (or should be, most of you are IT folks...hell, this is an IT news forum...complaining that IT is hard is like complaining that tea [or coffee in my case] is bitter...Whats your point?). But don't get me wrong...I've had to re-ip a few companies, and that sucks giant donkey marbles with ip4...bring ip6 in to it, thank you. Almost seems like 6 for external addresses, and 4 for int addresses wouldn't be all bad.

    1. Joe Montana

      Re: IP6

      Quite the contrary unless you're using ancient software...

      Modern operating systems prefer ipv6 and are designed to use it, running modern systems on a legacy ipv4-only network is actually a security risk.

      Same for devices, pretty much everything supports ipv6 and will prefer it. Anything that doesn't is generally either so old that its unsupported and a security hazard in its own right, or cheap garbage from china that is just as risky.

  13. Joseba4242

    The No-Solution

    "in recent years it has become clear that this approach is overly complex to maintain and unnecessary."

    So the solution is to go single stack IPv6 which (to my knowledge) no complex enterprise has yet achieved, despite some like Microsoft trying very har

  14. Breen Whitman

    If you are on IPv4 you are surfing with Hitler.

  15. AbeChen

    Making Use of the IPv4 240/4 Netblock

    Dear Colleagues:

    0) Below are two piece of recent information to share with you:

    1) This is a discussion thread about the state of the IPv6 based on publicly available statistics. It was started by an Ericsson AB researcher shortly before his retirement. The findings are a very surprising, if not shocking.

    2) This is a report on a possible use of the long-reserved but hardly-used IPv4 240/4 netblock and its implications.

    3) We are keenly aware that our approach is rather unorthodox. However, please consider the proposed architecture as a newly created full spherical layer of cyberspace consisting of RANs (Regional Area Networks), between the current Internet proper and the subscriber premises. Each RAN is defined around one reusable 240/4 netblock. Regarded as a private / independent environment, much of the existing Internet protocols, conventions, restrictions, etc. may be repurposed from a revised perspective in the RAN.

    4) Hope you will enjoy exploring this new facility.

    Feedback will be much appreciated.

    Abe (2020-08-24 10:18 EDT)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon