back to article India appoints ‘IP Guru’ to push nation towards IPv6

India has launched a national IPv6 drive. A joint initiative of the nation’s Ministry of Electronics & Information Technology and Ministry of Department of Telecommunications, the effort will be run out of the National Internet Exchange of India (NIXI) and aims to educate locals about the benefits of IPv6. An IPv6 Expert …

  1. Len
    Thumb Up

    About time

    This is long overdue. Ever tried to get anything more complex than a website in the hands of the average Indian punter?

    I have, a couple of years ago, and it's a nightmare. It's completely normal for internet users in India to be behind multiple layers of CGNAT. Setting up slightly more advanced connections with someone behind NAT is quite a task, trying to connect through three or four layers of NAT is bad enough to simply give up. I wonder if P2P applications are even possible in India.

    IPv6? Bring it on!

    1. Roland6 Silver badge

      Re: About time

      Use of IPv6 doesn't mean mobile telco's won't continue to use some form of CGNAT to help manage what services they do support natively over their network - looking at you EE.

      1. Joe Montana

        Re: About time

        CGNAT is only for legacy IPv4 services, any service you migrate to IPv6 is no longer encumbered by CGNAT. It's the same on most mobile networks, IPv6 gives you proper two way connectivity with routable addresses while IPv4 puts you behind CGNAT and breaks stuff.

        1. Azium

          Re: About time

          Yes indeed. But that doesn't mean you can't force NAT on IPv6 if you really wanted to. And apparently some carriers do want to!

  2. AMBxx Silver badge
    FAIL

    Time to give up on IPv6?

    Given the poor take up and continued resistance to adoption, could it be time to admit that IPv6 is a horribly complex academic solution?

    Either create a simpler layer to sit on top or give up and start again.

    1. Wyrdness

      Re: Time to give up on IPv6?

      According to Google's IPv6 monitoring, the take up is approaching 35% of all internet traffic globally. In the USA, it's almost 45%, whilst in India it's now a surprising 56%.

      So 'poor take up' isn't really an argument against IPv6. I would have generally agreed with your sentiment until I started using it myself. Once you've taken a little time to learn about it, it's not as complex as you might think.

      1. Anonymous Coward
        Anonymous Coward

        Re: Time to give up on IPv6?

        Well, people still thinking DNS is some kind of newfagled technology have troubles with IPv6 surely.

        Still ISPs need to adopt good IPv6 deployment practices - they can't assign /64 dynamic prefixes as that would break but the simplest LANs, There are of course still issues with ISPs that are not able (or unwillingly) to deliver a full dual-stack solution, and need to implement some transition technology - that makes everything more complex, and for consumers, it may need router support. Some technologies like MAP-T or MAP-E aren't still widely available.

        Consumer routers need to implement well working DNS-DHCP integration as typing IP addresses directly will be a little more cumbersome.

        And of course they need good firewalls which can also read addresses from DNS and other sourcesto ease management by less skilled users.

        1. thondwe

          Re: Time to give up on IPv6?

          The big plus that IPV4 has for consumers and business is NAT - essentially you get easy isolation "out of the box" when you drop a pretty much any old router in and tick NAT. IPV6 comes "inside" that safe world - so ISPs need skills and tools to management in that space? If the ISP controls the router, then they stand a chance, if the consumer/business provides their own then trouble starts as many don't do IPV6 properly (looking at you Sophos XG!)

          1. Anonymous Coward
            Anonymous Coward

            Re: Time to give up on IPv6?

            Well, if your router doesn't support IPv6 properly and safely, and no upgrade is available to fix it, it's time to replace it with something more secure. Especially if you're a business. Relying on NAT only and not a proper firewall is quite dangerous.

            Punching holes through NAT is not so difficult, since people enable UPnP or open gaping holes themselves to play games or use torrents and the like.

            Meanwhile NAT brings more problems than it solves as soon as you need to use things like VoIP - and here many as FTTC/FTTH is deployed you need two separate contracts to keep on using the old POTS line instead of VoIP - and the price of a POTS line is now about twice that of an FTTH.

            1. Anonymous Coward
              Anonymous Coward

              Re: Time to give up on IPv6?

              Or, you know, don't waste money until you actually go live with IPv6 for a reason other than "because"?

              Punching holes in NAT doesn't even require UPnP, any co-operative endpoints can do it through at least one layer at each end. This isn't new, and off the shelf libraries to do it exist. So yeah, if you write an app and refuse to include NAT traversal, it won't work well. That's not an IPv4 problem, that's a programmer problem.

              BTW many VOIP systems work fine across NAT. Even then a simple port mapping would square them, unless they were deployed by an ISP/Carrier that refuses to allow other service ports and is running a raw connection. You still also have plenty of better options like VPN bridging, etc. to get traffic from point A to point B, and get actual security to boot.

              Even outdated WRT class home firewalls used/use both NAT AND a stateful firewall, nobody was arguing that it was adequate by itself, just that they allowed configuring policy for both at the same time(except the harebrained ones that made you enter it twice, lookin at you sonicwall).

              Their IPv6 polices often didn't do this, but that's just bad design, not a protocol issue. But a default rule of block all incoming traffic not associated with an established outbound connection does the same thing. That does lead me to wonder why it took 10 years to get that in a GUI for IPv6 on so many routers, home or business class though.

          2. Len
            Facepalm

            Re: Time to give up on IPv6?

            All the networking hardware I know has the IPv6 firewall enabled by default.

            I have heard some horror stories in the olden days but 2012 was the turnaround year for IPv6 in CPE and I very much doubt suppliers would not get publicly shamed for still messing this up, nine years later. We would also be bombarded with stories of break in that happened thanks to disabled IPv6 firewalls. I am not aware of any of those.

      2. Anonymous Coward
        Anonymous Coward

        In what world

        Sorry, but in what world is sub 56% adoption after 23 years anything resembling a success? And that is (VERY) generously limiting discussion to India as it was the focus of the article. Other then the "year of the Linux desktop" is there another thing that has manifestly failed to materialize after multiple worldwide adoption pushes.

        IPv6 both as a technical protocol and a project are an abysmal failure because the ivory tower design process failed to take into account many of the actual an reasonable needs of the working internet.

        A bigger address space and more cost effective routing were two things it did deliver on, but neither of those problems were, or are breaking issues, nearly a quarter century later. Their absolute refusal to consider the security and privacy implications of some of their design decisions hasn't helped. NAT wasn't in fact the antichrist of networking, and we have largely solved working around it at least in single layers at each end.

        It's not even able to support redundant internet connections without resorting to slow and ugly BGP hacks, which is it's own hot mess that they refused to address in the standard, despite re-writing the underlying routing layer. We still are at risk globally of BGP related hijacks and outages caused by newbies, fat fingers, and foreign intelligence services because of the issues they refused to address when rolling up IPv6.

        I'm glad it works for you, but "It works for me" isn't a reason to ignore the deafening sound of the rest of internet ignoring IPv6. That glacial adoption is great reason to finish the work that's left over, call it IPv7 or 8, and just move on.

        1. Yes Me Silver badge
          Thumb Up

          Re: In what world

          Since the IPv6 model has always been based on co-existence with IPv4, 56% (or whichever number you believe) is perfectly fine as an indicator of success. It's gone slower than we hoped of course, but that doesn't really matter. There was certainly a time when 56% of telephones used touch-tone dialling, and that probably made the telephone people quite happy that things were progressing as expected.

          What is happening now is that operators are discovering that CGN is too expensive (as was always predicted) and supporting IPv6 is cheaper. The people who are now ignoring IPv6 are not the ISPs, and not the mobile operators, and not the major application service providers. It's the enterprise operators, happy in their little Net 10 worlds. Eventually, they will find themselves out on a limb.

    2. vtcodger Silver badge

      Re: Time to give up on IPv6?

      Probably no reason to give up on IPv6. But it should be pretty obvious by now that there is a LOT of resistance to implementing it. Could be there are reasons for that. Might be time to consider plan B which likely involves seamless dual stacks and "one-click" disabling of anything remotely resembling the obviously unsecurable Internet of Things.

      1. Anonymous Coward
        Anonymous Coward

        "which likely involves seamless dual stacks"

        Dual stack requires IPv4 - and the reason of moving to IPv6 it's their depletion. ISPs that own large IP allocations may deliver full dual stack to most customers for a while, but others really can't, and need to implement some kind of mechanism to share their smaller allocations among many customers. In turn those kinds of mechanisms make running some applications a nightmare.

        Incumbents usually have a big advantage since they usually obtained large allocations in the past, while new ISPs can't really find enough IPv4 blocks without having to pay large sums - AFAIK only APNIC and AFRINIC have still some large blocks available - but for large countries event the /8 (almost) returned to APNIC is not enough - and AFRINIC has been caught already selling allocations illegally...

      2. SImon Hobson Silver badge

        Re: Time to give up on IPv6?

        But it should be pretty obvious by now that there is a LOT of resistance to implementing it. Could be there are reasons for that.

        Yes, a number of reasons ...

        First among them is a general tendency to not want to learn anything new, which is similar to generally resisting change. Neither are inherently bad, both are natural responses to change.

        Then you have people in the "supply chain" (ISPs etc) who aren't supporting it for their users and thus making it hard for users to adopt it.

        And businesses/corporates who are desperately trying not to spend a penny more than they have to on what I'm sure many bean counters consider an irrelevance.

        And of course, equipment vendors who haven't all been quick to provide working and bug free implementations.

        But most of all, many people (some of them voicing their opinions here) feel that "there's nothing that needs fixing". Well actually, yes there is. Anyone that properly understands networking knows that there are real problems - which are being hidden my masses of digital duct tape (someone above mentioned standard libraries for working through NAT) which are often successful in hiding the problems sufficiently well that users don't see them.

        Some of us have been in the industry long enough to remember the days when this "complicated IP stuff" was making it's way outside of academia and governments. "What do we need that for" would be a common question from people happy with their walled gardens (e.g. AOL) or dial up bulletin boards. Some day we will look back and wonder what all the fuss was about.

    3. Joe Montana
      FAIL

      Re: Time to give up on IPv6?

      According to the APNIC stats, IPv6 adoption is around 75% of all users in India:

      https://stats.labs.apnic.net/ipv6/IN

      And today's article shows the government is pushing to get that closer to 100%, because IPv4 is a broken and dangerous legacy technology that they want to avoid the cost and inconvenience of.

      If billions of people in India can manage to use IPv6 but you can't, that says more about you than about IPv6 itself.

      1. Roland6 Silver badge

        Re: Time to give up on IPv6?

        >If billions of people in India can manage to use IPv6 but you can't, that says more about you than about IPv6 itself.

        Using 4G then most probably you're using IPv6 without knowing it...

        Remember the issue with IPv6 isn't end point devices like phone handsets, the deployment complexity arises when there is a network behind your access point.

        Most phones and 4G dongles implement a simple gateway/router functionality in conjunction with the mobile network, so LAN devices still use IPv4 and can communicate is if the WAN is also IPv4...

        I suspect billions of people in India also don't if they are using a private IPv6 address or a public IPv6 address (EE in the UK seems to use a private IPv6 address space). This doesn't matter for consumers, but if you want to do something a little more interesting, without purchasing business data SIMS (£££ from various business-focused MVNO's) - I ended up using the A&A L2TP VPN (IPv6/IPv4) to wrapper the EE 4G network peculiarities giving me a predictable Internet interface and the ability to easily switch 4G networks...

        1. Len

          Re: Time to give up on IPv6?

          I am not sure about your LAN point. Running an IPv4 LAN is fairly complex compared to an IPv6 LAN, the latter being a case of just connecting your devices and everything sorts itself out. No messing with DHCP servers, conflicting IP ranges, port forwards etc.

          Most of the stuff on my LAN at home (from printer and Apple TV to thermostat and smart lighting) all talks over IPv6 without me ever having to do anything about it, it just works. I wish I could say the same about the IPv4 space in my LAN.

          1. Roland6 Silver badge

            Re: Time to give up on IPv6?

            >the latter being a case of just connecting your devices and everything sorts itself out. No messing with DHCP servers, conflicting IP ranges, port forwards etc.

            For the vast majority of residential users, there is little difference between IPv6 and IPv4: plug in the ISP supplied router and everything just sorts itself out and just works. Obviously, very few devices are IPv6 only, however, there are many IPv4 only devices, hence why currently and for some years yet, running an IPv4 LAN is an obvious choice and necessity - unless you want to have to field loads of support calls explaining why your customers IPv4 devices won't connect to your IPv6 only router...

            Obviously, it will be interesting to see whether India does effectively shutdown IPv4 in both the fixed-line and mobile spaces and thus force the issue and so get device vendors to implement IPv6. Eg. Huawei to change their 4G stick to present an IPv6 LAN interface rather than an IPv4 LAN as they do currently.

          2. Anonymous Coward
            Anonymous Coward

            Lan complexity

            Not sure that argument holds, as with an IPv6 home LAN you are committed to also running an IPv4 LAN unless you want to miss out on the IPv4 world, or set up some heavy 4to6 and 6to4 routing that probably didn't just jump out of the box and yell TADA!

            Also, not everyone will have enough control over the AAAA records to make all of that work. SLAAC leaked hardware info by default, and enabled device tracking, and not everything supports DHCPv6 even if you set up a server.

            If your switches are IPv6 enabled, your devices may merrily start using a link local address scheme, and refuse to stop using it until everything has been turned off until the router has fully restarted(and in 2021, why is this still so SLOOOOOW).

            IPv6 isn't a magic wand, and most of the slick zero-configuration stuff could also work on IPv4 gear, it just isn't setup by default on most deployments and devices. DHCP handles most of this for IPv4 at least a protocol level. So maybe IPv4-2021 should just update the defaults some of these services operate on and we'd be at the same place?

            Instead people are blocking improvements in IPv4 deployment in the hopes of negging people onto IPv6? Why not have 2 functioning protocols instead of 2 broken ones? Why not let both "Just work" out of the box?

            1. Yes Me Silver badge

              Re: Lan complexity

              "with an IPv6 home LAN you are committed to also running an IPv4 LAN"

              Yes, every home router that does IPv6 also does this. The only question is whether the ISP runs dual stack too, or runs one of the IPv4-in-IPv6 encapsulation solutions, or runs a NAT464 solution. That shouldn't be the home user's problem.

      2. Anonymous Coward
        Anonymous Coward

        Re: Time to give up on IPv6?

        "Broken and dangerous"?

        Care to back that one up?

        IPv6 leaked private information, enabled universal global tracking, and can't handle more than one network connection gracefully and I don't consider it broken per se.

        What is broken or dangerous about IPv4 other than the limited address space?

        1. SImon Hobson Silver badge

          Re: Time to give up on IPv6?

          leaked

          As in "leaked", last tense of "to leak". That is no longer a valid criticism as it's been deprecated for a long time, and if you have something running old enough code to be still using it, then you may have some other (bigger) issues to worry about.

          1. Anonymous Coward
            Anonymous Coward

            Re: Time to give up on IPv6?

            While not recommended, SLAAC still there, and still the default behavior, just like preferring the IPv6 interface over the v4 one. So unless you kill IPv6 completely, you may still have to wrangle it. I STILL keep seeing it in the ISP provided cisco routers business customers are always getting stuck with.

            So, if you can fix THAT problem for all the rest of us I'll not only cede the point, but buy you a sandwich. I suspect that you will have about as much luck with getting AT&T to update all their customer router configs as any of the rest of us have. But please don't rub salt in the wound by blaming us for bad configs we can't actually change ourselves, and maybe point the venom back at the GLACIAL deployment of properly configured dual stack at some the big ISPs. (No coincidence AT&T drags its heels when it charges you per IP for IPv4 addresses?)

            BTW I'm happy to bash on IPv6 for it's shortcomings, but that's because I want them addressed not because I think we should/can stay on IPv4 forever. But issues with 6 that were raised a decade ago are still issues today. That's not an academic problem at this point, so much as part of the geological record.

            1. SImon Hobson Silver badge

              Re: Time to give up on IPv6?

              Yes, SLAAC is still there and is the default. But SLAAC is NOT the thing you are complaining about. SLAAC can use a number of address generation algorithms, the one using the MAC address is long deprecated and shouldn't be seen in the wild now (unless you are running very ancient unpatched software, or have deliberately misconfigured things). The recommended method these days is to generate, and change, the self assigned address randomly.

              And yes, it's logical to prefer IPv6 over IPv4 when both are available. That's the way you get traffic to move to IPv6 where both ends are IPv6 enabled. Incidentally, at my last place I put IPv6 on our internal LAN without mentioning it to anyone - using a tunnel via HE. For a while I restricted it to my own laptop, then decided to see how others found it. Interestingly I heard no complaints (I could hear most people if they were shouting at their computers, small office) and left it turned on.

              Bugs in implementations (and still using MAC derived addresses would be a bug), well that's a different matter.

      3. Anonymous Coward
        Anonymous Coward

        Interesting statistic

        As the prior post indicated Googles ranking it at 56%, which implies that there is a decent number of devices getting a IPv6 address that aren't showing up in the Google numbers. Plenty of things that could fit in that gap, obviously, but I suspect the apnic numbers may not be screening by client type, and many of those 6ers may be infrastructure, not interactive clients.

  3. Roland6 Silver badge

    Perhaps someone can tell the UK Gov that IPv6 is part of 5G...

    I find it interesting that given all the soundbites about UK not being left behind and wanting to be a leader in 5G. I find it fascinating that the UK Government's Strategy for 5G and related publications don't mention IPv6...

  4. Pigeon

    IPV6 link-local fubar

    I did try two servers before pointing out the obvious.

    The link 'IPv6 index' digs thus:

    ;; QUESTION SECTION:

    ;; ipv6.nixi.in. IN AAAA

    ;; ANSWER SECTION:

    ipv6.nixi.in. 14399 IN AAAA fe80::250:56ff:febb:56d0

    ;; Received 58 B

    ;; Time 2021-04-19 13:54:50 BST

    ;; From 2001:4860:4860::8888@53(UDP) in 365.0 ms

    This is, of course a link local address. What would Prince Philip say? Indian netadmins, or something. My NAT64 tunnel gets to a default apache web page. Shucks

    1. Yes Me Silver badge

      Re: IPV6 link-local fubar

      I get "*** No IPv6 address (AAAA) records available for ipv6.nixi.in", which is certainly not optimal, but better than returning a link-local address.

      www.nixi.in is 2400:5300:1::118 but is "403 Forbidden". Works better with IPv4, but has a certificate problem.

      So they have some work to do.

  5. Anonymous Coward
    Anonymous Coward

    Have they considered family planning instead of IPv6?

    Legit question

    1. Anonymous Coward
      Anonymous Coward

      Maybe they can appoint a toilet minister, a sewage minister, and for good measure, an equality minister

      Not being funny, but there are a lot of shitholes dotted around the world who are doing things backwards

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like