back to article IPv6 may already be irrelevant – but so is moving off IPv4, argues APNIC's chief scientist

The chief scientist of the Asia Pacific Network Information Center has a theory about why the world hasn't moved to IPv6. In a lengthy post to the center's blog, Geoff Huston recounts that the main reason for the development of IPv6 was a fear the world would run out of IP addresses, hampering the growth of the internet. But …

  1. Blue Shirt Guy

    He should keep quiet and be thought a fool rather than open his mouth and prove it

    I wonder where those CDNs will get their IP addresses, or is he suggesting no new competition?Does he even know what an A or AAAA record is?

    Googling he seems to have had a respected history, is he the internet's Roger Waters or John Cleese?

    1. sabroni Silver badge
      Happy

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      What's that wooshing sound?

      1. Blue Shirt Guy

        Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

        To be fair, i've now fully read (rather than just skimmed) his blog post and the article summary is not quite what he said.

        1. Anonymous Coward
          Anonymous Coward

          Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

          To be fair, i've now fully read (rather than just skimmed) his blog post and the article summary is not quite what he said.

          Well at least the title you chose for your post remains apposite.

        2. abend0c4 Silver badge

          Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

          Geoff's a bright guy who's been working in the field for aeons and his main focus has always been on the practicalities of network operations. It's usually worth bearing in mind someone's background before commenting on a secondhand report of what they're supposed to have said without checking the original.

          From the point at which IP addresses became scarce, it became inevitable there would be abuse of the network layer (by breaking end-to-end connectivity with NAT) or abuse of DNS (by returning different results depending on location rather than the same result everywhere) - or both - until such time as a replacement solution was universally available.

          While network architects were wringing their hands over the heresy, network operators went with what they could deploy quickly and I think Geoff accurately describes where we are now and how we got here.

          Where I'd differ from Geoff's opinion is that while for the majority individuals using the network the solutions are viable, for machine-to-machine communications a fractured network that depends on intermediaries is far from ideal. But, at the risk of further straining architectural wrists, maybe a separate network is the answer to that.

          1. Anonymous Coward
            Anonymous Coward

            Opinions do differ

            But pragmatic solutions have largely kept the packets moving. We now have both v4 and v6 networks, so it seems that you have your alternatives for machine to machine communications, though that is is in addition to NAT traversal and other methods like overlay networks and VPNs as off the shelf options for decades.

            The tendency of the IPv6 engineers and evangelists to treat the legitimate interests of other stakeholders as "Heresy" and "Abuse" was an early indicator of their ongoing failure. They designed a protocol that only addressed their needs(more efficient routing tables, low carrier equipment costs, and the only thing most people mention, the address space) while ignoring interoperability, reliability, and security concerns. They deflected their work's glaring shortcomings by claiming many of them were out of scope, someone else's responsibility, or irrelevant or academic. They failed to collaborate with other stakeholders to build a realistic deployment roadmap, close the training gap at vendors to support a realistic timeline for support, or wait and put the work in to address the real functional concerns holding back general uptake.

            In short, they failed. For decades. They continue to do so. So they need to be pushed aside and we need to take the salvageable work and plan and deploy a realistic converged network. In reality, ipv4 should never really go away, and probably wont anytime soon. It may be treated as an obscure and legacy protocol, and 25 years from now I hope it's just one on many overlay networks. One more service in a network of services that we can choose to use or not. We won't get there by condemning the approaches that succeeded as heretics. Not every device needs direct access to other devices, and no device should actually have direct access to EVERY device. Just every device it's operators consent to grant access, and just the level of access they grant. That isn't IPv6's foundation or ideology. The technical layer is salvageable, but it isn't the "One True Network" of the future. We should have also started serious work on IPv7 and IPv8 and IPv9. Iterative progress would have put us where we are at now 15 years ago.

            Good news is IPv4 is showing it's age, but we can keep the old gal going long enough to try again, and with better planning and better requirements analysis. Fortunately we have both, so even if IPv4 hits major bumps in the near future, the internet will trundle along.

            1. Yes Me Silver badge

              Re: Opinions do differ

              I don't know which world you live in. In the one I inhabit, half the traffic is IPv6 and all operating systems support IPv6. There's no realistic prospect of an IPv7 in the next few decades. QUIC may well paper over some of today's glitches, and if it does you won't even notice when IPv4 fades away.

              1. webstaff

                Re: Opinions do differ - sage line 50 world.

                "half the traffic is ipv6"

                Try supporting Soho, small biz.

                So much "can we turn off ipv6" sage being a top offender in this regards.

                Heck most of the micro isp site I support are vermin media, so no ipv6 there either.

                1. sabroni Silver badge
                  WTF?

                  Re:Try supporting Soho, small biz.

                  Maybe read it back before you hit Submit? Or was that just a note for yourself?

            2. catprog

              Re: Opinions do differ

              What purpose do you see IPV7 doing that cannot be done by IPV6 ?

              3 * 10^28 addresses for each person when the population of Earth gets to 10 billion

            3. FILE_ID.DIZ
              Boffin

              Re: Opinions do differ

              We should have also started serious work on IPv7 and IPv8 and IPv9. Iterative progress would have put us where we are at now 15 years ago.

              We already had IPv7, IPv8 and IPv9 - June 1993, May 1994 and June 1992, respectively.. So those started around 30 years ago and longer. (Also, IPv5, but who's counting.)

              https://www.rfc-editor.org/rfc/rfc1475.html (IPv7)

              https://www.rfc-editor.org/rfc/rfc1621.html (Supplement to RFC 1475, so next in order? [The RFC doesn't directly refer to IPv8, just the merger of two minds, including IPv7.])

              https://www.rfc-editor.org/rfc/rfc1347.html (Apparently another swing at the Heir-Apparent, IPv6, like the two above?)

              https://www.iana.org/assignments/version-numbers/version-numbers.xhtml is the source.

            4. deadlockvictim

              Re: Opinions do differ

              What is the reason why GUIDs were never considered as network addresses as an alternative to IPv4?

              Other than their size and the fact that they are hell when used in clustering keys in databases, they seem to be a wonderfully useful thing.

              Is it that NAT is just too successful?

              1. JamesTGrant Bronze badge

                Re: Opinions do differ

                Switching using bitmask ‘scopes’. IPv6 uses the ‘subnet’ approach to determine where to switch a packet. A GUID would be unique in every regard relative to another GUID so the switching table would need to know about every packet and the implementation underneath couldn’t be a simple bitmask.

              2. Nanashi

                Re: Opinions do differ

                "the fact that they are hell when used in clustering keys in databases" is basically the reason. Routing tables are essentially clustered indexes of the IP address space. If you couldn't summarize/aggregate/cluster IPs into networks, you'd have to track where every single in-use IP currently is, instead of just every group of networks.

            5. David Hicklin Silver badge

              Re: Opinions do differ

              Where they went wrong was making IPv6 *so big*, there really was not much need for such a huge (and I think overkill) addressing range and keeping the hexadecimal out of it would have helped it's adoption as I am sure that is part of what scared everyone off.

              I think we are stuck with it however as otherwise we will end up with triple stack network implementations

              1. Nanashi

                Re: Opinions do differ

                It's not actually possible to make v6 be the exact size it needs to be, so "overkill" and "underkill" are your only options. Given how long it's taking to deploy v6, I think it's better we aim for overkill rather than underkill, so that we don't need to go through all this again.

                Also, it did need to be bigger than 64 bits, and the smallest power of 2 after 64 is 128. Making it a power-of-2 number of bits isn't absolutely necessary, but can you imagine the wailing and teeth gnashing we would have got if it wasn't?

              2. tip pc Silver badge

                Re: Opinions do differ

                Where they went wrong was making IPv6 *so big*, there really was not much need for such a huge (and I think overkill) addressing range and keeping the hexadecimal out of it would have helped it's adoption as I am sure that is part of what scared everyone off.

                Where they went wrong was their fastidious insistence that NAT be gone and everything should connect to everything just as we where realising we didn't want everything to connect to everything and also we want somethings to look like 1 thing when really they where 1000 things.

                turns out ipv4 works pretty well for availability & security by masquerading.

                NAT was transformative for security, cheap, ubiquitous and with the benefit of enabling firewalling as the session table could be used for that.

                yes ipv6 has gazillions more addresses but do we need them?

                once people realise we don't need lots of addresses to connect to stuff, we can end back in the realms of closed gardens where we prefer to connect to the net via a secure solution that promises to protect and care for us. VPN's are a 1st step and work fine over NAT.

            6. Nanashi

              Re: Opinions do differ

              The designers of v6 didn't ignore interoperability, reliability, or security concerns. All of those were considered and handled in v6. Neither does it somehow mandate that all devices have access to every other device; consent is granted in exactly the same way it is in v4 (i.e. by operators granting the level of access they want in firewalls). You're attacking a strawman here, not the protocol that actually exists. That's not a failure on the part of the people involved in v6, it's a failure on your part to understand what they've done.

              What would iterative progress even look like for this? It's proving to be hard enough to deploy one new L3 protocol Internet wide, I'm not sure that doing that four times instead would be any better.

    2. EvaQ
      Happy

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      "I wonder where those CDNs will get their IP addresses"

      Assuming you mean legacy IP address, aka IPV4:

      They buy them from ISPs moving their customers to CGNAT. And from parties (education) who suddenly find a few Block B's in a drawer now that the price is nice. But those sellers should hurry ... since 2023, the IPv4 price is dropping.

    3. Jellied Eel Silver badge

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      Googling he seems to have had a respected history, is he the internet's Roger Waters or John Cleese?

      He's been around pretty much as long as the Internet. Plus being an Asia-Pacific chappie, been knee deep in the trenches when it comes to challenges like resource depletion and the NAT-wars. But also more a nethead rather than a bellhead, so sometimes disagreed with his views on network vs application. Which is pretty much the point of this article. So if you assume the Internet = web/email/apps, then he's right and CDN.

      But that assumes the apps people are trying to use fit CDN, either public or private and can work via URI rather than IP. If you can route via URI, then the flavour of IP doesn't really matter. But there are a lot of 'legacy' apps that can't do this. Over time, this will change, but there are still a lot of services that can't do this. There'll still be a fundamental need for network, as in the physical and 'Layer 2' transport. Which these days on the wholesale side is pretty much entirely Ethernet. 100Gbps, 10Gbps, even 1Gbps. Pick your flavour and I don't really care if it's IPv4 or v6, as long as you're trying to transport a valid Ethernet frame. Then I'll switch it wherever you want it.

    4. Anonymous Coward
      Anonymous Coward

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      I've got to admit: what started off as a potentially interesting article did seem to rapidly degenerate into some sort of meaningless buzzword bingo belly-button fluff about halfway through. Did someone yank out an ethernet cable at an inopportune moment?

    5. Yes Me Silver badge
      WTF?

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      "Does he even know what an A or AAAA record is?"

      <sarcasm>I doubt it, he's only been involved in Internet technology for 30 years or so, how would he know anything about DNS? After all, he wrote his first RFC as recently as 1994, and the first one concerning the DNS only in 2008. Clearly, he's an ignoramus.</sarcasm>

      That said, I don't really agree with his conclusions, and with the Google IPv6 usage peaking at 47% recently I think we can say that IPv6 has made it.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think we can say that IPv6 has made it.

        Until the vast majority of the ISP cheap as chips Routers are capable of using IPv6 then you can't say that.

        I'm starting to see IP6 addresses in my web logs. They make blocking them a real PITA. One DDOS attempt on my website came from Bejing and issued more than 3,000 login attempts in 30 seconds. The site is a blog for heavens sake. No financial data at all but these guys find a site and it is a target for them to take down.

        At the moment, I'm looking at disabling IPv6 at my router. FSCK to progress if the thing is going to be used by the hackers.

    6. Fred Daggy Silver badge
      Unhappy

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      An executive summary of the findings of the summary of the summary:

      1 - IPv4 has too few addresses

      2 - IPv6 fixed that, but

      3 - IPv6 introduced serious problems of its own, and

      4 - Response from IPv6 supporters was akin to Apple's "You're holding it wrong"

      Let us go back to Step 1.

      (I do not say that IPv4 is free from any other flaws, just that is the big one being discussed right now).

    7. kraduk

      Re: He should keep quiet and be thought a fool rather than open his mouth and prove it

      At first glance I thought his comment about cdns didn't make sense, but with a little more thought it made much more sense. What hie is saying is that in theory each cdn provider only needs a handful of public addresses. All of these cdn addresses would then be anycasted that the primary dge network. As more and more sites and services move onto said cdn providers more and more of the internet becomes hidden inside the cdn network, hence freeing lots of up space. Remember the routing on a cdn is don't at layer 7 mostly not layer 3

    8. herman Silver badge

      Network of networks

      The intertubes has always been a network of networks.

  2. Pascal Monett Silver badge

    NAT should be enough for everything

    The entire IPv4 address space could be available to every country.

    Each country would NAT their international comms to their specific address. That would give us the possibility of multiple millions of countries (not that we need that).

    When we have colonies, we could NAT comms between Earth and said colonies (Moon, Mars, Ganymede, whatever else). Each colony would have practially the entire IPv4 address space available.

    IPv6 is useless.

    1. Blue Shirt Guy

      Re: NAT should be enough for everything

      Tell me you don't understand end to end connectivity without telling me?

      The problem is you can't do that, as NAT only works with a middle man. Even with every consumer device behind NAT and no ability for end users to host anything themselves, that still does not leave enough IPs as GCNAT at scale still requires an IP per 100-1000 users to avoid running out of ports.

      You then also need more servers to move traffic between those users, which then use more real IPs, create more latency and higher bandwidth costs.

      1. heyrick Silver badge

        Re: NAT should be enough for everything

        "create more latency and higher bandwidth costs"

        He did mention Mars, Ganymede, etc. Probably going to have to rethink communications and not be using bog standard TCP/IP when your ping might report times in excess of a quarter hour, assuming the signal got there and back at all.

        1. Steve Davies 3 Silver badge
          Childcatcher

          Re: Mars, Ganymede, etc

          Send Musk there (and don't let him come back). He is a fecking genius (According to No 45) so he can sort it all out in a matter of minutes.

          /sarcasm.

      2. ilmari

        Re: NAT should be enough for everything

        End to end connectivity is long since dead.

        As an extreme example, cloudflare needs one IP, AWS needs one IP, and with those 2 IPs, a majority of services regular folk use online will be served.

        1. Anonymous Coward
          Anonymous Coward

          Re: NAT should be enough for everything

          Which Internet Protocol, IPv4? IPv6.

        2. steelpillow Silver badge
          Unhappy

          Re: NAT should be enough for everything

          You forgot recaptcha, gstatic and google

          1. Anonymous Coward
            Anonymous Coward

            Re: recaptcha, gstatic and google

            Put them in their own private subnet and the world will rejoice.

            Put AWS and AZURE in another one and we can be free of the tyrants.

      3. Anonymous Coward
        Anonymous Coward

        NAT traversal works fine unless stopped by an adverse middleman

        Simple NAT traversal on IPv4 is well established and available off the shelf for those that don't want to implement it themselves. No third party is needed, just a relatively standard hand-off.

        With support from a public address you can even tunnel past double NAT and other horrors. NAT is just one simple case of an overlay network. There are many others that can keep IPv4 going for decades more, maybe indefinitely.

        IPv6 also already exists, so there is no need to contort IPv4 beyond reason to handle traffic it's assumptions aren't ideal for. 4to6 and 6to4 translation is already worked out. So for the huge amount of traffic that is either NAT friendly, or comes from hosts that don't need to talk to most other hosts, IPv4 still has long running legs.

        1. MattAvan

          Re: NAT traversal works fine unless stopped by an adverse middleman

          So I need to pay for the bandwidth and services of someone with a public address, when my server is already on the internets? How do I even connect two of my geographically separated servers seamlessly, if both are behind double NAT? No thanks, I'll take the end-to-end connectivity please.

    2. Headley_Grange Silver badge

      Re: NAT should be enough for everything

      That would just result in a future "Who Me" where the UK's internet goes down because the cleaner unplugged the router to do the hoovering.

      1. rg287 Silver badge

        Re: NAT should be enough for everything

        because the cleaner unplugged the router to do the hoovering.

        Obligatory xkcd

    3. rg287 Silver badge

      Re: NAT should be enough for everything

      Aside from the fact (as well explained by Blue Shirt Guy) that CGNAT doesn't scale like that (due to port availability), IPv6 has already taken interplanetary comms into account.

      All current IPv6 allocations starts with 2xxx:: (aside from a couple of oddball reservations as well as the ff00:: multicast addresses).

      That leaves 3xxx:: available for a future Mars network, 4xxx:: for Jovian settlements (with sub-divisions for Moons), etc.

      Inter-system comms will likely require an ansible, which will use it's own addressing/entanglement scheme.

      1. Jellied Eel Silver badge

        Re: NAT should be enough for everything

        Inter-system comms will likely require an ansible, which will use it's own addressing/entanglement scheme.

        Or a runcible. Must check if there's anything new from Neal Asher.

        IPv6 has already taken interplanetary comms into account.

        Other than the assumption that an interplanetary Internet will use IP. But IPv6 was largely foisted on the 'net by the mobile operators who wanted zillions of IP addresses instead of routing based on the addreses they already had, like IMEI/IMSI. Which would then just leave them the challenge of translating to IP for off-net services, which given mobile operators generally operate behind walled gardens would be their own problem.

        Other alternatives were proposed because address depletion was a problem solved by the telcos over a century ago with the addition of country code octets. 192.168.1.0* becomes 44.192.168.1.0 if it's in the UK. Which from a bellhead pov would have been a good thing because then it'd make international routing & grooming easier. If it's 297.x.x.x.x route it to Aruba, 1.658.x.x.x, Jamaica etc.. which also highlights that no numbering system is perfect, and one can generally blame the NANP for that. But kinda how the phone system worked. Route (switch) based on leading digits and make the network faster and cleaner.

        * Despite being a few decades on since CIDR, a suprising number of network types still won't use subnet zero and insist that links need 4 IP addresses rather than 2. Some traditions take a long time to die out I guess.

        1. RegGuy1

          Re: NAT should be enough for everything

          44? Why is Ingerland 44? Shouldn't we be 1? Or, at least if we have to acknowledge the US then number 2? Why 44? Are we not as special as everyone (here in Ingerland) seems to think we are? Why has the Daily Mail never explained this?

          1. Jamie Jones Silver badge
            Happy

            Re: NAT should be enough for everything

            Obviously that was the fault of the EU! Now we've left, we should change to a sovereign "0" (one higher than the yanks)

            You may say that won't work, but you'd be a typical remoaner.. Farage will fix it!

            1. Anonymous Coward
              Anonymous Coward

              Re: Farage will fix it!

              He'll be sharing a cell with no 45 very soon. Both are guilty of Treason. YMMV naturally.

          2. heyrick Silver badge

            Re: NAT should be enough for everything

            Given that international dialling is quite a recent thing, perhaps it is related to why the international access code in France used to be "19". It's now "00" like everywhere else because ITU/ETSI, but for many years when calling the UK, your number would begin 1944, which was intentional.

          3. Fred Dibnah

            Re: NAT should be enough for everything

            I guess USA has country code 1 because that’s where telephones were invented (not by Alexander Graham Bell). Seems fair enough.

            Rowland Hill in the UK invented the modern postal system, which is why British stamps are the only ones without the country’s name on them.

            </trivia>

        2. heyrick Silver badge
          Happy

          Re: NAT should be enough for everything

          "If it's 297.x.x.x.x route it to Aruba, 1.658.x.x.x, Jamaica etc."

          Uh... you know octet is a nerdy way of saying byte, right?

          1. Anonymous Coward
            Anonymous Coward

            Re: NAT should be enough for everything

            297 and 658 are not bytes/octets anyway :-P

            1. Anonymous Coward
              Anonymous Coward

              Re: NAT should be enough for everything

              Isn't that what he said?

            2. Jellied Eel Silver badge

              Re: NAT should be enough for everything

              297 and 658 are not bytes/octets anyway :-P

              You don't say. You missed the <whoosh> and the bit where I said no numbering system is perfect. There are fewer than 256 countries in the world, so most could have been accomodated, except the Americans had to be special with the NANP covering the US, Canada and Carribean. But also only 9 zones, with 999 reserved for International Rescue.

              But there were easier ways to deal with numbering that didn't require stressed netengs & sysadmins to cast hexes at their devices to keep them working. Or the lack of geographical routing support. Or the way every connection should get a /48, or 64,000 /64s. I know many of us are gadget freaks, but we really don't need that many. So later changed to 'only' a /56. But because some people decided we really needed to be able to expose MAC addresses, or just uniquely identify every bit of macaroni in home user's mac & cheese, the IP addresses exploded, making v6 far less efficient on low speed links. Plus then invented the need for SLAAC tricks to try not to expose your internal networks, which was one of the reasons people used NAT for in the first place.

              So it was (and still is) all a bit of a mess.

          2. Anonymous Coward
            Anonymous Coward

            Re: NAT should be enough for everything

            Not necessarily nerdy just depends where you come from. Octet is French for byte and is one of the official ITU languages

        3. Anonymous Coward
          Anonymous Coward

          Re: NAT should be enough for everything

          But then, you have a new protocol, so if you have to design a new protocol anyway, may as well clean up and improve on the old one whilst you're at it. Hence, IPv6

          1. Snake Silver badge

            Re: Hence, IPv6

            ...with an address scheme that no human being can personally translate.

            IM(very)HO one of the greatest obstacles to IPv6 adoption is the stupidly-complex addressing. No 'normal' human being wants to deal with the overly-complex IPv6 schema when a far simpler, far more humanly-parsable address paradigm could have been (easily!) adoptable; the 'country code prefix' being just one easily-readable idea.

            1. nowster

              Re: Hence, IPv6

              Phone numbers are easy? Explain that to Londoners who still think their STD code is 0207 or 0208.

              1. Snake Silver badge

                Re: phone numbers are easy

                Compared to FE80:CD00:0000:0CDE:1257:0000:211E:729C? Or even FE80:CD00:0:CDE:1257:0:211E:729C??

                Yes, phone numbers ARE easy compared to that mess!

                1. Anonymous Coward
                  Anonymous Coward

                  Re: phone numbers are easy

                  Why does every opponent to IPv6 think that every IPv6 user types in the addresses by hand?

                  There's this thing called DNS...

                  1. Jellied Eel Silver badge

                    Re: phone numbers are easy

                    There's this thing called DNS...

                    Also a hosts file. Look at one of those sometime.

                    Some of us are (or have been) network and sysadmins, and knowing your, or your users IP address is at times very useful. There is a limit to the size of a Post-It note, especially given most IT types have handwriting that would make a doctor's penmanship look good. Plus ancillary fun. Like spreadsheets being the most common BSS tool in many telcos and ISPs, and have you ever tried storing an IP address in an Exel cell? Microsoft does curious things to anything formated xx:xx:::xx etc, usually of the error persuasion. Some simple provisioning systems, having been kludged to work from spreadsheets had to re-kludged to work with v6. Or worse, vb databases.

                    Also some other unintended consequences. Like it's generally accepted that network diagrams are a good thing. Especially if they include useful info like interface IDs. Which for IPv6 makes adding addresses to interfaces in anything but the simplest Visio diagram a major PITA. Unless you happen to have an A0 printer. Which most field engineers don't, so have to try and find IP addresses on their mobile devices. Maybe CAIDA could look out outage extensions due to engineers not being able to find or see IP addresses when they're trying to troubleshoot.

                    1. Snake Silver badge

                      Re: phone numbers are easy

                      This. "There's this thing called DNS"...yes, and when it fails, has a conflict or just a general problem, I want to be able to *read* the addresses it [believes] that are correct, understand the subnet and flows, and be able to say "No, that's wrong, here's a reserved address I want you to use for that device".

                      What, you've never had a IP printer decide that it has the ability to get a new lease on a different IP address, thereby borking your ability to print? Oh, I look so forward to hand typing-in IPv6 reserved addresses, never mind accessing built-in web admin pages and pings...

                      1. Anonymous Coward
                        Anonymous Coward

                        Since they brought up DNS

                        they should have mentioned that IPv6's reliance on using DNS as a proxy method for address assignment failed to provide for security, reliability, or backwards comparability. They failed to reach out to OEMs to provide support for common access routers and security software. They dropped the ball co-ordinating with hosting and service providers. SLAAC leaked hardware information at launch and enabled mass tracking, but lasted long enough to create another holy war over if DHCPv6 would even exist.

                        Implying people who gripe about IPv6 addresses don't know DNS or DNSv6 is itself lazy and inept, and it's a weak hit at best.

                        If the IPV6 camp were half as competent as they think themselves, they would have rolled out useful, secure, and use friendly tools to make their new protocol work. Instead they thought that geniuses at tiny companies like Microsoft and Cisco should be left to build the tools themselves. As a result, deploying IPv6 and DNSv6 on some of the most common infrastructure and platforms involves 90's retro controls or copious command line scripting. Instead of rolling up their sleeves and getting the big vendors to implement at minimum a common usability standard admins then face cleaning up someone else's mess using broken implementations where having to Ctl-c & v line after line are real possibilities, because the server OS doen't talk to the router with doesn't talk to the IDS, and the DNS service isn't up to the flood of traffic that is now also much more sensitive to latency.

                        Many of us earning paychecks didn't get to choose those platforms, any more than we could decide one morning to move our deployments off of them. And the assumption that all of your local traffic would merrily off slow DNS requests forgot why so many command line tools include a -n switch.

                        IPv6 isn't going away, but it won't win over holdouts by shaming them, or by it's cheer squad refusing to admit it's failings, or to make the process of administering it less of a hassle.

                        1. Yes Me Silver badge

                          Re: Since they brought up DNS

                          "... getting the big vendors to implement..."

                          What on earth are you talking about? Firstly the engineers who work on IPv6 standards mainly come from, and are paid by, big vendors. Secondly, product managers at big vendors don't do what the engineers tell them, they do what the accountants tell them. Those "useful, secure, and use friendly tools" would come from the big vendors or from startups trying to get bought out by a big vendor. Or they'd be open source (i.e. no paychecks at all).

                          I agree, more tools are needed, but it isn't IPv6 standards writers you need to convince, it's the accountants. Welcome to capitalism.

                      2. Richard 12 Silver badge

                        Re: phone numbers are easy

                        The thing is, the problem with IPv4 is that the numbers aren't long enough.

                        Thus the only possible solution is to make the numbers longer - and thus harder to type, by definition.

                        IPv6 does try to simplify where possible, by using hex instead of decimal, and allowing large sections of the address to be omitted if they're deducible by the computer.

                        But at the end of the day, long numbers are long.

                        1. Snake Silver badge

                          Re: long numbers are long

                          Good point. But adding a couple of base-10 tuples to an existing pattern is more humanly parsable than changing it to an 8-set /4-digit base-16 disaster. Humans that occupy planet Earth all share base-10 math and can easily grasp most number combinations using same; base-16 is not naturally intuitive.

                          1. doublelayer Silver badge

                            Re: long numbers are long

                            So do you think it would be easy to remember and use the address

                            184.53.92.138.4.236.148.95.0.0.0.0.0.52.91.133

                            I'll admit that I do have trouble memorizing IPV6 addresses. I don't think it's the hex that does it. I think it's the length. However, the length makes it easier after you get long enough. Once I've memorized those bits that lead to my subnet, I can allocate the rest of them in whatever way I think makes them easier to manage. I can split subnets on a digit boundary when it wouldn't be feasible in IPV4 because there isn't enough address space. If it's a small network, I can simply make as many high order bits zero as I can, meaning that the addresses can be as simple as my-subnet::3. If I don't like letters, I can do that, but skip the hex addresses. my-subnet::9 can go straight into my-subnet::10. Chances are that I can live without allocating my-subnet::a in this network.

                            1. Snake Silver badge

                              Re: easier to remember

                              Half the entire issue is that, in truth, we don't *need* 3.402823e38 internet addresses to make every single device on planet Earth directly accessible. We're all dealing with these fantastical numerical creations because some pie-in-the-eye, head-up-their-bum boffins decided that we do need that ability without thinking of the consequences (for example, security).

                              Adding two extra duples to our poor little IPv4 would have made 2.814749e14, 65,536 times [of course, maths] more IP address than we had, and probably enough for a long time. Add in an extra duple, say for geographic segmentation as per our OP's idea, and you get over 16 million times the number of new addresses with only having to (essential) deal with 2 new tuples during local LAN configurations (because, of course, your geographic tuple will remain stagnant).

                              It is certainly a complex issue, I simply personally feel this could have been handled better by NOT giving it to a group of scientists that only thought of the technology and not how said technology must be interfaced in the real world, by the actual human beings using it. Hell, originally they didn't even consider NAT (because, of course, they wanted pure end-to-end but without considering alternative needs). We are all here discussing this but it seems that a good portion of the world has decided: IPv6's adoption rate is so far below expected projections that it isn't even funny. A lot of the world likes the simplicity of the IPv4 address space and seems to be resistant to switching over unless they absolutely must do so - this rather speaks for itself IMHO.

                          2. catprog

                            Re: long numbers are long

                            Which is more memorable?

                            2001:0000:130F:0000:0000:09C0:876A:130B

                            or

                            425:4048:8167:8741:9183:4450:1428:9120:1925:899 ?

                      3. FILE_ID.DIZ
                        Holmes

                        Re: phone numbers are easy

                        Compared to FE80:CD00:0000:0CDE:1257:0000:211E:729C? Or even FE80:CD00:0:CDE:1257:0:211E:729C??

                        Sure, DNS can fail.

                        However - a /64 should be what's assigned to a host. While that's not as short or easy to type as 192.0.2.2, (colons suck for the shift component - can't type with a single hand on a 10-digit number pad, for example) FE80:CD00::0CDE is all that you should need to locate a single host on a network if you're not assigning /128's like a numpkin.

                        Note:

                        (FE80 is a terrible example - in the real-world, that machine would have a /64 somewhere within 2000::/3)

                        1. Jellied Eel Silver badge

                          Re: phone numbers are easy

                          However - a /64 should be what's assigned to a host. While that's not as short or easy to type as 192.0.2.2, (colons suck for the shift component - can't type with a single hand on a 10-digit number pad, for example) FE80:CD00::0CDE is all that you should need to locate a single host on a network if you're not assigning /128's like a numpkin.

                          I think this is part of the challenge, ie human vs machine friendly representation. So as an example per wiki on CIDR-

                          the IPv4 block 198.51.100.0/22 represents the 1024 IPv4 addresses from 198.51.100.0 to 198.51.103.255.

                          the IPv6 block 2001:db8::/48 represents the block of IPv6 addresses from 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.

                          Once you've been working on networks for a while, you get to know the bit boundaries and netmasks, so configuring things like routes, subnets, ACL's etc is quick and easy. On v6 as an example though-

                          You would assign either an inbound ACL on VLAN 1 or an outbound ACL on VLAN 2 to filter a packet routed between subnets on different VLANs, that is, a packet sent from the workstation 2001:db8:0:111::2 on VLAN 1 to the server at 2001:db8:0:222::25 on VLAN 2. (An outbound ACL on VLAN 1 or an inbound ACL on VLAN 2 would not filter the packet.)

                          Where multiple subnets are configured on the same VLAN, you can use either inbound or outbound ACLs to filter routed IPv6 traffic between the subnets on the VLAN if the traffic source and destination IP addresses are on devices external to the switch.

                          Stolen from configuring ACLs on HP. Which can harder to parse, thus prone to errors and fat-fingering. But also depends on what range you're assigned. Some providers only assign a /64, others a /56 or /48. IPv6 does away with many of the concepts of subnetting, ie netmasks but also has some limitations. So a v6 subnet is assumed to be a minimum of a /64 to keep SLAAC happy, which means if you're only assigned a /64, you can't subnet. Or shouldn't.

                          But that isn't efficient, ie you're kinda wasting 64bits of the address space, which isn't really an issue. For now, anyway. But-

                          A 64-bit interface identifier can be derived from the interface's 48-bit MAC address, although stable privacy addresses are now recommended as a default instead. A MAC address 00-0C-29-0C-47-D5 is turned into a 64-bit EUI-64 by inserting FF-FE in the middle: 00-0C-29-FF-FE-0C-47-D5

                          Which is one of those 'but why?' questions, answered mostly by pointing at the mobile community, and their insistance that an IP address should include a MAC address. Which then lead to people pointing out that that was a tad insecure, and so kludges like generating privacy addresses. Which is mostly out of scope for the average user, except when maybe trying to do troubleshooting and being asked questions like 'What's your IP address?' or 'Can you ping.. err. wait..'. Or just other standard troubleshooting, like in the v4 world, I used to test for potential DNS problems, routing, or webservers just resting by telnet'ng to a to a web server on port 80 and seeing if it responds. Wiki gives an v6 example of-

                          https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/

                          as similar example, which is less human-friendly. But something I guess support types just have to get used to.

                      4. PRL

                        Re: phone numbers are easy

                        Taking file (NAS) and printing as examples, if you want to number your server or printer with a stable shorter address you already can.

                        fdff::a

                        would be a perfectly valid ULA if you want to have a LAN-only network prefix that does not need to change if you change ISPs.

                        (before anyone asks, yes in a large organisation your network operations team should remind you they follow guidance to generate a more unique /48 for the ULA to avoid conflicts if multiple organisations merge but I am talking about the self-contained and SOHO scenario).

                        And yes you can have your DHCPv6 service reserve fixed IPs for known systems whether or not you wanted to try to enter such an IP into a printer's control panel.

                        Your router may already provide ULAs alongside the globally routable addresses derived from a delegation from your ISP.

                        (Mine does and it is even a 3-way option of ULA never, always or enable only if ISP is down).

                        The link-local (fe80:whatever) addresses shown earlier are examples that you'd not normally use to reach operational systems and their closest equivalent IPv4 is 169.254.*

                        You'll see them auto-generated for each interface but never actually have to type those into a printer for example.

                        In addition to DNS, many LAN systems already use mDNS for discovery on the same network and you can replace the discovered IP with the friendly-name-of-device.local if supported to abstract from relying on a fixed IP.

                    2. MattAvan

                      Re: phone numbers are easy

                      My home server's IPv6 address is ::42 for all intends and purposes, which is rather easier than typing the IPv4 address, 192.168.1.42.

                      I have no logical reason to write the prefix down, because my ISP changes the assigned prefix on every router reboot. Which forces me to use DDNS, no issues otherwise.

                2. Yes Me Silver badge
                  Headmaster

                  Re: phone numbers are easy

                  It's irrelevant. Phone numbers used to be for people, who used to have to dial them with their fingers in a dially thing. IP addresses are for computers.

                  Incidentally, your example above should be written fe80:cd00:0:cde:1257:0:211e:729c according to RFC5952, and looking at it anybody can tell that it's a link-local address. No human is expected to parse beyond fe80.

            2. Yes Me Silver badge
              Headmaster

              Re: Hence, IPv6

              "...with an address scheme that no human being can personally translate."

              Translate to what? Am I supposed to be able to translate "142.250.76.110" to "google.com" in my head?

              What the designers recognised at a very early stage is that no human can readily memorise 128-bit addresses whatever format they're written in, so it was better to write them in hexadecimal to make them shorter to cut and paste.

              "a far simpler, far more humanly-parsable address paradigm could have been (easily!) adoptable; the 'country code prefix' being just one easily-readable idea."

              I'm not sure you understand how Internet routing works. It's non-geographical, so the notion of a country-code prefix is simply meaningless. In any case, human-parsability is not a requirement, so TBH your whole comment resolves to null.

              1. catprog

                Re: Hence, IPv6

                Routing should be geogrpahical.

                If you can tell tell from the start of the prefix where it should go it makes the routing tables much easier.

                But does it really make it more memorable if all the IPS in a country start with the same code ie if the country code for England is FE80 then the ips will be:

                FE80:CD00:0000:0CDE:1257:0000:211E:729C

                FE80:CD01:0000:0CDE:1257:0000:211E:729C

                1. STOP_FORTH Silver badge
                  Unhappy

                  Re: Hence, IPv6

                  Yes, with the benefit of hindsight, everything would have been better and simpler had geographical routeing been enforced in the early Internet.

                  By the time CIDR was proposed that ship had already sailed.

                  You'd need a completely new set of addresses and DNS type mechanism to implement this. You'd also need to cope with the fact that end devices are no longer immovable behemoths in university labs but could be something you put in your pocket. You could use a similar system to the mobile 'phone routeing.

                  All too late, I'm afraid.

                  1. Jellied Eel Silver badge

                    Re: Hence, IPv6

                    By the time CIDR was proposed that ship had already sailed.

                    You'd need a completely new set of addresses and DNS type mechanism to implement this. You'd also need to cope with the fact that end devices are no longer immovable behemoths in university labs but could be something you put in your pocket. You could use a similar system to the mobile 'phone routeing.

                    But IPv6 was a brand new ship, and geographical address assignment could/should have been a feature. Which it kind of is anyway given address space is assigned/allocated by the RIRs anyway. It's mostly a routing thing though and might already partially happen, eg if you're a travelling Vodafone user, you might get assigned a v6 address from RIPE in Europe, ARIN in the US, APNIC in Asia etc. For latency purposes, or just routing efficiency it would have been nice to know where the destination country is in the first few bits.

                    Plus there's other pet peeves, like why v6 stuck with putting the source address first in a packet header. For a simple neteng, the destination is more important than the source. I once asked Vint Cerf about that, and apparently it was a holdover from the DoD days when the sender was considered more important than the recipient. Ah, tradition.

                2. Anonymous Coward
                  Anonymous Coward

                  geographical routing - a dying concept from 200+ years ago.

                  "Routing should be geographical"

                  That might have been valid in the era of telegraph and steam-power. It's not valid today. IP-based networks don't (have to) respect national boundaries and many of them don't: intranets for multinational companies, global carriers, CDNs, cloud providers, etc.

                  1. Jellied Eel Silver badge

                    Re: geographical routing - a dying concept from 200+ years ago.

                    IP-based networks don't (have to) respect national boundaries

                    Err.. Oh yes they do! Either by way of the fundamental plumbing, or governments imposing rules, regulations and restrictions on national IP traffic.

            3. munnoch Silver badge

              Re: Hence, IPv6

              I think the missed opportunity here was to make addresses variable length.

              My ISP would give me a single public address and I would add on a postfix to make my internal devices directly reachable should I wish, or I could NAT everything behind it if I don't. The closer you are to the core of the network the shorter the addresses can be. Further out in the galactic hinterland the addresses get longer. Its what address classes were trying to do in the first place but without any practical limit on the total number of hosts.

              If it was thought of at the time then I'm sure it would have been dismissed on the grounds of performance. Fixed sized records with fixed offsets would have been, and may still be, the only way to switch traffic fast enough in the most demanding cases.

              It could potentially still be retrofitted to v4. Keep the current addressing scheme as the base so all existing routes still work. Append the extended postfix address as header options(*). You'd still need DNS upgrades and hosts would need to be taught to populate the extended addresses in order to reach the servers buried deeper in the net but thats all doable through the regular cadence of OS updates..

              Rule #1 of rolling out a shiny new system, make it backwards compatible so that 99% of the installed base don't even know its happened.

              (*) Seems that header options are considered potentially dangerous and intermediate routers may throw them away. But that's a lot easier to change than getting absolutely everyone to be dual stack.

              1. Anonymous Coward
                Anonymous Coward

                variable length addresses

                "I think the missed opportunity here was to make addresses variable length."

                It wasn't missed. It was avoided by design.

                Hardware works best with fixed-length quantities. Getting routing hardware to parse and process variable-length addresses is non-trivial. It might not be such a big deal with today's ASICs and GPUs. However it was in the early 1990s when IPv6 was developed.

                You even make that point about fixed size addesses in your post.

                Retrofitting (what?) to v4 is a non-starter. If you disagree, write up an I-D and submit it to the IETF. Good luck.

              2. Nanashi

                Re: Hence, IPv6

                It could potentially still be retrofitted to v4. Keep the current addressing scheme as the base so all existing routes still work. Append the extended postfix address as header options(*).

                v6 already does this. It uses a special next-protocol number (41, like TCP is 6 or UDP is 17) rather than a header option and then puts the address bits at the start of the packet payload, but that's not a significant difference.

                They already did more or less exactly the method of backwards compatibility that you're suggesting and it still wasn't enough to stop you from complaining and trashing them for not doing it. Don't you think that's a bit unreasonable?

            4. Ilgaz

              Re: Hence, IPv6

              It would be great if it allowed ipv4 virtual aliases just for local stuff.

        4. AbeChen

          Re: NAT should be enough for everything

          Hi, Jellied Eel:

          0) “… address depletion was a problem solved by the telcos over a century ago with the addition of country code …“:

          Thanks for applying what we learned in the past century to the problem of today. Utilitarian technology is more efficiently advanced by incremental steps than big jumps. Allow me to extend your trend of thoughts by quantifying a couple parameters.

          1) Based on the telco perspective, the first thing that we need to do is to figure out a numbering scheme to identify an Internet user. We will use IPv4 because its twelve numerical digits from the dot-decimal format are in the ball park with traditional telephony numbers that most people are used to. The lengthy IPv6 address format is just too long to be user-friendly.

          2) To be sure that every user is identifiable, we need an IPv4 netblock as large as possible. The best candidate is the long-reserved 240/4 netblock with 256M address combinations.

          3) Although over 90% of countries worldwide have population fewer than 256M, several do exceed it. So, we must define a numbering system with a building block that is ready to be reused several times within these larger countries. Let’s define each area served by one block of 240/4 as a RAN (Regional Area Network).

          4) By revamping the fundamental resources (the IP address pool), the Internet can be simplified and streamlined in more than a couple areas. For example, within each RAN, every subscriber will be assigned a static address leading to no more need for CG-NAT. So that end-to-end connectivity (within respective RAN) becomes a reality. The presentation below goes into more manifestations.

          https://www.avinta.com/gallery/DeterministicInternet.pdf

          5) Similar as the telephony country code (there are around 200 worldwide) prefix that you cited, we need a set of RAN code prefixes to identify each of them. In practice, this will exceed the capacity of one IPv4 octet (256) due to multiple RANs per large county, as well as reserving spare addresses within each RAN for medium sized countries.

          6) Since the total number of RAN code prefixes will exceed one octet, we might as well enlist a full four-octet IPv4 address so that we can make use of the Option Word mechanism in the IPv4 Header to carry them as the address for directing packets among RANs utilizing the established routing convention. This second set of IPv4 address (one for identifying each RAN) can be drawn from the public IPv4 address pool currently allocated to respective countries. The following IETF Draft goes through the specifics about how this may be done.

          https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space

          7) Please have a look at the above. There is a lot more information than appropriate for discussing on this forum. If you are inclined, please contact me offline. You can find my contact information at the end of the above IETF Draft. I normally respond to none real-time communications within 48 hours.

          Regards,

          Abe (2024-10-24 11:36 EDT)

  3. Doctor Syntax Silver badge

    Different solutions fit different use cases. Who knew?

  4. Zippy´s Sausage Factory
    Unhappy

    Hmm

    At this rate, I think by the time we're moving IPv11 people will still be saying "well, we still have to back support IPv4, but we're still going to phase it out eventually"

    1. R Soul Silver badge

      IPv11

      This will be awesome. Just think of the Spinal Tap references.

    2. Dwarf

      Re: Hmm

      We won't be migrating to IPv11, since that is an odd number and therefore a development protocol. IPv12 would be its production equivalent

      This is why we have IPv4 and IPv6, but no IPv5.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmm

        Quite. Do people not know anything?

      2. nowster

        Re: Hmm

        Not quite. IP version number 5 was used for something that used exactly the same addressing space as IPv4 but probably could have been a protocol within IPv4 like ICMP, TCP or UDP. It was a protocol which was a precursor to VoIP or video streaming.

  5. Mr Sceptical
    Facepalm

    Would be nice if IPV6 support was actually the norm

    Having some locations in primarily IPV6 parts of the world (the Caribbean) having so many services still having no intention of supporting IPV6 results in much head to wall contact.

    E.g. I can't even get TrueNAS Scale to update cause the supposed v6 endpoints don't respond properly. Or Ubuntu...

    1. Orv Silver badge

      Re: Would be nice if IPV6 support was actually the norm

      Worth noting that everyone on T-Mobile in the US has an IPv6-primary device. They get public IPv6 addresses and IPv4 is done via CGNAT.

  6. Charlie Clark Silver badge

    Provider risk

    Apart from the misleading headline – networks are moving to IPv6 but using dual-stacks to minimise disruption – the main problem I have with this article is that it seems to suggest that we can rely on CDN providers to do the right thing, rather than seeking to use market power to enshrine their position as gatekeepers. The point of protocols is to ensure interoperability between networks and it is not sufficient to assume that this is no longer required because it's all handled by the service providers running on top of the networks.

    From the point of view of systemic risk, it doesn't matter if international networks are increasinly private pipes owned by a few companies: Google, Microsoft, Facebook, etc., who seek to ensure that traffic gets on their network as soon as possible; or state actors who seek to limit access to other networks by their citizens.

  7. Kurgan

    ipv6 is a mess and ipv4 will not die anytime soon

    ipv6 is a mess. it has been made overly complicated, IMHO. And if you don't use NAT (NAT in V6, I mean) you'll end up having to renumber your entire LAN if you change provider (unless you own your own v6 netblock and have it routed through your current provider).

    And anyway if you want your internet to work, you still NEED v4 until everyone else (100% of them) is on v6 too. And this statement says it all. Since everyone still needs v4, why bother configuring a dual stack solution?

    Since I need v4 anyway, I just stick with it.

    Now think of this and consider that "I" is everyone (service providers, content providers, users, etc) and you'll see why v4 will never go away and v6 will never reach 100% coverage.

    1. Jusme

      Re: ipv6 is a mess and ipv4 will not die anytime soon

      > ipv6 is a mess. it has been made overly complicated, IMHO. And if you don't use NAT (NAT in V6, I mean) you'll end up having to renumber your entire LAN if you change provider (unless you own your own v6 netblock and have it routed through your current provider). And anyway if you want your internet to work, you still NEED v4 until everyone else (100% of them) is on v6 too. And this statement says it all. Since everyone still needs v4, why bother configuring a dual stack solution? Since I need v4 anyway, I just stick with it.

      Yep, that's pretty much my song too.

      IPv6 was designed by academics and made over-complicated, in a misguided attempt to solve too many problems. We already rejected OSI for that. If it had just addressed the core problem, 32-bit addresses, in a way that was directly compatible, by now we might have had 100% support, but, as evidenced by the fact that we haven't, it's clearly too hard and too different.

      1. talk_is_cheap

        Re: ipv6 is a mess and ipv4 will not die anytime soon

        IPv6 may still needs NAT for reasons like the one you have provided if devices can not handle a dynamic local name service, they key thing is that it does not need the service provider to roll out things like carrier-grade NAT which may be OK for phones, but is a right pain for other tasks.

      2. Nanashi

        Re: ipv6 is a mess and ipv4 will not die anytime soon

        Where does this "designed by academics" thing come from? The RFCs are credited to people like Xerox, Ipsilon Networks, Cisco, IBM, Nokia, Ericsson, Sun, Hewlett Packard, Microsoft, Google - all major players in the industry (either presently or in the past), not academics. You have to search quite a few v6-related RFCs to find any academic credits at all. It simply does not appear to be true.

        > If it had just addressed the core problem, 32-bit addresses, in a way that was directly compatible, by now we might have had 100% support

        If it had just done the impossible then yes, perhaps we would have.

        v6 mostly does just address the core problem of 32-bit addresses, and in as compatible a way as possible given the design of v4. If you think I'm wrong, feel free to explain how it could have been done in a way that you'd count as "directly compatible". Every time I ask people to do this, they either suggest something that v6 already does, something that wouldn't even work, or they give some half-brained idea where they clearly haven't bothered to think through any of the details. That, or they just refuse to share the method.

        If it was so easy to make it directly compatible then someone would have been able to say how to do it by now.

      3. AbeChen

        Re: ipv6 is a mess and ipv4 will not die anytime soon

        Hi, Jusme:

        1) " ... If it had just addressed the core problem, 32-bit addresses, in a way that was directly compatible, by now we might have had 100% support. ... ":

        There is a proposal along exactly this line on the table. Please have a look at the below presentation.

        https://www.avinta.com/gallery/DeterministicInternet.pdf

        2) If you are inclined, we can carry on offline. My eMail address is AYChen@Avinta.com. I respond to none real-time communications within 48 hours.

        Regards,

        Abe (2024-10-26 09:28 EDT)

    2. John Sager

      Re: ipv6 is a mess and ipv4 will not die anytime soon

      If your network is of any size then the better solution for v6 is to get your own allocation. There is plenty of address space available! You still need a v4 access point but then you could run a NAT64/DNS64 combination to map remote v4 addresses into the local V6 space. Some ISPs already do this, including mine. I could in principle go v6 only but older hosts like the TV don't support it and I still need an inbound VPN solution from v4-land.

      1. Anonymous Coward
        Anonymous Coward

        Re: ipv6 is a mess and ipv4 will not die anytime soon

        This is where I have to exercise my moral oblication to point out that even with an assigned v6 block(which is easy to get) your only choice to make it work is BGP which is just too damn slow in the modern world. The only reasonably practical solution to failing back and forth between redundant internet connections is an overlay network, which is basically another form of the CDNs being discussed.

        IPv4 cutovers between redundant WAN links behind NAT can at least happen without breaking every TCP connection on the local network, and without a re-addressing storm. To do that with IPv6 and without an overlay network creates a much more complicated routing situation, and most hosts don't handle it gracefully at all, at best eating a whole chain of timeouts, and at worst choking and eating a reboot or having to touch the network config on each device(looking at you, cheap IPv6 IoT crap like thermostats.)

    3. Jamie Jones Silver badge

      Re: ipv6 is a mess and ipv4 will not die anytime soon

      No, it really isn't. Some bits are different; there are lots of different solutions to achieve effectively the same thing (SLAAC/dhcp6, various 4to6 schemes; etc. but this was mainly to appease the diehards); and some bits may be slightly engineered, but fundamentally, it's not much different from IPv4.

      " And if you don't use NAT (NAT in V6, I mean) you'll end up having to renumber your entire LAN if you change provider (unless you own your own v6 netblock and have it routed through your current provider)"

      How is that different from IPv4? In fact, it's better than IPv4 because of IPv6-to-Ipv6 "NAT", where you'd not lose 1to1 connectivity https://www.rfc-editor.org/rfc/rfc6296.txt

      "And anyway if you want your internet to work, you still NEED v4 until everyone else (100% of them) is on v6 too. And this statement says it all. Since everyone still needs v4, why bother configuring a dual stack solution?

      Since I need v4 anyway, I just stick with it.

      Now think of this and consider that "I" is everyone (service providers, content providers, users, etc) and you'll see why v4 will never go away and v6 will never reach 100% coverage."

      Sure, but that's not specifically an IPv6 problem. You could apply it to anything which by necessity requires a software change to work.

      1. James Anderson Silver badge

        Re: ipv6 is a mess and ipv4 will not die anytime soon

        It’s more than just a software change. Of the twenty or so IOT thingies in my house I don’t believe any of them support IPv6. So if my ISP tells me I have to use V6 I will just switch to another ISP rather than splurge over 1000 euros on a new “smart” TV even if I could find one that supports V6.

        The proliferation of Things On The Internet has killed any chance of widespread V6 adoption.

        1. Nanashi

          Re: ipv6 is a mess and ipv4 will not die anytime soon

          IOT thingies that don't support v6 do not block you from using v6 on your network. There's no need to drop 1000 euros on a new TV just for that. You're making up problems that don't exist.

    4. Charlie Clark Silver badge
      Stop

      Re: ipv6 is a mess and ipv4 will not die anytime soon

      And anyway if you want your internet to work, you still NEED v4 until everyone else…

      No shit, Sherlock! But, as with many of your assertions, you're ignoring the point that IP is about how disrete networks connect with each other and IPv6 is really helping here, which is why more and more WANs are implementing it whilst keeping their LANs on IPv4 and using 4to6 gateways where needed to handle the transition. It's a common trope, particularly in countries that still have plenty of IPv4 addresses, that because we can't all move to IPv6 at once, we don't need it, and any other solution would be preferable even though it has long been known that any solution that provided sufficient ip addresses would require breaking IPv4.

      For many large carriers in Asia with layers of NAT due entirely to the scarcity of IPv4 addresses, this has been a godsend. Their setups are now infinitely more simple, reliable and cheaper and customers still don't need to care whether they're on 4 or 6.

    5. MattAvan

      Re: ipv6 is a mess and ipv4 will not die anytime soon

      This smacks of a skill and stubbornness problem rather than a technical limitation.

      I was forced to learn the ways of IPv6 to self-host a service or two while stuck behind v4 CGNAT.

      My ISP changes my IPv6 allocation every time I reboot my router. It would be really bad if I had to renumber my LAN every time.

      Fortunately I don't have to do that. My router assigns a fixed suffix to my server, its firewall opens a single port to my reverse proxy, and I'm done. Except for needing DDNS to keep my domain up to date.

      I've learnt to think of the prefix as my external IP, and the suffix as my LAN IP. Thus my server's LAN IPv6 (::42) is now shorter than its internal IPv4 in practice.

  8. Bebu
    Windows

    Will read the Geoff Huston's post...

    the bit about names is a good point but I think it has been around for very long time.

    The model that an opaque name or label is consulted in a directory to produce an identifier (integer) which is effectively a (destination) address which is then used to set up a circuit or in packet headers is pretty fundamental. Essentially a "what" to "where" translation.

    The additional fact that the routing is also in a sense encoded in IP addresses is often not noticed. Think netmasks and CIDR. So in this case adding "how" to the "what" and "where" which is rarely ultimately a good idea.

    Alternatively an otherwise opaque identifier could be used to dynamically discover a route to a provider of the identified service which in many cases would be a nearby CDN. Probably requires routers or intermediate systems (IS) to cache a lot more routing information but perhaps offset by other benefits.

    I have a vague suspicion that something like this was envisaged by the OSI networking people back when but then the vagueness* wasn't all mine. :)

    * the uncharitable might suggest vacuity.

  9. nowster

    https://www.havevirginmediaenabledipv6yet.co.uk/

  10. John Klos

    The point of IPv6 isn't to make IPv4 go away

    The people who claim the sky is falling are usually the ones who erroneously claim that the intention of IPv6 is to replace IPv4. No reasonable person ever said that IPv4 needs to be or will be replaced. IPv4 isn't going to be turned off. Rather, IPv6 is obviously needed for, for instance, cellular carriers that might have tens of millions of customers and perhaps hundreds of thousands of IPv4 addresses.

    The idea of IPv6 is that it makes connectivity better. Connecting to the Internet via NAT means extra work and complexity, because each NAT session has to be tracked for its entire lifetime. When you have NAT routers, whether home devices or fancy, expensive CG-NAT devices, that have too many sessions active at one time, the oldest NAT sessions (usually) get dropped before the session has come to its natural end. We can see this with, for example, AT&T fiber routers that have a NAT & firewall state table that's 8192 entries large. This is in 2024! This is how many NAT states you can get even if you get 10 gigabit service and have a hundred devices behind it. It's ridiculous.

    Fancy, high end, ISP scale CG-NAT has limitations, too. Sure, devices have enough memory to keep track of millions of NAT state entries, but you can only have 2^16 (65536) possible active NAT sessions per IP address. Large CG-NAT deployments also have artificially low state timeouts, as anyone who uses Starlink can tell you.

    The point is that if IPv6 were ubiquitously available, your cell phone would connect via IPv6, and everything would be golden. Older devices and connections to legacy sites / services that aren't yet on IPv6 would still work, and we would simply be using NAT only when necessary, and certainly not for a majority of traffic.

    That's it. The sky isn't falling. Nobody is taking IPv4 away. Thank you for coming to my TED talk.

    1. Anonymous Coward
      Anonymous Coward

      No true scotsman says IPv6 is supposed to replace IPv4

      But the people that invented it did, and they also face planted on the migration plan.

      I agree with you that IPv4 shouldn't be targeted for retirement. We will stop using it when we don't need it anymore, and nobody cares to keep it going out of nostalgia or historical interest.

      I don't agree that IPv6 is fine the way it is, or that it works for my homelab or on my cellphone is a debate winning example. Dual stack with IPv6 as the assumed default and DNS based address and host resolution makes routing a complicated nightmare. Even simple hosts may have multiple IPv4 and IPv6 addressed to track. That wouldn't be much of a problem, but the dolts that built this mess didn't specify how all the different parts and players would exchange information.

      So your going back to your phone that works so well. A phone can be a hotspot, has bluetooth, NFC, usb, and wifi connections, all of which can provide active network stacks. Now possibly look at dual sims is some areas, and satellite access is being added. The IPv6 stack doesn't define how it's supposed to coordinate and broker getting two cell carriers, a constellation of satellites in LEO, and your office wifi linked to two upstream fiber WAN links of it's own, none of which you control.

      Sorry to rain on you, because largely you are right that the sky isn't falling. IPv4 shouldn't be going anywhere, and IPv6 is great for giant swarms of devices and cases where NAT may introduce complications.

      But modern networking isn't simple, unless you intentionally ignore all the hard and complicated bits, and until we finish making the experience of running both stacks at once smoother can you blame admins for dragging their heels?

      1. catprog

        Re: No true scotsman says IPv6 is supposed to replace IPv4

        >So your going back to your phone that works so well. A phone can be a hotspot, has bluetooth, NFC, usb, and wifi connections, all of which can provide active network stacks. Now possibly look at dual sims is some areas, and satellite access is being added. The IPv6 stack doesn't define how it's supposed to coordinate and broker getting two cell carriers, a constellation of satellites in LEO, and your office wifi linked to two upstream fiber WAN links of it's own, none of which you control.

        What is your solution for this with just IPV4?

    2. Andy Mac
      Joke

      Re: The point of IPv6 isn't to make IPv4 go away

      So if the real problem is port exhaustion, we just need to up the port range to 32bits. Easy!

    3. david 12 Silver badge

      Re: The point of IPv6 isn't to make IPv4 go away

      No reasonable person ever said that IPv4 needs to be or will be replaced.

      I don't think that's being fair to the IPV6 promotors...

  11. Anonymous Coward
    Anonymous Coward

    Still not ready for prime time, and it's still always DNS

    Check out https://blog.apnic.net/2020/07/17/ipv6-and-the-dns-2/

    "If we accept the prospect of an IPv6-only Internet, we are going to have to take DNS over IPv6 far more seriously than we are doing now."

    While I think many of these problems will not be laid to rest until the backbone of the Internet (or at least a fast lane generation of it) supports jumbo frames, unresolved transport problems are baked into IPv6. We need to accept that breaking changes are required to fix them, and there is no incentive to wait until the existing IPv6 deployment is more prevalent.

  12. This post has been deleted by its author

  13. Kevin McMurtrie Silver badge

    Pressure from China?

    I can see that China wouldn't want everyone to have their own IP address. CGNAT ensures that all shared content flows through only a few approved and monitored systems. Maybe China promised to provide a few valid APNIC records in exchange for some IPv6 trash talk.

    Lots of points made in that article are nothing short of logically silly. The silliest is saying that we don't need IPv6 because we never ran out of IPv4 addresses. One could make an equally silly argument that IPv4 addresses are available because IPv6 is such a success.

  14. steelpillow Silver badge
    Unhappy

    Dynamic IP allocation

    I connect via a mobile provider. My home LAN connects to a router on my window sill. They NAT my IP. The visible one always resolves to "somewhere near London" - their gateway some hundred miles from where I actually live. It is dynamic. I have not bothered to test whether it is allocated to the router, their BS or their gateway. Sometimes it comes up v6, sometimes v4.

    The whole thing is such a filthy mess I can understand why IP is becoming sidelined. But it still has to be there, underneath the dynamic DNS mappings.

    Maybe the whole IP/DNS stack is becoming obsolete. We could do with something better than proxies and application-layer certificates to secure our transport layer.

    And speaking personally, it'd be nice not to have to write the leading part of a url path backwards.

  15. 'lil mouse

    So very tired

    Wow Geoff, can’t believe it’s the best part of 35 years since those early meetings with Ken in LaTrobe Street. I don’t know why you haven’t gone fishing by now. Wish I was.

    My vague reminiscences.

    We had an issues in that the children were not sharing nicely in the sandpit. Some kids had reserved lots of space in the sandpit – even if they didn’t need it, and some kids had no space at all.

    Yes, the sandpit needed to be bigger, but how the kids played in the sandpit was an issue as well.

    And remembering that all this took place back in the dawn of Internet-time. Many folks hadn’t yet formed the realisation that the Internet wasn’t just a plaything of universities – and in fact it wasn’t a plaything at all.

    So we had a co-operative network in the form of the Internet in which people were not co-operating. In those circumstances, the technology boffins who made up most of the decision-makers looked at the issue through their narrow lens and allowing for the levers they had available. Their solution was predictable, and it was what you would expect from technologists in the circumstances:

    "If the sandpit is too small and the kids keep bumping into each other – let’s make the sandpit infinitely big!"

    The shortcomings of the solution pretty soon became apparent.

    1 We may have a sandpit the size of Arrakis available to us, but all the cool toys were still in the old sandpit.

    2 The problem with having a near infinitely large sandpit is that that’s a lot of sand. Maintaining the sandpit is a problem in itself. A near infinite sized routing table brings its own issues and attempts to implement geographical constraints were always going to be doomed. Some of those content networks you allude to decided it was better for them to advertise 65,000 /48 routes on the IPv6 routing table instead of a single /32 and did so in the course of a day. Fun times.

    3 It turned out that there was whole lot of intellectual property developed around operating and securing IPv4, and many of the things found in IPv6 were a bit dodgy and not strictly comparable. Some features like mobility in IPv6 got buried before they ever really saw the light of day. Other features that folks suggested were a mandatory part of IPV6 were either turned off or worked around – meaning that many of the perceived benefits were not realised.

    4 Just like kiddies in the sandpit, industry muddled on in finding workarounds to many of the pressing problems. Along came NAT, along with a whole heap of products and features that did a good job of optimising that IPv4 traffic in situations where that was important. By the time that folks were talking about implementing IPV6 the workarounds were an entrenched part of the IT environment.

    5 It turns out that if you put 2 kids in a sandpit the size of the world, they will still find each other and they will still fight. Over something – anything. People are like that, and sometimes you can’t solve a social problem with a technical solution. Sometimes you need some carrots, and sometimes you need some sticks.

    6 With thanks to Douglas Adams, the Internet is not a flat universe. It is curved and in fact definitely bent. Some of us like portals, stargates, wormholes and all the other weird bits :)

  16. BinkyTheMagicPaperclip Silver badge

    Just doesn't seem as easy

    Recently I've finally worked against 'cobblers children are the worst shod' by setting up local resilient open source DHCP, DNS, and DDNS [1]. This is a prerequisite to run a local SAMBA active directory.

    The question before doing this is if I get IPV6 working first - it's good to learn new things, but I'm immediately running into a number of issues :

    No surprise, some of my devices are steadfastly IPV4 only. Especially embedded devices such as the HDMI switch. It wasn't cheap second hand, I'm not spending several hundred pounds to get an IPV6 one.

    The documentation is not as good or centralised. Look up pf documentation, and it has easy configurations for NAT that make IPV4 to my router pretty easy. It's not that IPV6 doesn't have the documentation, but it requires more effort, different sites, and reading around the subject.

    Both my ISP and my 4G backup are IPV6 enabled (on different networks), but I want to do this properly rather than half arse it, and have the IPV6 still work on the rare occasion I fall over to 4G. Therefore hard coding the FTTC ISP IPV6 allocation isn't a possibility, and I'll need to use a different local range and a mapping. I'm not saying it can't be done with router advertisements, pf rules, and a suitable DHCPV6 configuration, but with IPV4 I just need to NAT to the router, and the router handles the WAN side whether that's FTTC or 4G. I suppose tunneled/VPN IPV6 is a possibility too, but it seems an utterly ridiculous solution to tunnel IPV6 over IPV6, even if it works.

    Again, it's not insurmountable, but it's irritating enough to push into the category of 'I"ll look at it another evening' or 'this is designed around enterprise usage, not an overly complex home office'. Those reasons alone are enough to stop many people looking in the first place.

    [1] OK. The DDNS isn't fully resilient, that's on the todo list. Maybe Kea and BIND will sort that before I get around to it.

    1. MattAvan

      Re: Just doesn't seem as easy

      My scenario is that I am behind IPv4 CGNAT, and my ISP randomly assigns a fresh IPv6 prefix at router reboot. That latter fact immediately solves the problem of hardcoding IP addresses and then worrying about renumbering them, because I simply can't do that.

      Fortunately with my router running OpenWRT, it was rather simple to assign a fixed suffix to my server and open ports to it, so set up DDNS and I'm done.

      You can probably do something similar with failover. Avoid hardcoding the prefix, I mean.

      1. BinkyTheMagicPaperclip Silver badge

        Re: Just doesn't seem as easy

        Thanks - I'll take a look! Addresses from fibre are fixed, but from the dongle they'll vary. Router also supports RIPv2 and MLD, so I need to do some reading. A more capable router is also a possibility, as I can move to FTTP and get a new router as part of that - the current one is misbehaving anyway so it's overdue.

        Router is running whatever is built in (probably embedded Linux), but it's basically just routing. It doesn't support OpenWRT, I checked. Firewall is OpenBSD, other services run inside the network on FreeBSD.

        It was more a commentary that there's plenty of examples of using NAT to a firewall with IPV4, but as soon as IPV6 is introduced things rapidly move towards complexity and 'you should already know what you're doing', which won't really fly for home users.

        1. MattAvan

          Re: Just doesn't seem as easy

          I always avoid getting a router from the ISP if I can. In my case that means going with a smaller local ISP rather than a large company that rolls out its own routers (I'm in India, so that would be Airtel or Reliance).

          I'm using an ancient Netgear R6220 as router, plus a few Xiaomi AP's, all running OpenWRT. The ISP gave me a fiber modem (with no routing) when I asked nicely.

  17. Reality_Cheque

    IP6 isn't all bad

    Remember... if BT had been in charge, we would have IP6 addresses looking like 192.168.0.0.1

  18. CrazyOldCatMan Silver badge

    Configured IPv6 on my network..

    ..and accessing non-IPv6 websites got very slow as the IPv6 DNS returned NXDOMAIN and my Mac took ages to switch to using IPv4 lookup.

    So it's turned back off again.

    (And no - it wasn't trivial, even for someone that's been doing netwoking from the old NETBEUI days. Chameleon TCP/IP was not fun on a DOS 5 PS/2 - needed to do much config.sys hacking to get the drivers loaded without crashing.. And I've herded pretty much anything that end users users use and goes beep)

    1. Nanashi

      Re: Configured IPv6 on my network..

      That's not how "IPv6 DNS" works. Clients ask for both A and AAAA simultaneously, and asking for an AAAA record for a domain that's v4-only doesn't return NXDOMAIN, it returns NOERROR. DNS returns the same answers regardless of whether you query it over v4 or v6; "NXDOMAIN" tells you that the hostname simply doesn't exist, so there would be no reason to try asking another server over another address family when you get it.

      If your DNS server is returning NXDOMAIN for domains that exist then it's simply broken. Don't blame v6 for that; either fix the server or replace it with one that works. Disabling the entire protocol isn't a necessary or sensible response. Google run a popular public server you can use if you don't have one of your own.

  19. Sel

    Self serving nonsense is not science

    Someone in the pay of the arbiter of a scarce resource claims we don’t need to replace the scarce resource because cloudflare exists.

    Care to explain then why cloudflare put so much effort into moving clients to IPv6?

    Yes people consume more than they serve. That’s no excuse for silencing them behind CNAT so that his paymasters can milk more and more out of a limited address space.

    Claiming IPv6 doesn’t add any features over IPv4 is a giant red flag of either ignorance or manipulation of the ignorant. Given the source, it’s manipulation of the ignorant.

  20. Anonymous Coward
    Anonymous Coward

    HTTP/HTTPS only CDNs?

    "CDNs, he argues, rely on domain names, not IP addresses."

    he means HTTP/HTTPS-based CDNs rely on domain names (where the name is sent via TLS SNI or HTTP "Host" header).

    Not everything on the Internet uses HTTP/HTTPS. Other protocols may or may not make use of "service names" in a similar fashion - if they don't then they can't be used for multi-hosted/multi-tenant services using a shared IP address.

  21. Panicnow

    An Alternative reason why IPv6 hasn't been deployed

    The Internet stopped being an Internet when the first NAT was switched on!

    Security services HATE direct messaging. With NAT every connection can be logged at the carrier.

    1. Nanashi

      Re: An Alternative reason why IPv6 hasn't been deployed

      That has nothing to do with NAT. Every connection can be logged at the carrier with or without NAT.

  22. Siul72

    Is this some kind of AI deep fake? I don't believe that someone from the industry says that an IP is irrelevant. When it's said that DN or FQDN is what's matter, is said by someone that ignores the fact that DN gets resolved in to IP Adresse in order to the data packets travels around the network. Without IP that could be IPV4 or IPV6 there's no Internet!

  23. BPontius

    I am puzzled as to how this pseudoscientist uses only domain names without IP addresses, the domain names are only for human readability and by themselves give no destination or routing information for a router. We have been out of IPv4 addresses years, for Asia-Pacific since 2011, Latin American and Caribbean since 2014, America since 2015, African since 2017 and Europe, Middle East and Asia ran out in 2019, the only IPv4 addresses available are through web hosting services.

    The main reason for the slow migration to IPv6 has been the lack of IPv6 capable routers and the expense of replacement. especially in the U.S since profits come before all else they are in no rush to upgrade.

    The IPv6 address space and subnet size is mind boggling huge, a standard size /64 subnet assigned to an ISP is 18,446,744,073,709,551,616 IP addresses. Even four subnet sizes down at /48 gives 281,474,976,710,656 IP addresses. The total size of the IPv4 address space is 4,294,967,296.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like