back to article Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

Despite a decade of efforts, the rollout of IPv6 is still stubbornly sat at less than 25 per cent, in terms of internet traffic, with recent reports suggesting adoption may actually be leveling off. Among the reasons the world is not shifting en masse to the new addressing system, the most persistent is the fact that people …

  1. Anonymous Coward
    Anonymous Coward

    Where does the 4 to 6 interchange take place? Unless it is transparent to the customer's IPV4 router - and all the user's devices - then it will hit the understandable reluctance of customers to buy new kit for no apparent benefits.

    1. diodesign (Written by Reg staff) Silver badge

      "Where does the 4 to 6 interchange take place?"

      In the home router - thus keeping IPv4 within someone's house and leaving the carrier network IPv6-only.

      In the US, cable companies rent out their home gateways. They'll just send out new ones, we guess.

      C.

      1. JohnFen

        Re: "Where does the 4 to 6 interchange take place?"

        "In the US, cable companies rent out their home gateways"

        Yes, but an increasing number of people aren't renting them -- they're buying their own in order to stop having to pay the extra fee.

        1. Fatman

          Re: "Where does the 4 to 6 interchange take place?"

          <quote>Yes, but an increasing number of people aren't renting them -- they're buying their own in order to stop having to pay the extra fee.</quote>

          And I am one of them

          Fuck Time Warner Brighthouse Spectrum, and their fees for a shitty modem.

          1. tom dial Silver badge

            Re: "Where does the 4 to 6 interchange take place?"

            It really does not matter whether the cable modem supplied is good or bad. The best they (e. g., Comcast, in my case) will recognize costs as much to rent for a couple of years as it does to purchase. That's for one that will do the phone as well; I suspect the case for purchase is even better for just the modem.

            1. JohnFen

              Re: "Where does the 4 to 6 interchange take place?"

              " I suspect the case for purchase is even better for just the modem."

              It is, at least in my case. I paid about $100 for my cable modem and returned the one I was renting from Comcast for (I think) around $10/mo. I've never looked back.

          2. FrankAlphaXII

            Re: "Where does the 4 to 6 interchange take place?"

            I'm one of them too, and you have it good on Outhouse Spectrum. I moved from Central Florida where Outhouse Spectrum was the king, to Central New Mexico and we have this abomination of a company called CableOne in the bastion of idiocy that is Rio Rathole. Place has a huge Intel plant (the one where the ex-CEO was fucking a tech) but you get to pick between CenturyLink and their early 2000's speed but late 2010's prices ADSL or CableOne, and they both suck.

            I apparently used too much data over the span of three months so they jacked my price up to 100 bucks a month for god awful service. I never thought I'd WANT to be abused by Spectrum or Comcast, then I had to deal with CableOne. Almost makes me want to move a mile down the road to Albuquerque just to get Xfinity, but I worked for NBC Universal for a long time and me paying them seems backward to me.

            I sure as hell won't pay CableOne to rent shitty equipment for an extra 20 bucks of robbery a month.

            ETA: I finally have my badge back! It only took like two years, but hell, thanks Drew! Not letting that happen again, losing it that is.

            1. kain preacher

              Re: "Where does the 4 to 6 interchange take place?"

              I feel you. I made the mistake and signed up for mediacom(con). They charge you $5 to use their cable modem. $5 a month to turn on Wifi and $5 a month to have access to the modem. Seriously if you type ion 192.168.1.254 it redirects you to page that says pay $5 to have access or pay $5 every time you want to do some thing like change the password to the wi fi. They have a strict 1 gig cap . Oh here is the kicker if you do a trace route you find out that every thing is going through comcast first. That's right they are using comcast network but comcast is not available here.

              In a 2016 telecom report conducted by ACSI, Mediacom occupied last place in customer satisfaction among all companies in the ACSI, regardless of industry.

              1. Danny 14

                Re: "Where does the 4 to 6 interchange take place?"

                I thought Dell Sonicwalls have been doing this for years. I know my 2650 will let me do something similar, it will let me have an internet routable IPv6 address sit on the firewall and map or encapsulate an IPv4 internal server IP to that address. so the ISP can give me a bunch of IPv6 addresses and I can route the "external" (I say external, meaning these are from the ISP) to the internal IPv4 only server.

                I don't do this as I don't have an IPv6 presence at all, I have a /29 and am happy with those.

      2. Anonymous Coward
        Anonymous Coward

        Re: "Where does the 4 to 6 interchange take place?"

        "They'll just send out new ones, we guess."

        What benefits do the ISPs get from such a presumably expensive exercise?

        The issue of IPV6 always seems to come down to "what's in it for me?".

        1. Anonymous Coward
          Anonymous Coward

          What's in it for me?

          I'm not sure what the ISPs get out of it, but they're the ones who would have to drive the IPv6 transition outside areas where it is a foregone conclusion due to a lack of IPv4 blocks.

          It sure as hell isn't going to be end user demand that makes it happen, because no matter how smooth and easy the transition can be made there's zero incentive for end users to make the switch. If the ISPs don't have the incentive to do so it would require some sort of higher authority like ICANN or the UN or Facebook twisting the ISPs' arms.

        2. PyLETS

          "what's in it for me?"

          'The issue of IPV6 always seems to come down to "what's in it for me?". '

          If you don't care about the feudalisation of the internet and serfdom in respect of having no effective ability to influence or decide who knows what about you, then IPV6 has little to offer you. Efforts such as the Freedombox will come to nothing without the ability to install within networks which allow both client and server connections.

          The alternative is continued degradation of the Internet in which most connections are client only, due to address starvation, in which getting anything done requires giving all your data away to cloud providers who mediate all your connections and sell the data they gather in the process to the highest bidder.

        3. bombastic bob Silver badge
          Flame

          Re: "Where does the 4 to 6 interchange take place?"

          An IPv6 tunnel is another "temporary" solution for IPv6. But it seems to work well for me.

          And as long as your IPv4 machines can [at least temporarily] map to an IPv6 address through the router [or wherever] it should work just fine. And I don't see IPv4 devices disappearing any time soon, especially when a lot of 'el cheapo' and legacy devices [and experimenter boards, etc.] only support IPv4. "A method by which these devices can connect" is a good thing.

          One IPv6-related problem I'm seeing RIGHT NOW is the lack of _PROPER_ IPv6 glue support, even from MAJOR registrars. I have a particularly suffixed domain name that's not '.com' '.org' etc. and it's registered (inexpensively I might add) from "the biggest registrar" [no need to mention names but it starts with 'Go']. A few years ago I wanted to set up IPv6 glue for it (i.e. an IPv6 address that points to the name server, not just IPv4), if for no other reason than to get 'guru' level on he.net's certification along with a nice T shirt. Well, it wasn't supported back then, and _STILL_ is not supported, as of last week! I can only point the domain name to an IPv4 address, which means IPv6-only won't be able to access it. They _CLAIM_ to have "glue" support but when I try to get support, it's like "we do not support IPv6 addresses for DNS servers that we don't host" - in other words, PAY THEM EXTRA to get the IPv6 glue support.

          THAT isn't how you promote IPv6. It also *BREAKS* any scheme of an IPv6-only connection to 'teh intarwebs'. This is the fault of the LAZY/CHEAP REGISTRARS, from either "being too cheap" or trying to STRONGARM PEOPLE into paying EXTRA so *THEY* host your DNS server (instead of YOU).

          Unfortunately I had just paid them to renew the name, shortly before this discovery. Some time within the next 2 years I'll be looking for a competing registrar that WILL give me what I want. If they FIX it, I'll stick with them. If they do NOT I'll get another registrar. They need a series of clue-by-fours [most likely] before figuring out how WRONG it is to leave things as they are.

          1. onefang

            Re: "Where does the 4 to 6 interchange take place?"

            https://www.anonymousspeech.com/ had no problem adding DNS records for the single IPv6 address my server company handed to me. https://freedns.afraid.org/ already had infrastructure in place for doing the same for the freebies I use for other peoples freebie web sites on my server. My home ISP reminded me that they had handed me several GAZEEEELION IPv6 addresses, and would be happy to let me setup my own DNS servers, then delegate to me. Something I was thinking about doing anyway, for other reasons. No extra charge from any of them.

            "They need a series of clue-by-fours"

            I think you mean clue-by-sixes.

          2. JohnFen

            Re: "Where does the 4 to 6 interchange take place?"

            "from "the biggest registrar" [no need to mention names but it starts with 'Go']"

            GoDaddy has a very well-deserved reputation as a terrible registrar. You might have better results with someone else.

          3. John Brown (no body) Silver badge

            Re: "Where does the 4 to 6 interchange take place?"

            "They need a series of clue-by-fours"

            Shirley what they need is a series of Glue-by-sixes?

        4. Roland6 Silver badge

          Re: "Where does the 4 to 6 interchange take place?"

          >What benefits do the ISPs get from such a presumably expensive exercise?

          Well I can see the mobile networks with 5G on the horizon, greatly benefiting from going IPv6 only.

      3. guyr

        Re: "Where does the 4 to 6 interchange take place?"

        diodesign: "In the home router - thus keeping IPv4 within someone's house and leaving the carrier network IPv6-only."

        That's what I would hope, but is it true? I took a look at the RFC linked in the article:

        https://tools.ietf.org/html/rfc7596#section-4

        Look at the block diagrams in section 4. Looks like only the connection between the subscriber and the ISP is IPv6. The ISP sends the received packets out to the "IPv4 Internet". Perhaps this is just a typo in the RFC? Pretty glaring, seems like this would have been caught in editing. If this is truly the case, then I don't see this as much progress.

        1. JohnFen

          Re: "Where does the 4 to 6 interchange take place?"

          I'm not seeing what you're seeing. The user endpoint in those diagrams is "IPv4 LAN". It shows the "IPv4" internet because that's an important part of the use case -- but I don't see anything in the RFC that says you have to have that translation step. I think if you're talking to an IPv6 internet destination, then you just omit that translation step.

        2. Yes Me Silver badge

          Re: "Where does the 4 to 6 interchange take place?"

          You've missed the point - because there are still lots of IPv4-only sites, the traffic needs to be sent onwards over IPv4. As those sites progressively add IPv6 support (hello The Register, are you listening?), users won't need this as much, but as long as there's a single IPv4-only site in the world, this feature is needed.

    2. Anonymous Coward
      Anonymous Coward

      Ideally it would happen in the cable modem / DSL modem, which would make it transparent to the customer's router. If the customer uses an ISP supplied modem/router combo, then the customer visible part could only expose the IPv4, not the ugly IPv6 underbelly.

      This type of solution might actually make me grudgingly go along with IPv6. I sure as hell see no reason why I'd want to my home network to be IPv6 - a lot of extra complication and hassle for zero benefit - so keeping it IPv4 but encapsulating my traffic as IPv6 when it goes to the internet should be OK.

      1. JohnFen

        This is my thinking as well. I would be unhappy if I have to rejigger my home network to be IPv6, but a solution like this that mitigates that is fine.

      2. jarfil

        IPv6 at home has two main benefits:

        * Automatic IP assignment without DHCP servers.

        * Ephemeral per-app IPs.

        It's essentially security through obscurity, but it makes it difficult to scan your network when the IPs change from day to day.

        1. onefang

          "It's essentially security through obscurity, but it makes it difficult to scan your network when the IPs change from day to day."

          I get an email from Netflix each time I log in, telling me that some new computer they have never seen me log in from has recently logged in, and that changing my password might be a geed idea if I don't recognise that computer. I'm IPv6, Netflix is IPv6, their IP checking code is still a bit behind the times.

          1. eldakka

            > I get an email from Netflix each time I log in, telling me that some new computer they have never seen me log in from has recently logged in, and that changing my password might be a geed idea if I don't recognise that computer. I'm IPv6, Netflix is IPv6, their IP checking code is still a bit behind the times.

            More often than not that is done via cookies or similar technology (if using a non-browser based client).

            So if you login via a browser but you have cookie blockers, or regularly clean out cookies, it'll see the browser as a new "PC" because their persistent cookie is no longer there.

            1. onefang

              "So if you login via a browser but you have cookie blockers, or regularly clean out cookies, it'll see the browser as a new "PC" because their persistent cookie is no longer there."

              Nope, it's not cookies in my case. I use Chrome specifically for Netflix, without my usual filters and such in place, and no other protections. Mostly coz A) Netflix wont run on anything else under Linux, B) I get Netflix quota free in this land of expensive Internet and my usual filtered browser proxies everything via Europe, which would bypass the quota freeness.

              1. kain preacher

                I've found that netflix works best with edge. I've found from time to time it has weird issues with other browsers especially chrome.

                1. onefang

                  "I've found that netflix works best with edge."

                  Edge doesn't run too well on that Linux desktop I mentioned. And ever since Windows 10, I'm not letting my test boxes Windows 8.1 partition anywhere near the Internet without an armed chaperone and a straight jacket. Safer that way for all concerned.

                  1. kain preacher

                    Well that's another fucked thing I've noticed Netflix seems to prefer windows. I get those login from different computer when I'm on mint I get those notices but not on windows 10, I've also noticed that I have to manually select 1080 in windows if i'm not using edge .

                    1. jelabarre59

                      Well that's another fucked thing I've noticed Netflix seems to prefer windows. I get those login from different computer when I'm on mint I get those notices but not on windows 10, I've also noticed that I have to manually select 1080 in windows if i'm not using edge .

                      Come to think of it, I can't remember the last time I used any of my Linux machines to watch Netflix; usually I'm using the Roku, PS3 or my Android tablet (and if I happen to be booted to MSWin, it's only for long enough to run some specific task, I won;t be kicking back to watch videos). Crunchyroll runs fine under Linux, but their systems are so far behind the curve I'd expect them to the the last streaming service to support IPv6 (not because they hate it, but because their technical expertise is lacking).

            2. JohnFen

              "More often than not that is done via cookies or similar technology"

              Netflix may use cookies as well, but they definitely do IP address tracking for this.

              1. Yes Me Silver badge

                they definitely do IP address tracking

                Not only Netflix. Gmail, for example, treats frequent IP address changes as suspect*. They seem to have improved a bit recently in how they handle IPv6 privacy addresses, but it can still be a problem.

                *Tunnelbear into the UK and they tell you that somebody in Slough has got your password. But that's only IPv4 since Tunnelbear isn't doing IPv6 yet.

                1. onefang

                  Re: they definitely do IP address tracking

                  "Not only Netflix. Gmail, for example, treats frequent IP address changes as suspect*"

                  Which is why I gave up using Tor for gmail. I use a proper email client not their web front end, and have fetchmail log into gmail every couple of minutes to see if I have new email. You can imagine how Tor would trigger an gmail complaint email every couple of minutes. Though I guess that would ensure there is at least one email to collect each time.

                  I'm going with another fix for that problem, weening myself off gmail.

          2. Alistair
            Pint

            This, and my cannon printer are the reason we're still dual stack.

        2. JohnFen

          "IPv6 at home has two main benefits"

          Those two benefits are tiny, though. If that's the selling point for IPv6 at home, I think the cost/benefit ratio doesn't make it desirable for very many people. IPv6 has a clear benefit for outfits that run large networks, not so much for home users.

          1. Yes Me Silver badge

            main benefit

            The main benefit is that if the ISP has no more IPv4 addresses, you still get connected...

      3. Yes Me Silver badge

        What extra complication?

        ..."no reason why I'd want to my home network to be IPv6 - a lot of extra complication and hassle"

        Really? Do you have any internal routers? If not, there's no hassle, it just works. If yes, once they have HNCP support, there's no hassle, it just works.

  2. Mayday
    Go

    Looks good

    I'll need to read the RFC now :)

    Offhand (without reading said RFC yet) the only drama I can see would be overhead caused by MTU issues with the extra bytes added to packets from the tunnelling and shit networks fragmenting and/'or dropping. But let me read the RFC first :)

  3. Duncan Macdonald
    Thumb Up

    Big advantage

    It will get up the nose of the ivory tower evangelists who believe in everything IPv6 with all its unnecessary bells and whistles. This seems to be a pragmatic way to make IPv6 behave as it should have been designed - an addressing extension only.

    (The use of NAT will especially upset the IPv6 evangelists.)

    1. Lee D Silver badge

      Re: Big advantage

      NAT and IPv6 were always entirely unrelated.

      Only stupid people thought that NAT wasn't the ideal way to transition - convert your NAT gateway to IPv6, bang, job done and no more internal changes required until you wanted to.

      The confusion of the two is EXACTLY what held back adoption and instead... ironically... resulted in Carrier-Grade NAT at the ISP in order to keep things moving.

      P.S. Maybe The Reg could read the article linked themselves? Because they keep SAYING they're doing something about IPv6 but I've yet to see any movement.

      1. Nanashi

        Re: Big advantage

        > Only stupid people thought that NAT wasn't the ideal way to transition - convert your NAT gateway to IPv6, bang, job done and no more internal changes required until you wanted to.

        You can of course do this -- it's generally the first step in transitioning a network -- but how will your machines get access to v6 without resorting to a proxy?

        If you didn't manage to think that far ahead, then perhaps calling the people who did stupid is a bit unfair to them.

        1. Lee D Silver badge

          Re: Big advantage

          All your major services are now proxied through the 4&6 machine at the boundary. All your external connections, webmail, remote, VPN, etc.

          If your ISP says "no more IPv4 for you", it doesn't matter.

          Internally, you then have ALL THE TIME IN THE WORLD to upgrade, and if you're using web proxy etc. then it's quite seamless. But all your customers and outside services are already up and ready.

          You can now deploy 4 machines. 6 machines. 4&6 machines. It literally doesn't matter. You can move services one by one. But your outside customers (e.g. visits to your website) can use both from the second you do it, and your external IPs number... 1 of each.

          Your internal workings, IP's, etc. literally don't matter. That's the beauty of NAT.

          But what you were telling people was "You have to give every machine, server, printer, phone, etc. a world-routable IPv6 address, from day one, and configure your systems securely to allow that. Oh and NAT IS EVIL AND YOU HAVE TO DESTROY ALL TRACES". That was ALWAYS nonsense. You leave them exactly as they are, IPv6 the gateway, leave everything else on IPv4 NAT and then everything else is done at your leisure.

          Say The Reg had done that? They could just add "IPv6 compatibility" to their front page and all their clients would be happy and think they were "cutting edge". They could be using IPX internally, nobody cares.

          1. Nanashi

            Re: Big advantage

            > All your major services are now proxied through the 4&6 machine at the boundary. All your external connections, webmail, remote, VPN, etc.

            Well, yes, that would do the job subject to the usual limitations of proxies, but you said "bang, job done and no more internal changes required", yet migrating your entire network to using a proxy is actually a pretty big disruption -- far, far bigger than just adding v6 to it.

            > Your internal workings, IP's, etc. literally don't matter. That's the beauty of NAT.

            The NAT which you're abandoning in favor of proxying?

            > But what you were telling people was "You have to give every machine, server, printer, phone, etc. a world-routable IPv6 address, from day one

            I don't think I said this. Like I said, the first step in a transition is to get v6 to your border router. But you cannot just sprinkle NAT around like magic pixie dust and have everything somehow work right -- there is no room in the v4 packet header to fit a v6 address, so a v4-only machine on your network is only going to be able to reach v4 hosts, regardless of any other hosts the router itself can reach. That's why the next step in the transition is generally to give your machines v6 addresses (and I note that this doesn't need to be done to every machine at once -- it's perfectly okay to have a mix of v4-only, v6-only and dual stack machines on your network, if that satisfies your desires).

            > IPv6 the gateway, leave everything else on IPv4 NAT and then everything else is done at your leisure.

            This is roughly a good description of how deploying v6 already works. You do, in fact, control when each step in the deployment happens. It's just that the first step is not the only step that is necessary to get v6 connectivity to your end machines -- and if you don't like that, then you need to complain to the people who designed v4, because it's v4's lack of forward compatibility that prevents it from reaching v6 hosts.

            > What's wrong with proxying? It can be done in a way that is transparent to everyone behind the router.

            I didn't say it was wrong, it's just that people seem to strongly prefer routed network connectivity over proxying. As a side note, I don't see how you can transparently get a v4-only host to pack 128 bits into v4's 32-bit destination IP field.

            1. Danny 14

              Re: Big advantage

              any decent stateful firewall will happily let you set up ACLs and routings for IPv4 to IPv6. Dell Sonicwalls have let you do this for years, same as Juniper, Palo Alto etc. I imaging if you want to homebrew the pfsense will do this, just set the "IPV4" side as your gateway and let the magic happen within pfsense (having a the ipv6 side connect to your modem/router)

            2. JohnFen

              Re: Big advantage

              "I don't see how you can transparently get a v4-only host to pack 128 bits into v4's 32-bit destination IP field."

              I don't understand this comment -- why would this be necessary? When using NAT to traverse from an IPv6 internet to an IPv4 server, there's no need to pack 128 bits into an IPv4 header. The NAT layer does the necessary translation, and there's not a need to have the IPv4 address contain any information about the IPv6 address at all.

              The bigger issue is if you're in IPv4-world and want to talk to an IPv6 address. That's when you need a proxy (or other solution).

              1. Nanashi

                Re: Big advantage

                Because the suggestion was to get v6 to the router and not to the machines behind it. The machines behind the router would fall into the situation in your last paragraph.

                1. Danny 14

                  Re: Big advantage

                  The bigger issue is if you're in IPv4-world and want to talk to an IPv6 address. That's when you need a proxy (or other solution).

                  Not really. Like I said earlier, any decent firewall will sort this out for you:

                  server 10.10.10.100 runs IIS. Your ISP has only given you IPv6 and you are too old skool to enable IPv6 on your server and give it an address. Don't worry, your stateful firewall will happily ACL route your external IPv6 to 10.10.10.100

                  if you mean the other way around then hurricane electric are your friend.

                  Sonicwalls have been doing this for years, pfsense can do this too. Never mind blackguards and palo altos. I believe that ubiquiti edge routers cannot NAT64

                  1. Nanashi

                    Re: Big advantage

                    NAT64 works nicely for getting a v6 client to talk to a v4 server. It's the other way around that's a problem.

                    I assume by HE you're referring to their 6in4 tunnels, but those don't help here because a) you need a public v4 address for those, b) the suggestion was to avoid deploying v6 to your machines, but deploying v6 to your machines over a tunnel is still deploying v6 to your machines, and if you're going to do that then why not just do it natively?

        2. JohnFen

          Re: Big advantage

          "how will your machines get access to v6 without resorting to a proxy?"

          What's wrong with proxying? It can be done in a way that is transparent to everyone behind the router.

      2. gnarlymarley

        Re: Big advantage

        . . . convert your NAT gateway to IPv6, bang, job done . . .

        I guess you could do this. I have been using NAT6 since for more than seven years now and it does work, but the mail goal of IPv6 is to get away from NAT. Also, interesting that there are DSL/cable modems that have NAT6 build into them. For me, it was easy. Find the RFC1918 equivalent IPv6 addresses (RFC4193 addresses), enable a firewall/NAT6 software, and then browse the internet. I mean if you really really want to put NAT into the IPv6 world, you can do it, but it is just easier to get a block now that some ISPs are handing them out.

        (side note: My ISP acquired a class B IPv4 block and stated at the time there was no need to go to IPv6. So, I got a tunnel instead. Now that the tunnel servers are going away, it maybe time to change ISPs or else just use IPv4 as the monopoly ISP hates IPv6.)

        1. JohnFen

          Re: Big advantage

          "but the mail goal of IPv6 is to get away from NAT"

          It is?

          I thought the main goal of IPv6 was to increase the pool of possible IP addresses. That would get away from NAT in terms of using it as a stopgap measure to cope with the address shortage, but NAT has many uses aside from that. So, in my mind, anyway, getting rid of NAT isn't a goal of IPv6 at all (let alone a main one). The main goal of IPv6 would, as a side-effect, remove the need to use NAT as a band-aid, though.

        2. jelabarre59

          Re: Big advantage

          but the mail goal of IPv6 is to get away from NAT. Also, interesting that there are DSL/cable modems that have NAT6 build into them. For me, it was easy. Find the RFC1918 equivalent IPv6 addresses (RFC4193 addresses), enable a firewall/NAT6 software, and then browse the internet.

          Seems though you are only seeing ONE usage of NAT on internal networks; supporting multiple connections on a single external IP address. Having worked at various test/development sites, assigning groups of addresses (IPv4 in these cases) to specific functions means you know just what address does what, Getting some generic block from an ISP means you end up just assigning random addresses to machines, and lose that segmentation. And it's not like that humongously-long gibberish that is an IPv6 address will EVER be readily remembered.

          So even if you were assigning IPv6 addresses internally, you would still want NAT simply to assign logical subsets of addresses (and you could define them in readily-memorized groupings/formats YOU assign).

          1. Nanashi

            Re: Big advantage

            Uh, you can still subnet v6, you don't need NAT for that. You're expected to get a /48 (or at minimum at least a /56) which you split into 65k (or 256) /64s. You're not going to lose your network segmentation.

            As an example:

            2001:db8:42:1::/64, 2001:db8:42:2::/64, and 2001:db8:42:3::/64

            And these are more readily memorized than the v4 equivalents:

            203.0.113.42+192.168.1.0/24, 203.0.113.42+192.168.2.0/24 and 203.0.113.42+192.168.3.0/24

            as you can see by the fact that one list takes up 50% more space.

            1. jelabarre59

              Re: Big advantage

              So you get handed a massively-oversized chunk of addresses, of which you would only use maybe 5% of. Even at 15-20%, that's still a sizable wastage. Which will mean in another 20 or 25 years, doomsayers will be telling us we need to migrate to IPv8 *NOW* or it will mean the death of the Ultranet...

              1. Nanashi

                Re: Big advantage

                Yes, you get handed a big block of addresses. That's by design. Aggregation and routing efficiency directly lead to high wastage; the reason v6 is 128 bits instead of 64 is to allow space for that. Wastage isn't bad, it's just a consequence of how we get the internet to run at scale without falling over.

                There are ~1.3 million /56s available per person on the planet. If ISPs gave out /56s, then to use all of those in 25 years we'd need every human (not household; human) on the planet to sign up for a new ISP 140 times per day, and never cancel the old ISPs. When was the last time you signed up for a new ISP? Was it ten minutes ago? Did you keep the old service? And the 1 million services before that too? Probably not.

                /48s changes it to once per week, and I completely ignored non-end-user networks as well as wastage inside ISP networks. Even so, it's hard to imagine how we could be looking at running out in 25 years. If you think we will, then you haven't got your head around just how big v6 is.

                And even if we do somehow run out, those numbers above were for 2000::/3. There are still 5 unused /3s we could start over in with tighter allocation policies, if we needed to.

  4. Anonymous Coward
    Coffee/keyboard

    Throw caution to the wind and it will fall upon someone else

    {cockyfucious}

    Just do it and Give people what they want -> IvP4 at home.

    IvP6 always did encompass IvP4 anyway, Microsoft had tunneling already on many computers via Win8.1+ or updating.

    If my Router NAT's to IvP6 that's fine but I want the discontinuity of IvP4 at home so hackers will not have easy access when all the internet is connected via IvP6, and I don't want my devices identity encompassed in IvP6 either as it makes me easier for hackers and other pernicious actors to locate.

    After commercialisation and Gov manipulation much good does not follow the original idea, or its perceived beneficial outcome.

    1. jarfil

      Re: Throw caution to the wind and it will fall upon someone else

      Use ephemeral IPs with your IPv6, Windows does so by default and you can set it up in your other OSs too.

      1. eldakka

        Re: Throw caution to the wind and it will fall upon someone else

        > Use ephemeral IPs with your IPv6, Windows does so by default and you can set it up in your other OSs too.

        That sounds like more work than setting up a NAT.

        With NAT, just configure router. With ephemeral IPs, set up each computer to use them, then after each Windows update when MS resets your preferences back to want it wants (i.e. greater track-ability) you have to go through all of them and check the config.

        One place to configure (router for NAT) vs Np places to configure for ephemeral IPv6 (where N=number of your computing devices - computers, appliances, IoT (/shudder), smartphones, tablets, games consoles and p=number of patch cycles experienced).

        Of course, if ephemeral can be set up via DHCP then that'd ease the task a lot.

        1. Nanashi

          Re: Throw caution to the wind and it will fall upon someone else

          Actually, Windows uses them by default. The main thing that doesn't is Linux without network-manager. I'm not sure if you're now going to praise Microsoft for doing the right thing and criticise Linux, but there you have it.

          > as it makes me easier for hackers and other pernicious actors to locate.

          You are, of course, harder to find on v6 because the search space is much larger. Other people's insecure IoT kit (because I know nobody on El Reg would run any of that stuff, but there are people out there who do) is also harder to find, sufficiently so that random network scanning is unlikely to remain a viable infection technique on v6.

          Also, NAT has nothing to do with security and you don't need (and cannot use!) it to control inbound connections to your network. If you don't want people connecting, just don't configure your firewall to allow them to connect. v6 does not magically make your network impossible to secure.

          1. eldakka

            Re: Throw caution to the wind and it will fall upon someone else

            > Actually, Windows uses them by default.

            Today.

            If you rely on the O/S defaults to configure this, you are opening yourself up to a world of hurt for when the vendor changes their mind on what their defaults are.

          2. JohnFen

            Re: Throw caution to the wind and it will fall upon someone else

            "'m not sure if you're now going to praise Microsoft for doing the right thing and criticise Linux, but there you have it."

            Huh? No criticism or praise is due either OS for this. They are both reasonable defaults.

          3. JohnFen

            Re: Throw caution to the wind and it will fall upon someone else

            "NAT has nothing to do with security "

            Security isn't its design goal, but it does enhance security on an IPv6 system by obfuscating the number of devices sitting behind the NAT. IPv6 has nothing that can accomplish that.

            1. Nanashi

              Re: Throw caution to the wind and it will fall upon someone else

              Other than privacy extensions, and 64 bits of address space per network, you mean? You can't exactly just enumerate a v6 network to count the number of hosts in it.

              Also, do I really need to point out that knowing the number of hosts on the network does sod all to the security of it? If it's secure then it's secure, and if it's not then obfuscating the number of hosts isn't going to help. You should spend that time and effort on making it secure.

              1. JohnFen

                Re: Throw caution to the wind and it will fall upon someone else

                But NAT does obfuscate which machine is accessing which server on the internet. Obfuscating the number of nodes behind the router does provide some amount of additional security (although you're correct, it's a small amount), and every little bit helps.

                And note that I'm using "security" in the larger sense, not just in terms of preventing network penetration. Minimizing as many data points about my network and the machines behind my router is important to informational security -- that is, its important in terms of minimizing the effectiveness of surveillance by my ISP and the internet locations I access.

                1. Nanashi

                  Re: Throw caution to the wind and it will fall upon someone else

                  Privacy addresses also obfuscate which machine is doing what.

                  If you're trying to secure your machines, you should focus your time and energy on things that will be actually useful (like say, browser cookies, which are way more effective for tracking you than a randomly-generated IP address that changes every day). The only thing NAT will do for you is make your network harder to manage and reason about, which will consume effort that could've been better spent on something helpful.

                  1. JohnFen

                    Re: Throw caution to the wind and it will fall upon someone else

                    "Privacy addresses also obfuscate which machine is doing what."

                    To a limited degree. As I have pointed out numerous times, privacy addresses are a hack and an incomplete one at that. They're better than nothing, but not better than a NAT for endpoint obfuscation.

                    "you should focus your time and energy on things that will be actually useful"

                    Where did I say anything that implies that I don't do this?

                    "The only thing NAT will do for you is make your network harder to manage"

                    That's certainly not the only thing -- it also does obfuscation. Whether or not it makes a network harder to manage depends on the network. In my case, it doesn't make anything harder to manage at all.

                    1. Nanashi

                      Re: Throw caution to the wind and it will fall upon someone else

                      Then you aren't using NAT. The harder to manage part is a necessary consequence of rewriting addresses on packets mid-flight.

                      That, or you've been using it for so long that you see the difficulty as normal. Security is hard enough as it is without making life unnecessarily harder for yourself.

          4. Anonymous Coward
            Anonymous Coward

            Re: Throw caution to the wind and it will fall upon someone else

            Actually, Windows uses them by default. The main thing that doesn't is Linux without network-manager. I'm not sure if you're now going to praise Microsoft for doing the right thing and criticise Linux, but there you have it.

            No, NetworkMangler is soundly criticised by us Linux folks just as much as SystemDumb, (sometimes) PulseAudio, and Gnome3 are.

        2. Brian Scott

          Re: Throw caution to the wind and it will fall upon someone else

          eldakka:

          You do realise that setting up normal IPv6 addressing is actually easier than DHCP. DHCP is the hard way that we get to leave behind with IPv6 except for the really unusual corner cases.

          The router advertises the network prefix regularly on the wire (or when asked). The device picks a unique address on the local network (64 bits to play with and usually based on the MAC address) and away it goes. Easy. All your modern devices do this already. Windows has been doing it since XP but your router wasn't smart enough.

          The only exception might be a few really stupid IoT devices that have been developed by a work experience student and shouldn't be allowed on a network anyway.

          1. eldakka

            Re: Throw caution to the wind and it will fall upon someone else

            @Brian Scott

            You do realise that setting up normal IPv6 addressing is actually easier than DHCP. DHCP is the hard way that we get to leave behind with IPv6 except for the really unusual corner cases.

            The router advertises the network prefix regularly on the wire (or when asked). The device picks a unique address on the local network (64 bits to play with and usually based on the MAC address) and away it goes. Easy. All your modern devices do this already. Windows has been doing it since XP but your router wasn't smart enough.

            If you don't use DHCP, how do you tell your devices what DNS servers to use?

            But part of what you are describing is what I meant by:

            if ephemeral can be set up via DHCP then that'd ease the task a lot.

            Whether it is the current exact DHCP specification that I currently use for IPv4, or a DHCP-like (e.g., if IP v6 no longer calls it DHCP but something similar happens, e.g. "The router advertises the network prefix " would be in my book a DHCP-'like' service) what I meant was:

            1. device broadcasts asking for an IP address to use

            2. 'DHCP' server responds with:

            I. use these DNS server

            II. use ephemeral IP (i.e. DHCP tells the device some additional configuration attributes)

            III. Here's the prefix you have to work with

            3. device allocates IP address based on the provided prefix (however it does that to avoid collisions - I hope), and configures the DNS addresses and configuration (i.e. use ephemeral).

            4. device generates ephemeral addresses as needed based on what's it's been told to use via DHCP.

            i.e. I don't need to configure on each and every host to use ephemeral, because the DHCP (or whatever "tell host what IP prefix to use") system has already told the host to use ephemeral addresses.

            Also, if I don't use a DHCP server, how do I know what outbound addresses to use on my firewall? I don't allow ranges. I only allow specific individual IP addresses outbound so that rogue device's don't have outbound access if they appear on my network. If a device chooses a random IP address, even with a known prefix, it aint gonna have outbound (or inbound) access through my firewall.

            BTW - what is hard about setting up DHCP? Every router/gateway device I've used in the last 15 years has a DHCP server builtin, and it's piss-easy to use for basic home use.

            1. AJ MacLeod

              Re: Throw caution to the wind and it will fall upon someone else

              You can still use DHCP with IPv6, similar to how you describe; it really isn't at all necessary though.

              I've been playing with IPv6 for a little while now after a couple of decades of waiting for it to quietly go away... I must say that there are definitely some ways in which it's much easier than v4. Being able to simply use as many (potentially publicly routeable) addresses as you like on the same interface is pretty cool - you can easily have a different address for each service you run if you want.

              It does require a definite shift in mindset though which isn't easy when you've been used to the same system for all these years!

      2. JohnFen

        Re: Throw caution to the wind and it will fall upon someone else

        "Use ephemeral IPs with your IPv6"

        Ephemeral IPs halfway address the issue, but are certainly not a solution.

  5. -tim
    Meh

    So just like the network my phone uses?

    My phone uses an IPv6 only network but only hands its application an IPv4 address. We were heading in the direction of admin interfaces are IPv6 only starting about 3 years ago.

    Every once in a while I get sick of the tracking/ad/scam games and turn off IPv4 on my computer. It works much better for me most of the time and most important sites work fine (hint, hint, El Reg).

    The rollout of IPv6 in Oz is hampered by the fact that most of the competent IPv6 players were bought out and their new owners never had IPv6 working properly resulting in everyone using the overgrown cable tv network flavor of the NBN requiring ugly hacks to do IPv6 at all.

    1. Nate Amsden

      Re: So just like the network my phone uses?

      My phone is using CGN on at&t. According to android(4.4) my ip is 10.146.31.141. I have had wifi disabled for the past couple of years so they can't upgrade my phone.

      Perhaps att has an ipv6 network for mobile too not sure. Checking my wife's android 8 phone it is on the same ipv4 CGN that i am on. So clearly not device specific.

      With CGN i have never had an issue connecting to anything. Though I have never needed to connect into my phone from remote too. So in a nutshell CGN works fine no need for ipv6 for me anyway.

      1. Anonymous Coward
        Anonymous Coward

        Re: So just like the network my phone uses?

        I have had wifi disabled for the past couple of years so they can't upgrade my phone.

        Funny, I set up mine exactly opposite. I use WiFi (on trusted networks) and have Mobile Data disabled 99+% of the time (don't like getting the monthly reaming from the cell provider).

  6. solv

    If every CPE device still gets an IPv4 address, how does that solve the issue of running out of IPv4 addresses?

    1. Anonymous Coward
      Anonymous Coward

      If every CPE device still gets an IPv4 address, how does that solve the issue of running out of IPv4 addresses?

      RFC1918

  7. Warm Braw

    Among the reasons the world is not shifting...

    The biggest reason is that if you have an IPv4-only host (which may be due to the host implementation or to the constraints of your ISP) you have no way of communicating with an IPv6-only host (for example, one that has been unable to obtain an IPv4 address owing to there not being any). Anyone offering a public-facing service has to offer IPv4 and has no real incentive to offer IPv6.

    The solution to the "dual stack" problem is not some other kludge that allows IPv4 to persist even longer because it doesn't solve the problem of getting legacy systems to talk to IPv6-only hosts and that makes IPv6-only hosts generally unattractive (though they may be fine for private networks).

    Given that IPv6 was being actively pursued before even the emergence of Windows 95. you'd have expected that there would be very little IPv4-only kit out there by now, but that unfortunately seems not to be the case.

  8. kzorba

    Real world deployment at ISP in Greece

    For anyone interested, at RIPE76 we also did a presentation about a real world deployment in a production ISP network. It is available at https://ripe76.ripe.net/archives/video/30/

    1. Anonymous Coward
      Anonymous Coward

      @kzorba - Re: Real world deployment at ISP in Greece

      No, not an ISP.

      Show me a real world production deployment for a large multinational (no pure software like Google or Facebook) with mainframe or other 24/7 multi-site mission critical systems, thousands of applications on a variety of platforms and so on.

      Consumer home networks and ISP are easy. It's not that's holding back the migration to IPv6, it's potential impact on multi-billion dollars business.

  9. tonyw2016

    This is only part of a proper transition plan. However, the good news part is that it represents a move away from the "NAT is evil" mindset that has bedevilled the development of a proper transition plan.

    RFC7594 deals with the part of the problem where you have a local IPv4 network (i.e. almost everyone) and you need to communicate with another IPv4 network (hosting some server) over an IPv6 network.

    The other big bit of the transition problem is (hopefully) solved by NAT46 and DNS46 which should allow an IPv4 home network to use an IPv6 Internet with IPv6 native servers. The reverse: NAT64 and DNS64 also exist for anyone who has an IPv6 Home network. RFC 6144 "Framework for IPv4/IPv6 Translation" is a good starting point for further reading.

    All it needs is for ISPs to offer IPv6 - and to make legacy IPv4 a chargeable option...

    1. ntevanza

      NAT is not evil, but it will eat itself. My modest home router handles about 40k packets a second. Soon it will be 80k Eventually it will be a 800k. NATting that would be a baroque and bloody-minded computational overhead. Why delay the inevitable?

      I'm running dual stack on Deutsche Telekom. I don't know whether I have this lightweight thingy. Fixed IPv4s work fine locally. The additional effort is zero.

  10. Flakk
    Joke

    I'm Gonna Channel Hecubus on This One

    HECUBUS "No!"

    SIR SIMON MILLIGAN "But Hecubus, lw4o6 is a real world solution that can run on today's hardware! And it's open source!"

    HECUBUS "No!"

    [PREGNANT PAUSE]

    SIR SIMON MILLIGAN "Evil! Evil! Impolite and evil!"

  11. Mark in CA

    Performance?

    If the home router/gateway will be where all the packing/unpacking takes place, won't this put more of a load on the router? And won't that, in turn, will require routers to have more powerful (and expensive) processors with more RAM (expensive)? How will this affect over all router throughput and latency? Will it affect services like VoIP, streaming video, etc?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon