Whatever happened to IPv6?

[-]

Gamester17@reddit

Most IP-based IoT devices can use IPv6 and it is a requirement for the Matter standard which also uses mDNS over IPv6. So needed for home users too if want to use Matter ocer WiFi or Ethernet

[-]

AlexisFR@reddit

They are deploying it where it makes sense, the public internet. In private networks there is not much use.

[-]

TheCollegeIntern@reddit

And developers for certain popular applications

[-]

TheCollegeIntern@reddit

Yeah I remembering the reports people made about ipv6 and turning it off. Like really adamant for it to be turned off because it’s causing problems with their applications.

Maybe we’ll get there one day. Tbf to developers idk how much more complex it is to design for IPv6 maybe it’s a lot and it takes a different skillset for IPv6 than v4. Who knows but I feel they should get on it sooner than later.

Some vpns only support ipv4 and some if they support IPv6 it has to be dual stack. No IPv6 only. I think windows built in client VPN is one of them

[-]

SolarLx@reddit

[-]

Secret_Account07@reddit

Lmao this is amazing

I have numerous ipv4 addresses memorized. Terminal servers, IIS, different nodes, all kinds of stuff. Hell I still have a print servers and file share memorized from my desktop days 10 years ago

How will I memorize ipv6?

[-]

sparky8251@reddit

How will I memorize ipv6?

You dont... The entire spec is about self configuring and self healing at the network layer. Use DDNS, mDNS, DNS-SD, SRV records and the like so you stop caring about addresses and treating them as special when they arent, much like how the admin space moved from pets to cattle with tools like ansible for servers.

[-]

Ambitious-Profit855@reddit

As someone who is supposed to switch his local LAN to IPv6, how do I handle firewall settings when stop caring about addresses and move to DNS. So far, I put my devices into separate IP ranges (10.1. for network devices, 10.2 for servers/DMZ, 10.3 for IP cameras and so) and firewalled them off accordingly (e.g. IP cameras should not be allowed to connect to the Internet).

Do I not care about the retrieved IPv6 and place them in subnets, e.g. entrance.camera.home.net? Is that even supported by opnsense?

[-]

Ok... But in what ways is v6 actually more complex? The problem most people have is trying to make a v6 network behave like a v4 network.

Yeah, thats hard. They are entirely different networking philosophies and it shows with that pain of trying to put v4isms onto a v6 network.

Easy example... RAs and multiple IPs and gateways with preferences per v6 interface. Now you dont need to have 1 router per network, internal LANs can be much much cleaner. And for home users, WAN failovers can be SO much simpler now too.

Another? ARP isnt tcp, udp, or icmp you know? Its its own custom ethertype. It also layer boundary violates and exists on both layer 2 and 3. v6 replaced it with NDP and ICMPv6 and now we have a clean full layer 3 suite with a clean division between network traffic (ICMP) and data traffic (TCP/UDP).

The addresses being so huge allows for real fancy hierarchical addressing too that encodes info. Most companies get at least one /48 prefix, so they have xxxx:xxxx:xxxx:abcd::/64 and you can make the abcd all mean 16 individual things, or combine them. I can do like, a is 16 regions, b is 16 offices in each region, then c can be 255 VLANs per office. The alst 64 are just host stuff, and you can statically assign critical infra to fixed addresses. so the office VLAN DNS servers are always ::53 and ::5353 so then I can go xxxx:xxxx:xxxx:3:4:2::53 is "region 2, office 4, vlan 2, primary DNS server for VLAN". I dont even need to address memorize like that like you do with v4...!

v6 really isn't that complex, I swear. Its just that people are so used to v4 they think networking is v4 and its design choices.

[-]

Nexus19x@reddit

I’ll have to look more into it because I see the design allure of some of the cookie cutter possibilities that you gave. I can see that being a very strong design advantage in a massive environment where standardization is extremely important for manageability.

[-]

sparky8251@reddit

Worth considering theres actual legitimate benefits at the small scale too. ISPs are strongly recommended to give out /58s to even residential, but even some terrible ones give out /62s. Then you can do your own vlans expressed in the IPs, coupled with RAs and easier routing with multigateways and so on.

Home WAN failover is a lot easier with v6 too.

Theres also lots of other nice misc things, like broadcast is dead and multicast is now required by spec rather than optional like it was with v4 (and thus, no one even uses it on v4) and ARP is dead (and you shouldnt be using DHCPv6, but SLAAC) so all network control plane traffic is now in the ICMP protocol while data is now exclusively the domain of tcp/udp making monitoring a lot easier (arp wasnt any of those 3 and DHCP is UDP).

v6 isnt without flaws, but its not like people like to mischaracterize it either really. Its very well thought out and if we were a v6 only world things would be a lot better. And fun fact, v4 wasnt supposed to be used! It was experimental and exploratory to see if networking could even be done and it escaped the lab!

The decision to put a 32-bit address space on there was the result of a year’s battle among a bunch of engineers who couldn’t make up their minds about 32, 128 or variable length. And after a year of fighting I said — I’m now at ARPA, I’m running the program, I’m paying for this stuff and using American tax dollars — and I wanted some progress because we didn’t know if this is going to work. So I said 32 bits, it is enough for an experiment, it is 4.3 billion terminations — even the defense department doesn’t need 4.3 billion of anything and it couldn’t afford to buy 4.3 billion edge devices to do a test anyway. So at the time I thought we were doing a experiment to prove the technology and that if it worked we’d have an opportunity to do a production version of it. Well — [laughter] — it just escaped! — it got out and people started to use it and then it became a commercial thing.

[-]

AnnaPeaksCunt@reddit

cool, except the reality is the modern internet was developed using IPv4. Whatever the original intentions were don't matter. at all.

[-]

tigglysticks@reddit

except that statistically assigning is going against the recommendation and is what makes IPv6 hard, your own words.

And yet it's more fragile and complex.

Maybe try turning off your purist/elitist attitude while reading the spec.

[-]

sparky8251@reddit

I mean, I have? I implemented my own RA by reading the spec. Its trivial...?

[-]

tigglysticks@reddit

DHCP/RA isn't necessary in a IPv4 network.

[-]

patmorgan235@reddit

There is no such mechanism when everything is IPv6.

There absolutely is. Here are Google's DNS servers IPv6 addresses.

2001:4860:4860::8888 2001:4860:4860::8844

If you have your own public IP space you can do this with your address plan too. You can build even more information into your address than is possible with V4 because there's so much extra space.

[-]

tigglysticks@reddit

okay, memorize 100 different sets of those and then type them quickly on a numpad.

oh wait, theres no : or hex characters on the numpad...

[-]

AnnaPeaksCunt@reddit

all more complex and prone to failure.

[-]

wrosecrans@reddit

And even then, you can memorize one network prefix and have a few things set with basic easy to remember manually assigned static IP's. It's not like every single IPv6 address needs to have 128 bits of entropy. If it's really important to you to never write anything down, the actual per-node entropy you need to remember is pretty much exactly the same as the couple of IPv4's you typically remember on your corporate network.

agent-squirrel@reddit

Far out I hate split horizon DNS. I had to configure a record differently in both our private and external views the other day because of a stupid design decision.

[-]

p_jay@reddit

Printers, lol.

gif

Can you remember 2600::? It's an excellent target for ping and traceroute testing when DNS is down/flaky (see https://www.reddit.com/r/networking/comments/8hr3g7/til_you_can_ping_2600_for_a_quick_ipv6/).

Can you remember fe80:anything? That's an IPv6 link-local address, roughly analogous to 169.254.anything in IPv4 (except you always get an fe80: address, not just when regular address assignment has failed).

[-]

scytob@reddit

how uneducated do you think sysadmins are that you consider "knowing hexadecimal" is a flex?

this whole post feels like an alternate moronic universe.
especially since ipv6 use is widespread.

[-]

RubberBootsInMotion@reddit

Plenty of cashiers are intelligent people with bad jobs, and plenty of sysadmins are idiots that stumbled into an ok job. That's not the point.

[-]

TheCollegeIntern@reddit

It’s not basic math in America

[-]

As an example to your comment...

Alternate Math:

https://www.youtube.com/watch?v=Zh3Yz3PiXZw

8 years ago this was a joke... these days....

[-]

bobnla14@reddit

Basic math? Ha!

Basic is an ancient programming language.

Math is,well, numbers.

They're like Pokémon. The government is just hiding the herbs and spices that enable you to evolve them to planes.

I didn't know there were any of those left.

Okay, I do know if one, but we're not talking about that one here.

[-]

wolfmann99@reddit

Its not one youre thinking of, but we have an office in about 3200 counties in the U.S. including territories.

[-]

simAlity@reddit

Now, I am intrigued.

It sounds like what the guy did was: 192.168.1.0 192.168.2.0 192.168.3.0 192.168.4.0 192.168.5.0 192.162.6.0

As for your cores and firewalls this sounds completely normal you either are running a bonded core pair from your firewall in which case it’s normal or you are running two separate cores which actually sounds correct given you are running two private network schemes I’d imagine this is to physically separate the two networks.

It sounds like while potentially messy you are missing some information here

[-]

ofd227@reddit

No this was real life. Just got done burning it all down. Massive supernet with no vlans. Duel cores routed through a fire wall. VCenter routable to both networks.

Added a new core and OSPF took over and kaboom. The entire situation was a mess. A /8 on a network with less than a 1000 devices.

[-]

Nightslashs@reddit

Never said it wasnt real but I'm still not seeing the actual problem here beyond "it wasn't how I would have done it.". As a Security administrator obviously I have concerns for separating networks to prevent lateral movement but what you are describing doesnt appear to have resolved that. Nor do you seem to be addressing your concerns from a security perspective.

A /8 supernet with no VLANs for under 1000 devices is wasteful and not best practice, sure, but it's not "broken" it's just a flat network with way too much IP space. Inefficient? Yes. Non-functional? No.

Two private networks (10.0.0.0/8 and 192.168.1.0/24) being routed through a firewall between dual cores is literally just basic inter-network routing. That's normal? The firewall provides segmentation between the networks. You keep saying this like it's insane but that's just how you route between different subnets when you want firewall rules between them. Even if you were using both cores separately and mixed the 10.x and 192.x networks together the firewall should have been able to handle this no problem for 1000 devices.

Its sounds like youve done a great job cleaning this up but you really seem to not know what you are talking about. For reference I used to do the networking for a multinational company before switching to a security compliance role and managed several large scale networks you can see in my post history im still active in the fortinet ecosystem. While we werent the largest network in the world we did have 8 sites setup with a bonded core attached to a firewall allowing connection via the ipsec tunnel between all 8 sites. We are running a large number of devices which ofc from a security prospective we keep them separated for SOC2 and PCI but if those didnt exist running a 10.0.0.0/8 super net wouldnt cause any issues beyond the insane number of broadcasts that would be occuring and obvious overhead there

[-]

ofd227@reddit

I never said the firewall was acting as a firewall. It was acting as a third router. The problem with that design was everything was broadcast everywhere. It was immense network load. Add they connected all the endpoints using at the AS400 25 pair riser cables with RJ45 converters and installed a VOIP system it was bad. So any changes resulted in a network outage.

[-]

Nightslashs@reddit

This will be my last reply as this is getting nowhere but you again arent making any sense.

> It was acting as a third router.
> The problem with that design was everything was broadcast everywhere. It was immense network load

OSPF took over and kaboom.

In Australia only Telstra has IPv6 as default the rest are cgnat ipv4.

[-]

G4rp@reddit

In Switzerland is exactly the opposite.. all carries are using CGNAT

[-]

chocopudding17@reddit

NAT64

ozzfranta@reddit

Most of my Plex users (non-technical) that connect through their AT&T gateway use IPv6 without their knowledge. I also don’t get how some sysadmins are still so scared of it.

[-]

archiekane@reddit

IPv4 is very simple to understand whereas IPv6 is more complicated when you glance at it.

To many, it's the difference between trying to read the time with standard digits when you suddenly offer Roman Numerals that they've never seen before. It's still the same time, it just reads totally different. That's how I try to explain it to people that don't get the difference. It's still the same device, just a different address for it.

Breaking it down more than that can hurt people's minds, I've found.

[-]

Using it vs using ONLY it are different.

[-]

tigglysticks@reddit

This. 50% of the internet being IPv6 capable and having an address assigned doesn't mean it's being used.

[-]

bojack1437@reddit

..... Well if you used that metric it would be much higher than 50%...

This is Google and others seeing 50% of the client traffic that hits them being IPv6 And using it....

Also, clients by default use IPv6 when it's available and working.

[-]

tigglysticks@reddit

so google is 100% of the Internet now?

give your head a shake.

[-]

bojack1437@reddit

...... Did you miss the "and others"?....

Google's not the only one seeing these type of numbers for IPv6 adoption, and depending on regions and whether your services Target very specific regions, their traffic is much higher percentages.

But again, overall around the world from large heavy hitters such as Google, akamai, Facebook, and others they all basically agree. It's right about 50%

And again, your argument was devices having IPv6 And not using it, which again doesn't make any sense when you look at how these providers are getting that data because the clients would have to use it for the providers to get that data or mark them as having it.

[-]

tigglysticks@reddit

so... your argument is social media uses it thus it's valid?

I work with private hosters and ISPs. there's a lot more to the Internet than the publicly visible trash.

[-]

bojack1437@reddit

Now, you're just being purposefully obtuse considering only one of those is a social media company, and again there are others, those are what we call examples.....

[-]

tigglysticks@reddit

google absolutely is a social media company.

You're asking me to have self-control and you're the one using multiple accounts to respond to people who block you, and you can't take the hint that those people don't want to hear from you anymore.

Also, you're the one that's not communicating effectively because nothing you're saying is right in the first place by anyone's definition except your own.

I did. That's why I know you're not correct by society definitions.

Again you continue to respond, Which you could only do with this particular account after I had to unblock you to respond to your other account since Reddit does not allow responding to a thread with a blocked user in it.

Again, you're the one using multiple accounts to harass someone, clearly you're the one that has no self-control at all.

Also, again, I must highlight. You're the one who talked about people harassing others on Reddit, and claiming that's why you hide your post history, absolutely hilarious that you're now harassing people with multiple accounts, You're becoming one of the nut jobs that you talked about trying to hide your post history from.

Take your own complaint about others on Reddit to heart. Stop harassing people with your multiple accounts and shove off.

[-]

bojack1437@reddit

Plenty of cellular carriers use it single stack alone, More and more ISPs are moving that way, slowly but it is moving.

But dual stack also makes plenty of sense as well.

Remember it's easy to make an IPv6 only host talk to IPv4 only host via DNS64/NAT64/464XLAT, etc, the reverse is not the case.

Also, it's literally cheaper to provide IPv6 services than it is to provide IPv4 services.

[-]

Maverick0984@reddit

I feel like you didn't understand my comment.

[-]

OkWelcome6293@reddit

Deployment for deployment sake isn't the same thing as relying on it as first tier.

Almost every device on the internet today follows “happy eyeballs” where IPv6 is attempted first if available and only falls back to IPv4 if an AAAA record is not received in time.

No where near 50%.

It’s actually over 50% now.

https://stats.labs.apnic.net/ipv6/

Source: Deployed IPv6 at a tier 1 operator and have a couple of patents for IPv4 to IPv6 technology.

[-]

Maverick0984@reddit

3rd tme now. Not understanding. Deployment does not equal the same thing as required to work, which was my original point in my OP.

Cute. Must not have been very good at the engineering 👍

If selling stuff mKes you more money, then yeah, you should probably stick with that.

[-]

OkWelcome6293@reddit

As I said, I have patents on a technology that literally changed the IPv4 market and built the worlds largest IPv4 to IPv6 translation network. Imagine what I could do if I was actually good at engineering!

[-]

Maverick0984@reddit

lol, whole bunch of words for never understanding my original comment.

As I said, stick to selling things and let the engineers engineer.

[-]

OkWelcome6293@reddit

"Let engineers engineer" when you've built nothing relevant to the topic is the peak of irony.

[-]

Maverick0984@reddit

You have no idea what I've built. But I do know you never understood my original comment AND think 14 years is a lot of experience. Cute.

[-]

OkWelcome6293@reddit

"You have no idea what I've built". Yeah, because you keep dodging the question! Lots of people have decades of experience and nothing to show for it. I suspect you are one of those people given that everything you've said is wrong.

[-]

Huth-S0lo@reddit

As I said. I'm glad you're not a network engineer.

[-]

Maverick0984@reddit

4th time. Still not understanding.

[-]

OkWelcome6293@reddit

I understand the point you are attempting to make - you are still incorrect about the point.

[-]

Maverick0984@reddit

5th time. My original point is not correct my dude. Scroll up, think for a second. You moved the goal posts.

bojack1437@reddit

Do you not understand that it's literally a couple of clicks in a lot of gear, or a line or two of config, to make an entire IPv6 network behind a particular router capable of doing it?

So yes it is easy.

[-]

Maverick0984@reddit

lol, downvoted?

[-]

NoDoze-@reddit

Where did you get that 50% from!?!

[-]

chocopudding17@reddit

Google's numbers are the most commonly cited: https://www.google.com/intl/en/ipv6/statistics.html

[-]

bojack1437@reddit

https://www.google.com/intl/en/ipv6/statistics.html

Is one of the main ones, looks like it's actually bouncing right now between 44% and 49%, pretty close though.

There are other sources of IPv6 adoptions statistics as well.

[-]

Cheomesh@reddit

That would probably be the easiest example for places it's useful

[-]

Top-Perspective-4069@reddit

Not the person you responded to but pretty sure that's one of the applications where it's useful.

It doesn't bring any practical advantages to internal networks so that's one of the applications where it isn't.

[-]

And you don't understand the same thing can be done for ipv6?

Literally if you're doing statics like that, you could just say colon 1..... 😱

[-]

pangapingus@reddit

Just pointing out your unequal comparison

[-]

stoltzld@reddit

At one point, I had a prepaid phone that was accessing ipv4 sites with mapped ipv6 addresses. I don't remember if it was family mobile or mint. I'd assume there was some sort of proxy involved.

[-]

dosadiexperiment@reddit

50% adoption so far https://www.google.com/intl/en/ipv6/statistics.html

[-]

ZerxXxes@reddit

IPv6 is very much alive and growing, as people here have pointed out, almost 50% of all traffic hitting Google is IPv6. Very soon IPv4 will be the second most common L3 protocol on the public internet.

But you might still not be very exposed to it depending on what industry you work in.
For ISPs and telecos IPv6 is very common. Basically all LTE/5G connections is IPv6 with just some fallback mechanism to handle IPv4, all phones are capable of working in IPv6 only-environments as they have mechanisms to reach IPv4 internet without having a IPv4-address them selves.

ISPs have not nearly enough IPv4 addresses to handle all their customers so they need to use CGNAT to have multiple customers share a single IPv4.
But CGNAT-boxes are expensive so they also deploy IPv6 to all customers which means all the heavy traffic (Youtube, Netflix, Amazon etc.) can stream over IPv6 instead of going through the CGNAT-box, which means they need far fewer boxes, so IPv6 saves them a lot of money.

Datacenters is a mixed bag, the big ones use IPv6.
Facebook famously have been using IPv6 only in all their datacenters for a long time. Its so much hassle for them to try to build IPv4 as they need more addresses than there are IPv4 addresses in the RFC1918-space.
Going IPv6 only makes it a lot easier to do address plans when building datacenters at this scale.

Enterprise networks is those who use IPv6 the least in my experience, as they can usually fit their whole operation inside RFC1918-space and just have a few public IPv4 in their firewall and use NAT, there is no real driver for them to move to IPv6 at this stage.
There are exemptions though, especially for wireless in large organisations, this is where its easiest to just deploy IPv6 to give internet access to a large number of devices without much extra work.
And it becomes easier now thanks to the "IPv6 Mostly"-mechanism where you can enable Dual Stack on your wifi but signal to all capable devices (All iPhones, Androids, Macbooks (and soon Windows as well)) that they can just ignore the IPv4-lease from the DHCP server and keep IPv6-only to reach the internet.
The devices who do not support IPv6 Only-operation will still get both an v4 and v6 address and operate using dual stack.
This means you can operate a very large wireless environment without needing nearly as much IPv4-addresses, you can often just assign a small subnet from RFC1918 and a /64 IPv6 and still support tens of thousands of wireless devices.

[-]

BlackV@reddit

Over half the internet is v6

Nat stalled A LOT of change

Cgnat made it even worse

Enterprise are slooowwwww to change

[-]

Joshminey@reddit

Some ISPs still don’t support like mine so we are stuck with CGNAT ipv4.

[-]

FriendComplex8767@reddit

What’s keeping IPv4 going? NAT? Pure spite? Inertia?

All of the above.

Did my CCNA and still hate it. Everything is an uphill battle with it compared to IPv4.
I think this is the second generation in the industry that are hoping to retire before they need to properly deal with it.

In the past 5 years many vendors have got better at IPv6 support, but it still sucks.

[-]

finobi@reddit

I feel that lot of network tech just are not interested in dealing with IPv6. Rather buy IPv4 blocks and try to squeeze as much as possible with NAT.

My ISPs apparently had gear update since got native IPv6 after they built fiber.

[-]

Sirlowcruz@reddit

Honestly I think it's lazyness of older engineers. some have gotten too comfortable with what they already know and are actually convinced that ipv6 is not worth the trouble.

And on a consumer scale it's already widely used in smart homes with protocols like Matter and, to a lesser extent, Thread. Most people don't know it's being used but don't really need to know.

[-]

The better question is what happened to v5?

[-]

heliosfa@reddit

What’s keeping IPv4 going? NAT? Pure spite? Inertia?

NAT, CGNAT, MAP-T and other address sharing. All things that make IPv4 less and less performant, less usable and more complex.

Intertia is another thing - a lot of network admins/engineers have been taught IPv4 rather than actual networking.

Whatever happened to IPv6?

It's become the dominant protocol (in terms of volume of traffic to Google, etc.) in a number of countries including France, Germany, India, the US and the UK.

Has anyone actually deployed iPv6 inside their corporate network and, if so, what advantages did it bring?

Lots of corporate networks have. Google have rolled out IPv6-mostly on all of their client subnets. Imperial college have done similar. The European Parliament have it in all of their offices across Europe and the world. The German federal government have it all over the place. etc. etc. etc.

Benefits are usually less NAT; simpler routing; better customer experience; better user experience when off-site (many residential connections are now CGNAT with IPv6, and IPv6 performs far better); easier to VPN to vendors/clients.

[-]

pangapingus@reddit

TIL, but how does MAP-T differ from Toredo/Dualstack/etc. stuff?

[-]

heliosfa@reddit

Teredo is tunnelling IPv6-over-IPv4 with some extra magic, largely a dead tech now.

Dual-stack is obviously giving IPv4 and IPv6 to a host. Does nothing to reduce address use and means you have to run both on your infrastructure.

MAP-T statelessly translates IPv4 into IPv6 and then back to IPv4 at the edge. Basically IPv4-as-a-service over ISP infrastructure. Far less computational overhead than CGNAT due to it being stateless.

[-]

skob17@reddit

Could one say, it's IP4-over-IP6?

[-]

pangapingus@reddit

Very interesting, so NAT/CG-NAT is stateful but MAP-T is stateless, meaning it's lighter weight? I wonder if any CDNs use it, but all I've seen is dualstack from public clouds

[-]

OkWelcome6293@reddit

Because MAP-T is stateless, the Border Relay (the device in the core network which translates IPv4 to IPv6 and vice-versa) can forward traffic in hardware at line rate. Because CGNAT requires huge state tables of all the NAT trasnlations, this is an expensive operation and usually requires forwarding by specialized NAT platforms. The difference is between "hundreds of gigs" and "dozens of terabits".

[-]

heliosfa@reddit

Correct. No state tracking, so less memory and processing. At ISP scales, that boils down to money. This is why Sky UK have gone MAP-T, and other providers in the UK that are CGNAT are trying to push more traffic to IPv6 (reduce load on expensive CGNAT).

I wonder if any CDNs use it, but all I've seen is dualstack from public clouds

A lot of them are IPv6 internally and just have IPv6 on the load balancers.

[-]

scottkensai@reddit

First mention of MAP-T, good work.

[-]

I can’t even imagine how insanely difficult it would be to add another octet to ipv4

[-]

tigglysticks@reddit

it really wouldn't be.

[-]

not needing stateful DHCP isn't really a boon when now you're reliant on routers more than ever for basic network functioning.

[-]

chocopudding17@reddit

This seems like an odd take. Unless you're just in a simple LAN, you're already dependent on routers.

And with v6 you have usable link-locals. So there is strictly no increased dependence on routers for addressing; only decreased dependence on DHCP servers.

[-]

tigglysticks@reddit

my home and corporate networks are completely functional without routers or connectivity to the Internet. so if there is an issue with the router or internet I can still access everything easily to help me get by or to fix said router.

forcing everything to not be simple lans for purists to get their way is the odd take.

IPv6 link-locals are useless as they are even worse than linux attempts to fix non persistent device naming.

[-]

chocopudding17@reddit

my home and corporate networks are completely functional without routers or connectivity to the Internet. so if there is an issue with the router or internet I can still access everything easily to help me get by or to fix said router.

You can have this with v6 just fine, and in multiple flavors:

Keep your GUAs, even when the Internet connectivity goes down (this is the common case on a home network)
Use a ULA

In both cases, you're free to use SLAAC+RAs or stateless DHCPv6 at your discretion. (And of course you can stack stateful DHCPv6 on top if you have a need.) But at no point are you disadvantaged compared to DHCPv4.

Is there some specific case you're thinking of where DHCPv4 is more resilient in the face of router problems (despite the fact that (on a home network) it usually runs on a router)?

IPv6 link-locals are useless

Depends on your context. They can be quite convenient for things like connectivity between routers. Or for example between peer-to-peer VPN endpoints.

even worse than linux attempts to fix non persistent device naming.

I'll only reply in passing to this ;) but you can always re-enable the old-school non-deterministic device names if you so prefer! Just like with v6 addressing, that option is still there if you do dearly love it.

[-]

tigglysticks@reddit

Statically defined is more resilient than auto configuration of any kind.

network comes up after power out but ISP modem port is dead to firmware bug, GUA unavailable.

ULA is buggy and yet another layer.

trying to manually take over this whole process is actively discouraged and can break things.

What is the link local address of each of your devices? Are all your services responding on the link local?

Like the issues that arise from trying to manually take over IPv6, so does disabling persistent naming linux with either shit just breaking or the configuration not being enforced.

[-]

chocopudding17@reddit

Statically defined is more resilient than auto configuration of any kind.

Then you can continue statically defining in v6. I neglected to mention that earlier, but it's another thing that v4 has that continues to be an option with v6. The point was making is that removing the need for a stateful DHCPv4 server was a good thing. If you're an all-static kind of person who didn't want no stinkin' DHCPv4 to begin with, then cool--you can carry on doing that in v6.

network comes up after power out but ISP modem port is dead to firmware bug, GUA unavailable.

Totally possible scenario. If you're trusting your ISP's all-in-one modem-router-WAP to handle RAs, you're probably trusting it to handle DHCPv4. You'd be toast with DHCPv4 then too. But since apparently you're an all-static kind of person, presumably that's beside the point.

ULA is buggy and yet another layer.

ULA has limitations, but I've never encountered any bugs with it. IME, it's an underrated solution and works especially well in a locally-focused network. I don't think calling it "another layer" is quite appropriate; it's essentially just a better version of RFC1918; if you like RFC1918 addresses, you'll love ULAs!

What is the link local address of each of your devices? Are all your services responding on the link local?

How I use the LLs depends entirely on the scenario. Trying to connect two routers (either physical ones or VPN tunnel peers), copy-pasting the LLs into the routing/tunnel configs makes perfect sense. Hosting services on a single network segment, mDNS-SD should work out of the box; no need to ever even look at a LL. Hosting services beyond a single network segment...obviously LLs no longer work, by definition; dealer's choice if GUAs or ULAs are a better fit for your use-case.

Like the issues that arise from trying to manually take over IPv6

Trying to "manually take over IPv6"? What do you mean? Assigning static v6 addresses is perfectly legitimate. I do that with servers all the time.

so does disabling persistent naming linux with either shit just breaking or the configuration not being enforced

I'm not really sure what you're talking about here. But whenever your distro made the change from nondeterministic interface names to deterministic ones, I'm sure the change was mentioned in the changelogs. Reverting should work just fine (other than when bugs are present, like you allude to).

P.S. whether it's you doing it or someone else (could be someone else reading our little back-and-forth), I'd like to remind people that the downvote button is not a "disagree" button.

[-]

tigglysticks@reddit

except statically assigning is against the recommendation and is where issues arise. even if you're using your own router, the GUA issue exists.

ULA implementation in three different major router software implementations was still broken as of last year.

you just proved my point with your link local example.

GUA/ULA/LL 3 different addresses and several layers of protocols that are all reliant on a router.

IPv4 you have one address, easy to memorize and just works on a LAN.

[-]

chocopudding17@reddit

statically assigning is against the recommendation and is where issues arise

What recommendations are these? Can you refer me to them? What kinds of issues arise, other than the normal organizational paperwork-y issues of humans managing address assignments? IME the majority of infrastructure deployments rely on static addresses in various places. DNS and routers for starters, but other common core services like mail servers. And some places put statics on all servers.

ULA implementation in three different major router software implementations was still broken as of last year.

Totally plausible. I won't deny the possibilities of bugs. Which router software implementations are you referring to?

you just proved my point with your link local example.

How so? Your point was that LLs are useless. I listed some uses. You asked for clarification on those uses. I clarified, saying it exact use was context-dependent and providing examples.

GUA/ULA/LL 3 different addresses and several layers of protocols that are all reliant on a router.

I'm going to assume you're not talking about them being reliant on a router to route. Cause obviously, yeah. You must mean that you're reliant on a router to assign addresses. But no, that's exactly what I've been saying; you can manually assign with v6 in any place you would've with v4. v6 just provides you additional options besides {static allocation, stateful DHCP}. Also, LL are not reliant on a router at all. At all. No router needed for LL. None. Zero router.

IPv4 you have one address, easy to memorize and just works on a LAN.

You're free to do this with v6 too. Pick a ULA, slap a number of your choice on the end, and then do NPT at your router.* It's ugly compared to what GUAs offer, but it's still strictly better than the old world of NAT44.

*If you're just in a simple home setting, your router probably doesn't offer NPT. But, even better, you're on a simple home network! Don't memorize addresses at home at all! Just use mDNS/DNS-SD.

[-]

tigglysticks@reddit

your LL local example you said you copy and paste. entirely my point, you don't know what they are and can't type them. so even if your services were listening on them, you're not going to know them.

and again, further proving my point now needing to rely on solutions higher up in the stack (mDNS/DNS-SD).

[-]

so don't make it backwards compatible.

You can't. That's the point that comes up in every discussion. You're going to have a compatibility break. So, given that we're going to need to go through the pain of an incompatible migration anyway, let's future-proof things and get some greater benefit for the pain incurred.

Adding a single extra octet is not even close to enough for future-proofing, let along all sorts of other need-to-haves (the return of hierarchical routing and consolidated prefixes) and nice-to-haves (flexible/scalable addressing schemes enabled by having a /64 be the smallest size for a local network).

[-]

tigglysticks@reddit

Don't throw the baby out with the bathwater.

Just because there's going to be a migration doesn't automatically mean we should flip the entire system upside down.

We could have gone to 64 bit 2base, kept the same logic structure and had completed the migration two decades ago.

Instead, the purists tried to flip the entire system on its end just to force people out of using NAT. Now it's too complicated and too different for anyone to even want to think about it.

[-]

chocopudding17@reddit

We could have gone to 64 bit 2base, kept the same logic structure and had completed the migration two decades ago.

I think you're mistaken in claiming that it's all these additional things that are somehow holding v6 back, and that if we didn't have these things, we'd be done by now. It's clearly unfalsifiable, and imo, it's highly unlikely.

I'd argue that the hardest two parts of the transition are: updating routing infrastructure, and updating application software. Neither of those things are any easier with 64 bits rather than 128; no easier with dotted decimal rather than hextets; no easier with NAT than without NAT.

You're misattributing the cause of the drawn-out transition. On my read of things, a lot (most) of the difficulty is inherent in making the backwards-incompatible change of increasing address size.

(Another big piece of the challenge is that the migration path/transition technologies haven't always been super-clear and easy to adopt. But with increased availability of CLATs/464XLAT and the very recent advent of IPv6 Mostly, this has gotten a lot better. And note that these transition technologies would be made far harder if we didn't have the additional breathing room from 128 bit addresses; they'd simply not be possible with 64 bit addresses.)

[-]

tigglysticks@reddit

you're correct the issue is with updating infrastructure and software. you're wrong about the reasoning. the number of bits isn't the issue, the issue is the complete change in logic in how the protocol works. not only did we increase the bits, but also from base2 to hex representation and completely revamped how L2 and L3 are bridged. All the logic and assumptions are completely thrown out the window while at the same time making it incredibly difficult to convert between the two.

The entire stack is fundamentally different instead of just having more addresses.

[-]

chocopudding17@reddit

What you're saying doesn't make sense to me.

When you're writing software, the representation of an address really shouldn't matter; the software should be working with whatever data structures are native in that language's standard library. The tricky part was/is that we necessarily needed to change those data structures because the existing one for v4 (i.e. a uint32) wasn't enough. Once you need to introduce a new data structure throughout the software stack, all the other stuff at the edges (like parsing and emitting human-readable representations) is a relatively small piece of the puzzle.

completely revamped how L2 and L3 are bridged

What're you referring to? The only two things I can think of are: 1) broadcast -> multicast (an improvement), and 2) no more ARP layering violation. Neither of those things is a part of "the two hardest parts of the transition" that I argued for above; they're just things that need to get implemented by OSes in their v6 networking stacks (which is not a real, practical problem, as evidenced by longstanding broad OS-level v6 support).

[-]

tigglysticks@reddit

You are so far disconnected it's not even funny.

It's not just in the OS networking stack. it's in the networking stack of every device that sits on networks and every piece of software that interfaces at a low level with those stacks.

combine that with engineers and techs that then need to interact with the fundamentally different L2-L3 topology (plus the representation that is 100x harder to work with) and you have the disaster that we are currently in.

Also, just because OS level support has existed for a long time doesn't mean it hasn't been buggy and that is largely as a result of how complex IPv6 spec is shown by the fact there are 400 page documents that go at length to describe it to defend the end to end purists attitudes.

[-]

chocopudding17@reddit

Let me circle back to my framing. My core thesis was this:

I'd argue that the hardest two parts of the transition are: updating routing infrastructure, and updating application software

As far as I perceive, it's these two things that continue to be the bottlenecks for v6 adoption. If you want to disagree, that's fine; it's a big world and this is a complex political problem. It's hard to say.

It's not just in the OS networking stack. it's in the networking stack of every device that sits on networks and every piece of software that interfaces at a low level with those stacks.

"networking stack of every device" mean's that device's OS.

Also, just because OS level support has existed for a long time doesn't mean it hasn't been buggy and that is largely as a result of how complex IPv6 spec is shown by the fact there are 400 page documents that go at length to describe it to defend the end to end purists attitudes.

Certainly! I agree. v6 is a large (and evolving!) series of specs that is hard to implement in its entirety, let alone without bugs. Despite that, it seems like OS support is largely good enough and has been good enough for some time. At any rate, on my read of things, it has not been a primary bottleneck.

combine that with engineers and techs that then need to interact with the fundamentally different L2-L3 topology

Your v6 topology does not need to differ from your v4 topology. I mean, ideally it would differ because now you (you, the network engineer) have enough address space to make a sensible routing hierarchy. But you can absolutely slap v6 onto your network to have a very simply dual stack topology. It exactly follows your existing L2 topology and can mirror your v4 L3 topology. No problem.

plus the representation that is 100x harder to work with

There's no accounting for taste, so I'll not debate this too much. But I think it's mostly a familiarity thing. hextets are more compact, readable, and easier to manipulate than dotted decimal. Pretty much in every case. What can be a bother is the length. Yeah, that's a cost. But we get nice things by paying that cost, such as better transition technologies and more flexible local addressing.

[-]

tigglysticks@reddit

I'm ignoring most of your post because of your one glaringly large error.

trying to replicate IPv4 topology within IPv6 does not just work without problems. That is the entire premise of the issues people have with it. IPv6 just works if you just let it do its thing. Problem is, that doesn't fit the needs of organizations that are structured to IPv4 topology. And to solve that problem involves moving the problem higher up in the application stack, which is more complex. And here we are to the entirety of my point.

[-]

chocopudding17@reddit

Please be more specific. What are these problems that arise? With every v4 access network, you have a v6 /64. Share the L2.

that doesn't fit the needs of organizations that are structured to IPv4 topology

With your beefy new v6 prefix, you've got plenty of bits to work with; matching the structure of your v4 topology is no problem. Hoping you can expand on what these odd "problems" are that arise when running the simplest of dual-stack setups.

And to solve that problem involves moving the problem higher up in the application stack

I agree with this in some very specific cases regarding NAT-used-for-netadmin-policy. But again, it'd help if you were more specific.

[-]

tigglysticks@reddit

not even talking network level at that point. you're moving the identification higher up in the stack. which is necessary for some mobile applications, but inherently make LAN way more complicated than necessary.

IPv6 is designed to be used stateless. Testing is done to the recommendation. Stateful implementations are full of bugs. And it sucks to use because of hard to read and input 128bit hexadecimal representations. Thus the need to solve the problem higher in the application stack and try to ignore the addresses completely. except when shit breaks and you need the lower level access you're back to the complex hex.

just google forums for common router software and find no end to issues people have getting stateful DHCP or ULA working. Which the existing in of itself is telling, IPv4 you only need one address, not three.

[-]

b4k4ni@reddit

That's why you need to throw everything overboard you ever learned and do with ipv4 and need to rethink and relearn with ipv6. It works. It's great. But you need to change yourself to get it.

Really, most I know simply don't know shit or only a few basics about ipv6. It IS complicated as was IPV4 before you set it but everyday.

I mean, one idea of ipv6 is, that you need and use DNS a lot. You won't do addresses anymore, you do hosts and need a working DNS for that.

The easiest setup is at home. You won't have nat anymore, every device has his own address. But with a firewall in between. Like we used in the 90s. PC directly to the interwebs. But without the firewall in many cases. Otherwise my windows nuker wouldn't have worked in IRC :D

But really, give it a chance. Learn from the start. Search for someone passionate about the topic that will start at zero. It's not impossible hard, but you need to rethink a lot. It takes time.

[-]

elsjpq@reddit

I mean, one idea of ipv6 is, that you need and use DNS a lot. You won't do addresses anymore, you do hosts and need a working DNS for that.

As with any technology, DNS doesn't work 100% of the time, and sometimes you need to do without. For example, what is the equivalent of 8.8.8.8 in IPv6? You shouldn't be designing only for the case where everything works well. The fallback options when things break down should be simple as well.

[-]

zoredache@reddit

Well on your local network you can assign static IPs from the fe80:: net. For example I always have fe80::1 as my IPv6 router ip. You could also assign something like fe80::53 to something that will act as a DNS server on the local net.

Past that, you can just write some good documentation. Between my docs wiki and ansible configuration (both in git) I have basically almost all the info I need for cases when DNS is broken.

[-]

chocopudding17@reddit

Yes, it's more to memorize. But entirely possible, and something that can come with practice. And in the meantime, we have system clipboards (most of the time).

$ host dns.google
dns.google has address 8.8.4.4
dns.google has address 8.8.8.8
dns.google has IPv6 address 2001:4860:4860::8844
dns.google has IPv6 address 2001:4860:4860::8888
$ host one.one.one.one
one.one.one.one has address 1.1.1.1
one.one.one.one has address 1.0.0.1
one.one.one.one has IPv6 address 2606:4700:4700::1001
one.one.one.one has IPv6 address 2606:4700:4700::1111

[-]

tigglysticks@reddit

And that's why it's terrible.

It should have been made easy so that it would be adopted.

[-]

heliosfa@reddit

That's why you need to throw everything overboard you ever learned and do with ipv4 and need to rethink and relearn with ipv6. It works. It's great. But you need to change yourself to get it.

This is the big thing, and why I teach my undergrad students IPv6 networking first. IPv4-thinking is the bane of IPv6.

[-]

postmodest@reddit

He'll, if ipv6 addresses were just more octets that would be better.

"Oh yeah it's 127.23.187.190.0.0.0.0.0.0.0.0.0.0.0.104."

"Cool, thanks!"

[-]

chocopudding17@reddit

To take a microcosm of this, is 127.23.187.190 really (that much?) easier than 7f17:bbbe? In other words, is 127.23.187.190..104 actually easier than 7f17:bbbe::68?

The compactness of hexadecimal of course really shines when there isn't a long run of zeroes; 2001:db8:cafe:1111:9876:5432:1234:4321 is better than 32.1.13.184.202.254.17.17.152.118.84.50.18.52.67.33. The former is easier to visually parse, type, read, whatever.

Put yet another way, which is better: 255 or ff?

[-]

postmodest@reddit

Yes, because everyone knows base-10 numbers and one base-10 number is as memorable as a letter. Even if that number is 255.

If you speak hexadecimal that fluently, good for you, but I'm not cut out for human-cyborg relations with moisture evaporators.

[-]

chocopudding17@reddit

Even just talking through issues spanning networking, SRE, etc. IPv6 gives everyone in the room blathermouth and busy ears, IPv4 we can just call out "dot-x" or "slash-y" and it's quick and over with

[-]

pinkycatcher@reddit

yah it's really easy to say:

ten-one-ten-one fifty four

It's not easy to say:

F E Eighty - break - twenty fourty five - F A E B - Thirty three A F - Eighty Three Seventy Four

Oh, yah there are two contiguous zero groups in there, not one, sorry about that, yah you'll need to delete what you have add those extra zeros and then type out the rest again, lemme read it off again.

[-]

chocopudding17@reddit

Oh, yah there are two contiguous zero groups in there, not one, sorry about that, yah you'll need to delete what you have add those extra zeros and then type out the rest again, lemme read it off again.

This makes no sense. You don't need to add extra zeros when writing IP addresses; a (single) run of all-zero hextets can be written as ::. (And leading zeroes can be ignored too, just like with v4 dotted decimal.)

E.g. don't do this:

2001:0db8:cafe:0001:0000:0000:0000:0001

Do this:

2001:db8:cafe:1::1

Similarly, the address for localhost isn't written 0000:0000:0000:0000:0000:0000:0000:0001; it's written ::1.

(It's of course true that v4 dotted decimal is easier to read and write than v6 hex. My point is just thatit's not like v6 hex is some disa

[-]

ShadoWolf@reddit

it’s hex. not exactly hard to read.
8 groups of 4 hex digits, 2 bytes each. any group that’s all zeros can collapse -> :0: -> :: for consecutive zeros. still uses CIDR for prefixes.

the only real thing to learn is how multicast and NDP replace broadcast and ARP. everything else is just longer numbers. if you really wanted to, you could transcribe an IPv6 address to octets it's just awkward as hell.

2607:f8b0:4006:80b::200e -> 38.7.248.176.64.6.8.11.0.0.0.0.0.0.32.14

My guess if you only find ipv4 easier.. is just due to being familiar.

[-]

pinkycatcher@reddit

That’s exactly the argument I’ve had, if address limits were a problem, IPv6 is a terrible solution for humans.

The engineers who came up with it were in the mindset of "We need to move everything to computers, people don't need to read this, computers will see it all and it will be behind the scenes."

Except for the fact that in the real world people actually do need to see the IP address of devices and people need to actually implement these things.

[-]

goodb1b13@reddit

IPv6 in QR codes for all!!

[-]

Humble_Wish_5984@reddit

I think you've completely missed the point. IPv6 was never designed with human readability in mind. Quick, what's the IPv6 address on your cell phone right now? You don't know because you don't have to. With proper use of addressing and DNS, only reason to know IP is diagnostic or forensic. The technology is holding back any change to IP and the admins (us) are holding back the technology. I'm not saying IPv6 is better or not. Just that the post is asking what happened to IPv6. It is slowing being adopted, in spite of the people holding it back. It is a cultural thing holding back a move forward in technology.

[-]

Zncon@reddit

IPv6 was never designed with human readability in mind.

But in practice needs to be, so people resist using it.

The technical side is better, but the user experience is worse. Nearly 50% adoption is a testament to how important the technical improvements are; Any other product or tool that developed this way would have totally failed and been deprecated.

[-]

patmorgan235@reddit

I'd argue v6 is MORE readable than v4, hex is a MUCH better way to represent binary numbers, what makes v6 address hard to work with is how big it is.

Nope!

https://datatracker.ietf.org/doc/html/rfc4291#section-2.4

Address type         Binary prefix        IPv6 notation   Section
      ------------         -------------        -------------   -------
      Unspecified          00...0  (128 bits)   ::/128          2.5.2
      Loopback             00...1  (128 bits)   ::1/128         2.5.3
      Multicast            11111111             FF00::/8        2.7
      Link-Local unicast   1111111010           FE80::/10       2.5.6
      Global Unicast       (everything else)

[-]

Flyen@reddit

Loopback going from the 16 million 127.0.0.0/8 addresses to a single ::1/128 was a mistake IMO. It's ironic that one of the headline features of IPv6 is that you get more IP addresses, but they couldn't leave room for even the same number of loopback addresses.

[-]

_dev_urandom_@reddit

Is there ever a time that you have used or seen 127.0.0.2 or any other loop back address though?

[-]

Anticept@reddit

It gets used in clustering and network simulations, you can do wild things with routing based on source.

[-]

AcornAnomaly@reddit

Seriously, the insane part is that IPv4 blew an entire /8 on loopback.

16 million addresses, gone just like that.

[-]

sparky8251@reddit

v4 wasnt meant to escape the lab. Literally. It was a top down decree to use 32 bits as an address back when the networking tech was being first made and people were discovering what it even meant to network computers. It was picked as it was big enough for the experiments and would prevent bike shedding that was going on.

It then escaped the lab... And the people that made v4 made v6 before the internet went public using the lessons they learned from v4. v6 was what the internet was always intended to run on, it was designed with lessons about networking well learned by the time... We just built the world on tech that was purely experimental/exploratory.

[-]

_dev_urandom_@reddit

What sources are you basing the "it was not meant to escape the lab" part on? I would love to learn more on the random outcomings that defined what we have now if it was done in such a way.

[-]

sparky8251@reddit

https://networkengineering.stackexchange.com/questions/7928/why-are-ipv4-addresses-32-bit

Vint Cerf said it in a google 2008 conference.

The decision to put a 32-bit address space on there was the result of a year’s battle among a bunch of engineers who couldn’t make up their minds about 32, 128 or variable length. And after a year of fighting I said — I’m now at ARPA, I’m running the program, I’m paying for this stuff and using American tax dollars — and I wanted some progress because we didn’t know if this is going to work. So I said 32 bits, it is enough for an experiment, it is 4.3 billion terminations — even the defense department doesn’t need 4.3 billion of anything and it couldn’t afford to buy 4.3 billion edge devices to do a test anyway. So at the time I thought we were doing a experiment to prove the technology and that if it worked we’d have an opportunity to do a production version of it. Well — [laughter] — it just escaped! — it got out and people started to use it and then it became a commercial thing.

The entire internet is built on exploratory work that was never meant to escape the lab beause we had no idea how to even network at all yet.

[-]

Anticept@reddit

The loopback address thing was actually a side effect of TCP/IP in its first iterations waaaaaaay back in the day, when classful routing was the paradigm. It's not that they say down to say "we need a fuckload of loopbacks", rather it's what they were left with, with how everything else what designed.

Why it was left that way when CIDR became a thing instead? Probably backwards compatibility.

As far as IPv6 only having one loopback: guess they didn't see us using loopbacks in the wild way we do now. You could select a ULA at least for similar safe effect.

[-]

heliosfa@reddit

Everything IPv4 can be figured out with quick base-2 math in your head, IPv6 requires a site/tool because it's just so unreadable

Part of this comes down to your familiarity with IPv4. It's what you know, it's what you breathe.

Trust me, you get to the same level with IPv6 with a little practice, but most people shouldn't need to.

Please tell me your mental shortcuts to as-quickly determine if an IPv6 address is public/private/link-local

Just looking at the first segment of the address. fe80: is link local, fd00: is ULA, ff??: is multicast, 2???: (or eventually 3???) is global.

it's nearest-most as-specific subnets, design a new LAN by size within just a few mental-only seconds,

You know this by default. Everything is a /64.

Thinking it's complicated is part of the problem people have, and they are stuck with "IPv4 thinking" where they try to force IPv4-concepts onto IPv6.

[-]

redredme@reddit

If so many people have this problem.... We can keep telling them it's them.

And probably its true. It is them. They, we are too dumb.

But... Maybe... Maybe something else is up. If 85% of the people do not get it... That unfortunately means...

The standard is not fit for purpose.

From an engineering standpoint it's totally valid. But from a people perspective it truly is not. Nobody knows Hexadecimals. Everybody knows base10, even if its a weird variant which only goes up to 256. 4 times.

You can say a thousand times it's really simple but the fact is: for most people it is not. It's totally alien for most. And that will never change and that will keep on hindering IPv6 adoption. Forever.

To fix it we must lose the hex. Maybe v7,8,9 where up to something and we chose the wrong one.

[-]

cheese-demon@reddit

why would you drop hex, that's insane

the reason ipv4 people find subnets at all hard is because the actual thing works in terms of bits, and dotted quad numbers do not intuitively map to bits

hex is perfect as every digit is exactly four bits. v6 is maybe a bit long but that length lets 4 bits be an easy subnet choice

i suppose octal is also a potential choice, should be familiar to sysadmins too lol

[-]

redredme@reddit

Nope. Everybody just remembers (and uses!) two IPV4 subnets:

255.255.255.0 and 255.0.0.0

Those two are readable. Easy to remember. Not complicated or scary. Nothing to calculate. Hex is none of these. (For you it is but keep in mind you're the 1-2% here in this discussion)

I've seen it a gazillion times. Like you said, nobody gets that part and these two are the get out of jail free cards. Most of the times.

Everything else? IPAM. We don't get it, let the tool figure it out.

Remember, 98% of this world are mom&pop shops.

The problem is that the general population (and that means a lot of sysadmins as well) are not as smart as you (and especially the rfc creators of ipv6) think they are.

[-]

Anticept@reddit

If they're already using IPAM, then IPAM isn't an excuse for IPv4 because it could just be used on ipv6. But in basic networks it's not needed.

As far as subnets, the other poster already said it: ipv6 is designed for /64 subnets. That's the last 4 chunks. And it autoconfigures by default as soon as router advertisements are seen.

I know ipv6 looks crazy, but it's actually easier in almost every way.

[-]

patmorgan235@reddit

so mom and pops can just memorize /64?

[-]

heliosfa@reddit

Everybody just remembers (and uses!) two IPV4 subnets:

255.255.255.0 and 255.0.0.0

OK, now you are just trolling. Maybe if you hack your crap-net together. Not competent network admin does this.

I've seen it a gazillion times. Like you said, nobody gets that part and these two are the get out of jail free cards. Most of the times.

cool, in IPv6 the get out of jail card is /64, and you don't even have to think about it because your network auto configures at the subnet level.

The problem is that the general population (and that means a lot of sysadmins as well) are not as smart as you (and especially the rfc creators of ipv6) think they are.

It's not a question of inteligence. Its a question of exposure and willingess to learn.

[-]

Anticept@reddit

I wonder the same thing too.

As I said in my post, multiples of /4 are way easier than base 2 math. Tbh if anything in the ipv6 standard fucked up, it's that they didn't just keep EVERYTHING to /4 multiples just to serve as an example of how easy it makes it. It makes the whole address space a simple question of position, while ipv4 requires math for anything that isn't a multiple of /8

[-]

Retro_Relics@reddit

The same 85% also seem to struggle with the concept of CGNAT even when they understand the concept of nat and can set up a network. I dont think its a hex thing

[-]

patmorgan235@reddit

Nobody knows Hexadecimals

If you work with computers beyond a surface level you will encounter and need to know Hex. It maps on to binary much better than decimal

[-]

heliosfa@reddit

To add: link local vs ULA. Try to explain that to your mother

Why do they need to know that? Top tip, they don't. Just like they shouldn't need to know or care about IPv4.

But... Maybe... Maybe something else is up. If 85% of the people do not get it... That unfortunately means...

The standard is not fit for purpose.

Citation needed for that statistic. I teach all my undergrad students IPv6 and generic networking first rather than "IPv4". Do you know what they struggle most with? IPv4 subnetting and the concept of NAT.

IPv4 is not fit for purpose in more serious ways than you claim IPv6 is.

If so many people have this problem.... We can keep telling them it's them.

It's not them. It's that they have been taught and have extensive experience with IPv4. They have not been taught generic networking. Throwing them into IPv6 with no training or experience is the problem, though an unwillingness to learn is another.

It's totally alien for most. And that will never change and that will keep on hindering IPv6 adoption.

It is alien to people, because they are taught IPv4. If people are taught IPv6 and generic networking rather than a geriatric 1970s technology that escaped from a short-term experiment, the problem would go away.

[-]

pangapingus@reddit

Humans gonna human with your last point, plus have we ever lived in a time where you have to recycle knowledge as quickly as working tech/medicine in our modern world? People used to live and die as telegraph operators, in my 13-year career HTTP/1.1 has become HTTP/3+QUIC, etc.

[-]

Superb_Raccoon@reddit

I will just ask ChatGPT... what could possibly go wrong?

Yea if it's a 2 it's public, if it's a F it's local.

[-]

pinkycatcher@reddit

Except this isn't right, not all f addresses are local, only some.

[-]

popeter45@reddit

For all intensive purposes it is

FF::/8 is multicast but realistically that's local as well

Rest are unassigned but can't see them being assigned to GUA anything ever

[-]

Anticept@reddit

[-]

It died like the stupid idea it was.

[-]

StandaloneCplx@reddit

Open your eyes man, we are at 50% adoption https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption

[-]

Wolphin8@reddit

NAT gave companies basically unlimited internal IPv4 addresses. They didn't need to use it to update to the IPv6.

You realize that you can almost never use all the addresses right? You subnet out those ranges and assign them to LANs/VLANS.

People almost always allocate subnets with extra room for growth to lans/vlans. Plus if you didn't guess right when originally sizing your subnets, changing it can be a huge pain so people often go larger then they will need, arguably 'wasting' a bunch of addresses.

[-]

heliosfa@reddit

RFC1918 is not thre billion addresses.

[-]

Agentwise@reddit

I dunno why I did my math so wrong lol stil its like 17 million or something I just cant imagine whose using that outside of a carrier.

[-]

mdpeterman@reddit

Our network is bigger than a lot of carrier networks. We are essentially a carrier but we aren’t an ISP. But with a lot of employees and a lot of infrastructure - a LOT of infrastructure the space gets used quickly. And we have bee reclaiming /16s as quickly as we can through efforts to clean up the space and as soon as we clean up a /16 it’s needed somewhere else. V6 is our only way to keep growing without adding layers of NAT44 and that isn’t of interest when we need v6 anyways.

[-]

Awkward-Candle-4977@reddit

Cellular service providers in population countries need it.

Imagine china or india where a service provider will have hundred millions of active smartphones at once. Using ipv4 will need multiple vrf or routing domains.

[-]

thecravenone@reddit

Cellular service providers in big population countries need it.

For example, the United States.

saichampa@reddit

Dual stack is working pretty well and in a small network the cost involved in deploying it could outweigh the benefits.

[-]

I'm yet to find one that allows me to access the web UI over IPv6. Very few include anything to do with it in the debug logs. And far too many offer partial support, or no support at all. Which means that when we're having an IPv4 issue we can't do anything with it.

Currently we allow our customers to opt out of CG-NAT for free. A Static IP costs. But I'm expecting that to change at some point because those non-CG-NAT addresses are friggen expensive.

[-]

Max-P@reddit

NAT, CGNAT, and reverse proxies.

It's now assumed normal users don't need to be able to receive connections as everything gets routed through big cloud.

At the same time, big cloud is buying all the IP addresses left like it's gold, and leasing them for a fee. In turn this increasingly push towards more NATs, and reverse proxies. Now instead of a dozen load balancers exposed, you have a single point of failure mega load balancer that balances to the other internal load balancers, a problem big cloud of course have cloud load balancers and IP gateways to sell you. And of course these days you're heavily pushed towards the CDN offerings even if you don't really need a CDN.

The real problem is that as long as you have to support IPv4, even in new deployments, there's just not much value in adding IPv6 too, it's just extra work and you have to deal with network engineers that have near zero experience with v6.

I like IPv6, I've labbed it thoroughly, I've gone out of my way to set up an HE.net tunnel. My ISP still doesn't support it and no public plans to do so yet (man is XGS-PON nice though), my router chokes on the GRE tunnel, and my personal server's host (OVH) still have an utterly broken IPv6 stack that barely works and violate every standard (I literally have more v4 addresses than v6, go figure).

I did not bother setting it up in production at work despite having fully labbed it in AWS and all: I have to support IPv4 well regardless, why deal with a whole other layer of complexity. Plus it gives a false sense of security to the InfoSec department, only like 5 IPs to port scan total that shows up as open on 443.

I'd love to see more IPv6 adoption. Once you wrap your head around it it's pretty neat. You add a router for a branch network and the router just goes to the other router "One IPv6 prefix please, thank you" and it just fucking work. You don't lose source address which makes it that much easier to properly filter stuff at the egress firewall. No 3 layers of X-Forwarded-For to track and parse in the logs. No "ok, this datacenter is hammering this API, but which of the 500 instances is it?" and you go through 3 layers of SIEM on different networks to correlate through the mess of NAT. I can direct IPsec tunnel two machines whether they're deep into the network, rack siblings or over the Internet. At this point for v4 I'm wrapping stuff in TLS just so I can abuse the SNI field to route things through the right VPN.

[-]

davokr@reddit

The “one big load balancer” is not correct.

[-]

Fit_Prize_3245@reddit

Well, the world continues to run out of IPv4 addresses. IANA has no blocks left since 2011, and RIPE ran out of IPv4 addresses in 2019, while the other RIRs are using their last /8 since between 2011 and 2017, depending on the RIR (first was APNIC, last was AfriNIC).

While many the IPv4 exhaustion have been deferred by many ISPs returning blocks in favor of a more aggressive NAT, at some point, even with domestic or small business ISPs using the minimal quantity of IPv4 addresses, the ISPs operating datacenters will eventually ran out of addressses too, and their RIRs will algo ran out of addressses, so IPv6 could become a critical need.

Why is the world still using IPv4? Because it's still needed, and IPv6 is not yet that important. I mean, it is important, but you CAN navigate internet without IPv6, but you CAN NOT nagivate internet without IPv4 (unless using some transition technology, but that's cheating for my comparison)

I have actually deployed IPv6 in the company I worked for, both on the cloud servers (Azure & OVH) as well as the office. Everything ran smoothly, all the service worked almost the same in IPv4 & IPv6, and that's a deployment I'm very proud of.

I'm probably doing something similar in the company I'm currently working at, but I first have to fix years of IT heads not doing their job.

[-]

BoringLime@reddit

I find it fixes a lot of my VPN problems. Some cellular cg-nat is not as friendly as other with ipsec based solutions. Just have to run a low mtu size to get around the other cellular issue the ppp overhead and VPN overhead. But being ipv6 connectible that cg-nat problem disappears. We don't really use it internally.

[-]

nostradamefrus@reddit

I’ve never needed it enabled at any job I’ve had or any client I worked for at an MSP and it’s caused more problems than it’s solved. Like just having IPv6 enabled on some workstations without it actually being enabled has caused printing to stop working

[-]

HoustonBOFH@reddit

Its easy to understand... Quick, name the DNS IP addresses. Now do it in IPv6... Nuff said.

[-]

jamesaepp@reddit

/u/_nill has a song for this.

2-00-1-4-8-6-0-(rest)-4-8-6-0-doubly-doubly-eighty-eight-eighty-eight

2-00-1-4-8-6-0-(rest)-4-8-6-0-doubly-doubly-eighty-eight-FOUR-FOUR

2001:4860:4860::8888

2001:4860:4860::8844

https://youtu.be/4ZtFk2dtqv0?t=534

[-]

heliosfa@reddit

Easy. When you know your network prefix, you remember important addresses, just like you do in IPv4. Just like IPv4, you'll likely assign something sensible and low number for your DNS.

Or you just listen on the network for an RA and have it multicast to you...

So what happened to it was it rolled out. Depending on exactly what measurements you use somewhere around 50% of the internet traffic is IPv6. There are countries that are almost exclusively IPv6. They started after IP before was essentially exhausted. There's a very large mobile phone carriers that are 100% IPv6. When they need to get to a V4 network they have to do some kind of reverse nat. It's just become a lot more transparent.

I work for a decent size company, not massive, we're not out v4 space yet, but I can see the end from where we are. Cloud, IoT, and other things to just burn addresses at an unholy rate.

[-]

badaccount99@reddit

IPv6 broke all our stuff. Switched to a new WAF provider that does IPv6 and their X-Forwarded-For header came in as V6 breaking all of our whitelists for people who used it.

I love the idea of it, but after people started using NAT it isn't as needed and just breaks stuff.

[-]

heliosfa@reddit

IPv6 broke all our stuff.

IPv6 didn't break anything. Your stuff not supporting current standards is the problem and not doing your due diligence on your new provision. NAT is not a fix, and even with NAT and CGNAT we're still out of IPv4 space.

I've seen several projects hung up and delayed because address space for them could not be obtained at a sensible price.

[-]

badaccount99@reddit

No.

Vendors provided us CIDR from IPv4 for whitelisting. When we switched to a provider that did V6 it broke.

Yes, a huge vendor would have given us their Ipv6 addresses too if they knew them, but a customer googling their IP, not so much.

Look at Mr. Moneybags over here refreshing their hardware.

^/s

[-]

jkdjeff@reddit

k

[-]

Intrepid_Pear8883@reddit

Funny enough Okta sent out an email this week that they are finally supporting it on gov cloud.

[-]

CompetitiveGuess7642@reddit

I'd say it's coming along nicely.

[-]

djgizmo@reddit

Cost to benefit ratio. there are still many devices that don’t fully support ipv6.

[-]

Jasonbluefire@reddit

Azure still does not provide IPv6 addresses to webapps, lots of other things in azure have them but not WebApps yet :(

[-]

bojack1437@reddit

Sure, except the people that don't understand, you pretty much have to have it on your local network in order to use it over the internet.

They somehow think it's usable without putting it on the local network.

[-]

timatlee@reddit

I made a point to work with it at home. Learn how my Unifi stuff worked with it, addressing, etc.

We did a re-ip project at work... and completely ignored ipv6.

So.. I dunno, it's around, but it seems like until you can't buy ipv4 addressing anymore.. who cares?

[-]

theballygickmongerer@reddit

Oddly enough… was only thinking this too during the week.

[-]

Phreakiture@reddit

Some big names have adopted it, notably Facebook and Google . . . I think most of the mobile carriers implement it. Metro by T-Mobile doesn't even do IPv4 at all, but sets up a translation layer.

That said, at one former employer, the fastest ping time on the network was the "NO" that came back if you breathed the words "IPv6" to IT.

For what it's worth, I'm very proud of the IPv6 support I've put into my home network. It's a dual-stack network, so IPv4 is supported as well, but everything on it will prefer IPv6, save for a handful of devices that don't know how (Roku, printer).

[-]

ThatOnePerson@reddit

I think most of the mobile carriers implement it.

iPhone requires apps to be able to work on ipv6 only networks nowadays.

[-]

hobovalentine@reddit

On the enterprise level some companies have a ton of subnets that is frankly just easier for humans to keep track of and manage with IPV4.

For home networks with typically under 10 devices or so then ipv6 makes sense as you normally don't need to have multiple subnets as you're not really trying to segregate devices from each other.

[-]

Medical-Ad-5240@reddit

I'm. Currently learning about ipv6 because I'm going for my ccna it's so dry maybe it's because I just spent a month learning subnneting and ipv4

[-]

wosmo@reddit

I work for a hardware vendor, so I'm a little biased because we require v6 for testing - we're locked out of way too many federal contracts if we don't, and politics aside, they're still the biggest wallet on two legs.

I Think v6 is still sneaking up on us, and it's doing it slower and quieter than anyone expected .. but that does not mean it's not happening. But it is happening mostly at the public layer, because the internet keeps getting bigger and 2\^32 doesn't. I'm not seeing a lot of excitement at the corporate layer. There's a lack of inertia, there's a lack of direct benefit, there's a stupid amount of equipment still on ios12 because no-one wants to pay subscription support, etc.

It feels like the internet is going v6 and the intranet isn't. And all of my users are internal.

[-]

stoltzld@reddit

https://hackaday.com/2018/12/24/ipv6-christmas-display-uses-75-internets-worth-of-addresses/

[-]

Secret_Account07@reddit

It’s still there. We just don’t check the box

Why go through the trouble in our massive environment? Not worth the work. NAT all day baby

[-]

Ohrgasmus1@reddit

Western countries have been owning most of ipv4 space since the start of the internet. https://ipinfo.io/ips
https://ipinfo.io/countries/us#section-asns

So the need for ipv6 wasn't as big here and especially in the USA.
Meanwhile, all new internet devices, mainly in Asia and smartphone are using ipv6

the way some companies just straight up owned a whole range was always just ridiculous

[-]

natefrogg1@reddit

Makes me think of the radio spectrum and the tiny slices we are allowed to use

[-]

F1ayer@reddit

NAT happened.

[-]

ssfsx17@reddit

a lot of major butt services still use IPv4 for internal addresses, so that's what we're stuck with

Savantrovert@reddit

We're sorry, your monthly subscription to SpoonPass has now expired. Should you attempt to use your SmartSpoon during this period, it will automatically revert to its non compliant FleshShred state to prevent unauthorized misuse of our IP. Please contact your SmartSpoon representative to restore service right away.

[-]

derscholl@reddit

NAT

[-]

Neffworks@reddit

I’ve yet to see it in an enterprise or campus environment. It’s either in the cloud or on the edge. Be honest don’t think most engineers want to manage it on a LAN.

[-]

bananaphonepajamas@reddit

We engineered ourselves out of it being required.

Although I suppose it's theoretically possible we could hit the number of devices that would necessitate it eventually, we'd need a hilarious number of devices on the average network and a ridiculous number of networks.

[-]

TerrificVixen5693@reddit

It’s still around, or something.

[-]

Anticept@reddit

NAT turned ip exhaustion into a non issue for ISPs. So we're stuck in this weird place where they don't want to spend the time or money to roll out ipv6, because there's no real demand for it by users at large, and users at large don't even know what the heck ipv6 even means, let alone means to their access.

It's one of those situations where we really would be way better off getting it deployed (IPv4 addresses are expensive and we're paying for it multiple times, as in the services we use AND our ISPs needing to own blocks), but unless the IPv4 Internet breaks, shareholders don't give a fuck and so neither does infrastructure.

[-]

MotanulScotishFold@reddit

IPv4 will not disappear.

IPv6 will be used mostly for mobile network or ISP for its customers (non-business).

That would make more sense while keeping IPv4 public IP for business.