1. 42
  1.  

  2. 15

    IPv6 is just as far away from universal adoption…as it was three years ago.

    That seems…pretty easily demonstrably untrue? While it’s of course not a definitive, be-all-end-all adoption metric, this graph has been marching pretty steadily upward for quite a while, and is significantly higher now (~33%) than it was in 2017 (~20%).

    (And as an aside, it’s sort of interesting to note the obvious effect of the pandemic pushing the weekday troughs in that graph upward as so many people work from home.)

    1. 7

      I wouldn’t count it as “adoption” if it’s basically a hit or miss if your provider does it or not. So they do the natting for you?

      Still haven’t worked at any company (as an employee or being sent to the customer) where there was any meaningful adoption.

      My stuff is available via v4 and v6, unless I forget, because I don’t have ipv6 at home, because I simply don’t need it. When I tried it, I had problems.

      Yes, I’m 100% pessimistic about this.

      1. 13

        I adopted IPv6 around 2006 and finally removed it from all my servers this year.

        The “increase” in “adoption” is likely just more mobile traffic, and some providers a have native v6 and NAT64 and… shocker… it sucks.

        IPv4 will never go away and Jeff Huston is right: the future is NAT, always has been, always will be. The additional address space really isn’t needed, and every device doesn’t need its own dedicated IP for direct connections anyway. Your IP is not a telephone number; it’s not going to be permanent and it’s not even permanent for servers because of GEODNS anyway (or many servers behind load balancers, etc etc). IPs and ports are session identifiers, no more, no less.

        You’ll never get rid of the broken middle boxes on the Internet, so stop believing you will.

        The future is name-based addressing – separate from our archaic DNS which is too easily subverted by corporations and governments, and we will definitely be moving to a decentralized layer that runs on top of IP. We just don’t know which implementation yet. But it’s the only logical path forward.

        DNSSEC and IPv6 are failures. 20+ years and still not enough adoption. Put it in the bin and let’s move on and focus our efforts on better things that solve tomorrow’s problems.

        1. 21

          What I find so annoying about NAT is that it makes hard or impossible to send data from one machine to another, which was pretty much the point of the internet. Now you can only send data to servers. IPv6 was supposed to fix this.

          1. 8

            Now you can only send data to servers

            It’s almost as if everyone that “counts” has a server, so there’s no need for everyone to have one. This is coherent with the growing centralisation of the Internet.

            1. 18

              It just bothers me that in 2020 the easiest way to share a file is to upload to a server and send the link to someone. It’s a bit like “I have a message for you, please go to the billboard at sunshine avenue to read it.”.

              1. 4

                There are pragmatic reasons for this. If the two machines are nearby, WiFi Direct is a better solution (though Apple’s AirDrop is the only reliable implementation I’ve seen and doesn’t work with non-Apple things). If the two machines are not near each other, they need to be both on and connected at the same time for the transfer to work. Sending to a mobile device, the receiver may prefer not to grab the file until they’re on WiFi. There are lots of reasons either endpoint may remove things. Having a server handle the delivery is more reliable. It’s more analogous to sending someone a package in a big truck that will wait outside their house until they’re home and then deliver it.

                1. 3

                  Bittorrent and TCP are pretty reliable. You’re right about the ‘need to be connected at the same time’ though.

                  1. 2

                    Apple’s AirDrop is the only reliable implementation I’ve seen and doesn’t work with non-Apple things

                    Have you seen opendrop?

                    Seems to work fine for me, although it’s finicky to set up.

                    https://github.com/seemoo-lab/opendrop

                  2. 2

                    I think magic wormhole is easier for the tech crowd, but still requires both systems to be on at the same time.

                    1. 1

                      https://webwormhole.io/ works really well!

                  3. 7

                    This is coherent with the growing centralisation of the Internet.

                    My instinct tells me this might not be so good.

                    1. 4

                      So does mine. So does mine.

                    2. 2

                      Plus le change…

                      On the other hand, servers have never been more affordable or generally accessible: all you need is like $5 a month and the time and effort to self-educate. You can choose from a vast range of VPS providers, free software, and knowledge sources. You can run all kinds of things in premade docker containers without having much of a clue as to how they work. No, it’s not the theoretical ideal by any means, but I don’t see any occasion for hand-wringing.

                      1. 1

                        I’ve always assumed the main thing holding v6 back is the middle-men of the internet not wanting to lose their power as gatekeepers.

                      2. 6

                        Nobody in their right mind is going to use client machines without a firewall protecting them and no firewall is going to by default accept unsolicited traffic form the wider internet.

                        Which means you need some UPnP like mechanism on the gateway anyways. Not to map a port, but to open a port to a client address.

                        Btw: I’m ha huge IPv6 proponent for other reasons (mainly to not give centralized control to very few very wealthy parties due to address starvation), but the not-possible-to-open-connections argument I don’t get at all.

                        1. 8

                          Nobody in their right mind would let a gazillion services they don’t even know about run on their machines and let those services be contacted from the outside.

                          Why do (non-technical) people need a firewall to begin with? Mainly because they don’t trust the services that run on their machines to be secure. The correct solution is to remove those services, not add a firewall or NaT that requires traversing.

                          Though you were talking about UPnP, so the audience there is clearly the average non-technical Windows user, who doesn’t know how to configure their router. I have no good solution for them.

                          1. 8

                            Why do (non-technical) people need a firewall to begin with? Mainly because they don’t trust the services that run on their machines to be secure

                            Many OSes these days run services listening on all Interfaces. Yes, most of them could be rebound to localhost or the local network interface, but many don’t provide easy configurability.

                            Think stuff like portmap which is still required for NFS in many cases. Or your print spooler. Or indeed your printer’s print spooler.

                            This stuff should absolutely not be on the internet and a firewall blanket-prevents these from being exposed. You configure one firewall instead of n devices running m services.

                            1. 3

                              Crap, good point, I forgot about stuff on your local network you literally cannot configure effectively. Well, we’re back to configuring the router, then.

                          2. 1

                            If the firewall is in the gateway at home, then you can control it, and you can decide to forward ports and allow incoming connections to whatever machine behind it. If your home NAT is behind a CGNAT you don’t control, you are pretty much out of options for incoming connections.

                            IPv6 removes the need for CGNAT, fixing this issue.

                            1. 2

                              Of course but I felt like my parent poster was talking from an application perspective. And for these not much changes. An application you make and deploy on somebodies machine still won’t be able to talk to another instance of your application on another machine by default. Stuff like STUN will remain required to trick firewalls into forwarding packets.

                          3. 3

                            Yeah but this is not a fair statement. If we had no NAT this same complaint would exist and it would be “What I find so annoying about FIREWALLS is they make it hard or impossible to send data from one machine to another…”

                            But do you really believe having IPv6 would allow arbitrary direct connections between any two devices on the internet? There will still have to be some mechanism for securely negotiating the session. NAT doesn’t really add that much more of a burden. The problem is when people have terribly designed networks with double NAT. These same people likely would end up with double firewalls…

                            1. 2

                              Of course, NAT has been invented for a reason, and I’d prefer having NAT over not having NAT. But for those of us that want to play around with networks, it’s a shame that we can’t do it without paying for a server anymore.

                              1. 1

                                I really do find it easier to make direct connections between IPv6 devices!

                                Most of the devices I want to talk to each other are both behind an IPv4 NAT, so IPv6 allows them to contact each other directly with STUN servers.

                                Even so, Tailscale from the post linked is even easier to setup and use than IPv6, I’m a fan.

                            2. 17

                              The “increase” in “adoption” is likely just more mobile traffic

                              Even if so, why the scare quotes? They’re network hosts speaking Internet Protocol…do they not “count” for some reason?

                              You’ll never get rid of the broken middle boxes on the Internet, so stop believing you will.

                              Equipment gets phased out over time and replaced with newer units. Devices in widespread deployment, say, 10 years ago probably wouldn’t have supported IPv6 gracefully (if at all), but guess what? A lot of that stuff’s been replaced by things that do. Sure, there will continue to be shitty middleboxes needlessly breaking things on the internet, but that happens with IPv4 already (hard to think of a better example than NAT itself, actually).

                              It’s uncharacteristic because I’m generally a pessimistic person (and certainly so when it comes to tech stuff), but I’d bet that we’ll eventually see IPv6 become the dominant protocol and v4 fade into “legacy” status.

                              1. 4

                                I participated in the first World IPv6 Day back in 2011. We begged our datacenter customers to take IPv6. Only one did. Here’s how the conversation went with every customer:

                                “What is IPv6?”

                                It’s a new internet protocol

                                “Why do I need it?”

                                It’s the future!

                                “Does anyone in our state have IPv6?”

                                No, none of the residential ISPs support it or have an official rollout plan. (9 years later – still nobody in my state offers IPv6)

                                “So why do I need it?”

                                Some people on the internet have IPv6 and you would give them access to connect to you with IPv6 natively.

                                “Don’t they have IPv4 access too?”

                                Yes

                                “So why do I need it?”

                                edit: let’s also not forget that the BCP for addressing has changed multiple times. First, customers should get assigned a /80 for a single subnet. Then we should use /64s. Then they should get a /48 so they can have their own subnets. Then they should get a /56 because maybe /48 is too big?

                                Remember when we couldn’t use /127 for ptp links?

                                As discussed in [RFC7421], "the notion of a /64 boundary in the
                                address was introduced after the initial design of IPv6, following a
                                period when it was expected to be at /80".  This evolution of the
                                IPv6 addressing architecture, resulting in [RFC4291], and followed
                                with the addition of /127 prefixes for point-to-point links, clearly
                                demonstrates the intent for future IPv6 developments to have the
                                flexibility to change this part of the architecture when justified.
                                
                              2. 10

                                I adopted IPv6 around 2006 and finally removed it from all my servers this year.

                                Wait, you had support for IPv6 and your removed it? Did leaving it working cost you?

                                1. 3

                                  Yes it was a constant source of failures. Dual stack is bad, and people using v6 tunnels get a terrible experience. Sixxs, HE, etc should have never offered tunneling services

                                  1. 8

                                    I’m running dual stack on the edge of our production network, in the office and at my home. I have never seen any interference of one stack with another.

                                    The only problem I have seen was that some end-users had broken v6 routing and couldn’t reach our production v6 addresses, but that was quickly resolved. The reverse has also been true in the past (broken v4, working v6), so I wouldn’t count that against v6 in itself, though I do agree that it probably takes longer for the counter party to notice v6 issues than they would v4 ones.

                                    But I absolutely cannot confirm v6 to be a “constant source of failures”

                                    1. 3

                                      The only problem I have seen was that some end-users had broken v6 routing and couldn’t reach our production v6 addresses, but that was quickly resolved.

                                      This is the problem we constantly experienced in the early 2010s. Broken OSes, broken transit, broken ISPs. The customer doesn’t care what the reason is, they just want it to work reliably 100% of the time. It’s also not fun when due to Happy Eyeballs and latency changes the client can switch between v4 and v6 at random.

                                    2. 1

                                      Is there any data on what the tunnelling services are used for though? Just asking because some friends were just using them for easier access to VMs that weren’t public per se, or devices/services in a network (with the appropriate firewall rules to only allow trusted sources)

                                  2. 2

                                    This is the first time I downvoted a post so I figure I’d explain why.

                                    For one, you point to a future of more of the status quo: More NAT, IPv4. But at the same time you also claim the world is going to drop one of the biggest status quo’s of DNS for a wholly brand new name resolution service? Also, how would a decentralized networking layer be able to STUN/TURN the 20+ layers of NAT we’re potentially looking at in our near future?

                                    1. 1

                                      Oh no, we aren’t going to drop DNS, we will just not use it for the new things. Think Tor hidden services, think IPFS (both have problems in UX and design, but are good analogues). These things are not directly tied to legacy DNS; they can exist without it. Legacy DNS will exist for a very long time, but it won’t always be an important part of new tech.

                                    2. 2

                                      The future is name-based addressing – separate from our archaic DNS which is too easily subverted by corporations and governments, and we will definitely be moving to a decentralized layer that runs on top of IP. We just don’t know which implementation yet. But it’s the only logical path forward.

                                      So this would solve the IPv4 addressing problem? While I certainly agree with “every device doesn’t need its own dedicated IP”, the amount us usable IPv4 addresses is about 3.3 billion (excluding multicast, class E, rfc1918, localhost, /8s assigned to Ford etc.) which really isn’t all that much if you want to connect the entire world. It’ll be a tight fit at best.

                                      I wonder how hard it would be to start a new ISP, VPS provider, or something like that today. I would imagine it’s harder than 10 years ago; who do you ask for IP addresses?

                                      1. 1

                                        Some of the pressure on IPv6 addresses went away with SRV records. For newer protocols that baked in SRV from the start, you can run multiple (virtual) machines in a data center behind a single public IPv4 address and have the service instances run on different ports. For things like HTTP, you need a proxy because most (all?) browsers don’t look for SRV records. If you consider IP address + port to be the thing a service needs, we have a 48-bit address space, which is a bit cramped for IoT things, but ample for most server-style things.

                                    3. 5

                                      That graph scares me tbh. It looks consistent with an S-curve which flattens out well before 50%. I hope that’s wrong, and it’s just entering a linear phase, but you’d hope the exponential-ish growth phase would at least have lasted a lot longer.

                                      1. 3

                                        Perhaps there’s some poetic licence there, but 13% in 3 years isn’t exactly a blazing pace, and especially if we assume that the adoption curve is S-shaped, it’s going to take at least another couple of decades for truly universal adoption.

                                        1. 7

                                          It’s not 13%, it’s 65%. (13 percentage points.)

                                          1. 1

                                            Yup, right about two decades to get to 90% with S-curve growth. I mean, it’s not exponential growth, but it’s steady and two decades is about 2 corporate IT replacement lifecycles.

                                          2. 2

                                            That seems…pretty easily demonstrably untrue? While it’s of course not a definitive, be-all-end-all adoption metric, this graph has been marching pretty steadily upward for quite a while, and is significantly higher now (~33%) than it was in 2017 (~20%).

                                            I think that’s too simplistic of an interpretation of that chart; if you look at the “Per-Country IPv6 adoption” you see there are vast differences between countries. Some countries like India, Germany, Vietnam, United States, and some others have a fairly significant adoption of IPv6, whereas many others have essentially no adoption.

                                            It’s a really tricky situation, because it requires the entire world to cooperate. How do you convince Indonesia, Mongolia, Nigeria, and many others to use IPv6?

                                            So I’d argue that “IPv6 is just as far away from universal adoption” seems pretty accurate; once you start the adoption process it seems to take at least 10-15 years, and many countries haven’t even started yet.

                                            1. 1

                                              How do you convince Indonesia, Mongolia, Nigeria, and many others to use IPv6?

                                              By giving them too few IPv4 blocks to begin with? Unless they’re already hooked on carrier grade NAT, the scarcity of addresses could be a pretty big incentive to switch.

                                              1. 1

                                                I’m not sure if denying an economic resource to those kind of countries is really fair; certainly in a bunch of cases it’s probably just lack of resources/money (or more pressing problems, like in Syria, Afghanistan, etc.)

                                                I mean, we (the Western “rich”) world shoved the problem ahead of us for over 20 years, and now suddenly the often lesser developed countries actually using the least amount of addresses need to spend a lot of resources to quickly implement IPv6? Meh.

                                                1. 2

                                                  My comment wasn’t normative, but descriptive. Many countries already starve for IPv4 addresses.

                                                  now suddenly the often lesser developed countries actually using the least amount of addresses need to spend a lot of resources to quickly implement IPv6?

                                                  If “suddenly” means they were knew it would happen like 2 decades ago, and “quickly” means they’d have over 10 years to get to it… In any case, IPv6 has already been implemented in pretty much every platform out there. It’s more a matter of deployment now. The end points are already capable. We may have some routers who still aren’t IPv6 capable, but there can’t be that many by now, even in poorer countries. I don’t see anyone spending “a lot” of resources.

                                            2. 1

                                              perhaps the author is going by the absolute number of hosts rather than percentage

                                            3. 10

                                              What makes IPv6 special is that its proponents are not content for it to be an internet that connects to The Internet. No! It’s the chosen one. Its destiny is to be The Internet. As a result, we don’t only have bridges and gateways to join the IPv6 internets and the IPv4 internet (although we do).

                                              This is a straw-man: IPv6 was specifically designed so that IPv4 equipment could keep on running decades after the last residential ISP stopped supporting it.

                                              Instead, IPv6 wants to eventually run directly on every node. End users have been, uh, rather unwilling to give up IPv4, so for now, every node has that too. …

                                              Lets say you are an ISP, or you run a datacenter, or you have a new server: every new IPv4 address will cost ~$20. For the FAANGs and myself, it doesn’t make financial sense to pay $20 for each new IP address, so we deploy IPv6 internally use a shared IPv4 address on the load balancer. So while IPv6 traffic “only” makes up some 30% of globally routed internet traffic, IPv6 is already cheaper to deploy for new intranets.

                                              paraphrasing: IPv4 + IPv6 ~= 90%* 90% != 90% + 90%

                                              …and now there are two internets, with a surprisingly low level of overlap, so your ISP has to build and debug both.

                                              …and every OS vendor has to debug both protocol implementations, which is more than twice as much code.

                                              …and every app vendor has to test with both IPv4 and IPv6, which of course they don’t.

                                              Purity cannot ever be achieved at this kind of scale. If you need purity for your network to be reliable, then you have an unsolvable problem.

                                              The failure rate doesn’t interact in that way … or at least the IPv4 and IPv6 devices on my mobile, home, and server networks have a negligible failure rate. You seem to be advocating for IPv4 exclusive NAT because we have to do that anyway and IPv6 will never be ubiquitous enough to matter. However, LTE ISPs (where IPv6 is required) report that 80% of their internet traffic runs on IPv6.

                                              🙄

                                              This blogpost falls into a category of rants I call grumpy IT admin memos which only make sense within the realm of a specific IT environment. IPv6 will not make sense for a very long time if you run a boring corporate network and don’t want 99% of your computers to communicate with the outside world anyway.

                                              The problem IPv4 dead-enders can’t wrap their heads around is that we already live in a world where the cost of providing IPv4 is going to continue to increase while the ability to route between IPv4 addresses will continue to decrease. How do you suggest we connect the 50% of the population that isn’t online? I know that China isn’t going to pay $20/connection, they think it will be cheaper to get to 100% IPv6 by 2025!

                                              I don’t know if IPv4 will ever go away, rotary phones still work in parts of the US. But at some point, your corporate 10-20 year equipment replacement schedule will be up and it will make financial sense for even the oldest networks to switch to IPv6.

                                              One thing we can do, though, is build better heuristics.

                                              Oh, so you do think it’s a workable solution? That’s odd, what exactly are you …

                                              And you know what, forget about IPv4 and IPv6. The same tricks would work with that redundant cable + DSL setup we mentioned above.

                                              This is what we do, in a small way, with Tailscale’s VPN connections. … And what do you know, the math works. Tailscale with two networks is more reliable than Tailscale with one network.

                                              Oh, I see! You are selling me something that will magically fix the problems you exaggerated above.

                                              Now, can it work for the whole Internet?

                                              There are parts of IPv6 which didn’t work out (RIP universal transport encryption) but they did a pretty bang-up job with IPv6. ~1/3 of internet traffic is IPv6 and IPv6 appears to be the default for greenfield networks due to the cost of IPv4 addresses. This has translated into steady growth, which isn’t as exciting as exponential growth but IPv6 is working just fine.

                                              1. 2

                                                How do you suggest we connect the 50% of the population that isn’t online? I know that China isn’t going to pay $20/connection, they think it will be cheaper to get to 100% IPv6 by 2025!

                                                ISPs put the common folk behind CGNAT. That’s what happens in Spain. None of the ISPs will give you IPv6 connectivity. Most new ones won’t give you a public IPv4 address either, unless you specifically ask for it. They will put you behind a NAT shared with other customers, and things work fine for almost everybody that way.

                                                What motivation is there for ISPs to get IPv6 working, in this case?

                                                1. 1

                                                  ISPs put the common folk behind CGNAT. That’s what happens in Spain.

                                                  At 2.2% deployment, Spain is a laggard compared to the rest of Europe. In the U.S. Comcast, Charter, AT&T, & Cox are deploying dual-stack IPv6. It looks like your neighbors don’t think that CGNAT is a good long-term solution 😁.

                                                  Most new ones won’t give you a public IPv4 address either, unless you ask for it.

                                                  As in they won’t give you a static IP or a dedicated IP? Most ISPs in the US charge for a static IP.

                                                  They will put you behind a NAT shared with other customers, and things work fine for almost everybody that way.

                                                  AFAIK, CGNAT doesn’t support things like UPnP. So how well do P2P applications like file-sharing, games, and web conferencing work?

                                                  What motivation is there for ISPs to get IPv6 working, in this case?

                                                  CGNAT requires hardware to store all that state. Adding support for IPv6 will drop their hardware requirements for all new traffic while improving their customer’s experience. This presentation by a Time Warner employee lays out their TCO projections for CGNAT, although it is a bit dated and depends on marketplace competition.

                                              2. 8

                                                Instead, IPv6 wants to eventually run directly on every node. End users have been, uh, rather unwilling to give up IPv4, so for now, every node has that too.

                                                Most people behind v4 ISPs don’t really have a choice.

                                                1. 4

                                                  Now, can [IP mobility] work for the whole Internet?

                                                  Yes. Apple has been using MPTCP in production since iOS 7 was released. QUIC supports mobility.

                                                  1. 2

                                                    In case anyone is interested in a fundamentally better way, I suggest learning about RINA.

                                                    At this point, I’m more interested in how we can outgrow our Gordian tangle of legacy protocols, effectively, in the real world… and that’s another question entirely. One thing’s pretty clear: interop is essential for adoption, but tends to subvert and dilute any true advantage of the new thing. Network effects. Path dependence. Game theory.