Still, in 2025, I hear people bandying the old tropes about how IPv6 isn’t necessary, is insecure (they never mention that it’s the endpoint machines that’re insecure, not the protocol), doesn’t have a business case, et cetera, all while, you know, using cell phones. They don’t understand that the cell phone in their pocket is an IPv6 endpoint.
It’s both simultaneously fascinating and frustrating that people can feel so emotionally about something with little regard for facts.
My cellphone sadly does not get IPv6, it’s all CGNAT here. On the other hand, I have full dual-stack at home, because I bugged my ISP to set it up for me (default is still v4-only).
Sadly enough, the countries that needed IPv6 most - usually less developed ones who’d been allocated way fewer v4 addresses - started needing it early, when crucial parts of the stack such as Happy Eyeballs or privacy extensions for SLAAC weren’t ready yet. As a consequence, they had to find another way to keep the lights on, and many of them went to CGNAT.
Azure’s handling of IPv6 is ludicrous. You get a private v6 network that isn’t routed and then you can pay for public v6 addresses (not subnets), which are then NAT’d. The largest subnet that they sell is, I think, a /125. The price for a v4 and v6 address is the same. Their stupid handling makes v6 hard to work with because v6 is designed for a world where you get at least a /64 and it’s routable (though may be firewalled) and the easy path for all of the tooling works in this mode.
You get much better support for v6 from smaller players because they’re not sitting on a huge pile of v4 addresses. Vultr provides v6-only VMs for a discount, for example.
Due to a current bug in networkd that loses IPv4 routes after resuming from a suspend (easily fixed by running dhclient but anyway) I’ve had a crash course on this. Most of the websites I use regularly don’t work!
My university has not rolled out v6 to all devices for what seems to me a reasonable decision: websites that advertise v6 are broken/perform horribly (ie CNN, etc). If v6 is rolled out across the campus, then those website will break.
Until those websites get their act together, the university won’t roll out v6. Until the university rolls out v6, the websites don’t care to get their act together.
Happy Eyeballs is intended to break this exact deadlock, by making clients (browsers etc,) try both v4 and v6 in parallel and pick whatever performs better. Since browsers all do this now, maybe it’s time to give it another try?
Companies who hoarded a bunch of IPv4 have no incentives to transition, if not the reverse, they can profit from the monopoly they are slowly building.
Internet being less and less decentralized isn’t helping, and again companies have no incentives to reverse this trend, why bother if you’re the only kingdom and everyone has to pay you to access essential services ? That’s a reasonable business plan.
On another note, IPv6 is nice… but is mostly a patch over a broken paradigm that IP is… Top-down networks are nice when your computers are mainframes, but when everyone move at high speed everywhere, it’s fundamentally an huge pile of patches, hardware and software being piled up to counteract this non-natural behavior…
Instead, why wouldn’t we build network from the bottom to the top ? Why whould we keep ourselves with committee issued IPs when we have hardware able to do cryptographics keypairs ? Why can’t we have softwares that communicate with any softwares without even thinking about what logical or physical layer their on ?
IPs is but a broken paradigm pushed by telecoms companies trying to sell phone calls at a premium, and we kept it because history… but it didn’t stopped research before and after arpanet…
Protocol evolution, deployment, and lock-in is a fascinating interplay of economics, historical path-dependence, and technical capability. The “network effects” of communication protocols have such massive scale and power, and yet few seem able to think clearly about them.
What would it take to re-architect the Internet? How can you build an Ouroboros or RINA system at any scale? It’s a heck of a thought experiment.
Geoff’s blogging is always the best, especially if you’ve got a fresh coffee. I got to see his talk at NANOG92, but I’m sad he wasn’t there in person so I could thank him for his years of service. His BGP global table forecasting allowed me to predict an outage, a year before it occurred (TCAM exhaustion on our aging infrastructure). Sadly, I was ignored as I was working at the org for only 6 weeks, at the time.
I still think it’s nice to have a unique endpoint from a networking perspective. I often find it nice to be able to grep for my IP address and logs. Which I know reduces my anonymity but at the same time it lets me see where the problem’s coming from!
that’s a pretty common use-case, so you’re not alone.
I guess it depends on the stack you’re working with. For example, the EUI-64 standard will generate your v6 address by taking the 48 bit mac & adding 16 bits, by shimming FFFE in the middle, to get your 64 bit address. That gives you a predictable pattern to work off of for grep; you simply have to track the MACs instead of your DHCP / static IP assignments.
How much is EUI64 still used for SLAAC? I thought most operating systems have moved to randomized privacy addresses. (But I have not had to care about the details recently, and a lot of the v6 I have deployed uses manually allocated static addresses, hence my vagueness about the current state (as it were) of SLAAC.)
That’s a really good question, and I don’t have the data to answer. As I stated in my first reply, its very much a it depends on your stack kinda situation. It wasn’t clear if they were referring to a bunch of VMs in datacentre, or if they’re deploying in their home. If it’s the latter, randomization pretty much is dominant in both MacOS & Windows 10/11, plus plenty of consumer network gear, I do believe.
Ipv6 won’t solve the problem it was expected to solve, because having a globally routable address doesn’t mean that you automatically get incoming connections.
In fact in most consumer deployments I have seen, incoming connections on ipv6 are blocked by the ISP.
Sighhhh my crappy apartment complex uses a Ruckus box so I had to contact the ruckus box people and get my own ip address to host my website on a local device because my default I just share an ip address with the rest of the building.
And it’s just an ipv4. I don’t get an ipv6. So my personal site, mirawelner.com, has no ipv6.
Still, in 2025, I hear people bandying the old tropes about how IPv6 isn’t necessary, is insecure (they never mention that it’s the endpoint machines that’re insecure, not the protocol), doesn’t have a business case, et cetera, all while, you know, using cell phones. They don’t understand that the cell phone in their pocket is an IPv6 endpoint.
It’s both simultaneously fascinating and frustrating that people can feel so emotionally about something with little regard for facts.
My cellphone sadly does not get IPv6, it’s all CGNAT here. On the other hand, I have full dual-stack at home, because I bugged my ISP to set it up for me (default is still v4-only).
Sadly enough, the countries that needed IPv6 most - usually less developed ones who’d been allocated way fewer v4 addresses - started needing it early, when crucial parts of the stack such as Happy Eyeballs or privacy extensions for SLAAC weren’t ready yet. As a consequence, they had to find another way to keep the lights on, and many of them went to CGNAT.
😢
I’ll be ipv6-only when this is fixed.
Same for amazon, ebay, paypal, pinterest, tiktok, reddit, tumblr, twitter/X, imgur etc.
If you’re on IPv6 only internet today, you might as well not be on the internet.
Azure’s handling of IPv6 is ludicrous. You get a private v6 network that isn’t routed and then you can pay for public v6 addresses (not subnets), which are then NAT’d. The largest subnet that they sell is, I think, a /125. The price for a v4 and v6 address is the same. Their stupid handling makes v6 hard to work with because v6 is designed for a world where you get at least a /64 and it’s routable (though may be firewalled) and the easy path for all of the tooling works in this mode.
You get much better support for v6 from smaller players because they’re not sitting on a huge pile of v4 addresses. Vultr provides v6-only VMs for a discount, for example.
I don’t care about any of these. 😁 . Kinda useless most of them.
Due to a current bug in networkd that loses IPv4 routes after resuming from a suspend (easily fixed by running dhclient but anyway) I’ve had a crash course on this. Most of the websites I use regularly don’t work!
There are IPv6 transition technologies such as NAT64/xlat464 that allow you to access IPv4 sites from IPv6-only hosts.
This already happens on Android on many carriers, and it’ll increasingly be rolled out on other platforms.
My university has not rolled out v6 to all devices for what seems to me a reasonable decision: websites that advertise v6 are broken/perform horribly (ie CNN, etc). If v6 is rolled out across the campus, then those website will break.
Until those websites get their act together, the university won’t roll out v6. Until the university rolls out v6, the websites don’t care to get their act together.
Happy Eyeballs is intended to break this exact deadlock, by making clients (browsers etc,) try both v4 and v6 in parallel and pick whatever performs better. Since browsers all do this now, maybe it’s time to give it another try?
CNN website will break? Even more reasons to roll out today!
Companies who hoarded a bunch of IPv4 have no incentives to transition, if not the reverse, they can profit from the monopoly they are slowly building. Internet being less and less decentralized isn’t helping, and again companies have no incentives to reverse this trend, why bother if you’re the only kingdom and everyone has to pay you to access essential services ? That’s a reasonable business plan.
On another note, IPv6 is nice… but is mostly a patch over a broken paradigm that IP is… Top-down networks are nice when your computers are mainframes, but when everyone move at high speed everywhere, it’s fundamentally an huge pile of patches, hardware and software being piled up to counteract this non-natural behavior…
Instead, why wouldn’t we build network from the bottom to the top ? Why whould we keep ourselves with committee issued IPs when we have hardware able to do cryptographics keypairs ? Why can’t we have softwares that communicate with any softwares without even thinking about what logical or physical layer their on ?
IPs is but a broken paradigm pushed by telecoms companies trying to sell phone calls at a premium, and we kept it because history… but it didn’t stopped research before and after arpanet…
I’ll stop this weird hot take on a good article by just giving some ressources to dig further if you’re curious https://en.m.wikipedia.org/wiki/Recursive_Internetwork_Architecture https://www.notion.com/blog/louis-pouzin https://ouroboros.rocks/
I have no much hopes that, without politics getting in, we’ll move to something decent, companies and industrials doesn’t really care about
Protocol evolution, deployment, and lock-in is a fascinating interplay of economics, historical path-dependence, and technical capability. The “network effects” of communication protocols have such massive scale and power, and yet few seem able to think clearly about them.
What would it take to re-architect the Internet? How can you build an Ouroboros or RINA system at any scale? It’s a heck of a thought experiment.
Geoff’s blogging is always the best, especially if you’ve got a fresh coffee. I got to see his talk at NANOG92, but I’m sad he wasn’t there in person so I could thank him for his years of service. His BGP global table forecasting allowed me to predict an outage, a year before it occurred (TCAM exhaustion on our aging infrastructure). Sadly, I was ignored as I was working at the org for only 6 weeks, at the time.
I still think it’s nice to have a unique endpoint from a networking perspective. I often find it nice to be able to grep for my IP address and logs. Which I know reduces my anonymity but at the same time it lets me see where the problem’s coming from!
that’s a pretty common use-case, so you’re not alone.
I guess it depends on the stack you’re working with. For example, the EUI-64 standard will generate your v6 address by taking the 48 bit mac & adding 16 bits, by shimming FFFE in the middle, to get your 64 bit address. That gives you a predictable pattern to work off of for grep; you simply have to track the MACs instead of your DHCP / static IP assignments.
https://community.cisco.com/t5/networking-knowledge-base/understanding-ipv6-eui-64-bit-address/ta-p/3116953
https://en.wikipedia.org/wiki/Organizationally_unique_identifier#64-bit_extended_unique_identifier_(EUI-64)
How much is EUI64 still used for SLAAC? I thought most operating systems have moved to randomized privacy addresses. (But I have not had to care about the details recently, and a lot of the v6 I have deployed uses manually allocated static addresses, hence my vagueness about the current state (as it were) of SLAAC.)
That’s a really good question, and I don’t have the data to answer. As I stated in my first reply, its very much a
it depends on your stackkinda situation. It wasn’t clear if they were referring to a bunch of VMs in datacentre, or if they’re deploying in their home. If it’s the latter, randomization pretty much is dominant in both MacOS & Windows 10/11, plus plenty of consumer network gear, I do believe.Ipv6 won’t solve the problem it was expected to solve, because having a globally routable address doesn’t mean that you automatically get incoming connections.
In fact in most consumer deployments I have seen, incoming connections on ipv6 are blocked by the ISP.
Of course you won’t automatically get incoming connections, your firewall should be blocking those by default.
Sighhhh my crappy apartment complex uses a Ruckus box so I had to contact the ruckus box people and get my own ip address to host my website on a local device because my default I just share an ip address with the rest of the building.
And it’s just an ipv4. I don’t get an ipv6. So my personal site, mirawelner.com, has no ipv6.
cries