Asklemmy

Trash

A lot of networks were designed with ipv4 and NAT in mind. There really isn’t a cost benefit to migrate all your DHCP scopes, VLANs, Subnets, and firewall rules to IPv6 and then also migrate 1000’s of endpoints to it.

Much cheaper to just disable ipv6 entirely on the internal network (to prevent attacks using a rogue dhcpv6 server etc) and only use ipv6 on your WAN connections if you have to use it.

I have IPv6 at home, at work, on my phone, and my hotspot. I have them on my websites and servers. IPv6 is everywhere for me. I use it all the time. Most people do and don't even realize it.

IPv4 still reigns supreme on a LAN, because you're never going to run out of addresses, even if you're running an enterprise company. IPv6 subnets are usually handed out to routers, so DHCPv6 can manage that address space and you don't need to know anything unless you're forwarding ports on IPv6.

For the Internet, just use hostnames. There's literally zero reason to memorize a WAN address when it could be an A/AAAA record.

We mainly use ipv4, but recent laws that all public sector websites are to use IPv6, we have had to update our stack.

Now we can do IPv6 public endpoints with ipv4 backends.

Another thing that makes no sense is if my ISP provided prefix changes -which it will- this affects the IP addressing on my local network. Ain't noboby got time for that if you're managing a company or having anything other than a flat home network with every device equal.

IPv6 is just people shouting NAT BAD, but frankly having separate address ranges inside and outside a house is a feature. A really really useful feature. Having every device have a public IP6 address I'd an anti-featute.

I've used IPv6 at home for over 20 years now. Initially via tunnels by hurricane electric and sixxs. But, around 10 years ago, my ISP enabled IPv6 and I've had it running alongside IPv4 since then.

As soon as server providers offered IPv6 I've operated it (including DNS servers, serving the domains over IPv6).

I run 3 NTP servers (one is stratum 1) in ntppool.org, and all three are also on ipv6.

I don't know what's going on elsewhere in the world where they're apparently making it very hard to gain accesss to ipv6.

As an email guy, I would love IPv6, but it just isn’t gonna happen (for me).

Widespread IPv6 adoption is right there with the year of the Linux desktop. It's a good idea, it's always Coming Soon™ and it's probably never going to actually happen. People are stubborn and thanks to things like NAT and CGNAT, the main reason to switch is gone. Sure, address exhaustion may still happen. And not having to fiddle with things like NAT (and fuck CGNAT) would be nice. But, until the cost of keeping IPv4 far outweighs the cost of everything running IPv6 (despite nearly everything doing it now), IPv4 will just keep shambling on, like a zombie in a bad horror flick.

It fixes must about every gripe I have with IPv4. It closes the hidden security holes NAT introduces. It pretty much configures itself. It allows you to use multiple Xboxes or Playstations within the same network and play online without faffing about! You can also disable the firewall entirely and basically never get scanned because scanning 2^64 addresses to find one computer is infeasible for bots (though you shouldn't).

The addresses are longer, that's for sure. But you shouldn't be remembering those anyway. That's why DNS exists! If you don't have a local DNS server for some reason, just use mDNS, every device supports it out of the box. yourcomputersname.local will work in place of an IP address in just about everything since Windows Vista.

IPv6 was severely underdeveloped when the Necromancy Address Translation kept IPv4 usable twenty years ago, but we're beyond that now. We have been for a while, actually.

Unfortunately, a lot of network people are the type that learned how networks worked in school forty years ago and decided that this is the way things are and they should never change again. That's how you get things like "TLS 1.3 pretends to be a TLS 1.2 session resumption or half the internet will break" and "only port 80 and 443 are usable on the internet". They even brought DHCP back when IPv6 works perfectly fine without it! At least Google did the right thing and refused to play ball with that malarkey in Android.

The whole address reserve argument never helped much. Super expensive cloud providers are now charging extra for IPv4 addresses but if you're using Amazon AWS you're used to paying through the nose anyway. CGNAT is a much worse problem, with thousands or hundreds of thousands of people sharing the same IPv4 address and basically being forced to solve CAPTCHAs all day because one of their IP coinhabitors has a virus.

As the comments here show, plenty of people can't be bothered. That's fine, legacy websites and devices can just use IPv4, that's the beauty of it.

Cloud infra engineer here.

Answer: I don’t think about it. Nothing fully supports it, so we pretend it doesn’t exist.

IPv6 was "just around the corner" when I was studying 20+ years ago. I kept a tunnel up until the brokers shut down.

I've been hosting some big (partly proprietary) services for work, and we've been IPv6 compatible for a decade.

My ISP finally gave me native IPv6 earlier this year, which gave me the push to make sure my personal hosting does IPv6 as well. Seems like most big players services support it today. It's nice to not have the overhead that CGNAT brings.

IPv6 got a bit of a bad reputation when operating systems defaulted to 6to4 translation but never actually managed to work.

IPv6 is now twice as old as IPv4 was when IPv6 was introduced. 20 years ago I worried about needing to support it. Now I don't even think about it at all.

I think djb was right, over twenty years ago: The IPv6 mess

The IPv6 designers made a fundamental conceptual mistake: they designed the IPv6 address space as an alternative to the IPv4 address space, rather than an extension to the IPv4 address space.

There was an alternative proposal that was backward-compatible with IPv4, but I’ve forgotten the name now.

Mostly I’m scared I’ll write a firewall rule incorrectly and suddenly expose a bunch of internal infrastructure I thought wasn’t exposed.

I want to love IPv6 but it's unfortunately still basically impossible to get good proper IPv6 in the first place.

At home I'm stuck with fairly broken 6rd that can't be hardware accelerated by my router and the MTU is like 1200 which is like 20% bandwidth overhead just for headers on the packets.

On the server side, OVH does have IPv6 but it's not routed, so the host have to pretend to have all the IPv6 addresses and the OVH routers will only accept like 8 of them in use before its NDP table is full, so assigning an IPv6 to every Docker container fails miserably.

IPv6's main problem is ISPs are so invested in NAT and IPv4 infrastructure they just won't support IPv6. Microsoft, Google and Apple need to team together and start requiring functional IPv6 to create user demand, because otherwise most users don't know about CGNAT and don't care. Everything needs to complain about bad IPv6 connectivity so users complain to ISPs and pressure them into fixing it.

a teammate implemented it because he thought it would be a good resume project. it added more maintenance work to a lot of pieces, forever. there is no measurable benefit to the business

People still use IPv4 because companies are slow to adopt new technologies. They see it as a huge money drain and if there is not a visible or tangible benefit to it then they won't invest in it. IPv6 is definitely a growing technology, it's just taking it's sweet time. For reference, currently the IPv4 has just under a million routes in the global routing table while IPv6 has ~216K routes. About 5 years ago it was something like 100K for IPv6 and not much has changed for IPv4.

I personally do not like the addressing of IPv6. It's not just the length, but now you have to use colons instead of period to separate the octets which leads to extra key strokes since I have to hold shift to type in a colon. It's a minor thing, but when networking is your bread and butter it adds up.

There are also some other concerns with IPv6. Since IPv6 tries to simplify routing by doing things like getting rid of NATing it also opens us up to more remote attacks. It used to be harder to target a specific user or PC that's behind a NATed IP but now everything is out in the open. I'm sure things will get better as more and more people use it and there will be changes made to the protocol however. It's just the natural evolution of technology.

I am very surprised to hear your ISP is not using IPv6. Seems like they're a little behind the times. Unless they just don't offer it to residential customers, which is still a bit behind the times too I guess.

Just annoyed when I need to specify port when using IPv6. Needs to add square bracket to workaround ambiguity of colon is kinda bad. How can they decide to use colon instead of another special character??

Both my employer and my home ISP use IPv6 since many years now and so does all my own stuff, it's wonderfully convenient to have a globally unique address for everything that I connect to the network.

We turn it off in our office. It doesn’t benefit us.

You could also make the argument that ipv4 through NAT is better for privacy since it obfuscate what, and how many devices are connected to where.

Company currently uses IPv6! For awhile firewall rules kept biting us as we’d realize something worked in ipv4 but not IPv6 but now I forget it’s even a thing really.

I once paid for a vpc host that was exclusively IPv6 and was shocked how many things broke. I was using it for a discord bot and the discord api didn’t even properly support IPv6 …

With NAT existing, I'm not sure there's a significant reason to switch anymore.

Plus the "surprise" privacy and security benefits of just... not having every network connected device directly addressable by anyone else on the global network. The face of the internet and networking in general, plus the security and safety concerns around it, have changed dramatically since v6 was first created.