
Ask HN: Why is switching to IPv6 so hard? - akulbe
Encountered a situation where IPv4 addresses were exhausted on one segment.<p>Brought up the idea of IPv6, and was summarily dismissed... and told it&#x27;s a long-term goal, but not possible right now.<p>Admittedly, this is something I don&#x27;t know a lot about. I want to better understand, though.<p>Why is switching to IPv6 so hard?<p>What all is involved in the process?<p>Why do some companies put it off as long as possible, with all the resource issues that seem to be coming up?<p>Thanks.<p>Edit: clarity
======
api
Several reasons:

(1) IPv6 is a usability disaster. Addresses are not memorable, hard to type,
and annoying to cut and paste. DNS solves some of these issues but is another
system that can break. Network engineers deal in IP addresses because networks
are IP-based, not DNS-based.

(2) Networking is a curmudgeonly field that clings stubbornly to old ways of
doing things. Vendors like it this way because it helps them sell complexity
and then sell more complexity to ease dealing with that complexity.

(3) IPv4 and NAT are huge sources of complexity and thus revenue for vendors
(extending #2).

(4) A lot of old software still doesn't support it. A lot of legacy systems
will never support it.

(5) Security superstition and cargo cultism. Many people think NAT is a
security feature and fear IPv6 "exposing IPs." NAT was _never_ about security
and if exposing an IP is a security risk you have major security problems.

(6) A lot of ISPs and major cloud providers (Azure, Google) don't offer it
yet, making full support across everything difficult. Until they do you'll
have to maintain dual stack or ugly V4/V6 NAT hacks.

(7) IPv6 doesn't solve all the problems. It has no inherent mechanism for
authentication, micro-segmentation, or encryption (IPSec is a usability
nightmare) and you still get delegation issues. For example if you delegate
/64 to your network then /128 to each host a host cannot delegate a /128 to a
VM. You could bridge the VM but this is sometimes problematic. This is a huge
oversight in standard IPv6 address assignment practices, which should much
more liberally delegate addresses.

------
runjake
I manage it deployed on a large WAN. It's not hard.

Okay, it's kind of hard for the network administrator. There's a bit of a
learning curve and you'd better understand how IPv6 requires ICMP, and how RA
works. But, if you do your job right, end users probably won't notice.
Everyone is still gun-shy about IPv6.

------
bleke
Because IPv6 from user point of view it is 128 bit address and nothing more.
From technical point there will be always that golden switch/router witch have
problems with IPv6 and it is hardware bug, because router golden nobody will
be new device for big chunk of money.

