
IPv6 breaks the 25% barrier - AndrewDucker
https://www.google.com/intl/en/ipv6/statistics.html?25%
======
Ambroos
I wonder when a country is going to overtake Belgium in IPv6 adoption. Belgium
has been slightly above 50% IPv6 traffic to Google for quite a while now,
thanks to major ISPs switching to native dual-stack setups (and those ISPs
being in full control of home networks in general).

It seems that we in Belgium are somewhat stuck at this rate though. Consumer
routers behind ISP modems that only provide IPv4, enterprises not adopting
IPv6, mobile networks not adopting IPv6 (all IPv4 only with CGNAT if I'm not
mistaken), ...

~~~
jgrahamc
Based on Cloudflare traffic data we see this over the last 7 days:

    
    
        US 39.56%
        IN 39.03%
        BE 36.97%
        IE 36.23%
        MY 30.55%
        DE 28.24%

~~~
Ambroos
Huh, interesting! I wonder where the discrepancy comes from.

~~~
chimeracoder
> Huh, interesting! I wonder where the discrepancy comes from.

Probably because the Cloudflare data is percentage of traffic (e.g. total
requests), and the Google data is percentage of users. Mobile traffic is more
likely to be IPv6, and that would skew the numbers.

~~~
ecnahc515
Yeah, cloudflare sees a lot of backend systems too (servers); whereas Google
probably gets more from (and is reporting on) devices attached to humans.

------
QUFB
Google's own GCE still doesn't have IPv6 support on the instance level:

[https://googlecloudplatform.uservoice.com/forums/302595-comp...](https://googlecloudplatform.uservoice.com/forums/302595-compute-
engine/suggestions/8518246-support-ipv6)

~~~
pilif
I'm a huge fan of IPv6 as it's a huge contributor to ensure the continued
openness of the internet. Also, I'm in the privileged position of having a
native dual-stack provided by my ISP, so I have native IPv4 and IPv6 both at
home and in the office.

And yet, even in this position, I think having IPv6 native inside of a
production network isn't absolutely necessary (our production env runs in the
RFC1918 space too even though v6 would be available at both ends):

Access to the private production network should all happen over an encrypted
and authenticated VPN and all access form the production network to the public
network (if needed at all) should go through a filtering proxy server.

Which means that the addressing used in your internal network becomes
completely irrelevant and can easily be IPv4.

This only becomes an issue once you need more hosts than the /8 offered by the
10/8 RFC1918 network, but the days when you need (and can afford) more than
16.7M nodes on a cloud computing provider are probably still a ways off.

If you want instance level IPv6 in order to access an instance directly or in
order to access a resource directly, you're probably doing something wrong.

Then again, as services become v6 only (which will still be a few years off)
and you need to access them from your production network, then your frontend
proxy will of course need access to the v6 network. At that point, yes,
instance level v6 becomes necessary too.

~~~
agwa
Using IPv4 internally becomes an issue as soon as you need to interconnect
with someone else's internal network which uses overlapping IPv4 address
space. The most famous example is probably Facebook's acquisition of
Instagram, which required an incredible amount of iptables hackery to work
around overlapping IPv4 address space: [https://instagram-
engineering.com/migrating-from-aws-to-fb-8...](https://instagram-
engineering.com/migrating-from-aws-to-fb-86b16f6766e2)

In contrast, even if you use "private" IPv6 addresses (ULA), the address space
is large enough that everyone can have their own prefix. Or better, just use
public IPv6 addresses and firewall them.

~~~
endymi0n
Then again, IPv6 hasn't really been built with NAT in mind, precisely because
"there are so many addresses out there you won't need it". So if you decide
for an IPv6 deployment for your servers, you're essentially between a rock
(you can't easily transfer an IPv6 address space from one cloud provider to
the next) and a hard place (use ULA addresses internally and having to NAT to
the outside _anyway_ , but with less software and hardware support). As for me
personally, I'm totally fine with IPv4 behind the load balancer: it gives me a
much easier time with basically everything and I can still support both v4 and
v6 for all clients connecting to my site as well.

~~~
zAy0LfpBZLC8mAC
IPv4 also hasn't been built with NAT in mind. And given the disaster it has
been ... no, obviously, noone in their right mind would build a new protocol
with NAT in mind.

For one, you don't need NAT to use ULA internally. You just use ULA for
internal stuff and global addresses for everything else.

But really, if renumbering is a problem in the first place, you are doing
something fundamentally very wrong. Renumbering should be a matter of adding a
new prefix of the same length to your addressing plan and replicating in it
the exact same subnet structure you had before, then deprecating the old
prefix (so it's not used for new outbound connections), waiting a bit, and
then removing the old prefix. If your problem is hard-coded addresses
everywhere, that is also a problem with your system design. Almost all of your
configuration should only contain host names, and your DNS should either use
dynamic updates so that hosts register their current primary addresses with
the DNS server, or some other mechanism that generates records from an
addressing plan of sorts and a prefix. There should be very few places where
you need to change addresses in order to switch prefixes.

------
okket

      dig +short aaaa news.ycombinator.com
      [no output]

~~~
djsumdog
I use the SixOrNot browser extension to see which sites have IPv6 enabled (and
to test the IPv6 on my own website). Yep, YC has been IPv4 for a good long
while.

~~~
tambre
There's also IPvFoo[0] for those on Chrome (it supports Firefox too, but is a
bit buggier there).

[0] [https://github.com/pmarks-net/ipvfoo](https://github.com/pmarks-
net/ipvfoo)

------
MrQuincle
Why this pattern? From for example Jan to July 2018 there are 27 "cycles" \-
probably weeks. They go from say 18% to 22% in a week in a regular pattern.
Peaks are sharper than the valleys. Are those weekends? Is there more use of
IPv6 in the weekend?

~~~
majidazimi
> Is there more use of IPv6 in the weekend?

Most probably yes. Since IPv6 is deployed more on consumers side rather than
enterprises. So it's not surprising that over the weekend IPv6 traffic hits a
peak.

~~~
djsumdog
That makes a lot of sense. If you move to a new house and get a new router
from your ISP, you're not going to notice or have to reconfigure a bunch of
stuff if you're an average home user, for IPv6 (unless you're one of the
people here on HN and have a complex network topology).

By default, most ISP routers firewall all IPv6 traffic (and IPv4 is implicitly
firewalled via NAT). In an enterprise environment, dual stack support can get
a lot more tricky and you need to ensure firewalls are property configured, or
else regular workstations can be accessible via the public network.

------
platz
As a web user, the ipv6 internet is basically Google, Facebook, and
Wikipedia.. and freenode. that's pretty much it.

~~~
ggm
LinkedIn. Cloudflare. Akamai. Fastly. the CDNs can't enable webs who dont sign
a consent. But.. you kinda need to look a bit harder.

~~~
jgrahamc
Cloudflare enables IPv6 by default: [https://blog.cloudflare.com/always-on-
ipv6/](https://blog.cloudflare.com/always-on-ipv6/)

~~~
ggm
Good point. +1 for CloudFlare

------
tomschlick
Verizon FIOS seems to have given up any hope at implementing IPv6 :(

~~~
tambre
They started rolling out IPv6 in a couple areas a few weeks ago [0].

[0] [https://www.dslreports.com/forum/r32136440-Networking-
IPv6-w...](https://www.dslreports.com/forum/r32136440-Networking-IPv6-working)

~~~
tomschlick
Yeah I just stumbled upon that a few minutes ago. Hopefully it's the real deal
this time.

------
nodja
I'd like to see a per ISP distribution. I gather that the majority of v6
adoption is by cellphone ISPs.

~~~
_trampeltier
In switzerland, there is (still) no IPv6 from any cellphone provider.

~~~
jonaswi
I was working for one of the "big" 3 planning the rollout of IPv6 in their
cellphone network. They stopped the project due to budget concerns. Doesn't
seem to be too high of a priority for them.

~~~
YouKnowBetter
Only the police is driving ipv6 hard in the carrier market (since tracing back
connections via CGN is hard if not impossible).

There is little to no incentive to change a well working network, it makes
(business) sense to introduce v6 in the upcoming G5 but not in the running
setups.

------
jimmaswell
Parents' laptop recently had an inscrutable problem where only a handful of
sites worked. Turned out to only be able to load ipv6 websites. On virtually
every Google result while fixing the issue, the only way to see the contents
was from Google's cache, so it seems like server side adoption is still pretty
scarce.

~~~
ridgewell
Did you find out what the issue was in the end? Was it because the IPv4
adapters were disabled?

Server side adoption is honestly not that bad. Quite a few major datacenters
implement IPv6, but people don't set their A records or slightly modify their
config for an IPv6 interface. Cloudflare provides a temporary proxy solution
in that it offers IPv6, but it isn't really true IPv6.

~~~
jimmaswell
I believe it was the ipv4 adapters being disabled, or something else being
disabled or set wrong in the adapter settings. No idea how it gets like that
in the first place, but apparently it's a problem that's happened to other
people often enough for there to be a few threads about it on various support
forums.

------
JustSomeNobody
Why was there a barrier? I mean what was at the 25% mark that prevented
surpassing it?

~~~
bluGill
If you look at the graph, a year ago we were at 15%, so the it doesn't seem
like there is a barrier, just growth finally hit that mark.

There may well be a barrier in the future, but so far there isn't any sign of
one.

------
patrickg_zill
So from what I understand, when I use my tmobile phone over 4g,I don't have an
ipv4 address that is routable.

So I am basically NATed to ipv6.

Is Google including this kind of mobile traffic? I would guess that they are.

~~~
zamadatix
"So from what I understand, when I use my tmobile phone over 4g,I don't have
an ipv4 address that is routable."

T-Mobile is IPv6 only, you will have no IPv4 address assigned to your phone.

"So I am basically NATed to ipv6."

Other way around, your IPv6 connection is NATed to IPv4 via one of DNS64 or
NAT64.

"Is Google including this kind of mobile traffic? I would guess that they
are."

Yes, but maybe not in the way you're thinking if I'm reading your comment
correctly. The IPv6 only portion is just INSIDE T-Mobile, when you need to
leave T-Mobile to access services you will be using v6 if the services support
v6 and v4 if the services support v4. Since Google is measuring this by how
you connect to Google and most Google services are v6 enabled then you'll be
counted as v6 properly. For the ones that aren't v6 enabled you'll be counted
as v4 properly as they are measuring how you go over the general internet not
how you traverse a private network.

~~~
patrickg_zill
My phone shows both an IPv6 address and, 192.168.0.x IPv4.

~~~
MattSteelblade
That 192.168.0.X address in an IPv4 private address. I'm assuming your phone
is connected to Wi-Fi.

~~~
patrickg_zill
I specifically turned off Wi-Fi for the test. Although it is possible that the
phone kept it as an ip address. I don't have a way to find out.

------
pasbesoin
I like NAT and the associated partial anonymity it can provide. (At least, you
may have to hit up multiple organizations, maybe in different countries, to
trace the endpoint(s).)

I'm not looking forward to IPv6 enabling/escalating yet another factor in
tracking everything and everyone, online.

Maybe this is a grossly (as in, large) wrong and ill-informed perspective, on
my part. If so, please disabuse me of it. I remain concerned.

------
intopieces
Are there any VPN services that don't have IP leaks for IPv6? I gave up and
disabled it last time I investigated this issue.

------
alpb
Why was 25% a barrier? Will it get higher adoption now that it has passed the
"barrier"?

~~~
wongarsu
It's an arbitrary number that looks nice and can be used to generate publicity
for IPv6.

~~~
tomschlick
Also, it can be used as a selling point to stakeholders. Much easier to
advocate for when > 25% of traffic is using it than say 10%

------
derangedHorse
It looks like the problem of unique digital addressing will only get harder as
more and more people are introduced to the internet. I wonder what will come
after IPv6...

------
Rexxar
I would have expected an S-curve with an inflexion point at 50% but it seems
to have already happened. We will probably have IPV4 for a long time.

------
nik736
Would be interesting to know how much of those are bots.

~~~
organsnyder
Any reason to suspect that it wouldn't be a similar percentage as IPv4
traffic?

~~~
iMerNibor
Only reason I can think of is it's way easier to get loads of ips to bypass
rate limits with ipv6 than it is with ipv4

~~~
wongarsu
Which is only useful in the narrow case in which your target supports IPv6 and
doesn't treat each /64 block as one address for the purposes of rate limiting.
This combination seems quite rare.

~~~
LaGrange
Why would you think it's rare? I've seen places running multiple projects were
developers were barely aware that the sysadmins gave everyone an IPv6 address,
and therefore the rate limiting has to be IPv6-aware.

It's trivial to fix once it becomes a problem (at least in our case it was),
but I wouldn't expect it to be an uncommon mistake.

------
sigi45
I got my ipv6 activated through a web forum from my isp (not even a small one)
and writing one of the moderators a PM with my customer id :D

That was 3 years ago =)

~~~
cptskippy
Comcast has had IPv6 enabled for all supporting devices since at least 2012.

* I've been running two IPv6 hosts without any issues since then.

~~~
deathanatos
I'm also a Comcast customer, but I'm nearly certain I didn't get an IPv6
deployment until at least 2013/2014; I remember looking at their rather hidden
signup form for beta testing IPv6 in ~2012, and I remember it being a rather
long wait after that before it finally happened.

( _Some_ places definitely were seeing initial rollouts around that time, but
it was a far cry from "all".)

~~~
cptskippy
I guess they officially started rolling it out in 2012. I'm in Atlanta and I
noticed my modem's IP mode flip to "IPv6 Only" sometime in 2011. I've been
hosting from two different machines since then and about 30% of my network
traffic is IPv6.

------
brian_herman__
IPv6 goes up on the weekends according to this graph?

~~~
remus
Total guess, but might be better adoption of IPv6 amongst consumer ISPs
comapred to business ISPs?

------
benbristow
And still no signs of support from Virgin Media...

~~~
AndrewDucker
Not _no_ sign. There are teeny-tiny signs:
[https://community.virginmedia.com/t5/QuickStart-set-up-
and/I...](https://community.virginmedia.com/t5/QuickStart-set-up-
and/IPv6-support-on-Virgin-media/m-p/3851879#M111442)

------
PaulAJ
Why the extra 5 percentage points every weekend?

~~~
tambre
Because of people not working. IPv6 deployement on consumer internet providers
is much higher than those of corporate environments.

Lack of IPv6 on corporate networks isn't very surprising, considering how
hard/annoying enabling it is for business connections [0].

[0]
[https://www.reddit.com/r/ipv6/comments/9jxp2c/isps_and_busin...](https://www.reddit.com/r/ipv6/comments/9jxp2c/isps_and_business_connections_rant/)

------
varshithr
How is India so far ahead in IPv6 adoption?

~~~
quantummkv
Mobile networks (3g/4g) in India operate on ipv6. Thanks to Jio everyone and
their dog has a 4g connection nowadays.

~~~
djsumdog
That also makes sense considering the sheer amount of people. With that many
devices and people, it just makes more sense than trying to NAT everything at
the carrier level.

I wonder if China's ISPs are doing the same thing?

~~~
tambre
A year back the party decreed a plan to have all Internet users on IPv6 by
2025, with a quarter of them already by the end of this year [0]. There was a
test rollout back at the beginning of the summer [1]. I guess we might see a
huge rollout before the end of the year to meet the deadline. There's been a
slight rebound already [2][3].

[0]
[https://en.wikipedia.org/wiki/IPv6_deployment#China](https://en.wikipedia.org/wiki/IPv6_deployment#China)

[1] [https://blog.cloudflare.com/ipv6-in-
china/](https://blog.cloudflare.com/ipv6-in-china/)

[2]
[https://stats.labs.apnic.net/ipv6/AS9808](https://stats.labs.apnic.net/ipv6/AS9808)

[3]
[http://www.worldipv6launch.org/apps/ipv6week/measurement/ima...](http://www.worldipv6launch.org/apps/ipv6week/measurement/images/graphs/ChinaTelecom.png)

------
mrfusion
Obligatory xkcd [https://xkcd.com/865/](https://xkcd.com/865/)

------
vahno
Heh. The only reason things are the way they are now is that the proponents of
IPv6 were some cocky idiots who believed transition systems were not necessary
because IPv6 was the best thing since sliced bread and IPv4 was going to
implode anyway.

Looks like they've been proven wrong. ISPs are happily using CG-NAT, all
services are being adapted to that (moving away from p2p like Skype did) and
end users don't care too much. Ouch!

~~~
pilif
_> ISPs are happily using CG-NAT_

I wonder how "happily" they are using CG-NAT. NAT is inherently stateful and
keeping track of that state becomes more expensive as the amount of hosts
behind the NAT is increasing.

Running CG-NAT at scale is complicated and resource-intensive, so I'm totally
willing to imagine that it's better long-term value for a carrier to switch to
IPv6 than to expand CG-NAT.

~~~
londons_explore
The cost of maintaining the state tables used to be a concern in the
ninties...

Right now, my laptop has 4 open TCP sockets, and my phone has 3.

Even assuming the average user has 50 sockets open, and assuming you are an
ISP with 300 million users, that's still only 175 gigabytes of RAM. The total
cost is under $1000, or peanuts for what would be the worlds largest ISP.

~~~
kazen44
except that for high performance networking, storing stuff in normal RAM is
simply not an option if you want to keep an acceptable throughput. (>40gbit).
One would need to store NAT state in some sort of TCAM/CAM table.

Guess what, having a 175 gigabyte of (T)CAM is drastically more expensive.

------
TekMol
My websites do not support IPv6. Is there any incentive for me to make them
support it?

~~~
the8472
CGNAT tables can become saturated, making new IPv4 connections flaky while v6
remains reliable. Thus you would improve user experience.

~~~
TekMol
How would the user notice that? I don't have the feeling something is
unreliable.

Similar for HN. It also does not support IPv6. From my experience it is in the
99 percentile of websites when it comes to reliability. Aka it works pretty
much all the time. Better then almost every other website.

~~~
the8472
That's your experience, which just means you don't run into saturated CGNATs.
For those affected ipv6 sites provide fewer connection drops.

> How would the user notice that?

Initial connections taking multiple TCP syn retries leading to an initial
stall or random assets from 3rd party sites or subdomains not being loaded
which can break sites in many ways.

------
exabrial
Amazing how the companies that have the biggest interest in tracking users
also are pushing ipv6 the hardest.

~~~
Oowee1Ee
IPv6 does not really help with user tracking. IPv6 privacy extensions rotate
the suffix your browser uses for outgoing connections on a daily basis. And
it's enabled by default on most operating systems.

It was somewhat broken for a while on windows 10, but they fixed that in
march.

~~~
saana
Most ISPs have dynamic IPv4 addresses, but IPv6 removes that necessity. This
WILL help tracking.

~~~
paulie_a
They might consider them dynamic but in 18 years the only time they ever
changed was when I actually switched providers. They were essentially static
IP addresses. With one ISP it was the same for 5-6 years.

~~~
saana
Depends on your ISP, no? I've been in a few and for most of them I would have
a different IP just by rebooting my router.

~~~
paulie_a
Im sure it will vary depending on the ISP, but I've just had a different
experience. I put a dns record on a domain I had so I could ssh in because the
IP never changed for years. But every ISP after dialup has never changed my
address after installing. That includes att, charter, Comcast, Comcast again,
att and att again, and some regional ISP I can't even remember the name of.

------
gfiorav
Late to the party but:

Friendly reminder that IPv6 by default uses your mac address as part of your
address and hence you are recognizable to any server in the world to track you
around.

~~~
nerdponx
I didn't know this. Is there an alternative?

~~~
gfiorav
From another response: [https://superuser.com/questions/243669/how-to-avoid-
exposing...](https://superuser.com/questions/243669/how-to-avoid-exposing-my-
mac-address-when-using-ipv6)

