
More than 1/3 of all access to Google is now over IPv6 - AndrewDucker
https://www.google.com/intl/en/ipv6/statistics.html#onethird
======
barbegal
The graph is interesting when you zoom in, much more IPv6 use over the holiday
period and also recently during the period of lockdown measures. I would guess
the majority of IPv6 traffic comes from devices on 4G networks. More devices
are on 4G when visiting family and friends over the Christmas period and when
working remotely.

~~~
wtallis
It's not just 4G. It's consumer networking in general, which isn't held back
by legacy enterprise networking equipment. When your residential ISP turns on
IPv6 for their network, they also tend to turn on IPv6 for the modem+router
combo devices they lease to run your LAN. Or if you're the kind of power user
that buys your own router, it's almost certainly new enough to support IPv6.

~~~
jl6
Does IPv6 on an internal network offer any benefit to enterprises (not talking
about ISPs here), who may view NAT as a form of defence in depth?

~~~
talideon
Yes, tonnes of benefits. If you've ever been through a merger, you'll know the
pain of dealing with getting the everything working when merging networks.
That issue doesn't exist with IPv6 to anywhere near the degree because you
don't have overlapping RFC1918 space to deal with. IPAM with IPv4 is a massive
pain in the backside once you get up to a certain scale, even if you're
allocating from 10/8\. If you have multiple DCs, you're in for a world of
pain. $WORK is having to use internal NATting for some stuff due to us running
low on RFC1918 space, but guess what: even that doesn't quite work because
there's a lot of software used in DCs that doesn't play at all nice with NAT.

~~~
ghshephard
Well - you may have overlapping RFC 4193, but if your network engineers have
done their job well, you are randomly choosing from a big honking FD/8 address
space, and the odds of a collision are statistically very unlikely.

~~~
richardwhiuk
FD/8 space? You mean 10.0.0.0/8? No the odds of a collision on 10.0.0.0/8 are
high because:

\- Both corporations probably started allocating from the top

\- Both corporations probably allocated huge subnets.

~~~
dbt00
No, FD00::/8\. Read RFC 4193. He's talking about the IPv6 solution, not the
IPv4 problem.

------
dijit
And yet, when I beg my google cloud rep for IPv6 addresses on instances (or on
anything that isn’t the load balancer) I get told that it is not on the
immediate roadmap.

The cloud providers have pushed back ipv6 adoption so hard imo. At least
native ipv6 access.

I know they’ve thrown in some token support and you /can/ make something work;
but compared to VPS providers which consistently deliver machines with IPv6
addresses by default- it’s a huge barrier to adoption. You have to really
/want/ it, and most people don’t see the value. Unless it’s a backend for an
iOS App.

It really frustrates me.

~~~
jiggawatts
Azure's IPv6 "support" _saddens_ me. It's just painful how minimal their
support is.

For one, they NAT all IPv6 traffic.

Let that sink in. Let it percolate. Mull over the fact that the entire purpose
of IPv6 is to eliminate NAT, and that it's practically impossible to get an
IPv6 NAT-ing network device.

Microsoft must have had to write their own, custom network load balancers to
NAT IPv6. It's _madness_.

Oh, if that's not bad enough, they also hand out ludicrously small /124 ranges
of just 16 addresses. Sixteen! Not sixteen trillion or some crazy huge number
like that, which is what I've got on my home internet. Sixteen. Six and ten.

But no worries, right? Just allocate more blocks! Bzzt... that would run up
against the subscription IP limits with just 100 addresses.

Okay, fine, just because my _lab environment_ needed more than a couple of
addresses doesn't mean that everybody is so _wasteful_ with the precious IPv6
address pool. Some people can constrain themselves to just a handful of
addresses, and don't have a problem with any of the above.

Except that when Azure finally adds proper, native IPv6 support, whatever work
their early adopter customers have done will have to be thrown out and redone.
Subnets. DNS addresses. Load balancer rules. NAT rules. Security Groups.
Everything will have to be revisited.

So why would you bother?

[https://docs.microsoft.com/en-us/azure/virtual-
network/ipv6-...](https://docs.microsoft.com/en-us/azure/virtual-
network/ipv6-public-ip-address-prefix#ipv6-prefix-sizes)

~~~
grahamedgecombe
We've been experimenting with Azure's IPv6 support at work recently. The fact
it uses NAT is insane - though we could tolerate that. Even worse is that the
NAT is broken - it doesn't update the ICMPv6 checksum when it rewrites the
source/destination address, so the machines on both ends drop all ICMPv6
traffic that passes through Azure.

This is rather bad considering the importance of ICMPv6 in IPv6 (for Path MTU
Discovery, for example).

Their support is being rather useless, despite us having to pay for the
privilege of reporting a bug in their own infrastructure to them!

~~~
jiggawatts
Path MTU Discovery is broken in Azure's IPv4 stack as well, which is even more
sad. Similarly to you, I had to report to them that their VPN tunnels only
send PMTUD in one direction, so you get this wonderful experience where TCP
streams with big packets work in one direction, but not the other! With most
ACK packets being small, this can take a surprising amount of time to discover
and troubleshoot.

------
walton_simons
My ISP supports IPv6, and while I can understand why a large organisation
would want to use it (especially given the increasing cost and scarcity of
IPv4 blocks), I'm still yet to be persuaded of its benefits for home users. I
admit that I only have a very cursory understanding of how it works, and
perhaps I'm just stuck in my ways, but the scale and complexity seems so
extreme compared to IPv4, with no compensating advantages that I can see. So
all my devices become globally routable. And? I can already do everything I
want and need to do with a single IPv4 address and NAT.

Even just working out what IPv6 devices are on my network and who they're
communicating with seems very difficult given the giant address space. I'm
slightly ashamed to admit this (feels very anti progress!), but I've blocked
all the IPv6 traffic on my home LAN. Devices can still talk to each other, but
no IPv6 packets are allowed out to the internet. Everything still works fine.
My firewall blocks a few hundred MB per day of IPv6 traffic, and I have no
idea what any of it is.

Very happy to be told why I shouldn't do this though.

~~~
iknowstuff
What complexity? Devices being autoconfigurable without DHCP is less complex.
Having no NAT is less complex. Having a public IP is less complex. You just
got used to the complexity of IPv4.

Why the hell would you block IPv6. You ARE stuck in your ways. OS vendors
consider it necessary on LAN for various functionality.

~~~
mehrdadn
> What complexity?

1\. What the hell is DHCP-PD and is it better on or off?

2\. What are 6to4, 6in4, 6rd, etc. and should the user care?

3\. When should autoconf be stateless vs. stateful? I thought the point of
IPv6 was to allow things to be stateless?

4\. When should DHCPv6 be enabled vs. disabled? Why the hell is this even a
question on some routers if devices are supposed to be "autoconfigurable
without DHCP"?

5\. What are the more subtle implications of all of the above that are not
necessarily mentioned?

6\. Give one good reason why in the world _every single one of every user 's
devices_ should be reachable _from anywhere_ on the internet for even a single
moment in time? Why exactly do you feel you should even have a reachable path
to my computer, and everyone else's too? Common sense precautions would
suggest this shouldn't be possible by default.

Note: I _personally_ don't need responses to all of these. I'm just listing
some examples of questions that come up for people configuring it to
illustrate why the choice to use IPv6 is hardly as simple as you depict it to
be.

~~~
viraptor
These are valid questions regarding complexity, but I also think you're
ignoring the complexity of v4. Here are v4 questions for home modems/routers
you're just used to: What's bridged mode? What's upnp? What's dmz? What are
static IP assignments, wasn't dhcp supposed to manage IP addresses? What's
port forwarding? Should I enable "telephony support" and "legacy game
support"? What's SIP-ALG?

In both cases for residential use: you're most likely ok with the defaults.
And if you want to change something, you have to learn about the tech.

~~~
mehrdadn
I'm not ignoring the complexity of v4. I'm responding to "What complexity?"

But even if I was, "it only doubles the complexity" is not exactly a
compelling response to "why should I switch to IPv6?"

~~~
viraptor
It doesn't double the complexity. Most of the questions above don't exist in
ipv4. My point is that it's different complexity, not more complexity.

And for basic usage people can ignore that the same way they ignore it now.

~~~
mehrdadn
I meant "doubling" the complexity as in IPv6 + IPv4 vs. just IPv4.

If your argument is users can ignore IPv6 complexities as they already do with
IPv4, then you've just established the IPv4 complexities can be disregarded by
the user... which means you just destroyed your own argument...

I'm not interested in endless debates here though; I feel like I've made my
point sufficiently well. If this is an attempt to change _my_ view on the
matter I think you're misunderstanding the purpose of the discussion.

------
Bnshsysjab
Can someone let AWS know? I was annoyed to find out that lightsail does not
support IPv6, in 2020...

~~~
mkj
And Google's own cloud servers

~~~
jasonvorhe
Coming in 2021 though.

~~~
jiggawatts
Don't hold your breath.

Azure officially has IPv6 support, but like every other cloud vendor, they are
100% native IPv4 with IPv6 bolted on as an afterthought.

For example, it's impossible to create an IPv6-only Azure vNet.

The metadata API endpoint is IPv4-only (169.254.169.254).

So on, and so forth...

~~~
p_l
Interestingly enough, you can now access Google services over v6 from inside
GCP, but only them for now.

------
kokx
A large part of the problem with IPv6 is that most developers and SA's don't
have a lot of knowledge about it. This is why everything new is still built
with IPv4 in mind, instead of thinking forward to IPv6. I think we could
easily blame lack of IPv6 support at cloud providers to lack of knowledge with
the developers and SA's they attract.

If more developers and SA's would have access to IPv6 at home, the practical
knowledge of how to work with IPv6 would build up more quickly. I would
experiment with it more, and build up more knowledge.

Unfortunately, my ISP does not support IPv6. This severely limits
experimentation with it, since all experimentation is locked behind my home
network.

~~~
mshroyer
> Unfortunately, my ISP does not support IPv6. This severely limits
> experimentation with it, since all experimentation is locked behind my home
> network.

You probably know about this already, but there are free IPv6 tunnel brokers
you can use to experiment. I previously used Hurricane Electric's tunnel, back
before Comcast had native IPv6 support:
[https://www.tunnelbroker.net/](https://www.tunnelbroker.net/)

~~~
Decade
I previously used Hurricane Electric, too, but Netflix blocked it.

A more practical challenge, Hurricane Electric is a 6in4 tunnel, not layered
over TCP nor UDP. Some ISP-provided residential gateway devices (AT&T) don’t
support 6in4, not even if you configure your device as a “DMZ” with a public
IP address. Also, I frequently find myself in situations with IPv4 NAT and no
public IPv4 addresses at all.

The only free IPv6 tunnel service that supported UDP was SixXS, which shut
down in 2017.

Nowadays, AT&T supports IPv6 natively, and I went through an annoying amount
of effort to bypass their gateway device and control the entire /60 instead of
being limited to a /64 and being limited by their NAT.
[https://github.com/jaysoffian/eap_proxy](https://github.com/jaysoffian/eap_proxy)

------
Legogris
In Japan, consumer Internet is generally IPv6 first since years. For my ISP, I
get IPv6 directly but have to configure a provided ipip6 tunnel (or set up my
own) to get external IPv4 connectivity.

------
Animats
It took decades to reach 5% in 2015, but now we're moving. 50% looks to be 2
years away.

It's surprising that China doesn't show as dark green on the world map. China
was into IPv6 early; the address space was needed.

~~~
azurezyq
Google's data is biased since the service virtually doesn't exist there.

This one better describes the situation:
[https://blog.apnic.net/2019/01/03/ipv6-in-
china/](https://blog.apnic.net/2019/01/03/ipv6-in-china/)

------
MayeulC
I host some services at home, mainly targeted at friends and family.

Some are IPv6-only, because it's much easier to manage from my side. I whish I
could add an A record for these that pointed to a reserved IP address that
would inform clients the service is IPv6-only.

For now, I just don't put any, and browsers just display a generic error.
Since some DNS don't answer with IPv6 addresses, the browser couldn't even
provide a meaningful error message if it tried to.

Would that be worth an RFC? What IP address should be used?

~~~
dxld
You might be interested in this service: [https://no-
ipv4-here.ungleich.ch/](https://no-ipv4-here.ungleich.ch/)

~~~
MayeulC
Ah, thank you, that's quite close to what I wanted. Ideally, it would be ran
by a CA to work flawlessly with web browsers.

Even better if web browsers could display a message of their own, recognizing
this IP address.

------
jagger27
Still waiting on Bell Canada to let me be part of the next third.

------
LUmBULtERA
Meanwhile, Verizon FIOS here still doesn't offer IPv6.

~~~
zenexer
Coming soon!
[https://www.verizon.com/support/residential/internet/getting...](https://www.verizon.com/support/residential/internet/getting-
started/learn-about-ipv6)

How long have they been saying that now? Five years? Ten years? Probably about
ten years.

~~~
theandrewbailey
They've been saying that since I signed up for FIOS, around 2011. I've heard
that some FIOS deployments/cities have IPv6, but I don't know which, and it's
not mine (Pittsburgh).

------
myself248
Just turn off ipv4 for one minute every day. Next month, increase it to 2
minutes. A minor inconvenience, but a major motivator.

~~~
ed25519FUUU
Punish people that don't care and have no control over whether or not their
ISP supports IPv6?

IPv6 affects everyday internet users exactly 0%. It's rational for them not to
care about it.

~~~
bspammer
To me that's more of an argument for GP's idea. Make it rational for them to
care about it. Display a big "You can't visit this website because <ISP name>
won't let you. Here's their email:"

Obviously it's not worth it for any website that matters to actually do this,
but it's fun to think about.

------
pkaye
Why so low an adoption in China? Is it because Google in not widely used there
so it not captured by Google data?

~~~
willhk
Pure conjecture as I don't know how they're collecting the location data, but
I imagine all Google traffic from China is going through a VPN. So maybe the
vast majority of VPNs used by Chinese users are IPv4 only?

------
ksec
I often wonder if we improve the usability of IPv6, like a subset of Ipv6,
would it help adoption?

Things like using only numbers and not issuing address with letters. We would
still get larger than 64bit of address space, but we dont have to work with
the gibberish address.

~~~
Decade
No. There’s no way around IPv6 addresses being 4 times as long as IPv4
addresses.

I mean, Google DNS is 2001:4860:4860::8888, and in the IPv4 style it would
have been: 32.1.72.96.72.96.0.0.0.0.0.0.0.0.136.136 I’m sure if IPv6 were
formatted like IPv4, Google would have formatted the address differently,
like, 32.1.72.96.72.96.0.0.0.0.0.0.8.8.8.8

The point is there is no way around the address being uncomfortably long, and
doing it in a new style with hexadecimal allows both easier manual calculation
of the address and an opportunity to truncate all those 0s in manually
allocated addresses.

~~~
ksec
>2001:4860:4860::8888

That is exactly what I meant. Instead of 20FA:FF00 etc.... the sets should use
Numbers only. It is still within IPv6 spec, we just dont user letters ( Yet )

------
alex_young
On a phone this graph looks really great until you see the scale is 10 years.
At this rate we should see full adoption sometime in 2040. Swell.

------
hansjorg
China is aiming for 100% in 2025 according to APNIC, so they've got some ways
to go from the 0.53% seen by Google.

Is the great firewall ipv4 only perhaps?

~~~
BadBadJellyBean
Google is blocked in China. So I guess not a lot of traffic is coming from
Chinese IPs.

~~~
skissane
Where is the Chinese traffic Google is seeing coming from then?

I wonder if anyone is exempt from the Great Firewall? What about senior
officials including Xi himself? I’m sure if he asked for unfiltered Internet
he’d get it.

~~~
_-___________-_
Some Google properties work in China, and some blocked properties do work very
occasionally.

------
scaglio
I think it depends on ISP adoption AND the IoT devices spread.

~~~
Yeri
Sad that some IoT frameworks (ie Particle) do not (yet) support IPv6.

------
tthebst
Why are is there such a difference between countries?

~~~
hestefisk
Could be ISP adoption. Some ISPs have been more progressive in ipv6 than
others.

~~~
theduality
My ISP in the Netherlands (Ziggo) provides me with native IPv6 if I use their
supplied router, but forces me onto IPv4 when I use theirs in bridge mode in
conjunction with my own router.

Still not sure why they do that.

~~~
buro9
These ISPs are using DS-Lite, Dual-Stack Lite.

[https://www.juniper.net/documentation/en_US/junos/topics/top...](https://www.juniper.net/documentation/en_US/junos/topics/topic-
map/security-ipv6-dual-stack-lite.html) (this isn't a purely Juniper thing,
but they have nice diagrams on their documentation)

It's a kind of carrier grade NAT with 4over6 baked in.

Depending on the version of this they are relying on your modem to perform
encap/decap of 4to6, hence when you switch to modem mode or your own router
you fall back to what the network truly is... v4.

This is what the knuckle draggers at Virgin Media are contemplating
apparently.

In the UK the best option for IPv6 is
[https://www.aa.net.uk/](https://www.aa.net.uk/) but unfortunately for me the
DSL speed in my area is pretty bad due to being a few KMs from the exchange.

The alternatives to all of this is to run your own Wireguard instance
elsewhere on a v6 network, and tunnel the entire home network to it.

~~~
Dagger2
DS-lite gives you a v6-only internet connection. v4 is provisioned as a
service over the top of that, using a tunnel between your router and a server
inside the ISP. The underlying network is v6, so a router without DS-lite
support will only get v6 (which will generate support calls because "your
router must support DS-lite" is too complicated for many people to
understand).

My guess is that turning on bridge mode also migrates you from the ISP's newer
DS-lite service to their older v4-only one. This is unfortunately common in
DS-lite deployments; ideally the old service would also have v6 so that you
aren't forced to choose between v6 and non-CGNATed v4.

------
jakeogh
It's a perquisite for tagging individuals.

IPv4 not having enough addresses is a good thing.

With IPv6 identification (and therefore control) can be down to the person
globally, but IPv4 forces NAT's. The inability to label all the things is a
feature. NAT's are borders; they prevent fine grained censorship without
larger consequences.

    
    
      $ zcat /proc/config.gz | grep -i ipv6
      # CONFIG_IPV6 is not set

~~~
Faaak
Nearly all modern operating systems use the IPv6 privacy extension, which
creates random addresses periodically. Thus the tracking is randomized to the
/64 (which is an end customer). This is more or less the same as with IPv4
(without CGNAT)

~~~
jakeogh
Irrelevant. It's within your subnet, and it's nowhere near 32b.

[https://www.transtutors.com/questions/how-many-bits-are-
need...](https://www.transtutors.com/questions/how-many-bits-are-needed--
674414.htm)

~~~
Faaak
yeah, like when you have a /32 IPv4 dedicated to your private subnet; it's the
same.

~~~
jakeogh
Why use IPv6 if you are going to hand out IPv4 addresses?

People know why. Even if a few really get 32's, it's PR. The endgame is the
same.

This is a critical path item for removing the ability to have 2 party value
transfers. The power at stake is incalculably valuable.

~~~
detaro
What do you mean by " Even if a few really get 32's, it's PR."?

The vast majority of IPv4 connections get an IPv4 IP (= a /32), CGNAT is
pretty much only used by providers that don't have another choice and has
various downsides for users too.

~~~
jakeogh
Obviously, it's temporary. Handing every possible IPv4 user 2^32 IPv6
addresses is a worse than pointless gesture. It's an 10^9 scale changing of
the subject.

IPv4 not having enough addresses is why it's valuable. It's impossible to arm
band every human with 32b.

EDIT: I'm comment limited for the night. @efzx: Seeing "google" in the same
sentience with "does not have anything with tracking" is pretty good stuff.

