
What drives IPv6 deployment? - fanf2
http://www.potaroo.net/ispcol/2018-05/ipv6-2018.html
======
tuyiown
> These days it's a client server network. Clients do not need persistent
> network-wide identity, and only need addresses as and when they communicate
> with servers. Servers do not need persistent identity either these days, as
> the identity of a server is a name-based distinguisher rather than an
> address-based identifier.

This is not the internet I've been sold in my youth, and this statement makes
me sad and angry.

~~~
erikb
Why does it make you sad and angry? It sounds quite reasonable to me. I'm
especially happy that we went for human readable names rather than wierd
letter/number combinations. Also nobody seems to know when to use these []
brackets around the addresses, and they are even hard to type for people who
don't use the US keyboard layout. Last but not least NAT is not just a IP-
range splitter but also a security feature.

I literally don't see a single thing to be sad about. Angry is even a little
harder and honestly a little surprising.

~~~
Uh7seidu
The end-to-end principle where any node on the internet can talk to any other
one. This allows anyone to start a service and services (and people) talk to
each other without intermediaries. It levels the playing field. Losing that
concentrates power and takes options from individuals.

~~~
pixl97
Yep. CG-NAT puts all the power on your ISP.

 _You want VOIP, sorry your double nat 'ed connection messes up about half the
time, you better by telephone service with us instead._

------
thomseddon
We're an ISP, most of our customers are businesses. Of those, around 50% opt
for a pre-configured LAN (i.e. we do NAT and usually CGNAT too).

For the rest we provide a static IP address, so we'll allocate a /30 (block of
4), and they get a single usable address which they will assign to their own
manged router/firewall.

For the majority of our customers "networking" is either handled as overflow
for their in/out IT resource or often by someone remotely savvy with tech.

For most of these people networking ranges from an infrequent concern to a
vague mystery that can be sorted with a bit of googling.

For most, deploying and testing IPv6 has absolutely no upside and quite a bit
of potential downside, that's because "everything works" on IPv4 and
configuring IPv6 is just another potential source of error.

In addition, most people who opt for this setup do so in order to expose some
internal service to the internet (port forward), again there is usually zero
incentive to also deploy IPv6 as they can't be sure their client device will
be using v6 when they come to connect, but they know it will support v4,
everything does.

And so herin lies the issue, it's chicken and egg, they know they need v4, not
every server they access or client who accesses their forwards supports v6, so
they _have_ to implement v4. As such they see no reason to "faff" about with
IPv6, and I don't really blame them.

We're considering charging more for dedicated v4 and possibly offering a free
translation service (another point of failure :() but honestly, most would
just pay the extra and then just resent us a little more. Our competitors
continue to acquire v4 space as we do, this is what our customers want.

Until there is v6 only content (but who is incentivised to do this?) then I
can't see any incentive for these users.

~~~
privateSFacct
I made a major push to try to get IPv6 running at a small business.

In the end, despite the ISP at the business supplying IPv6, and getting some
client side IPv6 going with OTHER ISPS (a pain) it fell over because.

1) Things like the VPN client software didn't get routes right when client
side network was IPv6 oriented so VPN connections broke - a no go.

2) We had to continue to offer ipv4, as folks in the field were not guaranteed
an ipv6 connection back.

3) The WAN fallback / failover stuff didn't seem to work well with IPv6
(another ISP to work out IPv6 with).

4) Security folks continue to be worried about giving all machines in a
business globally routable addresses. The tools say NOT to filter ICMP when
you run ipv6 reachability, the security people say to filter ICMP. Too much of
pain to figure out who is right and if/how ipv6 changed ICMP

5) ipv6 seemed to purposely make this transition harder than it needed to be.
I don't get why they couldn't have kept a simpler / more familiar framework
with ipv6 as an option, even if less ideal. Ie, DHCP vs autoconfig stuff,
ICMPv4 style instead of having security folks worrying me about the weird
things unfiltered ICMPv6 might do. Seriously, make the goodies / cool stuff
the add ons.

~~~
pilif
_> Too much of pain to figure out who is right and if/how ipv6 changed ICMP_

then let me make this easy for you: ICMP has become a vital part of the inner
workings of an IPv6 network. You will break all kinds of functionality by
dropping ICMPv6 packets.

If you are concerned, then drop ICMP echo requests and replies, but absolutely
do not drop any other ICMP packets or you'll be one of those people that turn
off ipv6 "because it's too hard to make it work" (no shit - when you actively
break something, it's hard to make it work).

~~~
cmroanirgo
> ICMP has become a vital part of the inner workings of an IPv6 network. You
> will break all kinds of functionality by dropping ICMPv6 packets.

You've just neatly described my experience (and naivety), because I've always
dropped ICMP and wondered why ipv6 never worked. In all of the articles I've
read on getting ipv6 to work, this had never been explained.

------
Slartie
The outliers that surprised me the most are the big Chinese providers
(ChinaNet and China Unicom) in the provider table. Despite them having much
less IPv4 addresses than users, they appear to make no significant effort to
get IPv6 deployed.

What are they doing instead? Putting all users behind carrier-grade NAT that
don't need dedicated IPv4 addresses? That must be hundreds or even thousands
of users behind a single address, considering that they must have a range of
users (businesses and such) that need dedicated, static addresses for
practical purposes, thereby reducing the IP address and user pools at a
minimum 1:1 relationship.

Or is it maybe the Chinese surveillance infrastructure that is not yet capable
of snooping and manipulating IPv6 traffic, so the providers aren't allowed to
roll it out?

~~~
kccqzy
> That must be hundreds or even thousands of users behind a single address

No, ChinaNet has 2.86 users per IPv4 address. China Unicom has 2.79. Far less
than Indian carriers.

Source: TFA

~~~
Slartie
I've seen those numbers, but they are idealized and only of theoretical
nature. They do not account for unusable IPv4 addresses due to subnet
structures, of which there are probably some within the theoretical IPv4 space
available to a provider, and they do not account for self-used addresses by
the provider that aren't within the blocks used to assign to customers. In
addition, as I described, I assume the providers also have some customers who
need fixed IPv4 addresses, maybe even whole ranges of them, like businesses
often do. Those also greatly diminish the number of addresses left over for
the "regular" customers.

~~~
pas
Aren't those numbers calculated the same way? So they should be directly
comparable. Why do you think that the subnet structure problem is not present
for the other ISPs?

~~~
Slartie
I've never claimed that. My claim was that the real number of customers per IP
is probably magnitudes higher than the 2.xx factor from these numbers. The
magnitude of "hundreds" might be a bit overblown, but that does not change the
claims' general direction.

------
luckman212
In the US, Verizon is one of the worst offenders. They should be ashamed,
touting FIOS as a premium service while it's been close to a decade since they
put up their pathetic "IPv6 is coming soon..." announcement[1]. Their largest
competitors, Spectrum (formerly Time Warner Cable) and Comcast have supported
IPv6 for years already.

[1] -
[https://www.verizon.com/support/residential/internet/getting...](https://www.verizon.com/support/residential/internet/getting-
started/learn-about-ipv6)

~~~
lostapathy
Spectrum doesnt’t really support ipv6 either. I have turned it on at times,
run for weeks without issue, and then something breaks. When i pushed support,
they always tell me its not really supported.

~~~
drbawb
I think their support is a bit divorced from whatever the engineering reality
is. I asked their support / sales staff about IPv6 and they said it was "only
available w/ their business class service." I ended up buying my own modem and
IPv6 has worked flawlessly ever since. The Motorola SB6580 they provided
nominally supported IPv6, but they hadn't updated the firmware on it in years.
Makes me wonder what exactly I was paying for w/ my "modem rental" fee.

Out of curiosity are you in one of the areas Spectrum took over, or are you
legitimately on Charter's network? I am in one of the TimeWarner Cable areas
they acquired, the IPv6 support was already in place well before the buyout.

~~~
lostapathy
I'm in a converted TimeWarner territory. I got marketing announcements several
years ago that ipv6 was supported, and first started trying then. I usually
try once or twice a year to get it going again, and it never works for more
than a few weeks before I turn it off again out of frustration.

------
Symbiote
> Three surprising numbers in this table are those of 94% adoption in T-Mobile
> USA, 93% in BSkyB and 92% in Reliance Jio. They are surprising in that prior
> to these deployments we had though that an ISP deployment of IPv6 was only a
> part of the story. It was up to the connected user network to also use
> IPv6-capable equipment within their edge network... Upgrading equipment in
> the home or office takes time.. . Why can these three networks achieve
> significantly higher levels of IPv6 adoption? I suspect that this is a
> reflection of the difference between Mobile ISPs and fixed infrastructure of
> mixed ISPs... It would not be surprising to learn that a similar approach
> was taken in Reliance Jio and BSkyB.

BSkyB is a fixed line broadband provider, but in the UK it's usual for the ISP
to supply the router, and for customers to change providers for a better deal
fairly often.

Both parts mean the customer has a fairly recent router, which can be replaced
if required by the ISP, and they know the model and can often perform firmware
updates.

~~~
tolien
> BSkyB is a fixed line broadband provider, but in the UK it's usual for the
> ISP to supply the router

Yeah, this is where the “IPv6 is different^Wcomplicated to set up” argument
falls flat for me. For most (consumer) users (at least in the UK), they get a
free router from their ISP that’s already configured to do IPv4 NAT. For the
minority that buy their own hardware, IPv4 NAT is enabled by default in
hardware targeted at consumers. If it were configured to firewall inbound IPv6
traffic by default there should be nothing else to do. If you need to forward
ports you’re in the admin screens anyway (unless you use UPnP).

This is like arguing IPv4 is inherently complicated because if you opt out of
the provided hardware and buy some Cisco monstrosity you have to configure NAT
by yourself. Which is perfectly true but the massive majority aren’t going to
do that.

What really didn’t help adoption is that IPv6 support was an afterthought at
best for a lot of router makers, and for a long time was riddled with bugs.

~~~
vetinari
What isn't really helping adoption of IPv6 support now is attitude of some
ISPs.

There are ISPs that use migration to IPv6 as a way to tighten their reign over
users. They will give you DS-lite only (ok...), but with /64 (no /56, no /48).
They will force their router on you, where in past with IPv4 they would
provide an option for bridge. Their router cannot do PD (if it had more than
/64, so maybe that's the reason why they do not provide that), so if you want
a virtual net with VMs on your machine, you are going to waste your time
playing around with IPv6 NAT, which doesn't work correctly anywhere. You can't
control RA/DHCPv6 on the router, you cannot really control firewall rules.
Suddenly, the ISPs has ony free reign over your network, but also over
policies on your network.

So for undemanding users that's fine, it will work with Facebook and Netflix.
For a power user, the IPv6 offer is unacceptable, not because of IPv6
properties, but due to limiting implementation that the ISPs force.

~~~
rocqua
I wonder to what degree this is simply because the Interface for proper IPv6
management has had less work and therefore is much more restricted.

On the router I bought myself, there are a lot of settings for IPv4, and not a
lot more than an 'enable-disable' toggle for IPv6. I guess this is so they can
state 'supports IPv6', but for any real use, it is useless.

------
lukeqsee
I have the joy of living in a community with FTTH and a 1Gbps symmetrical
connection for < $100 / month.

I have the pain of that connection requiring an additional $10 / month just so
I can get 1 (or 4, same price) static IPv4 address which is apparently
“required” for me to get IPv6. After using a HE.net tunnel for a few weeks,
the slowdowns induced led me back to IPv4-only world.

So even in an advanced situation, you might still be stuck with IPv4 because
of very silly reasons.

~~~
p1mrx
The problem here is not that HE.net tunnels require a static IPv4 address,
it's that your ISP won't connect you to the whole Internet.

Tunnels are garbage. You should either switch ISPs, or complain and wait.

~~~
vetinari
> Tunnels are garbage. You should either switch ISPs, or complain and wait.

While the HE tunnel is somewhat limited (does it peak at 50 Mbps?), I find
it's implementation way better than some ISPs that provide native IPv6.

HEnet at least provides more than single /64, and does not force a specific,
limited router on you.

~~~
lukeqsee
> does it peak at 50 Mbps?

I'm not certain about speed, but I did experience quite high latency during
peak local traffic times (which went away when disabling IPv6).

~~~
dfox
In my experience that depends on what is the v4 path between you and HE's PoP
and how good is you v4 ISP in regards to peering agreements. In most places
where I used HE tunnels the latency through the tunnel was actually better for
vast majority of sites I care about (which is simply effect of HE having
global network and huge amount of peering partners).

------
qalmakka
Meanwhile no ISP whatsoever in Italy has deployed IPv6 in any form or shape.
We still get a dynamic publicly routable IPv4 on landline based connections,
but that's it.

The ex-monopolist, Tim, has shown it's plans for IPv6 rollout almost ten years
ago using DS-Lite, to no avail. It lingered around as a little known feature
you can opt in if you are still stuck with an ADSL connection (it's not
supported neither with VDSL, nor FTTH), that introduces an enormous amount of
lag to IPv4 connections and it's arcane to set up.

Not even university campuses have IPv6, because most network administrators
either do not care about it or do not know how to set it up. It sucks, and
it's sadly the standard reaction this country has towards any new technology;
everybody just tries to ignore new developments to delay training and setup
costs, until it gets too late and inevitable to avoid, leading to rushed up
deployments, skyrocketed costs and a general lack of awareness and knowledge
about how it works or how it should be employed.

------
acd10j
I for one find clean slate tech approach adopted by Reliance Jio in India very
inspiring. IPv6 support from start which saves it tons of money for buying
IPv4 addresses , similar to their decision to adopt native 4G LTE Volte from
start that helps it save tons of bandwidth on voice compared to Legacy 2G , 3G
voice options.

~~~
pas
So they run v6, that's great, but they need to run 464XLAT (or something like
that) too, and that probably isn't cheap either. (Though they'd probably pay a
lot for v4 CGNAT too.)

~~~
toast0
They run a transition layer, and they likely need to run that almost forever;
but chances are they won't need to continue to grow that layer , as they
continually apply pressure to service providers to offer services via IPv6.
Either explicitly as part of business deals, implicitly through direct IPv6
working better than IPv4 Nat, or a mix through weird NAT policies like when
they were dropping 'idle' tcp connections after about 10 seconds for a couple
weeks.

------
FrozenVoid
It looks like only mobile networks are embracing the change to handles the
volume of mobile devices. The evolution of WiFi/phone hardware is quite fast,
so they're not stopped by anything legacy, no ipv4 only devices and no one
needs static ip on mobile.

~~~
keeperofdakeys
It does have an interesting effect though. Apple now have a mandate that apps
must work in IPv6 only mode, so they need to be developed and tested for it.
This in turn means they need an IPv6 network to test it on, giving enterprise
a reason to at least enable it (even if they haven't transitioned any internal
services).

~~~
bluGill
I believe t-mobile forced that on apple. T-mobile sells enough Apple phones
that they can call Apple and say we need this feature in all phones we sell
and Apple will do it. It isn't clear who would lose more if t-mobile decided
not to sell the iphone but it isn't one Apple would want to risk.

I have no doubt Apple already have people wanting to do this which is another
reason Apple wouldn't push back. They already had people wanting to do this,
and so getting a few business people who otherwise didn't care on-board is
enough to push the decision.

------
cosmie
IPv6 drives me nuts. Not because it's inherently bad, but just because it's
unpredictably and inconsistently implemented and supported.

I'm on a networking guy by any stretch, but I have enough experience to be
competent at maintaining home, small business, and server environments.

My home provider, modem, router, and device all support IPv6, and when I found
out I enabled it. And then, inexplicably, lost the ability to get the Nest app
on my phone to connect. The only solve would be to toggle off Wifi and use
cell service, let it connect to the Nest service, then turn Wifi back on (it'd
work after that point, just couldn't get it to establish the initial
connection). The only permanent resolution I could find was to turn IPv6 back
off at the router level.

The irony is that both my home ISP (Comcast) and my mobile ISP (T-Mobile) are
called out in that article as leading in IPv6 deployment. Yet their deployment
strategy was varied, and only one led to an issue with connecting to Nest.
While the issue was likely something with my internal network/router, if I
couldn't figure it out then that gives me a glimpse on how frustrated non-
technical users would be. That volatility in and of itself is what drives me
nuts with IPv6.

------
drbawb
What drives IPv6 adoption for me is that I have to pay monthly fees for even
small IPv4 allocations, whereas my DC gave me a IPv6 /48 allocation for free
without even batting an eye. My residential ISP's DHCPv6 server will happily
furnish requests for a /56\. Having loads of publicly routable address space
is just awesome in the era of containers & VMs.

------
NedIsakoff
Money. QED.

------
hjfa0j
I'm going to go ahead and say that I'm happy with CG-NAT because of the
security and privacy benefits.

This thing of having a per-device IP address looks like the wet dream of
marketers and those newspapers that won't let you look at more than X articles
a month. No thanks.

~~~
mirimir
Yes, I've never been comfortable with the device specificity of IPv6. Sure,
temporary non-local addresses are now the norm. And they're usually not MAC-
based. But still, I'd rather have IPv4 with NAT. Also, there's the issue that
many VPN services don't yet route IPv6, and so IPv6 connections can bypass the
VPN connection.

~~~
pilif
_> Yes, I've never been comfortable with the device specificity of IPv6_

these days it's really not much different from IPv4: During the lifetime of a
connection, the prefix stays the same, so that's equivalent to the IPv4
address before that.

The actual machine address rotates very often, so there's no real value in
using this for identifying unique devices.

If you want to profile specific devices, you're much better off using the same
attributes you were using with IPv4 (user agent, TTL, other protocol specific
fingerprint techniques)

~~~
mirimir
But isn't NAT deprecated for IPv6?

~~~
pilif
You don’t need to nat for privacy. That was my point. If your machine uses a
different outgoing address for every connection, it’s as well masked as if all
your machines used the same address.

The only thing that stays static across connections is the provider assigned
prefix and that’s equivalent to your dynamic ipv4 address.

------
PugCPC
The following may sound like out-of-the-blue. To expedite the discussion,
however, allow me to state that it has been in reviews at the highest levels
of responsible organizations without receiving a shot yet. So, please enjoy
the information.

The IPv4 address shortage issues have been resolved. We came upon a scheme
that can expand each public IPv4 address by 256M (Million) fold without
affecting the current Internet. A proposal called EzIP (phonetic for Easy
IPv4) has been submitted to IETF:

[https://tools.ietf.org/html/draft-chen-ati-adaptive-
ipv4-add...](https://tools.ietf.org/html/draft-chen-ati-adaptive-ipv4-address-
space-03)

Essentially, among other benefits, EzIP can establish a sub-Internet capable
of serving an area with up to 256M IoTs from just one IPv4 address. This is
bigger than the largest city (Tokyo metro) and 75% of the countries. This can
realize the CIR (Country-based Internet Registry) model proposed by ITU a few
years ago stealthily even without setting up a CIR organization. If a
government is not interested in this resources, private enterprises can make
use of it to provide "local" Internet service in parallel to the current
"global" Internet services, very much like the Independent telephone companies
in the PSTN industry.

The current Internet then becomes the backbone / infrastructure / skeleton for
interconnecting these sub-Internets, yet only for carrying inter sub-Internet
traffic, very similar as the electric grid supporting islands of renewable
energy generated by individual homes and businesses. Consequently, there will
be a lot of spare IPv4 addresses for quite sometime to come.

Then, much of the efforts in deploying IPv6 are no longer needed.

Thoughts and comments will be much appreciated.

Abe (2018-09-07 10:49)

~~~
snvzz
>local internet

>sub-internets

Not on my Internet.

IPv6 is the only way going forward.

EzIP would be damaging to IPv6 adoption, and shouldn't be given the time of
day.

~~~
PugCPC
Hi, snvzz:

0) You sound quite narrow minded.

1) The Internet is for everyone, not yours.

2) Like it or not, the "local Internet" / "sub-Internet" configuration enabled
by EzIP can be deployed by anyone where there is the need. Each will appear
like a simple IoT to the overall Internet. This is most likely why the high
level people have not tried shoot at it yet.

3) "EzIP would be damaging to IPv6 adoption ...": What is so noble about IPv6?
Frequently, Internet people proudly state that "three years is too long for
Internet product cycles". Here we are, the IPv6 has been in development more
than two decades, and in deployment near ten years. Hasn't it had its fair
time to "experiment" the "idea from scratch"? Why are you so protective of it?

Abe (2018-09-11 23:28)

