
IPv6 Wall of Shame - milesf
https://ipv6wallofshame.com/
======
teekert
Hmm, I feel I have never been on a IPv6 network, I have never seen myself get
an IPv6 address, from time to time I make DO droplets and assign them and IPv6
address, the I copy it into the browser address bar, no luck. I'm quite
comfortable using network technology and terminology but I have no idea what I
can do to use or speed up the use of IPv6. I'd love my home server to have a
unique IP address for the rest of my life. How can I do it? Will I just at
some day, receive such an address from my ISP? My domain name provider
supports IPv6 and my servers do, yet, I never managed to connect over IPv6. It
annoys me to be honest. Is it all at the ISPs at the moment?

~~~
icebraining
Some people use an IPv6-over-IPv4 tunnel like [1] while their ISP drags their
feet. Still, I don't see the point for my personal stuff.

[1] [https://tunnelbroker.net/](https://tunnelbroker.net/)

~~~
okket
Maybe this article convince you that it is not "All quiet in the IPv4
Internet":

[http://blog.apnic.net/2016/09/15/quiet-
ipv4-internet/](http://blog.apnic.net/2016/09/15/quiet-ipv4-internet/)

I found the "Sage" certification from he.net/tunnelbroker entertaining. You
basically setup a IPv6 capable mini-ISP. Also have a look at these nifty
Browser add-ons that tell you which part of website is served via IPv4/v6:

Chrome:
[https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffn...](https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffngcegjmadlcijfolapggal)

Firefox:
[https://addons.mozilla.org/de/firefox/addon/ipvfox/](https://addons.mozilla.org/de/firefox/addon/ipvfox/)

Once you started to live without NATs and have endless[1] amount of addresses,
you start banging your head against the table when you encounter so called
'future' technologies [2] that on their very core only support IPv4 and rely
on NATs and ugly port-bridges etc.

[1] for all practical purposes

[2] e.g. docker

------
avian
Let's not forget that
[http://news.ycombinator.com](http://news.ycombinator.com) is also still IPv4
only.

------
Decade
Amazon is an egregiously bad actor, here. Through AWS, they shape the near
future of computing, and they fill it with RFC 1918 non-interoperable address
blocks and limited public address space. The path of least resistance on AWS
is IPv4-only, which means NAT64 and stupid stuff from the 90’s.

------
tominous
Ironically this site would be on a wall of shame for lack of color-blind
accessibility.

------
nickcw
The list of IPv6 adopters in that list is dominated by Google or Google owned
sites. If you took them out it would only be 13/124 = 10% adoption.

~~~
TulliusCicero
If you remove Google sites from the numerator, you have to remove them from
the denominator too.

------
kilian
Pardon my ignorance, but why does it matter that a website is accessible also
via an alternative IP-that-happens-to-be-longer? If you have a perfectly good
IPv4 address, why _also_ get an IPv6 one?

~~~
hollander
Because the IPv4 space has ran out. Nowadays they have to use all kind of
tricks to share these addresses. With all mobile phones, and millions of new
users in Africa, Asia and South America, plus the Internet of Things, you
simply have to use a new system, and you have to transition to that.

In the future, people might not be able to use IPv4 at all, or all the time,
and then you need your website to be available via both IPv4 and IPv6.

~~~
exclusiv
How does this matter for the top websites?

If a user types in a domain, eventually a root dns responds with an ipv4 A
record and resolves to a server the site has configured. Am I missing
something?

~~~
daenney
Because the top websites want user traffic too. If you come from a country
that doesn't have IPv4 left the usual deployment scenario is a carrier grade
DNS64 with NAT64. You're basically stuck behind a huge ISP NAT which makes
quite a few things unpleasant and others downright break down.

By supplying v6 you ensure anyone in the world can access it regardless of
which IP protocol is deployed by your carrier and how they are or aren't
translating from one to the other.

~~~
exclusiv
Thanks for the explanation. I was under the impression all the ISPs would have
ipv4 and handle all the translations to ipv6 clients.

Sounds like this is mostly the case, but it has some issues and any new ISP on
v6 would have a hard time because a lot of the big sites would be unreachable.

~~~
bluecmd
Any form of NAT is also much much more expensive than just normal routing. For
n:m NAT you need to keep track of sessions for example. This is going to hurt
things like BitTorrent among a lot of things.

------
scandox
Had my first ever real world interaction with IPv6 yesterday.

Running iptables firewall on a server. Checked what's my ip address at a
customer site. Saw an IPv6 address. Ok, no problem add it to the iptables
rules. Oh yeah that doesn't work. Duh.

So I guess I have to learn to use ip6tables now...

~~~
jlgaddis
Hopefully everyone has default deny policies set up in ip6tables if they
aren't using IPv6 or don't have any plans to. Otherwise you might wake up one
day to find traffic you didn't expect hitting your hosts.

------
koytch
Strange to see reddit and stackoverflow _not_ supporting IPv6.

~~~
scrollaway
AWS doesn't support IPv6 natively. I believe this explains a bunch of the
items on that list (though not SO, I think they're on Azure?)

~~~
hollander
And as Microsoft, Bing and MSN don't support IPv6, you can assume that Azure
does not as well. And it does not, despite the BS story about their leading
role:

[https://azure.microsoft.com/en-
us/pricing/faq/](https://azure.microsoft.com/en-us/pricing/faq/)

~~~
vetinari
Microsoft.com does support IPv6 (Bing and MSN do not).

Also apple.com does support IPv6.

~~~
soneil
It appears apple.com and microsoft.com are failing this for the same reason;
apple.com does not have an AAAA record. www.apple.com does. If you visit
apple.com over ipv4 or dualstack, apple.com will answer and redirect you to
www.apple.com, which is dual-stacked. But if you visit using only ipv6,
apple.com is not found, so you're never redirected to the capable
www.apple.com.

(ditto s/apple/microsoft/ \- I just picked the example quickest to type)

------
ephimetheus
My only contact with IPv6 so far has been trying to get port forwarding
working with my router at home. Vodafone uses a proxy to tunnel IPv6 to IPv4
to the outside, and that proxy does not support port forwarding, since you
don't have a unique IPv4 address. After being in contact with Vodafone, it
seems like there is no solution that does not cost additional money. It's 2016
btw, wtf

~~~
phicoh
That would be the same for any carrier grade NAT. If the NAT was just from
IPv4 to IPv4, you would have the same problem. Public IPv4 addresses now cost
money, so you can't expect to get a public address for free anymore. Of
course, with a public address costing around $10 at the moment, it should not
add more than $1 or so to your monthly fee.

~~~
webtechgal
> it should not add more than $1 or so to your monthly fee.

Quite true. Most hosting companies charge around $1/mo. for a dedicated IPv4.
(Naturally, not for shared plans but for VPS/dedicated boxes etc.)

~~~
toast0
dedicated IPs for shared hosting is a thing too (commonly needed for SSL
virtualhosting when clients don't do SNI)

------
teddyh
There are some subtle problems which can affect sites trying to use IPv6, that
may prevent IPv6-only users from using the site. A site can have an IPv6 DNS
record, and be reachable by IPv6, but the _DNS nameservers_ for its domain
must also be reachable by IPv6. In particular, the _glue records_ for the DNS
name servers for the domain must also contain IPv6 addresses.

(This problem currently affects the “ntp.org” domain – an IPv6-only host can
not resolve the name “pool.ntp.org” – since at least two years ago. I did
report it at the time.)

What I’m saying is that these kinds of problems are not reflected in the site,
which only reports if a site has an IPv6 DNS record.

------
watwatwatwat
I'm more interested in ISPs not supporting ipv6.

~~~
trolleibusov
Not very interesting. There are "over 9000" of them.

~~~
ars
Easy enough to sort by size.

Verizon is the big one.

That they use IPv6 for their wireless division just makes it more ridiculous
that they don't for their wired division - they clearly have the institutional
knowledge to make it work.

~~~
phicoh
Except that you probably want a different solution on wired. On mobile just
about everybody is running with IPv6-native and the NAT64/DNS64 for IPv4. On
wired, you may want to do something different. For example, if some of your
customers need a pubic IPv4 address, then you want dual stack. You have to
deal with CPEs doing IPv6 correctly, etc.

So it is better to see it as a completely different project. The core routing
IPv6 is the same, but that tends to be the easy part.

~~~
clarry
> For example, if some of your customers need a pubic IPv4 address [..]

I don't see how this has anything to do with wired vs wireless.

~~~
phicoh
There are far fewer people who have a contract that specifies that they will
get a public IPv4 address on mobile.

On wired, just about every business account is assumed to have a public
address and often a static one. In addition, a lot of gaming doesn't work
behind carrier grade NAT.

In the mobile world, this expectation of public (or even static) IPv4
addresses is almost completely absent.

------
krylon
Huh. Just the other day I was listening to a podcast on IPv6
([http://cre.fm/cre197-ipv6](http://cre.fm/cre197-ipv6) \-- it is in German,
though), and they mentioned a few of these sites as not supporting IPv6, yet.

But that episode is (almost to the day) four years old, and most of the sites
mentioned back then _still_ are not reachable via IPv6... It is a little sad.

------
vacri
More interesting is this: from the original 128, out of the 44 sites that do
ipv6, only 16 aren't google-run. That's a terrible report card.

~~~
laksjd
It makes sense that Google would be fully IPv6 enabled, after all they are
_the_ mobile-first company and IPv6 can make mobile connection experiences a
lot better, especially during peak network usage times.

------
sneak
This is good, but it is the long tail that really sucks about the v6
transition. Hopefully when this board is green, it will cause a tipping point.

~~~
laksjd
I think the long tail isn't an issue. We'll probably have dual stack equipment
for the next few decades. What matters is getting the large websites on IPv6
so that people browsing on mobile (usually NAT64) or developing nations (usual
CGNAT) can get a non-sucky web experience.

Heck, if all the sites on that page where green, mobile Internet would
suddenly be a lot better since the carrier NAT boxes would have to deal with
~90% less traffic.

The big issue here are AWS/azure dragging their heels (and I assume some CDNs,
too)

------
rdallman10
maybe it'd get more adoption if it actually worked:
[https://github.com/docker/docker/issues/5618#issuecomment-24...](https://github.com/docker/docker/issues/5618#issuecomment-246040037)
\-- more shame on the people using it at this point

~~~
tashbarg
Almost half of Belgium and over a fourth of the USA is using IPv6 to connect
to the internet just fine and you have the audacity to claim it doesn't work
because there's a bug in the implementation of Linux?

This is like saying DEFLATE doesn't work because someone committed a bug to
zlib.

Shame on you.

------
daenney
I'm surprised there's so many Asian companies/sites that don't support v6.
Probably has to do with being hosted on some sort of cloud but considering v6
is fairly important to that region it's interesting they're willing to rely on
ISPs providing NAT/DNS64 for customers instead.

~~~
morecoffee
Presumably it is related to the widespread use of IE6: they are running old
bootleg versions of Windows, which dont do IPv6.

~~~
krylon
IIRC, Windows has supported IPv6 since at least Windows XP. According to
Wikipedia, even since Windows 2000. (Of course, IE6 might not support v6... I
never tried.)

------
morecoffee
If the creators read this, please add MX shaming! Some sites have AAAA records
but still use IPv4 MX records.

~~~
jlgaddis
I administer several mail servers and I honestly don't have any plans to
receive mail over IPv6 -- not until the blacklist situation is figured out, at
least.

------
kafetz
It is funny how Netflix is IPv6 enabled but AWS isnt ?! I wonder where Netflix
is hosted....

------
micro-ram
Install IPvFoo in Chrome and watch how many servers have embraced IPv6.

------
hollander
So it would be interesting to see which if these sites are hosted on AWS or
Azure, as these seem to have no support for IPv6.

------
Kartificial
For those who are looking to navigate to some of those pages, be aware that
there are a few nsfw sites on the wall of shame.

~~~
akerro
More pornsites moved to IPv6 than amazons.

------
0x0
Getting an SSL error on this page "invalid CA". Probably because I revoked
StartSSL and WoSign after reading
[https://groups.google.com/forum/#!topic/mozilla.dev.security...](https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I%5B1-25%5D)

~~~
vacri
Well, yes. It's a StartCom certificate, so it will be invalid if you have
revoked StartSSL stuff.

~~~
0x0
Obviously. Wanted to give a heads up that me (and several others) are
(voluntarily) unable to read websites using StartSSL certs, at least until
mozilla possibly eventually takes action against these CAs, when it might
become an even bigger problem.

