
98% of sites on Cloudflare now use IPv6 - jgrahamc
https://blog.cloudflare.com/98-percent-ipv6/
======
Symbiote
Why are Cloudflare still sharing IPv6 addresses, when there should easily be
enough for one per website? (And then with correct reverse DNS.)

The linked site [1] has a download of 134k hostnames. Filtering for the
Cloudflare prefix, 2400:cb00:2048, there are still plenty of sites sharing an
IP. For example, www.monolith.agency (a design agency) is on the same IP as
www.bobshouseofporn.com (porn).

Maybe the same company hosts both websites, and it's not Cloudflare's issue,
but that seems unlikely for a US porn site, Quebec design agency, Brazilian
health site and Spanish programming site.

Google have 13,000 sites on the same IP, 2607:f8b0:4005:808::2013, looks like
Blogger.

[1] [http://www.employees.org/~dwing/aaaa-
stats/](http://www.employees.org/~dwing/aaaa-stats/)

Something like:

    
    
        egrep --only-matching 'IPv6.+?  ' ips | sort | uniq -c | sort -n | grep 2400:cb00:2048

~~~
fowl2
Why not? Seems like a nice easy privacy win.

~~~
Symbiote
The design agency website might get blocked as collateral by a poor filter,
which knows of the porn site.

~~~
vurpo
I can imagine a government that would enforce that ISPs block adult sites by
default (a specfic government comes to mind), and as those sites would both
use HTTPS (as websites do), the design agency's website would be blocked by
default as collateral damage.

"Sorry, your website is blocked by default on all ISPs. It's to protect the
children."

------
franciscop
Cloudflare, you have my login token cookie but you are still asking me to
prove I'm not a robot. Please make using a VPN not to be a punishment since
all the sites that use your SSL show me the "I'm not a robot", no matter how
often I verify it. I am most times under an insecure WIFI so no VPN is not an
option for security. Possible steps:

1\. Make me solve it only once every X minutes/hours.

2\. Make the defaults to be one step down in security, probably most
webmasters don't want to block legitimate people using VPN.

3\. Make it dynamic, so only those under suspicion have to do it. And consider
being using a VPN NOT to be enough suspicion for it.

Right now I have to choose either to:

\- Compromise my security: don't like it now, cannot do it when I start
working with the new company I'm going to work

\- Solve hundreds of "I'm not a robot" per day

~~~
true_religion
These settings are available but it is currently up to each given site to
enable it.

~~~
franciscop
That was exactly my point 2: Make the defaults to be one step down in
security, probably most webmasters don't want to block legitimate people using
VPN.

~~~
Kalium
That seems like it might be a difficult sell for a company that considers
itself a security company for the benefit of a relatively niche use case.

------
TorKlingberg
It is great to see IPv6 finally taking off. I remember being exited about IPv6
back in 2003. I was fortunate to be on a university network with great admins
and made sure to enable IPv6 on my Linux computer. Then nothing much happened
for years and years and years. Not until around 2011 did the numbers start
ticking up much above 0%, and now we are in the early part of the steep slope.

~~~
frozenport
I believe most personal routers, such as the ones used to move internet from a
cable-box/fibreoptic to your personal computer now use IPv6.

------
dx034
Interesting that Google doesn't seem to use ipv6 for their crawlers. They
seemed to be big supporters for ipv6, but they don't appear anywhere on the
list. I'd expect them to cause much more traffic than Facebook.

Any clue why they only crawl via ipv4?

~~~
PudgePacket
Does google use cloudflare? If not then their data probably wouldn't show up.

~~~
dx034
Not directly, but their crawler will use Cloudflare. same as with Facebook.
They don't use Cloudflare but crawl websites that use it.

------
StavrosK
Interesting to see that Greece is the third (possibly second?) largest IPv6
deployment per-capita in the world. One of the ~3 large providers here still
hasn't added IPv6 (although I might just have an old router).

I'm still trying to figure out how to set up static IPv6 so I can access my
computers at home without a NAT, but it's very convenient otherwise!

~~~
daenney
Which one? I get IPv6 from (Cosm)OTE.

~~~
StavrosK
Do you? I have Cosmote as well but I'm on IPv4, I guess the router is old. I
don't think Cyta has IPv6 yet either (they didn't when I switched away to
Forthnet last year, exactly for this reason).

~~~
daenney
Yeah, I have my own box. But if I remember correctly with the new ZTE routers
they're shipping it works too.

------
noja
Your move GitHub and Reddit.

~~~
daenney
And Google Cloud too.

 _All Compute Engine networks use the IPv4 protocol. Compute Engine currently
does not support IPv6. However, Google is a major advocate of IPv6 and it is
an important future direction._

~~~
doh
Not anytime soon. Asked them about it just the other week. We would love to
get the IPv6 support as Google is not very eager to allocate IPv4 to us in any
larger quantities.

~~~
daenney
Yeah, same issue. I'm a bit surprised that they didn't bake this in from the
start with GCP. Can't even terminate IPv6 on a Google Cloud load balancer and
then do v4 internally. At least GCS does IPv6.

------
QUFB
Hopefully Amazon will add IPv6 support to AWS VPCs sometime in the next year.

~~~
jgrahamc
We're happy to do IPv6 for you on the consumer side and connect to you backend
over IPv4 if your backend provider can't deal with IPv6.

~~~
thedg
+1 - We actually do that automatically for you when you signup for Cloudflare.

------
piotrjurkiewicz
> IPv6 is faster for two reasons. The first is that many major operating
> systems and browsers like iOS, MacOS, Chrome and Firefox impose anywhere
> from a 25ms to 300ms artificial delay on connections made over IPv4.

He forgot to add that this only applies to dual-stack hosts...

~~~
phicoh
And, unless something is serious broken in all of those systems, only if the
target is also dual stack.

So an IPv4-only website should not incur any delay.

