IMO the major thing holding back IPv6 on the web is amazon. A huge proportion of services are hosted on AWS, and the lack of IPv6 addressing of instances cannot be forgiven.
"Getting?" I set up some CloudFront instances (or whatever they call them) a month ago and it had an IPv6 checkbox (which was unchecked by default, for some reason), but it seems to have been working fine ever since.
The good news is that Amazon has been slowly rolling out IPv6 support across various AWS services (ex. S3, CloudFront). Once they support IPv6 on EC2, though, that will be the big breakthrough!
I'd say ISPs to start with. In the UK, BT still hasn't rolled out IPv6. Neither has vodafone.
Also I have servers in colocation with two datacenters, and for both I had to ask to the support to get an IPv6 range. We are very far from IPv6 becoming a standard feature.
That varies strongly by country[0]. My home ISP for example does DS-Lite and last week their AFTR was overloaded. So ipv4 was almost unusable while v6 worked fine. So temporarily I was already living in a post-v4 world.
I have read I can get it by upgrading to the very latest version of BT Home Hub (I am using 5). I ordered it yesterday. But my current Home Hub 5 is compatible, and I still don't have IPv6.
The worst part about reddit in that case is that they use cloudflare which could be a 1 click update to ipv6. Previously they have stated that internal systems (spam, court orders, reporting) are holding them back from the change.
You know, Cloudflare gets a lot of shit around here for being a centralizing entity in a decentralized Internet (sometimes justifiably), but they've done a hell of a lot to push forward needed changes in the Internet infrastructure. Often at little benefit to themselves.
I work for one of the companies on that wall of shame. I wonder to what extent it has the reverse of the intended effect. "Oh so not even Amazon, Twitter or GitHub gives a crap about IPv6? Why should we?".
Oh so not even Amazon, Twitter or GitHub gives a crap about IPv6? Why should we?
If this is really what they're thinking, then they have no pride in their work and will never be the best at what they do. I suspect most of the engineers working for Amazon, Twitter, and GitHub are well aware that they're lagging in ipv6, and are very intent on catching up.
At a cursory glance, it seems that Google or Google-owned sites make up a majority of the IPv6-enabled sites. Seems to me the numbers would be a lot lower without Google's work.
With poor adoption rate of IPv6 persists in China, half of those listed (taobao, tmall, baidu, hao123, qq, youku, sina, weibo, etc.) just won't change in near future.
I am visiting China. It seems impossible to get an IPv6 address from either China Telecom (the ASN lacks IPv6 peering) or a datacentdr within China. Sending traffic to a VM in South Korea has similarly had the issue where I cannot find any VMs with IPv6 support, although most have terrible latencies.
Both Microsoft and Apple's www sites use Akamai's CDN, via a cname to a CNAME to something in akamaiedge.net, which support ipv6. The apex record of a domain (that is, the root record, microsoft.com or apple.com) cannot be a CNAME, it can only have an A, NS, MX or TXT record. A records make dynamic infrastructure hard, because they require API coordination between your DNS provider and your CDN. So Microsoft and apple host their own apex domain records via A records to static IPs in their own IP blocks, and have these servers issue a permanent http redirect to www.
AWS encourages you to use VPCs for service-internal addressing. Yes, you can rent "elastic IPs", but in the AWS mindset they are special and to be used only for NATing Internet endpoints to your services. It's based on end-to-end addressing being special and a scarce resource. This is compatible with the traditional corporate intranet style of thinking, but it's also in the opposite of internet end-to-end addressing and they are in no hurry to change it.
Link-local addresses are not routable and are not meant for application use, they're just for low level things like neighbour discovery and router advertisements (analogous to IPv4 ARP/DHCP).
There's also ULA that can be used for non-internet connected networks and some other special scenarios, but it would be a bad idea (and against recommended practice) to use them to port your RFC1918 addressing to IPv6.
I noticed the other day that IPv6 growth is slowing down, as Google measures it. Its access share used to double every ten or eleven months, now it doubles more slowly, and seems likely to reach 20% only in 2017 instead of this year, and if it goes on as in the recent months, 30% in 2018 instead of in 2017.
At a guess, many of most competent ISPs have done their thing and now we're seeing the more sluggish middle. Or? Comments?
In Belgium we're up to 49.5% of Google traffic over IPv6, which is pretty impressive. All major ISP's have IPv6 enabled in a dual-stack setup right now. This works because almost all of them provide an all-in-one modem/router/access point, all remotely managed, so it's easy to just flick a switch on the ISP end and magically have everything go over IPv6.
What's holding back further progress is mostly people with their own NAT routers/DHCP that's not set up for IPv6, or company networks where the transition isn't planned. That's going to change very, very slowly indeed.
If I remember well at least 2-3 years ago it was complicated to measure IPv6 usage on a high-end router, and that was tied to billing.
Every vendor (Cisco/Juniper/Alcatel/Huawei) had a different way to do it and since B2B billing depended on it IPv6 adoption was not as easy as expected.
Every vendor had a different way to measure how much octets went through an interface on IPv6 using SNMP.
And the standard MIB (management information base) for SNMP only gave you IPv4 traffic.
So, if you wanted to measure the traffic you interchange with a third party on IPv6 you had to be tied to a specific way of doing in (some had private or experimental MIBs for that, in other cases you had to move the data through a tunnel and measure traffic inside the tunnel minus overhead.).
Very easy to make mistakes specially if there is a problem with the traffic late at night and somebody forgets to put you in the loop.
Here in France, there have been leading ISPs (Free ADSL), good citizens (SFR), and laggards that keep on dragging their feet (Orange, Numericable). Things got worse when Numericable bought SFR, halting progress with stupid rules in place that when you get the budget version of a contract you don't get IPv6 because reasons.
Let's not get started on "pro" versions where you just don't get IPv6 at all, ever, and on the phone you can even get them mumbling that it's not even on the table (Completel).
I'm on Free and I had to disable IPv6 because one of their routers was dropping about 60% of the IPv6 packets: GitHub, Google, Bitbucket took several minutes to load.
As soon as I switched to IPv4 everything worked fine.
I suppose that nobody at Free is really monitoring their IPv6 network in the same way they do it for IPv4.
In the UK, only one big(-ish) ISP supports IPv6, and 2 significantly smaller ones. BT claim to be pushing it out next year, but they still have a large number of older consumer-end router/modem devices which can't be updated for it, so it'll take another half a decade for those devices to fail and be replaced. Once BT have pushed it out, many of the companies that depend on them for varying things should be able to build implementations fairly quickly.
BTnet (BT's higher-end leased line etc. services) do support native IPv6 fwiw, but when I spoke to them (this was in Scotland) they said no customers ask for IPv6 to be enabled, and it's not enabled by default. (But if you ask them they'll do it no problem - verified to be true.:) But the situation is different with all that older consumer equipment as you say...
Here in Japan, the largest consumer fiber wholesale network (NTT) "supports" IPv6, but you need a separate, $100 router that talks PPPoEv6 since none of the common consumer routers (including the one they provision you with) seem to support it.
I also haven't been able to get PPPoEv6 working in macOS.
I focussed on your suggestion that it had to cost $100.
If people don't need IPv6, then why bother. My impression is that the content providers don't care about IPv6, so I assume they have plenty of IPv4 space.
Some large consumer ISP are short on IPv4 address, but in that case, they will will make sure their customers get IPv6 capable CPEs.
From this: https://www.google.com/intl/en/ipv6/statistics.html doesn't look like it is slowing down, it's not exponential though, but was it really? It's much easier to double up when number of users is low.
Here at Brazil, I know of no consumer facing ISP that supports IPv6. But we have been busy dismantling a quasi-communist government, so things may change faster in the future (if we are successful in the dismantling).
Yea, ISPs are upgrading home users for them.. Businesses tend to have their own equipment, and need to DIY the change, even if IPv6 is pushed down the wire to them by the ISP.
Looks like the US is up to 30% now! I suspect mobile traffic is largely driving this as all the major carriers are moving to ipv6 only and proxy an ipv4 address when needed.
We have a product that uses ipv6 for inter-server communications. We've since learned that most major corporations routinely disable ipv6 on every computer.
Heard a "funny" story about Facebook switching over to pure IPv6 and their issues dealing with largely untested IPv6 implementations. For example, switches which, when presented with an IPv6 BGP route while they don't have IPv6 configured, crash. Apparently they took down an entire data centre full of rack switches finding that out.
My second-favorite problem, after that was solved, was developers constantly using IPv4-only code. Their eventual solution was to just disable IPv4 entirely so that anyone committing IPv4-only code was committing broken code.
It's amazing how much work it takes to bring people into the future.
Very "funny", but that kind of crashes happened more than you imagine.. in telcos.
Usually the problem is memory. A machine with full routing enabled needs much more memory for IPv6 than for IPv4 and when routers run out of memory they just crash, reboot, and start again...
Usually the problem is memory. A machine with full routing enabled needs much more memory for IPv6 than for IPv4
Interesting - why? I would have thought that routing tables for ipv6 would be a fraction of the size of their ipv4 equivalents. Am I wrong? Or is this just sloppy programming on the part of those switch programmers?
I've not run into a problem solved by IPv6. There's no incentive for ISPs to provide good service, so they can just follow the mobile carrier route and nat/proxy when exhaustion becomes an issue.
As other countries go IPv6, more IPv4 addresses become available for the big cloud providers.
I run into NAT almost every single day. It wastes time, breaks things, consumes router resources, rules out certain technologies/products/services and duplicates so much work it's just unreal.
As a sysadmin, if I had limitless IPv4 addresses, I'd still use NAT on servers and clients because it's a useful security layer. There's little reason that individual devices need globally routable IP addresses.
No, it's not. As a sysadmin, you should know the difference between NAT and a stateful firewall, and that NAT alone doesn't prevent packets from being routed to local addresses.
> There's little reason that individual devices need globally routable IP addresses.
NAT has been more damaging to the development of network software than any other factor. NAT breaks the development of true network software, such that entire categories of software haven't even been considered.
NAT forces extremely complicated hacks[1] and centralized management of true peer to peer connections. The benefit of the internet has been that any peer has the capability to publish. NAT breaks that benefit, turning the internet back into cable TV, where most people need an imprimatur[2] to publish.
This needs to be repeated everywhere. There are too many system admins with dangerously bad ideas about IPv6 and NAT. NAT needs to die in a fire and if you're rolling out NAT for IPv6 you're wasting your time and your company's money for a bag of nothing.
Not much! Just a few bytes for each packet. Running a NAT service requires a big table of all the active connections, ie. it's stateful - IPv6 with no NAT needs no per-connection state in the router so that's a big space-saving.
As I understand it, there have been a few nation-scale Internet outages that have been a result of IPv4 address tables reaching their resource ceiling (not relating to NAT) - another example of how IPv4 is no longer fit for purpose regarding hardware resources.
Those were caused because Cisco by default (optimistically) partitioned a big chunk of the routing table memory for v6 routes. The fix was to reduce the memory usage for v6 and give that memory back for v4 routes. So really it was allocating so much space for v6 before there was any need that caused those outages.
A sometimes large but solvable part of the problem in ipv4 routing table sizes is numerically adjacent routes that could be aggregated into fewer announcements but aren't; ipv6 doesn't help with that. Another part of the problem is that many networks have lots of allocations that aren't adjacent, so they can't aggregate them; ipv6 should help with that as there's room for big allocations.
So you don't want stateful inspection on your private LAN router? Its ok for every hacker to portscan the 100's of IoT devices in your house? You're a very trusting fellow.
How many IoT devices need to allow incoming connections at all? And how many connections do they need to make?
IoT devices, if I had any use for them, would go on my private LAN. My private-public router can do complex stateful tracking, because it only has to handle a few connections at a time. Meanwhile my grown-up internet devices go on the public side and get actual internet access, meaning that e.g. two people inside my house can play an online game with a person outside my house, and aren't slowed down by a complex connection-tracking router. Also means my guests don't get access to my IoT devices.
> How many IoT devices need to allow incoming connections at all? And how many connections do they need to make?
If they need outgoing connections, they likely also need incoming when we are speaking about stateless filtering. Without incoming connections only UDP would be allowed and it would be usually impossible to determine if the packet should be send again (it would only be possible if there was out of band method to detect it).
Ok, I will admit that it's possible to check the TCP headers and just drop incoming SYN packets without ACK, but then you need to start trusting that the IoT device can handle invalid TCP packets.
> Ok, I will admit that it's possible to check the TCP headers and just drop incoming SYN packets without ACK, but then you need to start trusting that the IoT device can handle invalid TCP packets.
I have more faith in that than I have faith in a router that does complex state-tracking logic to not contain RCE vulnerabilities itself.
The claim isn't about memory needed to flesh out an entire address range, but resources allocated to things like nat in ipv4.
Why am I trying to fill out in memory an entire /64? More importantly what purpose will doing that for a home network that will at best have 100 nodes even with ipv6? The memory needed to route and track 100 ipv6 nodes vs 100 ipv4 is a rounding error. Even if I enabled privacy extensions the amount of addresses is miniscule.
Nat sucks, end of story, and yes ipv6 requires more memory. It is a bigger address range after all. We also gain a lot of what we lost with ipv4 years ago.
I don't need to grab a calculator to figure out what I have already witnessed.
I've come across several routers that stop working (partially or completely) or spontaneously reboot when there are too many active NAT sessions. At a few customers I've had to set session limits to prevent some devices from being unable to talk to the WAN.
IPSec is one. You would burn two IPv4 to enable IPSec between two machines you control. That's a no brainer with IPv6. It is cumbersome and expensive with IPv4.
And given that most datacentres (outside of cloud services) are IPv6 enabled, this makes sense to secure server to server communications.
I hope we don't have IPv6 only protocols and sites anytime soon. My cable company still is not supporting IPv6... It seems like something a major American ISP would of done by now.
On the contrary, having IPv6 only sites and protocols would greatly help adoption.
One of the problems is that a lot of companies think that IPv4 is good enough, since there's no discernable difference to end users right now. Every IPv6 site is also accessible over IPv4, and the community is already heavily invested in engineering around the shortcomings otherwise created by NAT on IPv4.
Coupled with the additional cost and security considerations that have to go into an IPv6 deployment, we've got a good recipe for encouraging both ISPs and corporate providers to stay on IPv4 for as long as possible. (If we're unlucky, we might even see ISPs roll out carrier grade NAT instead of upgrading.)
Your issue is site-specific; most likely your modem is outdated, but your router may also be configured to not try to acquire a block of IPv6 addresses.
Interesting. No communication from them. I figured this is the sorta thing they'd mass contact people about to update.
I remember asking the installer about 3 years ago about it. He said I'd have it as soon as they turn it on at the central office...
I'm not really too worried about it yet as it's not a problem really yet. I hate talking to support people.
I went to the IPv6 page and it's not showing a V6 IP Address http://screencast.com/t/Xuq4VOfnS but the Dynamic page for IPv4 displays it in those text boxes(editing is disabled on them even though they look like inputs. A bit confusing UX if just looking at the image)
So it appears my firmware has it... strange. This is on the modem itself, not the router as it's a all in one.
Just found this: http://forums.timewarnercable.com/t5/IPv6/Not-getting-IPv6-A... from two months ago "I got someone from Tier 3 on the phone and he told me it was not available yet in my area." so hmm, sounds like some areas might be last to get it then.
This is telling organizations developing standards to basically pretend IPv4 doesn't exist and is no longer in use. At least that's how I read it. Seems a bit premature.
