Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why is switching to IPv6 so hard?
8 points by akulbe on Nov 28, 2017 | hide | past | favorite | 3 comments
Encountered a situation where IPv4 addresses were exhausted on one segment.

Brought up the idea of IPv6, and was summarily dismissed... and told it's a long-term goal, but not possible right now.

Admittedly, this is something I don't know a lot about. I want to better understand, though.

Why is switching to IPv6 so hard?

What all is involved in the process?

Why do some companies put it off as long as possible, with all the resource issues that seem to be coming up?

Thanks.

Edit: clarity



Several reasons:

(1) IPv6 is a usability disaster. Addresses are not memorable, hard to type, and annoying to cut and paste. DNS solves some of these issues but is another system that can break. Network engineers deal in IP addresses because networks are IP-based, not DNS-based.

(2) Networking is a curmudgeonly field that clings stubbornly to old ways of doing things. Vendors like it this way because it helps them sell complexity and then sell more complexity to ease dealing with that complexity.

(3) IPv4 and NAT are huge sources of complexity and thus revenue for vendors (extending #2).

(4) A lot of old software still doesn't support it. A lot of legacy systems will never support it.

(5) Security superstition and cargo cultism. Many people think NAT is a security feature and fear IPv6 "exposing IPs." NAT was never about security and if exposing an IP is a security risk you have major security problems.

(6) A lot of ISPs and major cloud providers (Azure, Google) don't offer it yet, making full support across everything difficult. Until they do you'll have to maintain dual stack or ugly V4/V6 NAT hacks.

(7) IPv6 doesn't solve all the problems. It has no inherent mechanism for authentication, micro-segmentation, or encryption (IPSec is a usability nightmare) and you still get delegation issues. For example if you delegate /64 to your network then /128 to each host a host cannot delegate a /128 to a VM. You could bridge the VM but this is sometimes problematic. This is a huge oversight in standard IPv6 address assignment practices, which should much more liberally delegate addresses.


I manage it deployed on a large WAN. It's not hard.

Okay, it's kind of hard for the network administrator. There's a bit of a learning curve and you'd better understand how IPv6 requires ICMP, and how RA works. But, if you do your job right, end users probably won't notice. Everyone is still gun-shy about IPv6.


Because IPv6 from user point of view it is 128 bit address and nothing more. From technical point there will be always that golden switch/router witch have problems with IPv6 and it is hardware bug, because router golden nobody will be new device for big chunk of money.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: