Hacker News new | comments | ask | show | jobs | submit login
Is IPv6 only for the Rich? [pdf] (ripe.net)
126 points by okket 9 months ago | hide | past | web | favorite | 67 comments

Maybe still ISPs suffer poor field reports.

I was client at "Kabel Deutschland, Germany" and they offer native IPv6 for their customers, with "Dual stack lite" as the routing option to reach the IPv4 world. It performed poorly for me, perhaps due to bad load balancing of the IPv4-gateways. I switched to a buisness plan (+10EUR/month) of the same ISP and now have an own static IPv4 adress and not even native access to IPv6 any more. This is a clear statement how they think about their IPv6 support.

Same story here with Orange in Spain. Fake dual stack through barely-working CG-NAT limited to ports <2000 which many services/devices do not accept and which the router randomly forgot, and no PPTP VPN because the CG-NAT did not support the GRE protocol. Plus the joys of sharing an IP with random strangers, of course. After many clients started complaining they offered us static IPv4 plans (with no IPv6) for free (normally it costs 12€/month), instead of coming up with a better dual stack implementation.

For the record, I'm also on the business plan (cable) with them but seem to have absolutely no troubles with IPv4 and IPv6 and I'm IPv6 native from what I can see here.

Are you on DSL by any chance?

My experiences come from Unitymedia (in Germany), they offer 50-200Mbit over cable TV lines (coax).

Business plans don't suffer from CGNAT

It's normal, no? They deploy IPv6 because they don't have enough IPv4 addresses. And since most servers in the world are not IPv6 ready and will never be for a long time, if you want to reach an IPv4 server you have to go through their CGNAT which may have a piss-poor performance.

I really wish RIPE could force ISPs to release the addresses they don't need :(

If their CGNAT would perform better, clients would not even notice a difference. I hardly doubt all that buisness clients (thinking of small non-IT buisinesses such as coffee shops) require native IPv4.

An ISP who cannot offer a proper IPv6+IPv4 internet access should not be refered to as an ISP. He supports IPv6<->IPv4 segregation, instead.

12% of all web servers have IPv6, including most of the largest sites.


It's worth noting that many of the highest traffic websites are in that 12%, to the point that an average dual-stacked customer will see about 50% of their traffic by volume go over v6.

That's a very relevant stat when it comes to provisioning CGNAT capacity for your customer base.

This talk will be presented on Thursday 17th at RIPE76.

I assume that as usual, it will be streamed live and the video recording should appear here: https://ripe76.ripe.net/programme/meeting-plan/ipv6-wg/

This upcoming RIPE meeting has so many interesting talks... I invite you to "invest" some time going through the program (not all slides are available yet, as it starts tomorrow)!

> Let’s measure the “wealth” of an ISP by the aggregate wealth of its customer base

You can't measure the wealth of an ISP by the wealth of its customer base. ISP businesses are very different in each country. In one country there could be no ISP-hostile regulations, low barriers of entry, a lot of competition, cheap labor, resulting in like $5 ARPU in urban areas and low margins. In another country ISPs could manage to monopolize the market with regulations creating a lot of burden for smaller players, resulting in like $20 ARPU and very high margins. In some countries it is also possible for rent seekers that provide infrastructure for ISPs to suck all the revenue, still allowing competition and leaving them with big ARPUs but low margins.

I suspect the hunch in the title is right though. ISPs from the least competitive markets and therefore rich can afford and do deploy IPv6. While ISPs from the most competitive markets cannot afford bothering with IPv6 and since there is no demand for it yet at all, they don't deploy it. But if demand for IPv6 starts growing for some reason, ISPs from competitive markets will of course deploy it.

Could it also be a way to keep competition out? Established ISPs might have enough IP4 addresses to last them for a while. Meanwhile, as long as most of the internet hasn't switched over, new ISPs can't enter the market because they can't get hold of IP4 addresses anymore?

Knowing what I know about how corporations are run (which is nothing more than anyone else who has worked for multiple large organisations) the ISPs are dragging their feet on IPv6 because they can get away with it and it saves them money.

I switched ISPs for my fibre connection because my previous one had an absolutely terrible IPv6 implementation. I made sure to let them know why they lost me as a customer, but it's very likely that never happened to them before or since.

I think IPSs can get away with horrible service and abominations like CGNAT for quite some time before it gets so bad that IPv6 gets properly deployed.

To get a project going you need to convince mgmt that it can make or save money. And you need a shiny demo. With IPv6 migration, this was tricky. It costs a lot of money up front to get IPv6 support for all routers and backend systems. There aren't really new products you can show. Being able to give retail customers a fixed IPv6 address will reduce the demand for more profitable business access products. The best argument was that IPv4 address depletion would make it difficult to add customers.

None of this explains why the growth suddenly slowed down.

My best theory is it has to do with adoption of mobile ISPs.

It would appear to me that a lot of the previous growth came from Jio in India which added a lot of users in 2016&2017. That has slowed down now so that the overall growth has slowed. You'd probably need to see very large providers switching over to see further jumps of that size.

Given the wide deployment of nats, necessary because of the shortage of ipv4 addresses, the need for publicly routable ips for client addresses goes way down.

A few years ago, there was a mad push to have public IPv6 addresses because “soon” customers would be unable to reach your servers since they were only going to be given IPv6 addresses. Clearly, that hasn’t been the case.

NAT is an annoyance. Peer-to-peer gaming or voicechat becomes laggy, or doesn't work at all. With the popular internet becoming more and more centralised, maybe it doesn't matter so much to the average end user, but there will come a point where people notice that gaming is better on ISP A than on ISP B even if you don't know exactly why.

Gaming is hardly a major driver of infrastructure choices, with all due respect.

The issue is that most businesses are now so well-acquainted with NAT-ting, they don't really care for IP addresses. In fact, the more opaque your network topology is to the outside, the better from a security point of view. Every app works through http these days (because proxies are mandatory, again for security), so there is little need for real addresses.

> Gaming is hardly a major driver of infrastructure choices, with all due respect.

When it comes to consumer ISPs, who are the people paying for the high-end packages?

> The issue is that most businesses are now so well-acquainted with NAT-ting, they don't really care for IP addresses. In fact, the more opaque your network topology is to the outside, the better from a security point of view. Every app works through http these days (because proxies are mandatory, again for security), so there is little need for real addresses.

Existing large businesses are happy with their current ways of doing things, sure. But those have never been the early adopters. IPv6 suits the startups (anyone who's working with containers hits problems from reusing the same subnets sooner or later) and it suits businesses that have to merge existing networks. No-one wants to be first, but there will come a point where the IPv4 costs are high enough to be worth doing something about.

> When it comes to consumer ISPs, who are the people paying for the high-end packages?

A family of 5 where you need the bandwidth if everyone starts streaming videos at the same time. For gaming you'd advertise ping times, I haven't really seen that recently.

> IPv6 suits the startups

That matches what the presentation says: IPv6 is growing roughly as the internet grows, i.e. new ISPs go with it, because if you are starting from scratch, might as well do things in the modern way. (If you mean vanilla web startup, I think they have enough problems without risking to bork things up by misconfiguring a feature nobody really asks for...)

> When it comes to consumer ISPs, who are the people paying for the high-end packages?

Movie watchers and other media addicts; and they don't really care about IP addresses.

IMHO a lot of bigger ISPs have looked at the struggles of early adopters and decided the effort is not worth it. Most of their budgets these days go towards traffic shaping and caching, where IPv6 doesn't really help much. Established businesses are not clamouring for the feature, so why bother?

I agree that at some point things will change. I think the point of the article was that we thought we had reached that threshold a few years ago, but it looks like it wasn't really the case.

>anyone who's working with containers hits problems from reusing the same subnets sooner or later

Docker doesn't support IPv6, I think.

It does, but it's disabled by default. Note that this option is about using IPv6 internally between containers. Even with it off, any exposed port will be both IPv4 and IPv6.

There are millions of private ipv4 addresses available. Can you talk about how subnet reuse becomes a problem?

Too many people use 192.168.0/24 and 192.168.1/24 and eventually some of those networks need to be connected. You can only have so many of those in an organisation before it becomes a pain point.

A conslutant friend told a story about a customer who had been through a few mergers and demergers. One nightly database dump there involved parts of one database being copied to another, both internal to the same company, through five layers of NAT. One of the routers had a 1500-line NAT configuration.

>When it comes to consumer ISPs, who are the people paying for the high-end packages?

Gamers don't need high speed or thousands of services and telly channels, just good ping

>Peer-to-peer gaming or voicechat becomes laggy, or doesn't work at all.

It's 2018, nobody would be insane enough to try that

Ghost Recon Wildlands, a 2017 Game, uses P2P game lobbies.

It's still very popular because it's cheaper; no expensive servers to run for customers and they can still play if you eventually shut down your services.

Maybe not the big names, but it's still happening. I have at least one new-in-2018 game that I had to do some port forwarding for (Heart of Crown).

See the slide "The Changing Internet"

See slide 33, "The Changing Internet", for the most interesting insight (IMO). It basically said that when IPv6 was developed, IPs were still pretty good identifiers (it was important everyone had their own), but that now it's not so important that everyone has their own, so there's not much incentive to change.

Isn't it a self-fulfilling prophecy though? Dynamic IPs and widespread NAT'ing made IP addresses borderline useless to identify endpoints. If everybody had a static /48 IPv6 in the 90's and early 2000's maybe things would have gone in a different direction.

I think eventually the only thing that will have any hope of forcing proper IPv6 adoption is some popular service being made available only over IPv6.

We can call it "IPv6walling."

There's 3 websites, to my knowledge, that are IPv6 only:

* https://loopsofzen.uk/

* https://42.be/

* https://ct.filippo.io/

They aren't quite killer applications though, so it won't push many to IPv6. Possibly as the internet gets larger, some hosting providers simply won't have any free IPv4 addresses left? I guess that could be solved by putting CloudFlare in front of the server to provide an IPv4 address. It's strange, I used to do that to provide IPv6 years ago.

Also customers would just think the website is offline, because browser's error page doesn't say: "You have IPv4, but you need IPv6. Call your ISP."

So there'd be no: "I want this IPv6" calls to the ISP.

Just redirect your A record to youdonthaveipv6.com

If you have dual stack, any A record will get used some of the time. It's part of Happy Eyeballs.

I suppose that you could add a long artificial delay to the IPv4 service.

Depends on your browser. For example, Safari will always prefer AAAA over A.

I had IPv6 with Time Warner, but then they merged with Spectrum and my IPv6 magically disappeared. My networking and internet infrastructure knowledge is limited, so I have no clue why they would would be incentivized to do that. This happened some time last year.

EDIT: The only reason I know this is because at some point last year I asked google what my IP address was and was surprised to find it was an IPv6 address, but then later on apt broke, because one of the packages (node?) was only checking an IPv6 address and so now whenever I update I have to force apt to use IPv4.

I've had Spectrum for the last 4 years. I know they've been slowly rolling it out to their entire network start last year. My connection currently is ipv6 enabled. I might be they are reconfiguring your area to their own ipv4 and ipv6 standards.

> You need to be a rich ISP to afford IPv6 deployment

That's not a guarantee though. Verizon are rich, yet their fiber residential network has been "in the process"[1] of deploying IPv6 for years, and nothing is anywhere in sight still.

1. https://www.verizon.com/support/residential/internet/getting...

Regarding France and the slide about the growth of ISP and the correlation with the IPV6 deployment I can say that sudden user growth in france is very often due to an aggressive offer from one of the ISP, resulting in the migration of a large number of users from one ISP to another, no new clients.

I do think this is a valid indicator in "not fully developped yet" countries, but I don't think its very representative for others.

As for the slow down some ISP in france started to regroup several clients under the same IPV4 addr, essentially assigning them the said ipv4 and a range of ports, some sort of PAT at the ISP level, I don't know if it is an isolated solution but it might explain part of the slow down. Doesn't explain why they do it tho.

Even where ISP's support IPv6, hardware is often the impediment. I've finally enabled IPv6 at home now that Ubiquiti has enabled support.

My office is on Meraki hardware, which is not yet IPv6-ready. Can't quite wrap my mind around the latter. I didn't pay for the hardware or initial 3 years, and I certainly won't be extending the license if support isn't ready.

As a side note, I'd look closely at router implementations as you deploy in home and other small networks. Too many consumer-grade hardware companies rely on NAT versus proper firewall rules to restrict inbound traffic. I don't expect the majority of them to get the basic protections right as we move to publicly addressed IPv6 networks.

Interesting that 40% of IPv6 users in the world belong to just one ISP. It's Reliance Jio if you're wondering.

He's written an article on this presentation now: https://blog.apnic.net/2018/05/21/what-drives-ipv6-deploymen...

Hypothesis: China/Russia are dragging their feet because their censorship/interception infrastructure is holding them off. Freer India gets a nice head start here.

I am on CenturyLink dsl and have ipv6 kinda. I had to go through the trouble of turning on 6rd myself since it is not enabled by default.

Is there a reason ISPs would be reluctant to discuss their motivations for IPv6 deployment? That is, why can't you just ask them?

How much would you pay to access the ipv4 internet?

How much would you pay to access the ipv6 internet?

What are support costs for ipv6 endpoints / compatibility needs / help desk / securing / understanding / training all techs etc vs ipv4?

= ISP motivation?

ipv4 is relatively well understood, existing infrastructure to serve it, and people are willing to pay MORE to access the ipv4 internet, and basically won't pay anything to access ipv6 only internet.

If you've used ipv6 actively, plenty of stuff doesn't play well, lots of weird hangs on connections etc in deployed contexts, and even with ipv6 you can't seem to actually go endpoint to endpoint (ie, printer at work from computer at home easily). My ipv4 based vpn works great though (and doesn't support ipv6 properly). I started down path of hassling vendors, but it's not worth it. You've got your work ISP to hassle, then fix work internet gateway, then get firewall sorted, then get internal network sorted (yes, the copier runs some ancient crap), then get each employees home internet sorted, then all their machines, then all the related software. They couldn't have made the migration path harder if they had tried.

It would be more accurate to say that they couldn't have made it any _easier_ if they tried. v4 doesn't have the necessary forward compatibility for that.

I don't find it surprising that they can't find a correlation between GDP/growing user base/IPv4 stress and IPv6 deployment.

IPv6 deployment is a matter of politics. It depends on the opinions of the network personnel, on the hardware they have in their core network, on the hardware their customers have (CPEs), on the support contracts they have, etc. That's what decides whether they put a CGNAT in place, whether they buy more IPv4 addresses, or whether they deploy IPv6.

>" It depends on the opinions of the network personnel, on the hardware they have in their core network, on the hardware their customers have (CPEs), on the support contracts they have, etc."

Are you saying there are network engineers/management at ISPs who don't believe IPv6 is an imperative? As someone who in a former life worked inside large ISPs on the networking side I can tell you that that view would be quite rare. What would be the politics exactly?

Most ISPs run Juniper and Cisco gear in their core, both of these have have been capable of routing v6 for well over a decade now. Additionally if you are running older gear you would have hit the 512K route TCAM limit years ago.[1]

None of this would have anything to do with existing support contracts either. You would be pretty hard-pressed to find a rev of JunOS or IOS/NXOS that didn't support v6.

It's actually much more efficient to route v6 than v4. The global IPv4 table 719K prefixes now while IPv6 has 52K See:




Lastly the fee schedule for IPv6 allocations from RIRs are not cost prohibitive for an ISP. Using ARIN as an example here:


[1] https://blogs.cisco.com/sp/global-internet-routing-table-rea...

>Are you saying there are network engineers/management at ISPs who don't believe IPv6 is an imperative?

Unfortunately, this is true for at least one major ISP in the USA. IPv6 support is seen as a low priority internally, as they work to merely keep their devices online.

One huge secret about Juniper devices is that the hardware is remarkably unreliable. At one company, a partial Juniper SSG failure prevented a failover to good hardware. At another, we so many Juniper SRX RMAs that we had a full time network engineer handling the RMA paperwork. (Admittedly, they said we were their biggest client, and had a bigger implementation than Juniper's own network lab.) They have a bad habit of failing on reboot - one was operating fine, we reboot it and it reports errors. This happened repeatedly in several data centers - at one point we had 1/6 of our data centers non-redundant while we waited for RMA shipping.

>"One huge secret about Juniper devices is that the hardware is remarkably unreliable."

This is patently untrue. The MTTF is the same as Cisco gear. The only reason this would be a "huge secret" is because it is not widely held opinion.

There are bad revision of chipsets on certain boards from time to time yes. And if you place a large order you will likely feel that pain if you're shipped boards with those revs. I know this first hand and with SRXs. Firewalls are but one segment of their product line and the one that was never their core strength(in fact this was the Netscreen acquisition.)

The T4000 and MX 960s are both "big iron" and in both the core and edge of Tier 1 ISPs. The reputation of these are exceptional and for good reason. Their EX/QFX ToR switches also have a well-deserved reputation.

To use your anecdotal experience with on particular segment of their product line and make a sweeping generalization of the quality of their entire offering is absurd.

I say this as someone who doesn't have a horse in the race and has very little love for network hardware vendors in general.

MX series routers do seem more reliable than their SRX counterparts. It's just frustrating to go into a major incident retrospective and hear that - yet again - we're not redundant in a data center because we rebooted a Juniper device and now it needs an RMA.

Juniper even instructed us to reboot the passive node before any failover, just to catch these issues.

I've heard that a lot of ISPs in Australia are stuck on IPv4 as their whole billing systems (written in early 2000s) use IPv4 addresses for everything. Including techniques like mapping an array of size 2^32 (entirely possible with virtual addresses) to keep counters for each user. It would be a complete rewrite of their billing systems to work with IPv6, and they no longer have many/any programmers on staff.

There's no particular reason to use the entire IP as the lookup key though; all customers will be numbered out of the ISP's single allocation and you don't need to keep track of the traffic of each individual host, just the overall traffic of each customer.

You'd end up needing a much smaller array for v6 -- small enough that you could fit it into the presumably-unused parts of those 2^32 arrays that correspond to the v4 class E space.

Most residential customers don't have static IP addresses -- how does that work when a customer's IPv4 address changes?

>Most residential customers don't have static IP addresses

Where is this? What do you have to back up this claim?

>how does that work when a customer's IPv4 address changes?

As far as I can tell, it wouldn't. But I don't see what your point is.

I'm not in Australia, but I've had the same IP for decades, even having gone through multiple routers, so it's probably tied to the DSLAM port I'm connected to, which makes sense for such a billing scheme. Also might be why I don't have IPv6 yet either.

I believe they take a snapshot (which can be as simple as fork(), hooray for COW memory) of the array every minute to see how much you've downloaded. The same IPv4 address isn't reused by another customer until a day has passed.

>Are you saying there are network engineers/management at ISPs who don't believe IPv6 is an imperative?

If the rest of your message is true, why are the ipv6 numbers so low, if it's not because of politics?

IPv6 growth has been an almost flat curve for many years. Now suddenly it's not.

I personally expected IPv6 growth to slow down gradually. I find it very odd that the growth hit a wall like that. Oversimplifying somewhat: The number of new v6-capable users increased every month, then boom, zero.

I also find it odd that politics would have no effect at 13% or 14% deployment and then block growth entirely at 15%.

Then please explain exactly what these "politics" are then rather just throwing around the word around in the abstract. I find it odd that people say "oh its politics" without explaining what or how IPv6 is being "politicized."

People appear to use the word "politics" to mean any motivation that's very weakly connected to the matter at hand, but rather instead to another relationship between the parties. Ill will from a previous confrontation, for example. Or a general desire to prevent department x from meeting more of the Quarterly Corporate Targets than department y does.

In this context it has to mean something that didn't impede IPv6 growth at all for a while, then suddenly blocked IPv6 growth completely. Can't imagine what it would be.

(Sorry, didn't notice the comment until much too long had passed. I realise noone's going to read this. Oh well.)

The numbers are not so low, they've simply plateaued recently.

Also, IPv4 exhaustion doesn’t affect Africa yet, only the American, Asian and European RIR.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact