Hmm, I feel I have never been on a IPv6 network, I have never seen myself get an IPv6 address, from time to time I make DO droplets and assign them and IPv6 address, the I copy it into the browser address bar, no luck. I'm quite comfortable using network technology and terminology but I have no idea what I can do to use or speed up the use of IPv6. I'd love my home server to have a unique IP address for the rest of my life. How can I do it? Will I just at some day, receive such an address from my ISP? My ___domain name provider supports IPv6 and my servers do, yet, I never managed to connect over IPv6. It annoys me to be honest. Is it all at the ISPs at the moment?
I found the "Sage" certification from he.net/tunnelbroker entertaining. You basically setup a IPv6 capable mini-ISP. Also have a look at these nifty Browser add-ons that tell you which part of website is served via IPv4/v6:
Once you started to live without NATs and have endless[1] amount of addresses, you start banging your head against the table when you encounter so called 'future' technologies [2] that on their very core only support IPv4 and rely on NATs and ugly port-bridges etc.
Do you use a telco/cableco provided modem? I was escalated through 3 tiers of support who all gave me different answers. I called to pick a fight over the fact that I live in an urban center, and while they advertise "90% IPv6 coverage on their residential network" I still don't have IPv6 access.
I wanted to know what actions I could take to get IPv6. I knew that a competitor offered IPv6 (a friend just switched) and having IPv6 access would make it much easier to administer my servers w/o using a tunnel.
- The first tier support told me my leased modem did support IPv6, but I'd need to buy a "business class" plan. This was a flat out lie, and in fact I "have" a business class plan at work. (Hint: it's the exact same modem, and we don't get an IPv6 allocation at the office.)
- The second tier told me IPv6 wasn't available in my area, full stop.
- The third tier [correctly] told me my modem doesn't support IPv6, and that a new one from an "approved list" would. (Though when I inquired about a specific model _from that list_ she told me it wasn't supported.)
---
In the end I bought a modem from that list (the exact one she told me wouldn't work, hilariously enough) and IPv6 just started working out of the box.
I really don't understand what the point of leasing a modem from a cableco is. I was operating under the assumption that they'd replace it when it was obsolete or in disrepair, but apparently "has IPv4 access" doesn't count as obsolete just yet.
So if you want IPv6 access: a good place to start would be pestering your ISP and probably ditching your ISP provided gateway. As an added bonus I now save $10/mo on my bill.
Install the DNS Flusher addon in your browser. This addon can display the IP-address of the site you're visiting in the status bar. I see IPv6 addresses all the time for many sites, although not this one.
This addon does nothing much for me except informing me that I use IPv6.
What I like about DNS Flusher on Firefox, that you can put the icon in the status bar, where it displays the IP address all the time. For that you need a status bar addon of course.
Amazon is an egregiously bad actor, here. Through AWS, they shape the near future of computing, and they fill it with RFC 1918 non-interoperable address blocks and limited public address space. The path of least resistance on AWS is IPv4-only, which means NAT64 and stupid stuff from the 90’s.
Pardon my ignorance, but why does it matter that a website is accessible also via an alternative IP-that-happens-to-be-longer? If you have a perfectly good IPv4 address, why also get an IPv6 one?
Because the IPv4 space has ran out. Nowadays they have to use all kind of tricks to share these addresses. With all mobile phones, and millions of new users in Africa, Asia and South America, plus the Internet of Things, you simply have to use a new system, and you have to transition to that.
In the future, people might not be able to use IPv4 at all, or all the time, and then you need your website to be available via both IPv4 and IPv6.
I get why IPv6 is going to be massively important in the future, but we're not (as far as I know) in that future yet, and these sites aren't going to be dropping their v4 addresses as soon as they get V6 ones, so it's not going to be freeing any old addresses up.
So - and this is a genuine question - what is the issue right now with, for example, the BBC not yet having an IPv6 address, as long as they have plans in the pipeline for when v6-only clients need to access them?
> So - and this is a genuine question - what is the issue right now with, for example, the BBC not yet having an IPv6 address, as long as they have plans in the pipeline for when v6-only clients need to access them?
Because of the catch-22 problem. The BBC sees that no consumers use IPv6 exclusively, and don't bother supporting IPv6 "yet". ISPs see that "no" content providers support IPv6 at all, and then claim that it doesn't provide any real benefit over CGNAT bullshit.
And so we'll be stuck in this mess for another century at least...
Can anyone from Africa (especially), Asia, South America or a Pacific island comment on the difference with IPv4 and IPv6 sites? Can you measure a difference in speed, and is it noticeable to the average user?
We have a /23 of nice IP addresses. There's no ugly NAT or private addressing at our end, so that's not an argument for us to add IPv6 support. They're part of a university's /15 assignment, so it's not realistic to give them up or sell them.
We'll get IPv6 support eventually, I'd guess in 2018-19 or so, but I'm curious if the lack of support causes problems for users in Africa in the mean time.
If a user types in a ___domain, eventually a root dns responds with an ipv4 A record and resolves to a server the site has configured. Am I missing something?
Because the top websites want user traffic too. If you come from a country that doesn't have IPv4 left the usual deployment scenario is a carrier grade DNS64 with NAT64. You're basically stuck behind a huge ISP NAT which makes quite a few things unpleasant and others downright break down.
By supplying v6 you ensure anyone in the world can access it regardless of which IP protocol is deployed by your carrier and how they are or aren't translating from one to the other.
Thanks for the explanation. I was under the impression all the ISPs would have ipv4 and handle all the translations to ipv6 clients.
Sounds like this is mostly the case, but it has some issues and any new ISP on v6 would have a hard time because a lot of the big sites would be unreachable.
Any form of NAT is also much much more expensive than just normal routing. For n:m NAT you need to keep track of sessions for example.
This is going to hurt things like BitTorrent among a lot of things.
According to my understanding, you are correct and it's new domains that suffer.
Of course, this becomes political soon enough. As new countries see mass adoption of the interwebs and find out that they have massively smaller allocations of IP addresses than the existing countries they might feel annoyed and do something about it. Tempers flare, shoes are thrown, everyone gets sulky and unhappy.
All this could be avoided if we just flipped a few switches, wrote some code, and all moved to IPv6. It's such an easy, small thing to do. Why not just do that and not irritate the living buggery out of everyone?
See my comment above on the bad effect of CGNAT on latency and user experience when private IPv4 addresses are used. IPv6 solves this problem and provides the better user experience in this case.
The IPv4 address may be a private one, with a NAT box between you and the web site. This is very common on cellular networks (because of the large number of devices), even in developing countries with good allotment of IPv4 addresses. They have to do large scale NAT (CGNAT = Carrier Grade NAT), and it can have a bad influence on performance. During peak time those boxes can become a bottleneck.
Let's take an example I got from a Cisco presentation, when NAT is used. A map web application may have to download a lot of tiles quickly. It's best done using several parallel TCP connections. Each of those connections must be tracked by the NAT box. At scale and for peak time load, this can become a nightmare and some connections may be dropped --- leading to retries and delays in completing the web page display. With IPv6 this issue doesn't exist.
Supporting IPv6 can help providing a better mobile user experience in this case, and is why a lot of the big companies do support IPv6 already. Bypassing CGNAT helps with latency in a situation as in the above example.
What if you don't have a perfectly good IPv4 address? Fraud relating to obtaining IPv4 addresses is really ramping up, so I guess they must worth serious money now.
More and more clients are now IPv6 only (notably on mobile). If your service is only accessible through IPv4, the client will access it some kind of stateful equipments to do the conversion between IPv6 and IPv4. You are likely to get a small latency hit but also a lower reliability. As the bigger sites are IPv6 ready (Google/Facebook), the reliability of the translator equipment may not be the top priority.
NAT. If your server is only available via IPv4 then the client (user) needs an IPv4 address. Sadly there are so few IPv4 addresses that virtually everybody has to share with at least some people/devices and go through NAT (your home/office router, or for countries where ISPs don't have large ip blocks, some large NAT style router at your ISP). NAT is a horrible hack and causes all sorts of issues (port forwarding being the most common issue).
If you make your server available on IPv6, too, then I can use my non-shared IPv6 address to communicate with you which means that the packets don't need to undergo NAT which means a less horrible, faster connection without messy port forwarding requirements.
For one, who would have guessed that bouncing through several layers of nat and a fragmented routing table would mean higher latency? Any website that care about latency should test their servers/cdn's to check if using ipv6 improves loading speed in that area.
Had my first ever real world interaction with IPv6 yesterday.
Running iptables firewall on a server. Checked what's my ip address at a customer site. Saw an IPv6 address. Ok, no problem add it to the iptables rules. Oh yeah that doesn't work. Duh.
So I guess I have to learn to use ip6tables now...
Hopefully everyone has default deny policies set up in ip6tables if they aren't using IPv6 or don't have any plans to. Otherwise you might wake up one day to find traffic you didn't expect hitting your hosts.
And as Microsoft, Bing and MSN don't support IPv6, you can assume that Azure does not as well. And it does not, despite the BS story about their leading role:
It appears apple.com and microsoft.com are failing this for the same reason; apple.com does not have an AAAA record. www.apple.com does. If you visit apple.com over ipv4 or dualstack, apple.com will answer and redirect you to www.apple.com, which is dual-stacked. But if you visit using only ipv6, apple.com is not found, so you're never redirected to the capable www.apple.com.
(ditto s/apple/microsoft/ - I just picked the example quickest to type)
My only contact with IPv6 so far has been trying to get port forwarding working with my router at home. Vodafone uses a proxy to tunnel IPv6 to IPv4 to the outside, and that proxy does not support port forwarding, since you don't have a unique IPv4 address. After being in contact with Vodafone, it seems like there is no solution that does not cost additional money. It's 2016 btw, wtf
That would be the same for any carrier grade NAT. If the NAT was just from IPv4 to IPv4, you would have the same problem. Public IPv4 addresses now cost money, so you can't expect to get a public address for free anymore. Of course, with a public address costing around $10 at the moment, it should not add more than $1 or so to your monthly fee.
It is, sounds like he was trying to port-forward for IPv4, but can't as his ISP uses a CGN or 464XLAT or something to provide IPv4 access - so port forwarding isn't an option.
All that needs to be done is add the appropriate firewall rules (probably on the router and computer) to allow traffic for that port and it'll be accessible from the outside over IPv6.
Why do you want port forwarding with IPv6? Or do you want IPv4 port forwarding when your ISP hasn't assigned you an IP.
The first shouldn't be required since you would have a public IPv6 address and the second is just a fact of life that we'll have to pay extra if you want a IPv4 address in future.
There are some subtle problems which can affect sites trying to use IPv6, that may prevent IPv6-only users from using the site. A site can have an IPv6 DNS record, and be reachable by IPv6, but the DNS nameservers for its ___domain must also be reachable by IPv6. In particular, the glue records for the DNS name servers for the ___domain must also contain IPv6 addresses.
(This problem currently affects the “ntp.org” ___domain – an IPv6-only host can not resolve the name “pool.ntp.org” – since at least two years ago. I did report it at the time.)
What I’m saying is that these kinds of problems are not reflected in the site, which only reports if a site has an IPv6 DNS record.
That they use IPv6 for their wireless division just makes it more ridiculous that they don't for their wired division - they clearly have the institutional knowledge to make it work.
Except that you probably want a different solution on wired. On mobile just about everybody is running with IPv6-native and the NAT64/DNS64 for IPv4. On wired, you may want to do something different. For example, if some of your customers need a pubic IPv4 address, then you want dual stack. You have to deal with CPEs doing IPv6 correctly, etc.
So it is better to see it as a completely different project. The core routing IPv6 is the same, but that tends to be the easy part.
There are far fewer people who have a contract that specifies that they will get a public IPv4 address on mobile.
On wired, just about every business account is assumed to have a public address and often a static one. In addition, a lot of gaming doesn't work behind carrier grade NAT.
In the mobile world, this expectation of public (or even static) IPv4 addresses is almost completely absent.
And there are over a billion sites. This wall shows the most "popular" sites. I'd like to see the same for the most "popular" ISPs. Getting ISPs to implement IPv6 is important because otherwise is impossible to test your own site and see if it works over ipv6 (i've been there).
Huh. Just the other day I was listening to a podcast on IPv6 (http://cre.fm/cre197-ipv6 -- it is in German, though), and they mentioned a few of these sites as not supporting IPv6, yet.
But that episode is (almost to the day) four years old, and most of the sites mentioned back then still are not reachable via IPv6... It is a little sad.
It makes sense that Google would be fully IPv6 enabled, after all they are the mobile-first company and IPv6 can make mobile connection experiences a lot better, especially during peak network usage times.
I think the long tail isn't an issue. We'll probably have dual stack equipment for the next few decades. What matters is getting the large websites on IPv6 so that people browsing on mobile (usually NAT64) or developing nations (usual CGNAT) can get a non-sucky web experience.
Heck, if all the sites on that page where green, mobile Internet would suddenly be a lot better since the carrier NAT boxes would have to deal with ~90% less traffic.
The big issue here are AWS/azure dragging their heels (and I assume some CDNs, too)
Almost half of Belgium and over a fourth of the USA is using IPv6 to connect to the internet just fine and you have the audacity to claim it doesn't work because there's a bug in the implementation of Linux?
This is like saying DEFLATE doesn't work because someone committed a bug to zlib.
> "Everyone who's seeing this error on their system is running a package of the Linux kernel on their distribution that's far too old and lacks the fixes for this particular problem."
I'm surprised there's so many Asian companies/sites that don't support v6. Probably has to do with being hosted on some sort of cloud but considering v6 is fairly important to that region it's interesting they're willing to rely on ISPs providing NAT/DNS64 for customers instead.
IIRC, Windows has supported IPv6 since at least Windows XP. According to Wikipedia, even since Windows 2000. (Of course, IE6 might not support v6... I never tried.)
I administer several mail servers and I honestly don't have any plans to receive mail over IPv6 -- not until the blacklist situation is figured out, at least.
Obviously. Wanted to give a heads up that me (and several others) are (voluntarily) unable to read websites using StartSSL certs, at least until mozilla possibly eventually takes action against these CAs, when it might become an even bigger problem.
