All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IPv6 - practical experience of a pro
Matt Duggan, a DevOps engineer with >10 yrs experience in the cloud and data centers on both sides of the Atlantic and an IPv6 fan described his experience with "switching" to IPv6 in a blog post (which btw. might be interesting alone for the implicit "introduction to IPv6").
Again, that guy likes IPv6 and is convinced that it's great (well, at least in theory) and that it's the future.
Before I provide the link to his blog post, here is an excerpt:
Mathew Duggan wrote:
Goddamnit. ... It's at this point I realize the experiment of trying to go IPv6 only isn't going to work. Almost nothing seems to work right without proxies and hacks. I'll try to stick as much as I can on IPv6 but going exclusive isn't an option at this point.
Another nugget: there seems to be only one (1) actually functioning "gateway" between IP4 and IPv6 - and that is run privately by an IPv6 zealot. "But Cloudflare?!" you say, and "Google!"? Sorry, nope. Matt Duggan tried those and found them limited, incomplete, and wanting at best (or simply not existing anymore in worse cases).
Here's the link to his blog post: "https://matduggan.com/ipv6-is-a-disaster-and-its-our-fault/"
Enjoy
Comments
Interesting. Yep. The world isn't ready yet for IPv6 only. Many tried and they all failed.
This is not an IPv6 problem. This is a problem with his ISP.
This is not an IPv6 problem. This is a problem with GitHub being lame. He's chosen to use a service (albeit a popular one) that only supports IPv4.
This is not an IPv6 problem. This is problem with a specific piece of proprietary software so who cares.
@yoursunny
@brueggus
In other words: Limit yourself quite strictly and forget about e.g. github and you'll be doing fine with IPv6 ...
Thanks for your, pardon me, ridiculous example of zealotry.
And yes, github, Google and quite a lot of other very major sites and giants have either dialed back their IPv6 engagement very significantly or even simply ignore IPv6 because they are clueless and/or evil. Sure.
Yay, IPv6 is going to drive IP4 out of the internet and totally ruuule "very soon" (TM) - since about 2 decades ...
P.S., again: Matt Duggan was and still seems to be a fan of IPv6! He wanted to write a success story but IPv6 let him down.
It is not IPv6 fault, it is mostly ISPs (there are almost no home internet providers in Ukraine who has IPv6 ) and developers (see Datadog case) fault.
At this point I think IPv6 is a failure and will be replaced by something else. Ipv9?
IPv41 with one additional byte for the IP address /s
I personally prefer IPv69.
Pretty sure most of my traffic to Google runs fine over IPv6.
Github are bizarre; they've been "working on it" for years and years, and it's not like it's a hard thing to do.
The biggest problem is the number of providers who will sell you an IPv6-only service but not provide any sort of NAT64 (looking at you, Hetzner) to deal with dinosaurs like Github.
Screw IPv6, the adoption, implementation and the current status doesn't justify it's usage. Not even mentioning the routing mess and vulnerabilities that were also associated with it. Unless you are on a budget and run some tunnel brokers.
net.ipv6.conf.all.disable_ipv6 = 1 for me on all machines.
also @ahnlak
You basically repeat @raindog308's mistake. Let me explain why I consider it a mistake:
As a user I don't care, whether it's IPv6's fault or that of an ISP or a hoster's fault or ... All I see and care about is that it's not easily usable, period.
As a developer I do care a bit more - but I also have to see what the cost (in terms of efforts, training, cost, etc.) are/will be. With IP4 I not only have an easy life and quick work but also a choice of quite a lot of libraries. With IPv6 however, that's very different and much more costly (and even full language support isn't that great either, btw.).
So at the end of the day I'll of course chose to do IP4 and to not care about IPv6, among other reasons because that way I can address a huge market and loose next to nothing (by ignoring IPv6).
Similarly as a hoster, do I really loose lots of business due to no (or rather flaky and/or ignorant) IPv6? I strongly doubt it - among other reasons for the very point you brought up, but from the other side. Explanation: As a hoster one is but one (1) link in a chain. If only one other link in the chain doesn't fully support IPv6 and work properly, all my efforts are - and investments! - are in vain. All the user, possibly my customer, sees is that it doesn't work.
And that in my view is one of the major rocks, IPv6 has been and still does fall over.
Yes, there were (and still are, albeit fewer it seems) a few big supporters of IPv6, but they didn't reach "critical mass". What is "critical mass"? A very significant - and properly and fully working - part of ISPs, hosters, equipment manufacturers that is, a state where a very significant part of users, both at the server and at the end user end, say min. 1/3rd have a consistently positive experience.
The problem though is a tough one. In order to reach critical mass much more and better IPv6 support and cheap equipment, software applications, etc. are needed - which wasn't achieved during more than 2 decades because due to critical mass lacking hosters, ISPs, etc. don't consider the necessary investment, training, work, and effort to be justified, let alone promising.
So, no matter how much noise the IPv6 advocates generate(d), IPv6 isn't going to replace IP4 anytime soon. One piece of evidence (among others) is the fact that users of course don't like to pay say $1 per month for an IP4 - but they still do it anyway because "paying a tenner or two per year" is sooo much easier and more convenient than to repeat e.g. the experience of Matt Duggan.
"Routing mess"? And what vulnerabilities are you referring to?
And this is why IPv6 adoption still has not reached even 50% worldwide. Not because it is bad, just because some big brains intentionally turn it off.
I am dumb.
https://matduggan.com/ipv6-is-a-disaster-and-its-our-fault/
https://teknikaldomain.me/post/ipv6-is-a-total-nightmare/
I expect a smart guy like you to counter any point on any of those long posts.
20 years without IPv6 - not your typical "localhost admin" here - yet no issues, well I clearly do something wrong. Please enlighten me sir.
Big respect to anyone who actually works with large networks, and remembers IPv4s without even opening his workstation, otherwise you are just, well, "enthusiast".
As a user I care a lot whether I pay for dedicated IPv4 or I must to solve 100500 google captchas due to dirty NAT IPv4 address. With FREE IPv6 I don't have either of this issues.
It is not hard to allocate 16 bytes instead of 4 and be able to handle both IPv4 and IPv6 within single socket. Look for the IPv4-mapped IPv6 address (::ffff:1.1.1.1) and ipv6only=off at nginx's documentation.
Wrong.
IPv4 are VERY expensive and as a hoster I wish to not rely on IPv4 at all. IPv6 is superior here.
IPv4, together with SPF, DKIM, DMARC, serve as a de facto PoW against spam and abuse.
IPv6 totally breaks the "rate limiting whitelist/blacklist" conditions, since every kid in Nigeria can get a /[prefix] just by getting a $1 VPS. So it's either you make a strict whitelist policy here, or you will be in a world of mess. Can't solve it protocol-wise.
Show me how you rate limit a scanner with a /48 network, randomizing exits, without fancy firewall tricks.
Well, my yearly cost for an IP4 for a server is between $10 and $20. But I respect that for many users in poorer countries that might be a lot. For me - and quite many others - though a, let's call like that, that "fee for a trouble free and well reachable site" of $10 - $20/yr is lower than the cost of losing or not gaining in the first place a very large number of visitors/users.
Also kindly see the context here: Using an IPv6 address creates lots of problems up to non-reachability (see Duggan's article).
16 bytes vs. 4 bytes is only a small part of the problem - and can btw. get a big problem rather quickly.
Because you say so? Uhum.
Well, my concrete experience tells otherwise. Not even 1% of customers or potential customers are lost due to not offering IPv6 support. Keep in mind that I wrote from a developers perspective not that of a hoster.
BS! As a hoster you want happy customers and that pretty much boils down to IP4, because unlike IPv6 IP4 just works and your customers sites/service are reachable without problems.
Unless you are at the extreme bottom end of the market a customer is worth significantly more that the cost of an IP4.
If you have enough public IPv4 addresses you won't observe any issues with IPv4. However if you weren't lucky enough to get /9 IPv4 block, you will. In my previous post I have already mentioned the most common trouble - google captcha. Another cases are port forwarding for various reasons - let it be attempt to play your favourite game with your friends while hosting game server at home or P2P applications like VoIP or torrents. There are lots of quirks to get it work - the most popular one is STUN (Session Traversal Utilities for NAT).
localhost
(however,::1
will be shorter ).WTF? From RFC 791:
I see no reason to continue discussion of this article.
Even usage of greylisting is much more efficient. Reliance on IPv4 does not prevent spam in any manner.
Then you clearly don't operate at least a semi-legacy network, because then good luck getting complaint's from your users, that they can't send emails to...Other legacy MX servers. Or surf normal sites that don't have IPv6. Wake me up when it's adopted like SSL.
I have already explained that as a user I am relying solely on the broadband I am already paying for. This server-staff is for enthusiasts and experienced professionals, not average Joe.
LOL, ok I clearly don't have anything to discuss. Good luck grey listing brute-force, port scanning, and much other low level network stuff, can you produce me an IPv6 list of China residential ISPs? Well, thought so.
IPv4 is a legacy and that's the only real reason it is a requirement. Not because it has some advantages like simplicity, security, performance etc.
The only way I see IPv4 being phased out is by force (ie IANA saying IPv4 will be depreciated in X years)
It is done the same way as for IPv4. The only thing you need is the list of AS.
It is not hard to get: https://www.iwik.org/ipcountry/CN.ipv6
@tentor
I just saw that you are from a country where there is a war. But kindly try to not bring it here.
Pardon me but you have amply demonstrated that, let me word it nicely, you still have ample growth potential in terms of professionality in the networking field.
I suggest you stick to your declaration:
Have a nice weekend
Funny off-topic.
What country are you from to call entire the entire IPv4 legacy? I'm just interested.
Rethorical question. https://www.akamai.com/internet-station/cyber-attacks/state-of-the-internet-report/ipv6-adoption-visualization
UA: 5.4%. This is Akamai so their graph must be accurate.
Big respect to your country for other things, but let's talk when it's at least 50%?
I am wondering that technologies are considered as legacy on a per-country basis.
Leave it, let's use
@yoursunny
IPv9