Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPv6 - practical experience of a pro
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPv6 - practical experience of a pro

jsgjsg Member, Resident Benchmarker
edited August 2023 in General

Matt Duggan, a DevOps engineer with >10 yrs experience in the cloud and data centers on both sides of the Atlantic and an IPv6 fan described his experience with "switching" to IPv6 in a blog post (which btw. might be interesting alone for the implicit "introduction to IPv6").
Again, that guy likes IPv6 and is convinced that it's great (well, at least in theory) and that it's the future.

Before I provide the link to his blog post, here is an excerpt:

Mathew Duggan wrote:
Goddamnit. ... It's at this point I realize the experiment of trying to go IPv6 only isn't going to work. Almost nothing seems to work right without proxies and hacks. I'll try to stick as much as I can on IPv6 but going exclusive isn't an option at this point.

Another nugget: there seems to be only one (1) actually functioning "gateway" between IP4 and IPv6 - and that is run privately by an IPv6 zealot. "But Cloudflare?!" you say, and "Google!"? Sorry, nope. Matt Duggan tried those and found them limited, incomplete, and wanting at best (or simply not existing anymore in worse cases).

Here's the link to his blog post: "https://matduggan.com/ipv6-is-a-disaster-and-its-our-fault/"
Enjoy

«1345678

Comments

  • Interesting. Yep. The world isn't ready yet for IPv6 only. Many tried and they all failed.

    Thanked by 3jsg xoctopus ariq01
  • raindog308raindog308 Administrator, Veteran

    Problem 1 - I can't SSH in

    This is not an IPv6 problem. This is a problem with his ISP.

    Problem 2 - I can't use GitHub

    This is not an IPv6 problem. This is a problem with GitHub being lame. He's chosen to use a service (albeit a popular one) that only supports IPv4.

    Problem 3 - Can't set up Datadog

    This is not an IPv6 problem. This is problem with a specific piece of proprietary software so who cares.

  • cybertech said:
    @yoursunny

    @brueggus

    Thanked by 1inthecloudblog
  • jsgjsg Member, Resident Benchmarker

    @raindog308 said:

    Problem 1 - I can't SSH in

    This is not an IPv6 problem. This is a problem with his ISP.

    Problem 2 - I can't use GitHub

    This is not an IPv6 problem. This is a problem with GitHub being lame. He's chosen to use a service (albeit a popular one) that only supports IPv4.

    Problem 3 - Can't set up Datadog

    This is not an IPv6 problem. This is problem with a specific piece of proprietary software so who cares.

    In other words: Limit yourself quite strictly and forget about e.g. github and you'll be doing fine with IPv6 ...

    Thanks for your, pardon me, ridiculous example of zealotry.

    And yes, github, Google and quite a lot of other very major sites and giants have either dialed back their IPv6 engagement very significantly or even simply ignore IPv6 because they are clueless and/or evil. Sure.

    Yay, IPv6 is going to drive IP4 out of the internet and totally ruuule "very soon" (TM) - since about 2 decades ...

    P.S., again: Matt Duggan was and still seems to be a fan of IPv6! He wanted to write a success story but IPv6 let him down.

    Thanked by 4ouq emgh mrTom martheen
  • tentortentor Member, Host Rep

    @jsg said:
    P.S., again: Matt Duggan was and still seems to be a fan of IPv6! He wanted to write a success story but IPv6 let him down.

    It is not IPv6 fault, it is mostly ISPs (there are almost no home internet providers in Ukraine who has IPv6 :'() and developers (see Datadog case) fault.

    Thanked by 2Calin Kris
  • At this point I think IPv6 is a failure and will be replaced by something else. Ipv9?

  • tentortentor Member, Host Rep

    @angelius said:
    At this point I think IPv6 is a failure and will be replaced by something else. Ipv9?

    IPv41 with one additional byte for the IP address /s

    Thanked by 2angelius PulsedMedia
  • TekoTeko Member

    I personally prefer IPv69.

    Thanked by 1dedicados
  • @jsg said:

    @raindog308 said:

    Problem 1 - I can't SSH in

    This is not an IPv6 problem. This is a problem with his ISP.

    Problem 2 - I can't use GitHub

    This is not an IPv6 problem. This is a problem with GitHub being lame. He's chosen to use a service (albeit a popular one) that only supports IPv4.

    Problem 3 - Can't set up Datadog

    This is not an IPv6 problem. This is problem with a specific piece of proprietary software so who cares.

    In other words: Limit yourself quite strictly and forget about e.g. github and you'll be doing fine with IPv6 ...

    Thanks for your, pardon me, ridiculous example of zealotry.

    And yes, github, Google and quite a lot of other very major sites and giants have either dialed back their IPv6 engagement very significantly or even simply ignore IPv6 because they are clueless and/or evil. Sure.

    Pretty sure most of my traffic to Google runs fine over IPv6.

    Github are bizarre; they've been "working on it" for years and years, and it's not like it's a hard thing to do.

    The biggest problem is the number of providers who will sell you an IPv6-only service but not provide any sort of NAT64 (looking at you, Hetzner) to deal with dinosaurs like Github.

    Thanked by 2emgh mrczn
  • Screw IPv6, the adoption, implementation and the current status doesn't justify it's usage. Not even mentioning the routing mess and vulnerabilities that were also associated with it. Unless you are on a budget and run some tunnel brokers.
    net.ipv6.conf.all.disable_ipv6 = 1 for me on all machines.

    Thanked by 2Levi PulsedMedia
  • jsgjsg Member, Resident Benchmarker
    edited August 2023

    @tentor said:

    @jsg said:
    P.S., again: Matt Duggan was and still seems to be a fan of IPv6! He wanted to write a success story but IPv6 let him down.

    It is not IPv6 fault, it is mostly ISPs (there are almost no home internet providers in Ukraine who has IPv6 :'() and developers (see Datadog case) fault.

    also @ahnlak

    You basically repeat @raindog308's mistake. Let me explain why I consider it a mistake:

    As a user I don't care, whether it's IPv6's fault or that of an ISP or a hoster's fault or ... All I see and care about is that it's not easily usable, period.

    As a developer I do care a bit more - but I also have to see what the cost (in terms of efforts, training, cost, etc.) are/will be. With IP4 I not only have an easy life and quick work but also a choice of quite a lot of libraries. With IPv6 however, that's very different and much more costly (and even full language support isn't that great either, btw.).
    So at the end of the day I'll of course chose to do IP4 and to not care about IPv6, among other reasons because that way I can address a huge market and loose next to nothing (by ignoring IPv6).

    Similarly as a hoster, do I really loose lots of business due to no (or rather flaky and/or ignorant) IPv6? I strongly doubt it - among other reasons for the very point you brought up, but from the other side. Explanation: As a hoster one is but one (1) link in a chain. If only one other link in the chain doesn't fully support IPv6 and work properly, all my efforts are - and investments! - are in vain. All the user, possibly my customer, sees is that it doesn't work.

    And that in my view is one of the major rocks, IPv6 has been and still does fall over.
    Yes, there were (and still are, albeit fewer it seems) a few big supporters of IPv6, but they didn't reach "critical mass". What is "critical mass"? A very significant - and properly and fully working - part of ISPs, hosters, equipment manufacturers that is, a state where a very significant part of users, both at the server and at the end user end, say min. 1/3rd have a consistently positive experience.
    The problem though is a tough one. In order to reach critical mass much more and better IPv6 support and cheap equipment, software applications, etc. are needed - which wasn't achieved during more than 2 decades because due to critical mass lacking hosters, ISPs, etc. don't consider the necessary investment, training, work, and effort to be justified, let alone promising.

    So, no matter how much noise the IPv6 advocates generate(d), IPv6 isn't going to replace IP4 anytime soon. One piece of evidence (among others) is the fact that users of course don't like to pay say $1 per month for an IP4 - but they still do it anyway because "paying a tenner or two per year" is sooo much easier and more convenient than to repeat e.g. the experience of Matt Duggan.

  • tentortentor Member, Host Rep

    @xoctopus said:
    Not even mentioning the routing mess and vulnerabilities that were also associated with it.

    "Routing mess"? And what vulnerabilities are you referring to?

    @xoctopus said:
    net.ipv6.conf.all.disable_ipv6 = 1 for me on all machines.

    And this is why IPv6 adoption still has not reached even 50% worldwide. Not because it is bad, just because some big brains intentionally turn it off.

  • xoctopusxoctopus Member
    edited August 2023

    @tentor said:

    @xoctopus said:
    Not even mentioning the routing mess and vulnerabilities that were also associated with it.

    "Routing mess"? And what vulnerabilities are you referring to?

    @xoctopus said:
    net.ipv6.conf.all.disable_ipv6 = 1 for me on all machines.

    And this is why IPv6 adoption still has not reached even 50% worldwide. Not because it is bad, just because some big brains intentionally turn it off.

    I am dumb.

    https://matduggan.com/ipv6-is-a-disaster-and-its-our-fault/
    https://teknikaldomain.me/post/ipv6-is-a-total-nightmare/

    I expect a smart guy like you to counter any point on any of those long posts.
    20 years without IPv6 - not your typical "localhost admin" here - yet no issues, well I clearly do something wrong. Please enlighten me sir.
    Big respect to anyone who actually works with large networks, and remembers IPv4s without even opening his workstation, otherwise you are just, well, "enthusiast".

  • tentortentor Member, Host Rep

    @jsg said:
    As a user I don't care, whether it's IPv6's fault or that of an ISP or a hoster's fault or ... All I see and care about is that it's not easily usable, period.

    As a user I care a lot whether I pay for dedicated IPv4 or I must to solve 100500 google captchas due to dirty NAT IPv4 address. With FREE IPv6 I don't have either of this issues.

    @jsg said:
    As a developer I do care a bit more - but I also have to see what the cost (in terms of efforts, training, cost, etc.) are/will be. With IP4 I not only have an easy life and quick work but also a choice of quite a lot of libraries. With IPv6 however, that's very different and much more costly (and even full language support isn't that great either, btw.).

    It is not hard to allocate 16 bytes instead of 4 and be able to handle both IPv4 and IPv6 within single socket. Look for the IPv4-mapped IPv6 address (::ffff:1.1.1.1) and ipv6only=off at nginx's documentation.

    @jsg said:
    So at the end of the day I'll of course chose to do IP4 and to not care about IPv6, among other reasons because that way I can address a huge market and loose next to nothing (by ignoring IPv6).

    Wrong.

    @jsg said:
    Similarly as a hoster, do I really loose lots of business due to no (or rather flaky and/or ignorant) IPv6? I strongly doubt it - among other reasons for the very point you brought up, but from the other side. Explanation: As a hoster one is but one (1) link in a chain. If only one other link in the chain doesn't fully support IPv6 and work properly, all my efforts are - and investments! - are in vain. All the user, possibly my customer, sees is that it doesn't work.

    IPv4 are VERY expensive and as a hoster I wish to not rely on IPv4 at all. IPv6 is superior here.

    Thanked by 2Pixels shaikhmanal
  • xoctopusxoctopus Member
    edited August 2023

    @tentor said: IPv4 are VERY expensive and as a hoster I wish to not rely on IPv4 at all. IPv6 is superior here.

    IPv4, together with SPF, DKIM, DMARC, serve as a de facto PoW against spam and abuse.
    IPv6 totally breaks the "rate limiting whitelist/blacklist" conditions, since every kid in Nigeria can get a /[prefix] just by getting a $1 VPS. So it's either you make a strict whitelist policy here, or you will be in a world of mess. Can't solve it protocol-wise.

    Show me how you rate limit a scanner with a /48 network, randomizing exits, without fancy firewall tricks.

    Thanked by 3emgh PulsedMedia p50
  • jsgjsg Member, Resident Benchmarker

    @tentor said:

    @jsg said:
    As a user I don't care, whether it's IPv6's fault or that of an ISP or a hoster's fault or ... All I see and care about is that it's not easily usable, period.

    As a user I care a lot whether I pay for dedicated IPv4 or I must to solve 100500 google captchas due to dirty NAT IPv4 address. With FREE IPv6 I don't have either of this issues.

    Well, my yearly cost for an IP4 for a server is between $10 and $20. But I respect that for many users in poorer countries that might be a lot. For me - and quite many others - though a, let's call like that, that "fee for a trouble free and well reachable site" of $10 - $20/yr is lower than the cost of losing or not gaining in the first place a very large number of visitors/users.

    Also kindly see the context here: Using an IPv6 address creates lots of problems up to non-reachability (see Duggan's article).

    @jsg said:
    As a developer I do care a bit more - but I also have to see what the cost (in terms of efforts, training, cost, etc.) are/will be. With IP4 I not only have an easy life and quick work but also a choice of quite a lot of libraries. With IPv6 however, that's very different and much more costly (and even full language support isn't that great either, btw.).

    It is not hard to allocate 16 bytes instead of 4 and be able to handle both IPv4 and IPv6 within single socket. Look for the IPv4-mapped IPv6 address (::ffff:1.1.1.1) and ipv6only=off at nginx's documentation.

    16 bytes vs. 4 bytes is only a small part of the problem - and can btw. get a big problem rather quickly.

    @jsg said:
    So at the end of the day I'll of course chose to do IP4 and to not care about IPv6, among other reasons because that way I can address a huge market and loose next to nothing (by ignoring IPv6).

    Wrong.

    Because you say so? Uhum.

    Well, my concrete experience tells otherwise. Not even 1% of customers or potential customers are lost due to not offering IPv6 support. Keep in mind that I wrote from a developers perspective not that of a hoster.

    @jsg said:
    Similarly as a hoster, do I really loose lots of business due to no (or rather flaky and/or ignorant) IPv6? I strongly doubt it - among other reasons for the very point you brought up, but from the other side. Explanation: As a hoster one is but one (1) link in a chain. If only one other link in the chain doesn't fully support IPv6 and work properly, all my efforts are - and investments! - are in vain. All the user, possibly my customer, sees is that it doesn't work.

    IPv4 are VERY expensive and as a hoster I wish to not rely on IPv4 at all. IPv6 is superior here.

    BS! As a hoster you want happy customers and that pretty much boils down to IP4, because unlike IPv6 IP4 just works and your customers sites/service are reachable without problems.
    Unless you are at the extreme bottom end of the market a customer is worth significantly more that the cost of an IP4.

    Thanked by 2xoctopus emgh
  • tentortentor Member, Host Rep

    @xoctopus said:
    20 years without IPv6 - not your typical "localhost admin" here - yet no issues

    If you have enough public IPv4 addresses you won't observe any issues with IPv4. However if you weren't lucky enough to get /9 IPv4 block, you will. In my previous post I have already mentioned the most common trouble - google captcha. Another cases are port forwarding for various reasons - let it be attempt to play your favourite game with your friends while hosting game server at home or P2P applications like VoIP or torrents. There are lots of quirks to get it work - the most popular one is STUN (Session Traversal Utilities for NAT).

    @xoctopus said:
    https://teknikaldomain.me/post/ipv6-is-a-total-nightmare/
    I expect a smart guy like you to counter any point on any of those long posts.

    1. Allocation Issues. I didn't get the point author tried to achive - as I can see from provided graphs, IPv6 is wasted way less.
    2. Address Representation. So the entire point of this paragraph - IPv6 are too long to be memorable. It is true for some degree, however I see no practical reasons why anyone should have statically configured IPv6 addresses with entire 128 bits randomized, as well as any reason to remember IP addressses at all. We have Domain Name System to remember!
    3. URLs. I see no reasons to connect directly to the IP addresses. Use DNS. Or localhost (however, ::1 will be shorter ;)).
    4. DNS (actually it is only rDNS/PTR related). I can agree that rDNS is ugly, however it is not IPv6-only issue - suppose you have /16 block. You will need to create 256 (!) zones to cover only 1 prefix.
    5. Header Changes.

    In IPv4, this field was the time in seconds the packet could live, always rounded up to a minimum of… one second. In practice, this meant that the TTL was a hop limit, but according to spec it was actually time based, just that nothing (usually) moved slow enough for that to be important.

    WTF? From RFC 791:

    The Time to Live is an indication of an upper bound on the lifetime of an internet datagram. It is set by the sender of the datagram and reduced at the points along the route where it is processed. If the time to live reaches zero before the internet datagram reaches its destination, the internet datagram is destroyed.

    I see no reason to continue discussion of this article.

    Thanked by 2ValdikSS shaikhmanal
  • tentortentor Member, Host Rep

    @xoctopus said: IPv4, together with SPF, DKIM, DMARC, serve as a de facto PoW against spam and abuse.

    Even usage of greylisting is much more efficient. Reliance on IPv4 does not prevent spam in any manner.

  • Then you clearly don't operate at least a semi-legacy network, because then good luck getting complaint's from your users, that they can't send emails to...Other legacy MX servers. Or surf normal sites that don't have IPv6. Wake me up when it's adopted like SSL.

    Thanked by 1emgh
  • tentortentor Member, Host Rep
    edited August 2023

    @jsg said: Well, my yearly cost for an IP4 for a server

    I have already explained that as a user I am relying solely on the broadband I am already paying for. This server-staff is for enthusiasts and experienced professionals, not average Joe.

  • @tentor said: Even usage of greylisting is much more efficient. Reliance on IPv4 does not prevent spam in any manner.

    LOL, ok I clearly don't have anything to discuss. Good luck grey listing brute-force, port scanning, and much other low level network stuff, can you produce me an IPv6 list of China residential ISPs? Well, thought so.

    Thanked by 1emgh
  • tentortentor Member, Host Rep

    @jsg said: BS! As a hoster you want happy customers and that pretty much boils down to IP4, because unlike IPv6 IP4 just works and your customers sites/service are reachable without problems.

    IPv4 is a legacy and that's the only real reason it is a requirement. Not because it has some advantages like simplicity, security, performance etc.

    Thanked by 1twotbbarracuda
  • skorupionskorupion Member, Host Rep

    The only way I see IPv4 being phased out is by force (ie IANA saying IPv4 will be depreciated in X years)

    Thanked by 1jsg
  • tentortentor Member, Host Rep

    @xoctopus said: can you produce me an IPv6 list of China residential ISPs? Well, thought so.

    It is done the same way as for IPv4. The only thing you need is the list of AS.
    It is not hard to get: https://www.iwik.org/ipcountry/CN.ipv6

  • jsgjsg Member, Resident Benchmarker

    @tentor

    I just saw that you are from a country where there is a war. But kindly try to not bring it here.

    @tentor said:

    @jsg said: BS! As a hoster you want happy customers and that pretty much boils down to IP4, because unlike IPv6 IP4 just works and your customers sites/service are reachable without problems.

    IPv4 is a legacy and that's the only real reason it is a requirement. Not because it has some advantages like simplicity, security, performance etc.

    Pardon me but you have amply demonstrated that, let me word it nicely, you still have ample growth potential in terms of professionality in the networking field.

    I suggest you stick to your declaration:

    @tentor said:
    I see no reason to continue discussion of this article.

    Have a nice weekend

    Thanked by 2emgh PulsedMedia
  • tentortentor Member, Host Rep
    edited August 2023

    @jsg said: But kindly try to not bring it here.

    Funny off-topic.

  • @tentor said:

    @jsg said: BS! As a hoster you want happy customers and that pretty much boils down to IP4, because unlike IPv6 IP4 just works and your customers sites/service are reachable without problems.

    IPv4 is a legacy and that's the only real reason it is a requirement. Not because it has some advantages like simplicity, security, performance etc.

    What country are you from to call entire the entire IPv4 legacy? I'm just interested.
    Rethorical question. https://www.akamai.com/internet-station/cyber-attacks/state-of-the-internet-report/ipv6-adoption-visualization

    UA: 5.4%. This is Akamai so their graph must be accurate.
    Big respect to your country for other things, but let's talk when it's at least 50%?

    Thanked by 1emgh
  • tentortentor Member, Host Rep

    @xoctopus said: What country are you from to call entire the entire IPv4 legacy? I'm just interested.

    I am wondering that technologies are considered as legacy on a per-country basis.

  • Leave it, let's use
    @yoursunny
    IPv9

Sign In or Register to comment.