New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
probably IPv6.
works, cheap, plenty of it. but will never be as "valuable" as IPv4
Didn't they admit almost two decades ago at an IETF conference that the lack of backwards compatibility for IPv4 is the biggest mistake of IPv6. Seems their dual stack transition strategy is not working as expected.
Unclear what you are talking about. It is well known that even law enforcement agencies have problems tracking IPv4 users as there can be hundreds or thousands sharing the same ip address. And it is becoming increasingly difficult if not impossible, so there's a positive benefit there for using IPv4. Their "solution" and even eu commision strategy for example is simple: deploy IPv6 and assign each user one IP or a block of IPs so it's easy for them to track you.
lol got me
I guess IPXO and other IPv4 Marketplaces work, also the companies long running have an advantage with the IP spaces they got earlier.
Good luck with it if your ISP is using CGNAT.
Some tunnelbrokers support technologies that should work with CGNAT, e.g., WireGuard-based tunnels, even free ones. E.g., route64.org does today, and tb.tahio.eu at least has plans for it.
Even with free tunnelbrokers that offer 6in4 only, it might still be worthwhile to just give it a try. When it turns out it really doesn't work (which may also be for reasons other than CGNAT), it's just the time for trying it that is lost (and the data provided during registration). But there always is a chance it might work. YMMV.
Who is "they"? Quote what you refer to, please. How would they make that conclusion two decades ago?
You're not a technical user, right? Because you can't make IPv6 backward compatible without making updates to IPv4. That ship has sailed.
The dual stack strategy is working as designed. You can have IPv4 and IPv6 at the same time and IPv6 takes priority. All the major OS's have moved to IPv6 as first class passenger like a decade ago.
Uptake didn't happen as expected, due to things like VOIP not replacing POTS like they thought and proprietary video chat applications instead of end to end direct video calls. People thought those technologies would have helped uptake. They didn't see the cell phone market take that market share. But the telecoms make too much money on cell phones.
If you ever visted Disneyland/world as a kid, there's an exhibit on the future of tomorrow that had video conferencing in your kitchen to like chat up your parents and the like. Connected home, etc. For all those predictions and possibilities, we needed IPv6 to come eventually. Without it, tech would actually stagnate instead of giving us many new technologies over the last two decades.
Edit2: I skimmed the video. They still track you with CGNAT, it just takes more resources so it's technically more expensive as it requires more resources.
Hundreds of thousands sharing one IP? Lol. Ok, so we know your technical knowledge level.
Edit: misread that as "hundreds of thousands", my bad. I'm probably due for glasses next month.
In whatever scenario you're envisioning where 100k (edit or any amount) users are behind a single IP, assigning IPv6 instead doesn't change anything unless there's a new association of user to IP. So I'm not sure you're making the argument you think you're making. They already track cgnat users, just generates more logs than necessary.
I'm not sure what you're talking about. By law (Us and Canada), ISPs have to know what IP goes to which customer. This is for privacy beyond ISP and government. You might be referring to VPNs? Which won't change with IPv6 either.
I'm not watching no fucking youtube video, either link to text or paste the relevant part.
I've had the same IPv4 from my cable provider for over a decade and I don't even pay for a static IP. The same ISP has given me a /64 that has changed at least a few times so far this year. With IPv6 privacy extensions, the internet doesn't have more than a few weeks of tracking my IP they'd see from me.
"The lack of real backwards compatibility for IPv4 was the single critical failure" - Leslie Daigle, Chief Internet Technology Officer for the Internet Society
It's easy to find or you can look for that quote directly as there are multiple articles available.
"Our transition strategy was dual-stack, where we would start by adding IPv6 to the hosts and then gradually over time we would disable IPv4 and everything would go smoothly." - IETF Chair Russ Housey
It's year 2025 now and IPv4 is still here. The plan was to disable IPv4 and move on with IPv6 only and that's not happening any time soon, if ever. If the strategy worked we would today know about IPv4 only from history books. How many websites are deployed IPv6 only?
They were refering to the initial IPv6 design. So yes, by the time that quote was made the ship has sailed, that's why they called it a mistake.
I get where you're coming from with this and torrent and the rest you mentioned. You imagine the internet as it was at the beginning where every device can connect directly to every other device. That's not the reality of the internet today and that ship has sailed long ago, IPv6 will probably not change that although it was envisaged that way.
https://2017.apricot.net/assets/files/APIC674/2017-03-01-forensics_1488330715.pdf
Those are the slides from the video if it helps.
Yes, there are laws and all you said. You can look at the slides and see what's involved with tracking CGNAT. For example with CGNAT 5-tuple binding maps, ip address compression ratio is larger than 10 000 : 1.
And so on... few slides below let's see what kind of record keeping is needed for tracking: not just source and destination ip address and ports but also for every active middleware involved precise time and precise transforms applied to packet flow and you need to cross-match those records accurately.
Keeping accurate and synced time everywhere is very difficult and without it those records become pretty much useless. There might be "laws" but is it practical with todays technology or if those records are even useful at all is a completely different question.
To put it simply, CGNAT unintentionally acts similar to a VPN and this improves users privacy. Like I said, law enforcement agencies have difficulties or are even unable to comply with their legal obligations.
And that's a privacy nightmare. Your ISP gives you /64 and they can track you without problems as it's not technically difficult. And this has nothing to do with IPv6 privacy extensions. Your ISP can track you for how long is necessary. Depending on country there are laws on ISP records retention period.
If it's still not clear perhaps this will help: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:52017JC0450
They will be pushing for IPv6 and single IP per user or /64 per user or whatever simply because they can track you that way.
Thanks for pointing that out as you've misunderstood it. The complaint was there wasn't a single standard for IPv4 to IPv6. As in, there were several with incompatibilities, instead of one true translator. For example, I don't know what the fuck Microsoft Toredo or the other 3+ 4 to 6 translators are/do. That's specific to the translation between the two, not IPv6 itself.
https://www.networkworld.com/article/789774/lan-wan-biggest-mistake-for-ipv6-it-s-not-backwards-compatible-developers-admit.html
Again, no such thing was proposed, because that's not how technology works. Backwards compatibility means KEEPING all the stuff as before and carrying it forward, like 16 and 32 bit emulators in 64 bit CPUs and doing new stuff with the new technology, which doesn't work backwards. But that's just going to allow you keep making 16 bit apps, but it's not going to allow 64 bit apps to run on 16 bit CPUs, so that doesn't work.
Dual stack allows both to run, which is necessary.
The adoption issue is one of necessity and needs. North America has all the IPv4 they needed (i used to get 5 public IPv4's with my DSL provider) and no incentive to make large network changes until necessary. That puts pressure on the developing countries to largely roll out IPv6 but they lack the money and expertise. I haven't seen anything that would have changed any incentives for large operators to have moved anytime sooner.
That quote also doesn't mention a timeline, but would a timeline mean much? The transition IS happening, that can't be denied.
Probably more than you think, since there's load balancers in front of many of them. We already know Facebook and Google use IPv6 EVERYWHERE and if Microsoft is the same, probably shitloads. You've only provided data that the transition is slow and not over, not that it isn't happening or won't happen.
I think the biggest failure would be if there was a dead drop time limit, but there isn't which is why it can take as long as it has.
In school, I could have three weeks to work on a paper, but I'm the procrastinator that leaves it for the last night. Put the due date after one week and I'd do the paper sooner. Keep extending that deadline, and I'm going to the movies and I'll STILL do the paper on the last night.
This is really a case of lack of ownership and project management that organizes everyone, makes sure they're on track, reallocates resources to help late tasks, etc.
NO. You don't understand. IPV4 is a standard. It's in the silicon of the chips made. Once that version is "done", that's it. That's why there are fucking versions built into. It's expected to work this way. Whether that was today, yesterday, 25, 50 years ago, it doesn't matter. Unless you have a time machine to make IPv6 instead if IPv4, you're barking up the wrong tree.
NAT is a crutch, it's not a solution. IPv6 is already changing that with new network design and technologies like software defined networks, mesh networks and VPN's (not the public ones, the ones corps use for zero trust networks).
What needs to happen, is "the killer app". Unfortunately, IPv6 itself isn't Tetris or Super Mario, it's the console that others need to build the killer app on.
Thanks for the link.
tl;dr security expert whining that ISPs resorted to fucking CGNAT instead of the proper thing and adopting IPv6. He also complains the world has moved to a more suspicious model and that it'll continue to be harder to identify users as users and providers move to the edge.
I'm not sure what you're arguing, though. By law, the government and your ISP already and will always know the user and IP. The presentation was complaining it's a fucking technical hassle. The system sucks but it works. Otherwise, the telecoms would be forced by law to change their network. He's complaining about CGNAT, not praising it.
That tracking isn't for LEA, that's how NAT works and always tracking that. They'll just run some commands to get the user from their logs. It's not as much of an issue that I can see. LEA's are known for whining how hard their jobs are, boo boo.
Just to be clear, with IPv6, the ISP just tracks who is using the IP, not the meta data. With CGNAT, they have your traffic meta data logged.
So you're hoping that it'll be technically too hard and unfeasible for lawful tracking? The presentation was year 2017 using data from 2013. That shit ain't a problem in 2025. It's likely only easier today with AI added. Again, legally, if they can't do the needful, they have to reengineer their network. So if it actually reached the infeasibility point, they'd have already changed to IPv6.
We used to think things were technically possible but not realistic due to substantial $$$ or resources required. Cut to leaked pictures of NSA having datacenters 10x the size of football fields, Epyc servers serving a million Netflix users, etc.
Do not underestimate the amount of money countries will spend on security.
CGNAT makes no difference to your ISP or government. CGNAT or IPv6, that doesn't change, just the technical difficulties.
You've heard of VPN's talking about no logging. Have you once heard that from a CGNAT provider?
Who is "they"? Do you keep missing the part where your ISP currently records this whether you have a public IPv4, Ipv6 or CGNAT private IPv4? It's the law. You can invent IPv100, your ISP will still be required to provide your name to law enforcement with a warrant. I'm unclear how my service provider isn't supposed to know the IP they provide to me.
I'll need AI to summarize it, the quick skim was cybersecurity defense and hardening security. If you want to make bullet points to discuss, I'd appreciate that.
It's on the citizens of a country to have governments that requires lawful warrants to get this data. That's been the case since the first telephones were installed in more than one place (think more than a century ago). This isn't going to change through IP addressing simply by the fact that ISP stands for Internet Service Provider.
The privacy you can hope for is against everyone who isn't YOUR government and YOUR ISP.
IPv6 adoption also is hurt by idiots spreading FUD and other misinformation. Unclear if that is malice or negligence (e.g. people refusing to learn the truth when told they're wrong. cough)
Obviously it's you who misunderstood something. It is clear from the article what they mean by backwards compatibility and the meaning of the term is well known. Neither the article or my post talk about "such thing being proposed" or not.
What it boils down to is; instad of using backwards compatibility as a transition strategy, they picked dual stack transition strategy and that was a "critical failure".
Well, it's been 30 years and in another 70 years you can also claim it can't be denied, "transition is happening", for all we know.
https://www.pcworld.com/article/495545/ipv6_anytime_soon_dont_bet_on_it.html
Here's another source and you can see what's said related to IETF Chair Russ Housey statement.
"Sadly, as we can see today, this simply hasn’t happened, despite additional technology being developed by the IETF to bridge the gap. We shouldn’t be switching to IPv6 today. It should have happened years ago."
The transition "should have happened years ago" and if you look at the date of that article today that means decades ago.
Seems you didn't listen to the Geoff Huston talk as he says pretty much the same how "the last IPv4 was never meant to be handed out", meaning that IPv4 was suppose to be dead long before that.
So there's the timeline right there, gone with the wind long ago.
Not mearly hoping but it is if not unfeasable then pretty hard and that's clear from the eu commision.
Also, if you listened to the talk he mentions that it's using data from 2013 and how in 2017 it's more difficult and how in 10 years it will be even more difficult or unfeasible.
Meaning, servers are more powerfull and it is possible to cram even more users behind a single CGNAT ip. And that's great for privacy and more CGNAT layers the better.
I didn't miss that at all. What you missed is that ISPs and governments "knowing the IP they provide to you" is not enough to track the identity of the party behind it. That's why Belgium has limited by law to max 16 users behid one ip while technically it's possible to have over 10 000 behind a single ip.
Right, the "criminals" and such that's why they need massive tracking of everyone. Because those "criminals" are so dumb to use their home connection. Like they can't buy a prepaid sim card for 2-3 euros and throw it in the trash or flush it down some public toilet when they're done with what they do, and the ISPs will also give them a large bandwidth "welcome package" while they're at it. Also, not like they can't buy books explaining various methods in detail on how to avoid being detected.
The biggest cybersecurity threat is ISPs and governments leaking that data they collect. Or using it for something much worse.
That talk and slides is about LEAs and them whining how they can't meet their legal obligations and such as they're unable to track users behind CGNAT.
The ISPs and governments are the biggest threat to privacy. Everyone else you don't have to use and you can block them or whatever method you prefer.
Funny, my sentence you qouted it's exactly what eu commision is saying in the text you "need AI to sumarize".
How come? Because there is no shortage of IPv4. As you can see from the talk and slides from a previous post simply using CGNAT 5-tuple binding more than 10 000 users or much much more can be put behind a single ip. What you get is 96-bits plus a protocol tag that way.
People who are complainig about "shortage" are the ones who think every device should have it's own ip and be directly accessible by every other device on the Internet, not realizing what a privacy nightmare that is allowing ISPs and governments to track you.
Don't get me wrong, there are some benefits to that kind of design like TimboJones mentioned, but those "benefits" come at a price which is your privacy.
Other kind of people who complain are the like of eu commison and governments because they can't track users behind CGNAT. So naturally for them, for example like in Belgium they limit by law to max 16 users behid one IP and then they whine about "IPv4 shortage" and "the future", etc. Don't expect them to be honest and tell the truth like "we need more IPs to be able to track everyone" and that their laws are what is causing the "shortage" in the first place.
What I asked was clearly about websites which are deployed "IPv6 only". None of the ones you mentioned qualify.
I had no issues with Tunnelbroker on Cox & Verizon before either added IPv6 Support to home internet packages 🤔, but you do make a good point.
Websites are just a part of the Internet, so I was answering as servers in general. Major networks from the big players have IPv6 from end to end.
At no time did I ever say we're on the only IPv6 phase of the migration.
All the references to expecting IPv6 to replace IPv4 was based on an urgency of IPv4 exhaustion. Has things like NAT not been invented SINCE then, it would have sped up the adoption long ago. The inability to understand change since first designed is evident.
And finally, it's child's play to search some CGNAT logs for a user. I work for a telematics company, it's easy shit, REAL easy compared to real telematics. It's incompetence, not technical limitations that would prevent them from being able to identify users. It's wishful thinking that it's too hard or that they can't do it. It wouldn't surprise me if they're allowing this narrative so criminals don't take additional precautions and then get scooped up.
Last time I checked there are various IPv6 peering disputes among Tier-1 providers so you have only partial connectivity. Those disputes include HE, Cogent, Verizon, Sprint, DTAG, Sparkle.
I know they are using it. But who cares really.
That talk from 2017, there were then more than 14 billion devices behind 1.5 billion IPv4 and without any problem there can be more than 50 billion or much much more devices behind those IPs. Fact is, there's no real shortage.
So Belguim limits to max 16 users behind one IP address. In practice, you can without any problems put 16 000 users behid one IP. That's 1000 times more IPs than needed wasted only for tracking.
We have a lot if IPv6 addresses. Well, that's what most people think. But guess what:
RFC4291 - half of IPv6 addresses wasted.
Combine the above with microsegmentation - 99.999 ... % IPv6 gone
To keep this short I will not list stuff we already know from IPv4 and how history repeats itself.
Fact is, the address space is being wasted in bits not in individual addresses. In 50 or perhaps 100 years or whatever we will run out of IPv6. And that's just because a lot of smart people have put a lot of though into this, R&D as you say. And I don't see IPv4 going away at that time. So wtf?
They do not limit the number of users per IP for no reason.
Again, if you actually listened to the talk as it gives more information than the slides you would understand the problem better. Logging is not the problem but making sense of that data is. Do you run web servers and if you do, do you log the port numbers? I guess you only do if you're instructed to do so by the law enforcement.
With CGNAT, you can have source IP and source port the same and so what? It's shared between multiple users. So you need to also log the precise time at every point where there's active middleware. Let's say you have 10 devices on the path and one of them has the time out of sync for just a second. Oh well, your logs are useless. And it is common for ntp to diverge a lot more than that.
Add to that, there are different technologies in use today and it makes it even more complicated.
This is where we started so if you want that, to be forever tracked and don't give a shit about privacy, just use IPv6.
I mean we can buy VPS for something like 20 usd a year, lets forget the hardware resources. If ipv4 is 1USD per month or 12 usd per year, how can it make sense? So it could mean ipv4 is cheaper than 1usd per month.
but the ipv4 shortage has been discussed so many times since i joined LET community in 2012. but vps with dedicated ipv4 at cheap prices still exist. not complaining, im happy with cheap. just want to understand how come
Hi,
i think the reasons why there are offers like this are usually that out of historical reasons the provider has access to free IPs and/or the provider is actually not interested in making profit or hoping that this kind of offers will give him some PR push so people might also buy regular priced products or maybe later after some months/years they will phase out the product and offer existing customers to change / upgrade to another product with a more normal pricing.
If you are new in the market you might also want to give your business a PR boost to people will know you. We did something like this when we joined this community on a blackfriday sales week offering servers with IPv6 only starting at 10 EUR or below per year.
Lazy users who build up their working infrastructure there might be ready to accept this.
There can be many reasons out there, ranging from bait&switch to legit business strategies.
Theres a few suspects that are to blame for the ipv4 shortage and the list includes @FAT32 @zGato to name a few
I take that as a compliment
ask the dod what the fuck are they doing with +200M addresses
0 ipv6 btw
It was meant as such
Buy low sell high
Blame retards like the UK Ministry of Defence. They have a /19 containing 32 /24s which they only use 5 of, big waste. They also have a legacy /8 containing 65536 /24s where they only use 6 of.
Ford has a /8, 4 /16s which is around 66560 /24s but they only use 97 of them.
Mercedes has a /8 but uses it like a retarded little child that wants 1 million candies.
RIRs should take back those spaces and devide them more evenly.
https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
I'm sure I've had this rant before, but I still think IPv6 was the wrong solution to the problem of IPv4 space exhaustion.
An addressing scheme having a 64-bit source and 64-bit destination address and no port numbers would have solved basically all the exhaustion issues - give each customer somewhere between a /32 and a /48 and let them partition up the remaining 32 to 16 bits amongst their devices and applications running on them.
You could even define the top /32 to be an actual IPv4 address to allow ease of migration with current routing (maybe even encapsulating over UDP with a well known port), and maybe just use the old reserved 240.0.0.0/16 range for addresses that only use the new protocol.
It would have been easier to implement than IPv6, routing tables wouldn't need to have been massive, and addresses would fit in a single register on most modern CPUs.
I have been in the digital space since about 2010 and have been hearing about IP shortage every since. So while there is a finite number of IP's, things will always work themselves out.
Problem is they don't belong to the RIRs or this would have already happened. Do we really want some|any entity saying poof "your shit is now mine"?
I dunno man.
In the early days of the Internet there were no RIRs. At first the US military, through its contractor SRI (operating SRI-NIC), allocated all IP addresses. When the US military decided to get out of that business, the US National Science Foundation awarded the contract to assign both IP addresses and domain names to Network Solutions (NSI).
OK
Random question: I know IPv4 is based on addresses having 0-255, but would it be possible and what would the implications be of adding addresses above 255 but still 3 numbers like 473 or 612?
That wouldn’t be possible with IPv4 as it exists today. IPv4 addresses are 32 bits split into 4 octets (8 bits each), and 8 bits can only represent values from 0–255. Going beyond 255 would require more than 8 bits per “octet,” which changes the format entirely and breaks compatibility with every router, OS, and protocol built for IPv4.
At that point, you’re not extending IPv4 — you’re creating a new protocol (which is basically what IPv6 is).