It’s that time of the year: lots of my friends and acquaintances went to FOSDEM, which is great, and at least one complained about something not working over IPv6, which prompted me to share once again my rant over the newcomer-unfriendly default network of a a conference that is otherwise very friendly to new people. Which then prompted the knee-jerk reaction of people who expect systems to work in isolation, calling me a hater and insulting me. Not everybody, mind you — on Twitter I did have a valid and polite conversation with two people, and while it’s clear we disagree on this point, insults were not thrown. Less polite people got blocked because I have no time to argue with those who can’t see anyone else’s viewpoint.
So, why am I insisting that IPv6 is still not ready in 2020? Well, let’s see. A couple of years ago, I pointed out how nearly all of the websites that people would use, except for the big social networks, are missing IPv6. As far as I could tell, nothing has changed whatsoever for those websites in the intervening two years. Even the number of websites that are hosted by CDNs like Akamai (which does support IPv6!), or service providers like Heroku are not served over IPv6. So once again, if you’re a random home user, you don’t really care about IPv6, except maybe for Netflix.
Should the Internet providers be worried, what with IPv4 exhaustion getting worse and worse? I’d expect them to be, because as Thomas said on Twitter, the pain is only going to increase. But it clearly has not reached the point where any of the ISPs, except a few “niche” ones like Andrews & Arnold, provide their own website over IPv6 — the exception appears to be Free, who if I understood it correctly, is one of the biggest providers in France, and does publish AAAA records for their website. They are clearly in the minority right now.
Even mobile phone providers, who everyone and their dog appear to always use as the example of consumer IPv6-only networks, don’t seem to care — at least in Europe. It looks like AT&T and T-Mobile US do serve their websites over IPv6.
But the consumer side is not the only reason why I insist that in 2020, IPv6 is still fantasy. Hosting providers don’t seem to have understood IPv6 either. Let’s put aside for a moment that Automattic does not have an IPv6 network (not even outbound), and let’s look at one of the providers I’ve been using for the past few years: Scaleway. Scaleway (owned by Iliad, same group as Online.net) charges you extra for IPv4. It does, though, provide you with free IPv6. It does not, as far as I understand, provide you with multiple IPv6 per server, though, which is annoying but workable.
But here’s a quote from a maintenance email they sent a few weeks ago:
During this maintenance, your server will be powered off, then powered on on another physical server. This operation will cause a downtime of a few minutes to an hour, depending on the size of your local storage. The public IPv4 will not change at migration, but the private IPv4 and the IPv6 will be modified due to technical limitations.Scaleway email, 2020-01-28. Emphasis theirs.
So not only the only stable address the servers could keep is the IPv4 (which, as I said, is a paid extra), but they cannot even tell you beforehand which IPv6 address your server will get. Indeed, I decided at that point that the right thing to do was to just stop publishing AAAA records for my websites, as clearly I can’t rely on Scaleway to persist them over time. A shame, I would say, but that’s my problem: nobody is taking IPv6 seriously right now but a few network geeks.
But network geeks also appear to like UniFi. And honestly I do, too. It worked fairly well for me, most of the time (except for the woes of updating Mongodb), and it does mostly support IPv6. I have a full IPv6 setup at home with UniFi and Hyperoptic. But at the same time, the dashboard is only focused on IPv4, everywhere. A few weeks ago it looked like my IPv6 network had a sad (I only noticed because I was trying to reach one of my local machines with its AAAA hostname), and I had no way to confirm it was the case: I eventually just rebooted the gateway, and then it worked fine (and since I have a public IPv4, Hyperoptic gives me a stable IPv6 prefix, so I didn’t have to worry about that), but even then I couldn’t figure out if the gateway got any IPv6 network connection from its UIs.
I’m told OpenWRT got better about this. You’re no longer required to reverse engineer the source to figure out how to configure a relay. But at the same time, I’m fairly sure they are again niche products. Virgin Media Ireland’s default router supported IPv6 — to a point. But I have yet to see any Italian ISP providing even the most basic of DS-Lite by default.
Again, I’m not hating on the protocol, or denying the need to move onto the new network in short term. But I am saying that network folks need to start looking outside of their bubble, and try to find the reasons for why nothing appears to be moving, year after year. You can’t blame it on the users not caring: they don’t want to geek out on which version of the Internet Protocol they are using, they want to have a working connection. And you can’t really expect them to understand the limits of CGNs — 64k connections might sound ludicrously few to a network person, but for your average user it sounds too much: they only are looking at one website at a time! (Try explaining to someone who has no idea how HTTP works that you get possibly thousands of connections per tab.)
I recently learned that AWS Lambda doesn’t support IPv6:
With a Lambda placed in a properly configured IPv6 supporting VPC, Lambda just won’t use IPv6. An EC2 in the same VPC will without hesitation – but that Lambda won’t.
It kills me that even in 2020, service providers (like AWS) that “support” IPv6 really only support it sometimes.
Don’t use Scaleway. They don’t give you a static IPv6 address nor do they support rDNS for IPv6. Their “native IPv6 support” is a joke. I considered them a few years ago but identified multiple problems that had me conclude that their marketing promises were too good to be true. Try someone like Hetzner Cloud or Contabo instead (unaffiliated).
I hear you. One of the reasons why I picked Comcast Xfinity over other providers was they provide IPv6 and the ability to request prefixes larger than /64 via DHCPv6-PD hints. About six months ago IPv6 started dropping out randomly and eventually when I figured out that it was IPv6 related, I disabled IPv6-RA on the local network because I didn’t have time to figure out what was causing the issue. Fast forward to last week, and I was surprised when my laptop didn’t have a IPv6 address (oh yeah, I disabled RA, no I don’t have time to check if the issue resolved itself, moving on). sigh
Nobody actually cares Carrier Grade NAT (CGNAT) restrictions on parallel connections. Web browsers are moving/have moved from 6 parallel HTTP/1.x connections per server to 1 HTTP/2 connection per server and that has actually improved bandwidth because TCP/IP can better handle the traffic changes.
The part that CGNAT or NAT does break is hosting any services behind the NAT without a special method to reserve addresses and ports outside the NAT to forward to correct NAT address.
It seems clear to me that IPv6 failed because IPv6 believers liked to think that if they actively prevent interoperability people have no choice but have to start using IPv6 once IPv4 addresses have been used. Of course, that didn’t work because IPv4+NAT still works better in real world than IPv6 plus optional translation packages.
Instead, IPv6 should have included mandatory part where all IPv6 only clients can always connect to IPv4 addresses without any extra configuration, services or extensions. Then there would have been no reason not to use IPv6 address for any computer that can support the required software changes. Real world servers would have wanted to use IPv4 addresses and maybe add IPv6 in parallel. Real world servers will stop hosting services on IPv4 addresses only after the IPv4 client count has dropped so low that it no longer makes sense money wise. As long as most or even big enough slice of the paying customers connect using IPv4, there’s no way any sensible server administrator is going to cut IPv4 connections.
For a client machine that doesn’t need to LISTEN any ports, using IPv4+NAT or IPv6 with ability to connect to IPv4 hosts there’s no difference when it comes to using services as a client. However, by using IPv6 your client machine could still use P2P traffic without hacks and LISTEN to IPv6 clients without any hacks. In practise, there would have been zero reasons to use IPv4+NAT from the customer perspective having a client machine. IPv6 could have allowed access to all existing IPv4 services and in addition allowed hosting IPv6 services and using IPv6 P2P traffic without tunneling hacks.
Instead, we have current status in 2021: IPv6, nope, still dreamland.
I would argue its still in dreamland to envision a v6 only network without some way of getting v4, but for the home user side its getting somewhere with 35% deployment being not too bad. Like your suggesting it seems to be due to hosting providers not really understanding it or seeing it as annoying(due to misunderstanding).
I do wish providers and webadmins will see it as more than “Oh, thats niche” as i feel like the pain points of v4’s life support will push the need for them to take it more seriously.
On Automattic, they do seem to have a v6 network for gravatar, why they havent expanded this to the rest of their products, i dont know.