Kitz Forum
Internet => General Internet => Topic started by: AnthonyG on April 27, 2023, 09:51:59 AM
-
I was just thinking to myself. My future ISP offers IPv4 over CGNAT and IPv6.
I was just thinking therefore. If someone was to (try and) go entirely IPv6 only. What would be the potential drawbacks with them doing this? And are there any work arounds for it if they exist.
As in just disabling IPv4 entirely in the router (if that is possible) and just having IPv6 so I don't have to bother with CGNAT at all.
If I was to try and do this my only uses would be regular browsing the internet, streaming on the likes of Youtube, Amazon Prime TV and Netflix and playing Call of Duty on Xbox Live on the SeriesX.
Would this be possible through IPv6 only and if not are there any work arounds to get the above to work?
It just seems if the future is IPv6 I may as well try and be the first on board.
-
You could totally go IPv6 only, but without a 6to4 translation at some point a LOT of websites plain wouldn't work any more.
-
It just seems if the future is IPv6 I may as well try and be the first on board.
This is the exact problem with IPv6 - support is still poor overall hence being first gets you (literally) nowhere
-
My friend in Texas, AT&T relatively recently "upgraded" his connection to dual-stack. After the 5000th engineer visit, they disabled IPv6 in his router as their platform had been super flaky.
So if even an ISP is choosing to selectively roll it back for individual customers, we have no hope of it ever becoming the default.
-
I couldn’t disagree with Alex more. Imho it already is the default and end users don’t realise it. All modern web browser and some other applications prefer IPv6 by design and the ‘happy eyeballs’ algorithm in eg web browsers is used to check for a rubbish IPv6 connection such as a bad teredo one by racing IPv6 and IPv4 against one another. I’ve been using IPv6 consistently such 2010 with zero problems. World IPv6 Day was back in 2012, and then it was that all massive internet companies the likes of Facebook, Google et al agreed to switch over to offering IPv6, so because of Web browsers’ preference algorithm, a huge slice of all traffic instantly went IPv6 where users had capable ISPs, simply because of the dominance of a few large companies in terms of users’ traffic. Alex is right if thinking about counting webservers rather than fraction of total internet traffic. As far as I can see. in the UK, total IPv6 traffic is still quite a bit less than the volume of IPv4 traffic, according to the stats I’ve seen from the London internet exchange LINX.
AA does offer zero-IPv4 service with full access to IPv4-only machines such as web servers by using DNS64 + NAT64 kit in their network. It’s not true in this case what the earlier poster wrote about losing access to the huge slice of the web because if the high number of IPv4-only web server. How it works is that the networking kit at AA lies to the user’s machine in the DNS64 address lookup responses and in the case of an address lookup that returns only IPv4 results, the responses are faked to give out a reset that is the IPv6 address of AA’s NAT64 translator server. Then IPv6 traffic destined supposedly for say some web site that is in fact IPv4-only goes through the NAT64 translator and the packet headers are rewritten making it into IPv4 with dest address being the actual destination machine and the source address being that of the NAT64 translator, not the original sending machine. This is done to ensure that replies get sent back to the translator which in turn rewrites the headers translating in the reverse direction according to its inverse mapping tables set up in NAT. The process is indeed analogous to the IPv4 NAT algorithms that you may already be familiar with, just rather more radical. You can read about this on AA’s website at https://support.aa.net.uk/IPv6_Only.
-
Some interesting data here on IPv6 growth vs IPv4
https://blog.apnic.net/2023/01/06/bgp-in-2022-the-routing-table/
There are a number of distinct phases in the growth trends that are visible in the history of the IPv6 routing table. The period between 2004 and mid-2018 could be modelled by an exponential growth function with a doubling interval of three years. The period from mid-2019 to mid-2021 saw an increase in the growth function, where the doubling interval fell slightly under two years. However, from mid-2021 the growth pattern has changed again and is now best modelled by a linear growth model with a growth rate of some 25,000 additional route entries per year, or an average of 68 new routing entries per day. This is still lower than the IPv4 routing table growth of some 35,000 IPv4 routes per year.
The IPv6 linear growth since 2021 is also seen here:
https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption
-
I am about to ditch a load of IP's on one of my servers as the cost is becoming extortionate, the crisis is real. (to give an idea, if I keep them, I will be paying more to lease the IP's than the server, power and bandwidth combined). Am moving to NAT on the server.
But yeah to answer the question, you can only make IPV6 single stack viable if you have a translation mechanism working like the mobile providers do. Most content on the internet sadly is still single stacked IPv4.
-
My friend in Texas, AT&T relatively recently "upgraded" his connection to dual-stack. After the 5000th engineer visit, they disabled IPv6 in his router as their platform had been super flaky.
So if even an ISP is choosing to selectively roll it back for individual customers, we have no hope of it ever becoming the default.
Yep at this point its clear its not happening, its either going to take regulation to force it, or a big content provider to move to single stack IPv6 to kick start everyone. Both which seem very unlikely.
-
Given big content providers can do clever load balancing tricks with just a single public-facing IPv4 address, it seems unlikely they would be the ones to push the transition. After all, they will want to have a box in the middle anyway for DDoS protection so I doubt its a big overhead for them to be doing this.
-
I think we need to make a magic pill to give to web server admins which will simply do everything for you, walking you through converting your web server setup to support IPv6. Such a hand-holding mechanism, conceptually like what used to be called ‘wizards’ years ago in GUIs, also need to help you get set up with IPv6 service to your server too, or else the job is only half done. Some years back, letsencrypt and acme made it sufficiently easy that web server admins managed to get https/TLS support up and running, getting rid of the incomprehensible challenges that mere mortals could not cope with and getting rid of the costs for certs. That was pushed through by the big web browser manufacturers who changed their UI to effectively almost require https. That initiative was very successful and got the change implemented in a short space of time. It proves to me that something that offers serious handholding would once again work and could fix the current ridiculous problem of poor IPv6 support by web server admins. A sister initiative to my "letsipv6" for web servers would be welcome for email servers and clients.
Unlike the case of the https switchover, I don’t know that there’s going to be a big push from somewhere to make server admins get IPv6 done. Chrys discussed this and I’m unclear how to get such a big push to happen. I think we really do need such pressure. Maybe something very vaguely like a star rating system for ISPs and websites, which conveys prestige on those who have got the work done. I have no idea if that’s the right approach or would be strong enough; I’m proud to say I know precisely zero about marketing, but perhaps there is someone out there who is an expert.
I think that such a "letsipv6" wizard application would have to be such that the user can leave the app at any time, saving the state, the amount of the overall job done and tasks still to be done, and then the user can resume some more of the process later. That is needed because the user will sometimes realise that they need to pause and give more thought to answering some questions and making choices, or they need to do something outside the program before they are in a position to continue. For web servers, the system would have to be very modular and capable of dealing with different o/s’s and the associated techniques for reconfiguring them, and on top of that there is the problem of multiple popular web server software packages. I wonder, would the variability between the various linux + BSD distros be an utter pain?
I think that some of the required components of this kind of wizard system would need to be on some servers somewhere. This would be for testing the new system and verifying that it’s working serving up http(s) as expected.
Alongside this, we need continued research into IPv6 (or even IPv6.1) aimed at discovering ways of offering more value to end users, network operators, ISPs. Improved performance compared with IPv4 (hard), enhanced reliability (already there in one situation, maybe improvements in other aspects though too), maybe assistance toward mobility, bearing in mind that we already have IPv6 mobility but it doesn’t seem to have taken off, at least not in some (many?) parts of the world. I think that this is very hard, given that innovations that are applied with ipv6 can usually be applied with ipv4 as well, so my instinct tells me.
-
The amount of CPE that have issues with IPv6 even after all this time is extraordinary. This is of course under the control of ISPs: they can do acceptance testing.
Does IPv6 have performance advantages over v4? Seems you need HTTP/3 and to be roaming to see a performance advantage.
-
Which explains why Mobile IPv6 is even more dead in the water as I believe it requires participation from the CPE? Not 100% sure as none of the documentation explains clearly what acts as the home agent, but I'd think that would be the home router as your ISP presumably sends all traffic for your IP range to your home router?
This would also be a bottleneck if you are using the default method that does not require Mobile IPv6 support on the network you are roaming on, as all traffic is relaying via your home network and your likely limited upstream bandwidth. I can't imagine that going down well when people at home are wondering why the broadband is overloaded because some member of household is using their mobile elsewhere. Also a nightmare for stingy ISPs like in the US where they have data caps so people routinely use their mobile contracts to reduce reliance on their home broadband.
I think inherently IPv6 has performance disadvantages sadly, due to the smaller MTU and slightly higher latency. Though maybe that is due to nothing being optimised for it?
-
The overheads mean v6 is never going to be as performant as v4 in regular usage.
-
Section (9) here suggests some performance gains with IPv6 from several companies:
https://www.akamai.com/blog/trends/10-years-since-world-ipv6-launch
Could it be the the IPv6 hardware infrastructure in these companies is newer and/or less utilized hardware vs IPv4 infrastructure?
-
Section (9) here suggests some performance gains with IPv6 from several companies:
https://www.akamai.com/blog/trends/10-years-since-world-ipv6-launch
Could it be the the IPv6 hardware infrastructure in these companies is newer and/or less utilized hardware vs IPv4 infrastructure?
If you read further that seems to be down to sub-optimal IPv4 usage rather than IPv6 being inherently better:
The reasons for better performance with IPv6 vary widely but may include:
ISPs that network address translate (NAT) IPv4 traffic but natively route IPv6 traffic, especially in cases where the NATs experience congestion or runs out of IPs/ports
IPv6-centric ISPs that deploy IPv4aaS over IPv6, especially when IPv4 traffic is routed through more central egress services while IPv6 can break out at the edge
Emerging cases where limited availability of IPv4 addresses mean that IPv6 services can be deployed with a broader global footprint
So CG-NAT is bad, yeah kinda to be expected but does not apply to anyone using pure IPv4.
IPv6 centric ISPs seems like it would be a pretty niche case, though perhaps relevant for alt-nets.
The latter seems kinda niche too given the big CDNs will use a few IPv4 addresses that are router different depending on your region, hitting local cache servers.
I'd imagine also bad ISP routers struggling to do NAT effectively could also be a reason, their job is much easier on IPv6, though quite where these mystical routers with good IPv6 support are I do not know. ::)
Plus like you said, if the IPv6 network is less loaded then things like Happy Eyeballs on Chrome, trying both and preferring the first protocol to respond, will likely load quicker over IPv6.
-
Hi all,
As others have said, the IPv6 Internet is not supported by all companies and websites.
as a snapshot, Google and YouTube have IPv6 addresses already, but Amazon.com doesn't, see below.
nslookup youtube.com
Server: zyxelwifi.com
Address: 192.168.123.1
Non-authoritative answer:
Name: youtube.com
Addresses: 2a00:1450:4009:820::200e
142.250.187.238
C:\Users\mwt784>nslookup amazon.com
Server: zyxelwifi.com
Address: 192.168.123.1
Non-authoritative answer:
Name: amazon.com
Addresses: 54.239.28.85
205.251.242.103
52.94.236.248
C:\Users\mwt784>nslookup google.com
Server: zyxelwifi.com
Address: 192.168.123.1
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4009:81f::200e
142.250.187.206
Cheers,
Tony
-
Hi all,
In 2014/15 when I did my CCNA, IPv6 was being pushed (e.g. by Cisco) but was not being used.
Now, there are now IPv6 regional councils such as https://www.ipv6.org.uk/ in existence, and IPv6 is definitely taking off.
There are some good videos on the IPv6 Council UK from meetings such as their Annual Meeting in November 2022, see https://www.youtube.com/@ukipv6council468
The presentation from RIPE NCC about allocation of IPv4 and IPv6 over time is quite interesting, see https://youtu.be/sTTKdV_3gfA
Cheers,
Tony
-
The main issues seem to be consistency across vendors, occasional bugs in router software, that type of stuff.
There has been disagreements as well on how things should be implemented such as radvd vs DHCP6 NAT66 and so forth.
As a result there is a lack of universal practices which I think over time isnt helping matters, one that frustrated me recently is the "happy eyeball" mechanism added to Chrome (and anything based on chrome, which is a fair amount of software including steam).
Interestingly the actual RFC isnt as new as I thought it was.
https://www.rfc-editor.org/rfc/rfc6555
Happy eyeballs has been used for a while in DNS, but once it was added for general session steering is what made me consider it going too far. Its currently not configurable and is unlikely to be in Chrome.
After the Chrome changed I was forced with reality of having to either filter out AAAA responses on my DNS server, or disabling IPV6 completely or blocking IPV6 via local firewall on my windows desktops for any software using the Chrome engine. I did the latter.
Firefox didnt adopt the practice so still behaves in a sane way honouring the OS routing prefix order.
Weaver, control panels like directadmin do already have a hold your hand approach for IPv6 although it does require server administrators to enable IPv6 on the server and assign a prefix to it. I think because it gives no SEO bonus, many wont care, as soon as google made https give points, many flocked to enable https on their web sites. There is also that dual stack adds another way for a site to break, so has an element of risk to it. :(
-
Thinking about this a little more, I feel given the situation. It may have been better to limit the changes on IPv6 to minimal as possible in order to make it easy as possible for vendors, industry and consumers to migrate.
So that would be DHCP6 not RADVD as it has more in common with existing DHCP4.
Adopting a NAT protocol on all vendor equipment, so people who choose to can run a NAT network as easily as possible.
Standardisation across industry.
No random IP system.
Similar processing of packets and firewall handling, ICMP types e.g.
IPv4 preference in OS instead of IPv6 preference by default meaning a network bodge is less likely to cause issues, meaning rolling out JPv6 is considerable less risky.
We cant go back in time, but I have read a fair few reports that there was insistence to change things radically because it was felt it was done wrong in IPv4. But then you create the problem of people having to learn things again which they dont like.
-
What makes it worse is like the Xbox situation, where DHCPv6 is based on a UUID not MAC address and some devices will create this on OS installation and stick with it, so assigning a fixed IP is no harder than IPv4. Then there's the Xbox that regenerates it every time you reboot making a fixed IP outright impossible.
I totally agree that having Unique Local addresses random is rather confusing, it basically means you end up using the Global address anyway as its the only way to know exactly what client refers to what IP.
It seems like in the quest for user privacy its creating a huge headache in accountability for the network administrator, or I'm completely missing something. But it seems to me a system where any devices connected to the network can automatically communicate with other devices with no control from a central point is a really bad idea. Then again, IPv4 is only superficially better in that you can define dynamic client IPs to have different rules, but a savvy user can manually change their IP to get around that.
Still in a home environment, just being able to say "any unknown device gets put into this limited access IP range" is better than nothing IMO and not really doable in IPV6 from what I can tell.
Now if you really want a headache, read up on mobile IPv6 roaming. Although I do quite like the idea of my laptop effectively still being relayed back to my home router regardless of where I am physically connected, I'm not sure how the security of that works, plus that particular method relies on your home connection having plenty of upstream bandwidth as all traffic is relayed. But at that point I feel as security is a consideration, a VPN still makes more sense.
-
Hi all,
There is a fun video from 3 months ago at https://youtu.be/e-oLBOL0rDE by a YouTuber who was making his home network IPv6 from the ground up.
and the video is how he spent a week using only IPv6 and nothing else, to see what broke and the work arounds.
It is quite informative about the challenges of moving to IPv6 only. It can be done, but not everything works or doesn't work first time.
Cheers,
Tony
-
Even for sites that DO support IPv6, I've had issues with their IPv6 servers lagging where the IPv4 do not.
I get the feeling those companies aren't deploying IPv6 across their entire CDN so its more susceptible to congestion and faults.