Reasons for servers to support IPv6

It&#x27;s good to wonder publicly and have a discussion!<p>I set up IPv6 on all my servers in 2001 and thought we&#x27;d all be on IPv6 in just a couple of years :P<p>What&#x27;s interesting is how much resistance there is to adding IPv6 which comes from entrenched IT. People who never learned (much) about IPv6 seem to be afraid of it and often respond with some variant or another of &quot;don&#x27;t fix it if it ain&#x27;t broke&quot;, or &quot;it&#x27;s extra work for no return&quot;, or &quot;we&#x27;ll have to pay licensing to add IPv6 because we bought crap routers, so let&#x27;s not&quot;, et cetera.<p>My favorite is, &quot;we have no record of people trying to use IPv6&quot; - yes, that&#x27;s real :D<p>It just shows their ignorance. Adding IPv6 has myriad advantages - no need for NAT, proxies or port forwards to share addresses, no need to renumber networks if allocations or upstream change, redundancy, valid security-through-obscurity (imagine port scanning a &#x2F;64 looking for open ssh ports)...<p>What&#x27;s really interesting is how many of these &quot;we fear change&quot; IT people don&#x27;t realize they&#x27;re already using IPv6 on their phones every day, with a majority of the sites they visit.

What I haven&#x27;t quite fathomed with IPv6 is that as a home user without my own AS, am I supposed to use my ISP provided addresses in my internal network? ISP provided addresses that I have no control over and could change at any time? With IPv4, I just use RFC1918 addresses as I like and I have full control over the addresses and their allocation and I can then very easily set up iptables rules, dhcp pools, dns records etc. Then I just NAT at the edge of my network, and the configuration is practically completely isolated from my ISP and whatever addressing they do.

There’s already a lot of FUD around IPv6 and I’m not sure that an article which seems to amount to a survey on Twitter really moves the conversation forward much.<p>Clearly there’s pain points to rolling out v6 (although I’d question how many of them are still an issue outside the glacial pace of Enterprise IT) and we’d be better trying to address that than re-hash the same old arguments.<p>Edit: not much more than 2 weeks ago we had this chestnut [1] where Nintendo was telling you to forward thousands of UDP ports to a Switch in order to play online but still we hear “but NAT works fine for me”.<p>1: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29919228" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29919228</a>

I&#x27;d love to read an honest post from somebody from Twitter (or GitHub or...) on why they don&#x27;t support IPv6. Not a shaming thing, it&#x27;s something I don&#x27;t quite get. Like I get why an old school bank wouldn&#x27;t: their infrastructure predates IPv6 and it&#x27;s a project that has to be financially justified and I can understand how that can be hard. But presumably something like Twitter had an experienced networking team, who surely know all the advantages here and want to somewhat future-proof, build up their infrastructure and they decided not to support IPv6 and I would love to understand the reasoning. Is the extra cost really that high?

I read all the time about how great the latest technology like Docker and Kubernetes is, and how one should <i>always</i> update every 20 minutes or else you&#x27;ll have your entire <i>life,</i> much less your identity, stolen by hackers, and besides, who wants to use software that&#x27;s an entire six months old? And yet, trying to get anyone to upgrade to IPv6 and suddenly the entire world gets super conservative and &quot;hey now! Let&#x27;s not get too hasty here!&quot; I can&#x27;t quite square this circle.

This seems like a good place to mention a neat trick: If you&#x27;re behind cloudflare or such, you can probably trivially go <i>pure</i> IPv6 on your servers and not even have to worry about NAT because cloudflare will provide v4 to users that use it. So you end up with (your server) -v6-&gt; (cloudflare) -v4&#x2F;v6-&gt; (users). (Which I admit is a sort of NAT, just not at the IP level)

&gt; When I try to ping an IPv6 address (like example.com’s IP 2606:2800:220:1:248:1893:25c8:1946 for example) I get the error ping: connect: Network is unreachable. Why? (answer: it’s because my ISP doesn’t support IPv6 so my computer doesn’t have a public IPv6 address)<p><pre><code> $ ssh freenas.local freenas$ ping6 2606:2800:220:1:248:1893:25c8:1946 ping6: UDP connect: No route to host </code></pre> Crap I should fix that. Login to web-interface, click the &quot;IPv6 Autoconfigure&quot; checkbox, click test, click save.<p><pre><code> freenas$ ping6 2606:2800:220:1:248:1893:25c8:1946 PING6(56=40+8+8 bytes) 2600:1700:3d40:6300:6a05:caff:fe58:a370 --&gt; 2606:2800:220:1:248:1893:25c8:1946 16 bytes from 2606:2800:220:1:248:1893:25c8:1946, icmp_seq=0 hlim=54 time=11.408 ms </code></pre> Wow, IPv6 _is_ easy! :-)<p>(AT&amp;T is my ISP and it took a bit of screwing around over a weekend with my router a couple years ago to get IPv6 working properly on my home network. But it&#x27;s been painless ever since.)

IPv6 is a &#x27;tragedy of the commons&#x27; issue just like recycling: you get no benefits to you individually from addressing the issue.<p>However the day the issue is solved, and ee can forget IPv4, a myriad issues dissapear - routing, port forwarding, P2P software for torrents and calls, multiplayer games, etc.

&gt;reason: to avoid NAT issues with home servers<p>Home servers are not quite as easy as the article makes it sound. Home routers block incoming IPv6 packets, the same as they do for IPv4. To make a home server accessible, you need to explicitly allow that incoming IPv6 traffic in your router&#x27;s firewall. This is analogous to adding a port forward rule in IPv4 NAT. The only benefit IPv6 has here is you can use the same port (e.g. SSH) for multiple home servers.

A few of these reasons boil down to &quot;it&#x27;s faster to not NAT&quot;. That makes some intuitive sense, but does anyone know of any studies&#x2F;tests so we can get numbers? Are we talking higher time to first connect? Slight increase in hops&#x2F;latency on every packet?

&gt; A few people mentioned that it’s much easier to use IPv6 with home servers – instead of having to do port forwarding through your router, you can just give every server a unique IPv6 address and then access it directly.<p>My ISP firewalls IPV6 addresses on their end, so no ssh to my IPV6 Machines from the outside, not even ping works. I don&#x27;t know why they do this

My office ISP is a mobile phone running a wifi hotspot.<p>(Don&#x27;t judge, it&#x27;s faster than the last ADSL connection at about 80Mbit&#x2F;s on a good day, much cheaper, and the office goes through about 40GB&#x2F;month no problem.)<p>The phone has an IPv6 address but no IPv4 address.<p>Ironic, then, that the hotspot only provides IPv4 to all connected devices, not IPv6. As a result, all connected devices in the office can only use IPv4.<p>My home ISP is a mobile 4G router providing wifi.<p>The router doesn&#x27;t get an IPv6 from upstream, just IPv4, so it only provides IPv4 to connected devices at home. I have no idea if it would provide IPv6 service if it got one from upstream. It is a little strange that it doesn&#x27;t get IPv6 from upstream, because it&#x27;s exactly the same type of mobile data contract as the office phone-router is using.<p>It&#x27;s 2022. I&#x27;ve had IPv6 on my servers since about 2003.<p>But aside from my actual phone, I&#x27;ve never had IPv6 on any device I&#x27;m using, living at numerous homes, using many and varied ISPs, working at numerous offices, or anywhere else. Not even when travelling.<p>I had to turn off IPv6 on my mail server, because gmail.com was rejecting mail from it when sent over IPv6, but not when sent over IPv4.<p>I use LXD and Docker on some of my servers for containers, and libvirt&#x2F;KVM for VMs. In theory they support IPv6 but in practice it&#x27;s easier to work with IPv4 address or port forwarding with them. That means the containers and VMs are only reachable from the internet over IPv4, even when the host servers have IPv6.<p>All together, anything I do to support IPv6 ends up poorly tested because it&#x27;s not really used, and everything has to be done with IPv4 in parallel anyway.<p>I still have IPv6 on my servers, and DNS configured appropriately. But as it virtually never gets used, it seems a bit pointless. Sometimes I don&#x27;t set up IPv6 on a new server straight away, and nothing is missed.

&gt; Apparently you can buy IPv6 addresses, use them for the servers on your home network, and then if you change your ISP, continue to use the same IP addresses?<p>&gt; I’m still not totally sure how this works but it sounds cool.<p>Naively I would say this is completely impossible without some form of your home router (or ISP?) relaying your traffic, or perhaps telling the sender that I am now actually located in a different subnet somewhere. If anyone can have IP(v6) addresses and keep them and take them with you, then wouldn&#x27;t that result in an unmanageably large lookup table at routing nodes to know where to route stuff to?<p>How does that work?

By now I&#x27;m semi-convinced ISPs are deliberately holding back IPv6 in order to make a buck selling static IPs. They charge a good chunk of money per month for an IPv4 address (at least in Switzerland, the UK, and New Zealand), which is basically just rent extraction from artificial scarcity. And it&#x27;s pretty obvious that once they transition to IPv6 there is no good reason not to give every single customer enough static IPs for a lifetime of devices.

I tend to think that a lot of issues on the global internet are not technical problems. They tend to be economics problems.<p>v6 is a mechanism like container ships. It will dominate when the incentives and disincentives make sense for the participants.

The perspective on this one is rather important I&#x27;d say. To run a service and buying a few IPv4 addresses is quite feasible. But operating an ISP and maintaining either large numbers of prefixes or costly CGNAT hardware at that scale puts it way more into focus.<p>Of course I&#x27;m not implying that IPv6 isn&#x27;t nice to run inside your infrastructure but I guess it isnt at the top of ones expenses.

I’m surprised at all the people here saying that they can’t get IPv6 to ‘work’ on their home internet connection. In my experience, in the Bay Area, with Comcast cable and AT&amp;T DSL connections in the last few years (5 or 10), it’s ‘just worked’ for any device connected to the router they provide, no configuration required.<p>I kind of assumed that this was true nowadays for most home ISPs.

Speaking of Twitter, follow @noipv6 for some great commentary and&#x2F;or heckling of ISPs who make false claims about IPv6 to defend their lack of support.

<i>The Case for IPv6</i> (1999):<p><a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;draft-iab-case-for-ipv6-06" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;draft-iab-case-for-ipv...</a><p>(EDIT: Updated to non-archive link provided by cesarb)

A personal bane of my existence is WSL’s lack of ipv6 support. You can’t even use WireGuard and ipv6 because it’s missing some kernel options.

I’ll add one: for servers accessed only via private networks, IPv6 still allows easy use of globally unique addresses. The finance world is full of IPv4 systems using 10.x.y.z, and there aren’t enough of those addresses to go around.

If everyone moved to IPv6, Amazon couldn’t charge AWS customers for NAT gateways. Won’t someone think of the $AMZN shareholders?

My ISPs v4 is down sometimes (Vodafone in Germany), while v6 continues working just fine. Severe loss of legacy internet services in those situations (no twitter, reddit, pornhub, battle.net, twitch...)

What is the best way to get ipv6 if your ISP doesn’t support it? I tried getting HurricaneElectric to work for tunnelling on my Ubiquity USG3 but couldn’t make it to work.<p>What would be the best way to get ipv6?

Joining the other thread about ipmi&#x2F;iLO interface being exposed to the WAN: make your server non discoverable by the different services that scan the entire internet address space. It is security by obscurity and you must have other layers of security but it’s not an insignificant layer.

IPv6 is cool in theory and the idea of literally everything having its own directly-reachable IP address is extremely compelling, but I never use it because so many services STILL don&#x27;t support it or don&#x27;t support it correctly. (As Julia pointed out, some HUGE websites don&#x27;t have quad-A records, so good luck dealing with NXDOMAIN for like everything.)<p>Shoot, Kubernetes _just_ got support for IPv6 in 1.23 (it was in beta since 1.20). I know that 6to4 exists and many kernels can do it out of the box, but that comes with problems, as Julia rightfully pointed out here, and at that point, you might as well just NAT over IPv4.

Still waiting for Google Cloud Platform to support IPv6 to the box...

You can use the Firefox add-on &quot;SixIndicator&quot; to see which websites support IPv6 and which don&#x27;t (assuming your client supports IPv6). The add-on shows a 4 or 6 icon in your address bar. <a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;sixindicator&#x2F;" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;sixindicator&#x2F;</a>

I noticed that effectively all my home machines support dual stack right now. I decided to make an experiment and move to only IPv6.<p>It was a huge mess (the autoconfig functionality, naming, routing) that all sort of failed in ways that involved deep hacking to debug. Ultimately I realized that since most sites on the net aren&#x27;t ipv6, I&#x27;d need to NAT or proxy my traffic to them anyway.<p>Let me know when we&#x27;re ready to turn off IPv4.

Running containers dual-stacked is still surprisingly difficult or annoying.

Does anyone have an explanation about &quot;reason: to own your IP addresses&quot; .. does that actually work?

in case you didn&#x27;t know you can either try Tunnel Broker project or 6to4 [1] relay, both proudly presented by Hurricane Electric<p>[1]: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;6to4?wprov=sfla1" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;6to4?wprov=sfla1</a>

What is a good resource to learn about ipv6? some course or book?

I think ipv6 enables easier surveillance and censorship.

my ISP uses IPv6. actually with some sort of 4-in-6. i can access v4 and v6 world with no artificial problems.

Multiple internet connections. Discuss.