Context:
People have been asking for IPv6 Support on GitHub since years (probably a decade by now)
… and someone even got so annoyed that they decided to setup a dedicated website for checking this: https://isgithubipv6.live/
I’m actually bit sad that I had to move onto a ISP which has zero IPv6 support, as I previously did have IPv6. The last thing I did on that connection was to debug the hell out of my IPv6 code I had developed.
I feel you, moved ISP maybe 3 months ago, only to find out I’m behind CGNAT and no IPv6…
That should simply not be allowed. Cgnat for ipv4 is fine if they also provide proper ipv6
Roses are red, violets are blue, everyone is using IPv6, why aren’t you?
Roses are red, violets are blue, IPv6 costs extra, and that just won’t do
As far as I can tell it’s the other ways around: IPv4 is getting more costly
Example: AWS started to charge for IPv4 addresses a few months ago - a IPv4 address now costs around $3.6 per month
Might just be my host. Maybe I need to find another one
In the USA they charge extra for IPv6? I’m in the UK and while there are some ISPs that don’t provide IPv6 at all, and some that do shitty things like dynamic prefixes on IPv6, I’ve not seen anyone charging for it.
Likewise, server providers generally don’t charge for it. In fact, they will often charge less if you don’t need IPv4.
No don’t take shitposts literally. I’ve been using ipv6 for a decade at home now in the USA and I don’t pay extra for it ever. Also why are you assuming this post refers to the us?
There’s been other posts about IPv6 and the TL;DR is that while there are shitty implementations everywhere, the USA seems to be ahead of the game of doing it badly, if at all.
The USA is ahead of most nations at about 50% so not sure how you’re coming to that conclusion based off of evidence. Outside of maybe Brazil in the americas on both continents our ipv6 adoption is better than the rest, Canada included.
I reckon I see most IPv6 complainers are from the US though…
In my country, turning on IPv6 is not really something ceremonial, it’s just literally clicking on the IPv6 checkbox. The default configurations set in the router are good enough for an average home user, firewalls and all that security jazz are enabled by default.
The DNS didn’t break just because I enabled IPv6, nor did my phone apps stop working. Life goes on, and I have gotten rid of that terrible CGNAT. Somehow this is not the case for many US users across multiple ISPs, I have heard IPv6 horror stories from Verizon, Comcast, and AT&T. Like how did you manage to do that?
“everyone”, tell that literally to every isp my country that doesn’t even provide ipv6 support.
The perpetual chicken egg problem of IPv6: many users don’t have IPv6 because it’s not worth it because everything is reachable via IPv4 anyways because IPv6 only service don’t make sense because they will only reach a subset of users because many users don’t have IPv6…
I don’t have IPv6, but I can still reach IPv6 only sites if I use MullvadVPN (and probably also with other VPN providers).
This sums it up. I’m too lazy and there’s too little incentive.
If IPv6 is done right you don’t even know you have it. If you use a cell phone or a home Internet, there is a high chance you are already using IPv6.
If your ISP supports it
Honestly this isn’t even true anymore. Most major ISPs have implemented dual stack now. The customer doesn’t know or care because it’s done at the CPE for them.
I use a browser extension which tells me if the site I’m at is 6 or 4 or mixed. In 2024 most major sites support V6. A lot of this is due to CDN supporting it natively.
The fact that GitHub doesn’t is quickly becoming the exception.
May I ask which extension you are using?
Thanks.
IPv6 traffic is globally steady at around 37%. So it isn’t a majority by far.
Yes but IPv4 is becoming expensive and it’s annoying having to use a middleman to clone github repos on a v6-only VPS
IPv6 is not hard, there is no excuse not to have it
Or one could use alternative hosters, or maybe even selfhost git services.
Yeah let me self-host other peoples github repos because github doesn’t have IPv6 lmao dude
How about “Let me selfhost my own repos, so other people working with my stuff can use IPv6, as well as be sure no large corporation known for being cancer stands behind it and monitors every thing I do.”?
I do 🥰
That doesn’t solve the problem of me needing other peoples githubs repos on a VPS with no v4
I mean, yes and no. For an individual or individual systems? No, it’s not hard. But I used to oversee a WAN with multiple large sites each with their own complex border, core, and campus plant infrastructure. When you have an environment like that with complex peerings, and onsite and cloud networks it’s a bit trickier to introduce dual stack addressing down to the edge. You need a bunch of additional tooling to extend your BGP monitoring, ability to track asynchronous route issues, add route advertisements etc. when you have a large production network to avoid breaking, it’s more of a nail biter, because it’s not like we have a dev network that is a 1-1 of our physical environment. We have lab equipment, and a virtual implementation of our prod network, but you can only simulate so much.
That being said, we did implement it before most of the rest of the world, in part because I wanted to sell most of our very large IPv4 networks while prices are rising. But it was a real engineering challenge and I was lucky to have the team and resources and time to get it done when it wasn’t driving an urgent, short timeline need.
I’m not using it because by and large it’s not implemented properly on consumer hardware, and my ISP doesn’t care if their IPv6 network is broken.
I’ve tried multiple times to go IP6 only. I mostly thought, despite my reasonable understanding of IP4, that I was the problem in trying to set it up. I found my dns host was being forgotten multiple times a day, set to something invalid, then it would time out and revert back to the working one. I couldn’t figure out how to connect two computers together for Minecraft.
Now I hear it was just garbage consumer hardware and software? Fuck me. So much wasted time and effort to say nothing of believing I had turned into a tech idiot.
You’re not an idiot. You’re using tools that don’t really do what they claim because it wasn’t considered an important use case.
IPv6 is great, but we haven’t seen enough pain yet to really drive adoption on the home LAN.
My solution uses the ISP box to deliver stateless auto conf, and bridging a consumer router. I can’t open ports but at least I get an IP.
Do you have an example? Because it works great on openwrt, dd-wrt, pfsense, opnsense, unifi, mikrotik…and then if you’re using the isp equipment it works out of the box.
You’re using open source third party firmware and higher end networking gear as an example. Of course they work. Shitty consumer grade brands aren’t in the same class
You think an asus, linksys, netgear,etc doesnt handle ipv6???
tplink handles it badly ootb, youd need openwrt/ddwrt.
my isp’s modem cant handle it well either.
i doubt older asus/linksys/etc devices handle it well either.
TP-link can’t open ports in the v6 firewall neither can Linksys and it doesn’t support DHCP forward so literally was incompatible with my ISP implementation. Some current TP Link router sold at Walmart don’t even have an IPv6 firewall.
Open source works great. Can’t speak to unifi never seen it for sale here.
That is not the case for every country though. In France and Germany for example almost 3/4 of google requests are via IPv6.
Interesting that India has such a high percentage. I’m guessing it’s because most of their network infrastructure is probably relatively new and so they can include support right off the bat, instead of having to retrofit stuff?
Not much choise i guess. Usa and europe grabbed the majority of available ipv4 space. Asia got a bit. And only scraps and leftovers for africa and latin america.
Yeah but then you look at China and it’s at 4%. Maybe they got into the game early enough to get enough adress space for it to be serviceable?
Most of China can’t reach Google so the reporting is off anyway. But in 2023 the govt mandated ipv6 support to all carriers and manufacturers.
https://www.theregister.com/2023/10/17/china_networking_hardware/
That’s good to hear! Very encouraging!
My isp does t even support ipv6
I’m not. I disable it on all Linux machines I manage. And we do not use it at work either.
This. And also disable https. Those things just break all the time.
“Everyone is using IPv6”
It’s barely supported. Most providers here “offer IPv6”, but each has a different gotcha to actually using it, if it works at all and they didn’t just route you through hardware that doesn’t know what it is.
What’s “here”? Here in Germany, mine has it for maybe 10 years or so. Basically since launch day.
And new ISPs only have v6 since all legacy (v4) blocks have been sold years ago.
Not at all only. At times you have both IPv6 and IPv4 and other times you can still get IPv4 at no additional cost like when you run your own router or modem. The layperson will be given IPv6 by default, but it’s not the only thing you can get.
While you may have IPv6 it doesn’t do anything if the services you utilize don’t support it.
MANY major websites and domains have no IPv6 support. https://whynoipv6.com/
Mordor itself, Russia. Technically, most ISPs support IPv6 here but as I said each has something weird in config that makes using it… Fun. I don’t remember specifics since I’m mostly looking at it from consumer side, but I could try finding the article (in russian) that talked about it.
My current connection doesn’t have IPv6 at all according to https://ipv6-test.com/, although I’m not 100% if it’s because of provider or Cisco AnyConnect blocking shit.
When you when you sign up for internet here, you get a dynamic IP, it’s been that way for… As long as I can remember, really. Definitely more than ten years. I know in Moscow people used to get white IPs way back when, but that’s long gone. Not really a problem since most people don’t host anything.
It’s becoming more and more of a problem I’d think. Blocklists just become longer, so the more an IP is used by random people the less useful it becomes.
I might be completely wrong about this though.
Well, kinda-sorta. I’ve yet to hit ip block when browsing without a VPN, but VPNs and proxies definitely are getting blocked pretty consistently.
And seeing how wonderful the situation here is right now, I’m pretty familiar with VPNs at this point.
I did not know about that page. Thanks.
white IPs
what do you mean by this? Static IPs?
Yeah, I guess that’s a local slang.
Just because you have a IPv6 address doesn’t mean you’re actually using it. At best you’re tunnelling IPv4 traffic through your carrier’s IPv6 network. Current estimates (from Cloudflare) show only about 34% of the global internet uses IPv6.
If you only used IPv6, you wouldn’t be able to access nearly 66% of the internet.
Retardistan is hogging the biggest portion of the IPv4 addresses for themselves. That’s why they have the worst IPv6 support. The need arose last in this part of the world.
what
Who??
I think he means the USA
Just remember we got rid of TLS 1.0 the same thing can be done with IPv4. It’s time for browser makers to put “deprecated technology” warnings on ipv4 sites.
IPv4 isn’t depreciated, it’s exhausted. It’s still a key cornerstone of our current internet today.
We still have “modern” hardware being deployed with piss-poor IPv6 support (if any at all). Until that gets fixed, adoption rates will continue to be low. Adding warnings will only result in annoying people, not driving for improvement.
Adding warnings will only result in annoying people, not driving for improvement.
Given how poorly adoption has gone so far this might be the only way to get actual fast support rolled out. Piss people off, get change
IPv4 isn’t depreciated, it’s exhausted.
exhaustion probably also constitutes as “deprecated” once the utility of a system designed to be, well, useful no longer meets the usefulness quotient that it previously provided. Suddenly It’s “deprecated technology”
IPv4 should be deprecated, but it’s not
I just upgraded my Lemmy instance’s hardware and finally got IPv6 support :D
I wish my ISP had ipv6 support to be honest
rose are red, violets are blue, money is the reason we can’t have nice things.
Roses in summer, violets in spring, it’s trivially easy this rhyming thing
This is why I hated r/boottoobig
shitposting properly is the objective, regardless of my rhyming imperative. My post must be shit, in order to get the hits.
Roses are red, violets are blue, sod off.
Why should we care? So address space may run out eventually - that’s our ISPs’ problem.
Other than that I actually don’t like every device to have a globally unique address - makes tracking even easier then fingerprinting.
That’s also why my VPN provider recommends to disable IPv6 since they don’t support it.
even easier then fingerprinting.
than*
Auto-“correct”. Thanks, fixed.
That’s the dumbest thing I’ve read today… Your ISP is fleecing you and you’re happy with it.
What the fuck are you talking about? My ISP supports IPv6 just fine, but following my VPN’s advice I disable it (on certain devices at least) for privacy concerns. And it makes exactly zero difference in functionality.
OK, not your ISP, but your VPN is shit.
It’s Proton VPN. Lack of IPv6 support is a downer but I wouldn’t call them shit.
Edit: maybe elaborate why you deem IPv6 so crucial? As I said: everything works just fine without.
Because people in countries with ISPs that are unable to provide IPv4 (e.g. too expensive) can’t access GitHub easily.
the only reason i can think of is cgnatting ipv4 becase of depleted pool.
i believe you can NAT ipv6 too, no?
You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.
NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.
The word you are looking for is firewall not NAT.
NAT does not provide security whatsoever. If the NAT mapped your (internal IP, internal port) to a certain (external IP, external port) and you do not have a firewall enabled, everyone can reach your device by simply connecting to that (external IP, external port).
I haven’t seen routers that do not come with IPv6 firewalls enabled by default.
The word you are looking for is firewall not NAT.
No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.
Consumer router firewalls are generally trash and definitely are not doing the heavy lifting.
By and large automated attacks are not thwarted by the firewall but by the one-way NAT.
Consumer router firewalls are generally trash
[Citation needed]
They are literally piggybacking on the netfilter module of Linux. I don’t see how that’s trash
They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.
Added some clarification in my first sentence so it makes a bit of sense.
Wait, why are we talking about Layer 7 when NAT and firewalls are Layer 4 at best?
Yes you can.
that’s our ISPs’ problem
If the Internet means for you a way to access Facebook, Netflix, Google and YouTube, yeah.
But if it means a network to send something to another computer then it’s a huge problem.Because ISP won’t care if you can accept connections or not. They don’t care about decentralization and being able to host stuff yourself. Most consumers just want a pipe to big services and not to their friend’s house.
I’m using ipv6 when I occasionally connect to Yggdrasil.
And I think I’ll use ipv6 if we ever need to build a new earthnet.
It’s a fine technology.
What do you do on the yggdrasil network?
Google some sites, visit some empty IRC channels, dream of the future for a bit, then turn it off
2 months ago I thought I’d start learning IPv6 and started watch some intro videos on YouTube.
Holy crap… It’s a beast and it just felt like if you don’t know what you’re doing you might lose all control over your network. Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…
Normally that’s not a problem since your normal home router wouldn’t route 169.254.x.x… But it just seems like there’s A LOT to think about before activating IPv6 at home. I’ve got a Creality K1 Max… Fun thing: factory reset also creates a new MAC Address… So there’s no way in hell thay I just let her lose by activating IPv6.
Ps. Yes, I most likely panic because I haven’t figured out IPv6… But until I understand IPv6 there’s just going to be IPv4.
Generally, a device cannot get an internet facing IP address unless something else on your network is advertising the prefix. In fact, I’d argue there’s little point using DHCPv6 now. Some devices are only interested in SLAAC. But, if you have a router that gets an IPv6 prefix from your ISP (usually /48 or /64, but you can get other sizes) it will usually then advertise that onto your local network.
As for the IP addresses. I would say that you should definitely still have a firewall in place. But the setup is the same as IPv4 just without NAT. e.g. you set a blanket rule for your prefix to allow outbound and block unrelated inbound. Then poke holes through for specific devices and services.
By default, IPv6 implementations make an assumption that they’re not going to be a server (if you want a device to be a server, you can just set a static IP) and their “main” IP will be a random looking one (and the configuration will depend on whether it uses an interface identifier to create the address, or if it is random) within your (usually huge) allocation. But more than that, they will usually be configured to use the IPv6 privacy extensions (RFC4941). This generates extra temporary addresses per device, which are used for outbound connections and do not accept incoming connections. That is, people cannot see your IP address on their host from your connection and then port scan you, since no ports will respond. You could still have ports open on your “real” IP address. But, that one isn’t ordinarily used for outgoing connections, so no-one will know it exists. To discover it they would need to scan your whole prefix (remember that the /64 allocation you will generally get is the internet * the internet in terms of address space, that is much harder to brute force scan).
I think the differences between IPv4 and IPv6 might seem scary, but most of them are actually improvements on what we had before, making use of the larger pools we have available. Once you work it out, it’s really not so bad.
I would like to see routers setup to firewall ipv6 by default to give the same protection as NAT though, meaning users need to poke holes into the firewall for incoming connections. Maybe some do. I know mine did not and it was one of the first things I did.
Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…
Its not that different from a conceptual point of view. Your router is still the gate keeper.
Home router to ISP will usually use DHCPv6 to get a prefix. Sizes vary by ISP but its usually like a /64. This is done with Prefix Delegation.
Client to Home Router will use either SLACC, DHCPv6, or both.
SLACC uses ICMPv6 where the client asks for the prefix (Router Solicitation) and the router advertises the prefix (Router Advertisement) and the client picks an address in it. There is some duplication protection for clients picking the same IP, but its nothing you have to configure. Conceptually its not that different from DHCP Request/Offer. The clients cannot just get to the internet on their own.
SLACC doesn’t support sending stuff like DNS servers. So DHCPv6 may still be used to get that information, but not an assigned IP.
Just DHCPv6 can also be used, but SLACC has the feature of being stateless. No leases or anything.
The only other nuance worth calling out is interfaces will pick a link local address so it can talk to the devices its directly connected to over layer 3 instead of just layer 2. This is no different than configuring 169.254.1.10/31 on one side and 169.254.1.11/31 on the other. These are not routed, its just for two connected devices to send packets to each other. This with Neighbor Discovery fills the role of ARP.
There is a whole bunch more to IPv6, but for a typical home network these analogies pretty much cover what you’d use.
SLACC doesn’t support sending stuff like DNS servers.
