Context:
People have been asking for IPv6 Support on GitHub since years (probably a decade by now)
… and someone even got so annoyed that they decided to setup a dedicated website for checking this: https://isgithubipv6.live/
Working in computing for years and this is what I’ve heard
2000: IPv4 is about to dry up, we really need to start moving to v6!
2005: OH NO THE SKY IS FALLING IPv4 IS ALMOST GONE! IPv6 IN THE NEXT YEAR OR TWO OR THE INTERNET WILL DIE!
2010: WE’RE SERIOUS THIS TIME IPv6 NEEDS TO BE A THING RIGHT NOW! HELP!
2015: Yeah, okay, NAT has served us well so far, but we can only take it so far, we really need v6 to be the standard in the next 5-10 years or we’re in trouble!
2020: Um… guys? IPv6? Hello? Anyone? crickets
2024: IPv6ers are now the vegans of networking
this may or may not be satire, just laugh if unsure
But new IPv4 allocations have run out. I’ve seen ISPs that won the lottery in the 90s/2000s (when the various agencies controlling IP allocations just tossed them around like they were nothing) selling large blocks for big money.
Many ISPs offer only CGNAT, require signing up to the higher speed/more expensive packages to get a real IP, or charge extra on top of the standard package for one. I fully expect this trend to continue.
The non-move to IPv6 is laziness, incompetence, or the sheer fact they can monetize the finite resource of IPv4 addresses and pass the costs onto the consumer. I wonder which it is.
a combination of all of these, most likely
The adoption of IPv6 on some segments of the Internet has lessened the crisis around IPv4 availability.
As a networker, ipv6 is the future. I’m a fan of it, but I don’t really talk about it anymore because there’s no point.
I threw in the towel after an ISP messed up so badly that I just couldn’t bother anymore.
At a previous job a client I was doing some work for got a new internet connection at a new site, the ISP ran brand new fiber for it. This wasn’t a new building or anything, but the fiber was new. They allocated them a static IPv4 thing as usual, and I asked the tech about V6, and they said we would have to take it up with the planning team, so I did. I was involved in the email chain at the end of the sales process to coordinate the hookup. So I asked. After many emails back and forth, I was informed the connection was allocated.
They allocated one single IPv6 subnet directly off of their device. I couldn’t even.
For those that don’t understand, the firewall we had connected to the device is an ipv6 router. What normally happens, especially in DHCP customer connections, is that the router will use DHCP-PD to allocate a subnet for the router to use on the LAN, and automatically set up a route to say “reach this subnet we allocated for this router, via this router” kind of thing. I’m dramatically simplifying, but that’s the gist. In DHCP-PD, the router will also have an IPv6 address on the ISP-facing link to facilitate the connection. In the case of the earlier story, they gave us an entire subnet to communicate between the ISP and the router, and didn’t give us a subnet for the client systems inside the network.
I did ask about this and I can only describe their reply as “visible confusion”.
I know many who will still be confused by this point are people who have not used IPv6; to explain further: the IP on your local (LAN) systems needs to be a public IP address, because the router no longer does network address translation when sending your data to the internet. So the IP on the router has no bearing on your computer having a connection to the internet over v6. If your local computer does not have a globally unique ipv6 address, you cannot use IPv6. There are ways around this, NAT66 exists but it’s incredibly bad practice in most cases. The firewall I was working with didn’t really support NAT66 (at least, at the time) and I wasn’t really going to set that up.
ISPs are the reason I gave up on IPv6.
I’ll add this other story to reinforce it. I’ll keep it brief. A different ISP for a different company at a different site entirely. The client purchased a static IPv4 address, and I asked about IPv6, as you do. To preface, I know this company and used them for my own connection at the time. They have IPv6 for residential clients via DHCP-PD. I was told, no joke, that because of the static IPv4 assignment, and how they execute that for businesses, that they couldn’t add IPv6 to the connection, at all.
The last thing I want to mention is a video I saw, which is aptly named “CGN, a driver for IPv6 adoption” or something similar. It’s a short lecture about the evils of carrier grade NAT, and how IPv6 actually fixes pretty much all the bs that goes with CGN, with fewer requirements and less overhead.
IPv6 is coming. You will prefer IPv4 until you understand how horrific CGN is.
CGnat is an abomination.
Just remember we got rid of TLS 1.0 the same thing can be done with IPv4. It’s time for browser makers to put “deprecated technology” warnings on ipv4 sites.
2 months ago I thought I’d start learning IPv6 and started watch some intro videos on YouTube.
Holy crap… It’s a beast and it just felt like if you don’t know what you’re doing you might lose all control over your network. Ok. So a device didn’t get a dhcp address? No problem… It creates it’s open IP address and starts talking and try to get out on internet on its own…
Normally that’s not a problem since your normal home router wouldn’t route 169.254.x.x… But it just seems like there’s A LOT to think about before activating IPv6 at home. I’ve got a Creality K1 Max… Fun thing: factory reset also creates a new MAC Address… So there’s no way in hell thay I just let her lose by activating IPv6.
Ps. Yes, I most likely panic because I haven’t figured out IPv6… But until I understand IPv6 there’s just going to be IPv4.
Generally, a device cannot get an internet facing IP address unless something else on your network is advertising the prefix. In fact, I’d argue there’s little point using DHCPv6 now. Some devices are only interested in SLAAC. But, if you have a router that gets an IPv6 prefix from your ISP (usually /48 or /64, but you can get other sizes) it will usually then advertise that onto your local network.
As for the IP addresses. I would say that you should definitely still have a firewall in place. But the setup is the same as IPv4 just without NAT. e.g. you set a blanket rule for your prefix to allow outbound and block unrelated inbound. Then poke holes through for specific devices and services.
By default, IPv6 implementations make an assumption that they’re not going to be a server (if you want a device to be a server, you can just set a static IP) and their “main” IP will be a random looking one (and the configuration will depend on whether it uses an interface identifier to create the address, or if it is random) within your (usually huge) allocation. But more than that, they will usually be configured to use the IPv6 privacy extensions (RFC4941). This generates extra temporary addresses per device, which are used for outbound connections and do not accept incoming connections. That is, people cannot see your IP address on their host from your connection and then port scan you, since no ports will respond. You could still have ports open on your “real” IP address. But, that one isn’t ordinarily used for outgoing connections, so no-one will know it exists. To discover it they would need to scan your whole prefix (remember that the /64 allocation you will generally get is the internet * the internet in terms of address space, that is much harder to brute force scan).
I think the differences between IPv4 and IPv6 might seem scary, but most of them are actually improvements on what we had before, making use of the larger pools we have available. Once you work it out, it’s really not so bad.
I would like to see routers setup to firewall ipv6 by default to give the same protection as NAT though, meaning users need to poke holes into the firewall for incoming connections. Maybe some do. I know mine did not and it was one of the first things I did.
Retardistan is hogging the biggest portion of the IPv4 addresses for themselves. That’s why they have the worst IPv6 support. The need arose last in this part of the world.
Interesting, github websites/pages support ipv6
github.com doesn’t have a AAAA DNS entry. So it’s not serving anything directly over IPv6. Likewise, ping -6 github.com fails. So, what are you seeing that is supporting ipv6?
Websites hosted by github pages, like https://2009scape.org or https://pytorch.github.io
That is interesting. I figured they would be something like cloudflare/other redirection for github pages. But the IPv6 address space is github registered.
So, really not sure why they don’t have the rest of their site enabled.
Yeah bit of a head scratcher