this post was submitted on 20 Jun 2024
29 points (91.4% liked)

networking

2811 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS
 

I mean on a technical level. Are the devices that make up the infrastructure of the internet hardwired with IPv4? Is the firmware on these devices impossible to upgrade remotely?

If it's just a matter of software or firmware then adoption should only take like a year but clearly that isn't the case. So what specifically is stopping us?

top 17 comments
sorted by: hot top controversial new old
[–] slazer2au@lemmy.world 16 points 4 months ago (1 children)

Nothing, it has never been a technical problem it has always been a business problem. Why spend engineer time and money on deploying V6 when v4 is working perfectly fine and we are not approaching exhaustion of v4 space available for our customers.

[–] undefined@links.hackliberty.org 2 points 4 months ago (1 children)

Ugh, my job requires us to use their VPN but all IPv6 traffic leaks out of the tunnel because they can’t be bothered to at least blackhole it. I feel like I’m living in 1995 at work.

[–] slazer2au@lemmy.world 2 points 4 months ago

Same, we started having issues recently when MS enabled IPv6 on their login page. Now some users who are connected to the VPN aren't able to login because the login request is not coming from a trusted ipv4 address in conditional access .

[–] Max_P@lemmy.max-p.me 13 points 4 months ago

Everyone's making money on IPv4, so there isn't the incentive just yet to really switch or invest in even supporting it. Major clouds now charge per IP, residential ISPs are starting to make having a public IP a feature they charge extra for otherwise you get CGNAT, mobile carriers don't want people to host stuff and are quite happy with CGNAT.

And then there's the implementation part where everyone seems to go out of their way to do it wrong and cause trouble. My OVH server for example assigns me a non-routed /56 and I can only use about 8 of them before their router starts ignoring the rest.

At home I have to do 6rd over PPPoE over VLAN which causes my router to not be able to do hardware accelerated routing and I lose 3/4 of my connection speed on top of the resulting tiny MTU, and it turns out IPv6 doesn't like that. And then a few days later their 6rd endpoint changes and your connection dies until restarted manually, and somehow you end up with another IPv6 block and ugh it's just so horribly broken.

I want IPv6 to work but damn, ISPs aren't making it easy to adopt it in the first place.

[–] mlg@lemmy.world 12 points 4 months ago

The hardware and firmware supports it and we have inter protocol solutions to handle edge cases.

The problem is that when the Ipv4 addresses actually ran out, ICANN realized that a metric ton of them were in use because people, especially businesses, were not using NATing.

ICANN (ARIN) slowly grabbed the addresses back, and NATing became the standard so no one really cared that much anymore because the amount of public addresses actually needed was significantly reduced.

Other things like SPN, updates to SSL, and various other address sharing technologies reduced the need for individual public ipv4 addresses even further.

There's still a shortage and a wait list to get new addresses, but it's not critical so people don't have that much of an incentive to switch to ipv6.

[–] Sammirr@aussie.zone 7 points 4 months ago (1 children)

People hate change. And even now, IPv6 support in new devices can be hit-or-miss. Even most cellular networks in my country don't support IPv6.

[–] geekwithsoul@lemm.ee 1 points 4 months ago (1 children)

I think you’ll find the devices support it pretty well but some mobile carrier networks do not.

[–] BarbecueCowboy@lemmy.world 4 points 4 months ago

At an enterprise level, that's definitely not what we're seeing. Whenever we try to turn it on for any system, there's some major downside that the vendor has zero interest in fixing within the next 10 years.

[–] blackstrat@lemmy.fwgx.uk 6 points 4 months ago (1 children)

Here's my story of trying to use IPV6 for the past 3 days, and I know I'm not a typical user.

I use Opnsense as a router firewall. Using IPv4, 5/6 VLANs, almost all devices statically addressed with alias's configured for each. This lets me have firewall rules like "block youtube on the kids devices", or "use a different DNS server for the wife", only allow the fire stick to access the internet after 7am. That sort of thing.

First problem is working out how to even get IPv6 on the WAN and what it even means that my ISP has given me a /48 and a /64. Loads of reading and some cobbling together later I have it. But no clients are getting addresses. Eventually fix that and now they have an address. But I don't want to use SLAAC as that's a nightmware to keep track of, DHCPv6 doesn't work for android devices so they'll be on IPv4 anyway. I don't want each client to have a globally unique address as that just allows insane tracking. I don't know if my IPv6 address will ever change, but it seems likley it will and that would be a nightmare to fix. I manage to get private fd00/8 addresses allocated to clients, but I don't know how to configure IPv6 NAT so devices have an IPv6 IP, but can't access through the WAN using it. And by that point I just don't see the point any more. I'd just be duplicating all my rules that would be far too time consuming, confusing and I don't see the point.

I want local private IP addresses. I don't want clients to have unique IPs. I want the addresses to be known and static. I want my firewall rules to be tied to specific addresses for 90%+ of devices.

[–] undefined@links.hackliberty.org 1 points 4 months ago (1 children)

You can still use NAT for IPv6 if it’s something you really want, and it works similarly to IPv4.

[–] blackstrat@lemmy.fwgx.uk 0 points 4 months ago (1 children)

But at that point there's no difference other than it's less familiar and more fiddly with v6. Why even bother.

[–] undefined@links.hackliberty.org 2 points 4 months ago* (last edited 4 months ago) (1 children)

To be blunt, I don’t know what 99% of the other commenters are talking about. I’ve never had so many problems with IPv6 in my life, and I’ve been using it for over 10 years now.

At the same time, I’ve only seen less latency and higher bandwidth on IPv6 aware services (though the underlying reasoning is unclear to me).

As someone who builds websites for people all over the globe with any mix of IPv4 and IPv6 it really irks me that people are finding seemingly any excuse to not just move over to IPv6.

What about it is fiddly?

[–] blackstrat@lemmy.fwgx.uk 1 points 4 months ago

What about it is fiddly?

The insane addresses. The reliance on DNS, the unpredictability of addresses, that each device can have so many addresses and you need to know what each does and is used for and how that impacts inter-network routing and firewall rules. Privacy IPs, what the hell? Its a solution to something that's fixed by tried and understood IPv4 NAT.

If you just want a flat simple network where everything on your lan is equal, everything has a globally unique and trackable IP I'm sure it's fine. But if you have something more sophisticated it becomes much more complicated. And I genuinely can't see how IPv6 advocates can't see the problems it introduces.

What we need is a larger address space and fast adoption, that's it. If after 30 years of awful adoption rates and only when people have a gun to their head they begrudgingly might adopt it, then you have a bad protocol.

[–] BearOfaTime@lemm.ee 5 points 4 months ago* (last edited 4 months ago)

Simply there's no value for an individual/company to put in the effort.

I have zero need for IP6 in my home network, my company has zero need for it internally.

Honestly, IP6 is useful only for internet backbone at the moment. So long as a packet can reach an edge router/gateway, IP4 is fine internally (because that infrastructure is already in place, and transitioning is costly and has risk).

[–] Zozano@aussie.zone 2 points 4 months ago

I use ProtonVPN. They don't use IPv6, so neither do I.

[–] NaibofTabr@infosec.pub 1 points 4 months ago* (last edited 4 months ago)

The Internet is a fantastic example of building the airplane while you're flying it. We can't just put this thing on the ground and rebuild the engine, we're in flight and there's a lot riding on it.

IPv4 was drafted in 1981 and adopted by ARPANET in 1983. For all practical purposes, there was no "internet" yet - which is to say that IPv4 predates the Internet.

IPv6 was drafted in 1998, but wasn't adopted as an official standard until 2017. The Internet had grown exponentionally long before any manufacturers were even considering implementing IPv6.

There is a mountain of telecom infrastructure built over the past 40 years that still has legacy hardware bits scattered through it. There is a jungle of interdependency tangled through firmware and low-level software that no one living has any real understanding of. There is an ocean of application software that was built on assumptions about the underlying infrastructure that no one ever planned to be updatable, and the creators are long retired.

Anyone want to take bets on how many pieces of slapdash web software out there use some hard-coded regex to pick IPv4 addresses out of strings? Good luck getting those things updated. IPv4 is going to be with us for a long time in the form of shared libraries, Nth-tier dependencies, and legacy hardware drivers.

[–] possiblylinux127@lemmy.zip 1 points 4 months ago

Follow up question: why would I spend a bunch of extra time adapting something that honestly isn't useful on the modern web? As it turns out, each device doesn't need its own public IP. We have NAT which work fine and is potentially more secure and private.