back to article Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses

For years, internet engineers have predicted that the cost of an ever-smaller pool of IPv4 addresses would cause people to shift to the internet's new IPv6 protocol. Well, it finally appears to be happening. Speaking at the annual conference of Australian Network Operators late last week, the managing director of ISP Aussie …

Anonymous Coward

Has anyone truly made the switch?

As the questions says, has anyone made the switch fully and turned off the IPv4, or are people still running IPv4 at the same time to keep in touch with the rest of the unswitched world?.

Way I see it, is if it’s the latter then IPv4 addresses are not going to become obsolete any time soon and any new connections will need both, so the demand will still be there.

It would be a brave IT manager who says to his board of directors one day “I’ve decided to turn off the IPv4, because every one really should be using 6 by now”

There’s a reason most businesses still have fax machines.

Or I could be completely misunderstanding this!

37
1

Re: Has anyone truly made the switch?

You are right. Only a tiny, tiny fraction of the Internet is reachable via IPv6. Turning off IPv4 would be equivalent to disconnecting yourself from the Internet.

So it's not an either/or choice. You still need IPv4 addresses to talk to the vast majority of the Internet.

What this provider is doing is using CG-NAT to make multiple users share the same IPv4 address. Separately from that, they will run IPv6 along side; then at least traffic to Google/YouTube and Facebook will bypass the CG-NAT, for those customer-side devices which support IPv6 anyway.

The other option is to do NAT64, but that's messy. You have to spoof DNS responses with DNS64; it doesn't play well with DNSSEC. And you are still doing NAT, and you are still sharing IPv4 addresses. On top of that, the NAT64 solution forces *all* devices at the customer site to be IPv6-capable; if you've got an old IoT device or games console which doesn't do IPv6, then it's completely useless.

So basically the title of this article should be "Strewth! Aussie Broadband gets IPv4 bill, decides to do IPv4 address sharing"

72
1
Anonymous Coward

Re: Has anyone truly made the switch?

Thanks. Have an upvotefor clarity and simplicity!

15
1
Pint

Re: Has anyone truly made the switch?

It's still is catch-22. Untill there's more demand things aren't going to support it. And until things support it there won't be the demand.

At the day job most of our tools will run quite happily with IPv6, but a few key ones still don't. Since we can't switch IPv4 off (and save us a shedload of grief with NAT and seriously evil subnetting schemes), we're not bothering to turn IPv6 on as the effort of managing two network protocols is too much, even with the automation we have in place.

At home, I have both deployed and results are patchy. Some of my crusty old test servers sort-of use IPv6, the router varies with each firmware patch and routing randomly breaks on an admittedly over-complicated domestic setup but you don't learn by keeping it simple. And a beer to Hurricane Electric for letting me even get this far since my ISP are still twiddling their thumbs on the whole topic.

20
4
Silver badge

Re: Has anyone truly made the switch?

"As the questions says, has anyone made the switch fully and turned off the IPv4,"

No, because it's not time yet. IPv4 is sunsetted, not deprecated.

The knee point - when it happens - will be like most transitions - hard to pick, but once passed the changeover will be fairly quick (my pick is somewhere between 18 months to 2 years for IPv6 to move from 40% to 90% of connectivity and traffic)

Dual-stack machines on native IPv6 connections attempt to use their IPv6 connections first, so for the most part endusers won't notice the changeover. IPv4-only devices in local lans will continue to function and interoperate with dual-stack devices, but they'll find their external horizons starting to shrink rapidly.

As for fax machines: Yes, we still have one. That doesn't mean it's switched on anymore.

16
3
Silver badge

Re: Has anyone truly made the switch?

You don't need to fully make a switch. Whoever is advising these companies is an utter retard and they'd be best not to listen to whoever it is. All ISP-side networks should be pure IPv6 and IPv4 outbound can be natted easily. CG-NAT is a very expensive and customer-frustrating way to not solve any problem an ISP might have. I say this as an extremely frustrated Hyperoptic customer who has to run their own VPN setup just to be able to pull inbound connections from the internet to our local network when IPv6 would do the job perfectly. It's just not on. Most of the internet you care about runs IPv6 now.

12
10

Re: Has anyone truly made the switch?

You will end up with heavily NAT'd ipv4, and have to use ipv6 if you want any inbound or p2p connectivity...

There needs to be more incentive for end users and corporates to enable ipv6, or it will never happen. A lot of ISPs don't provide ipv6 at all, and the vast majority of corporate networks don't use it even if their isps support it.

5
0
Silver badge

Re: Has anyone truly made the switch?

Deutsche Telekom's mobile daughter, T-Mobile is going all IPv6.

Heise.de is running dual stack on its website and a couple of German ISPs are running IPv6 only internally, but translating to IPv4 at their borders where needed.

I've yet to work in a company that has used IPv6 internally.

5
0

Re: Has anyone truly made the switch?

my pick is somewhere between 18 months to 2 years for IPv6 to move from 40% to 90% of connectivity and traffic

"traffic" and "connectivity" are two very different things. Anecdotally, a dual-stack network already gets about half its traffic over IPv6 - because much of the traffic volume comes from a handful of huge content providers like Google (YouTube) and Facebook. But in terms of the proportion of sites reachable over IPv6, it's still tiny.

As for migration, the low-hanging fruit has been picked already - things like mobile networks (heavily CG-NAT already) and university networks (where they have the time to play with IPv6), and it will only get slower now. Some university networks have even turned it off, as the ongoing costs of running two networks in parallel become apparent.

The solution I've proposed for a long time is for the big CDNs - e.g. Cloudflare, Akamai, Google - to offer a public NAT64 service. Then it would be possible to build a single-stack IPv6 network at the edge and still access the vast majority of the Internet.

8
0

Re: Has anyone truly made the switch?

Or alternatively ...

"Strewth! Aussie Broadband gets IPv4 bill, decides to sweat IPv4 address assets"

6
0
Silver badge

Re: Has anyone truly made the switch?

"CG-NAT is a very expensive and customer-frustrating way to not solve any problem an ISP might have."

Good point. The article cites the high (ongoing) cost to Aussie Broadband of sticking with 100% IPv4. But it doesn't tell us the (one time?) cost to Aussie Broadband of switching to CG-NAT. Nor the (one time?) cost to Aussie Broadband of running dual IPv4/IPv6 stacks. Nor the (one time?) cost to Aussie Broadband of fully switching to IPv6.

We simply don't seem to have enough information to draw conclusions although Aussie Broadband likely has the information and has concluded that CG-NAT (presumably using IPv4) is their lowest cost path forward.

6
1
Silver badge

Re: Has anyone truly made the switch?

"the vast majority of corporate networks don't use it even if their isps support it."

Indeed. I suspect that the average CIO confronted with the spectre of finding money to replace/reconfigure every router and switch in their network, and reconfigure every computer in the building(s), and probably do something cute and costly with some expensive custom gear -- all without shutting down operations for more than a holiday weekend -- is likely to decide that upgrading to IPv6 is a project left for their successor after their retirement.

11
0
Len
Silver badge
Holmes

Re: Has anyone truly made the switch?

There is an interesting thing to take into account when looking at the cost of CG-NAT for ISPs that will make a massive difference to the sums.

CG-NAT on its own is expensive and will only get more expensive as, generally, consumer internet traffic keeps increasing. That device that was sufficient this year won't be sufficient in two year's time.

CG-NAT as part of a DS-Lite strategy is expensive but those costs will decrease over time as more services become available over IPv6 and that traffic won't have to pass the CG-NAT device. Already a number of major traffic sources (Netflix, YouTube, Facebook, just about any Google service to name a few) are available over IPv6 and so won't have to pass your CG-NAT device. With more services becoming available over IPv6 the pressure on your CG-NAT devices will decrease.

6
0

Re: Has anyone truly made the switch?

>Deutsche Telekom's mobile daughter, T-Mobile is going all IPv6

I doubt it's fully v6, unless they don't want any roaming revenue.

Current mobile handsets use v4 when they detect they are roaming, even if their home network uses v6. That's not going to change until pretty much all networks have v6 enabled.

Can't even use dual stack - those attach requests confuse some legacy networks and leave you with no service

3
0

Re: Has anyone truly made the switch?

Nail on the head, a huge portion of ISP traffic is to google, youtube, facebook, etc. The large services are IPv6 and therefore if you just implement CGN with IPv4 only, you're going to pay an awful lot of money for the kit and you're going to need to work out how you cleanly expand that over time. Implement IPv6 and >50% of your traffic zips straight past your CGN box.

So you've got a clear cost/benefit on the ISP side, either do a IPv6 project or pay way more than you need for your CGN solution.

On the content provider side, things are a lot less clear. Unless you're hyperscale like facebook, you don't need IPv6 for any particular reason, and don't care much than the users might need to be go via CGN and incur a bit of cost for their ISP and maybe an extra couple ms latency. It's just extra complexity, which means extra cost. Hence el reg is V4 only.

8
0

Re: Has anyone truly made the switch?

I suspect that the average CIO confronted with the spectre of finding money to replace/reconfigure every router and switch in their network, and reconfigure every computer in the building(s), and probably do something cute and costly with some expensive custom gear -- all without shutting down operations for more than a holiday weekend

If it were possible to *switch* from IPv4 to IPv6, this would be perfectly feasible. You'd run dual-stack for a week or a month or however long you needed, and be left with a pure IPv6 network at the end, job done. Dual stack, in fact, would be an excellent tool for this sort of transition.

But that's not feasible, because you'd disconnect yourself from the IPv4 Internet. You still need *some* IPv4: including for inbound connections such as VPN (I've never stayed in a hotel which provides IPv6)

So you have three choices:

1. Run IPv4 and IPv6 dual stack across your whole network indefinitely. This gives you double the number of firewall rules, and hard-to-debug problems when a particular device becomes reachable over v4 but not v6, or vice versa. Increased on-going expense and pain, for no business benefit.

2. Migrate to IPv6 and use NAT64/DNS64 - in other words, IPv6 replaces your RFC1918 private IPv4 addresses. Some places are experimenting with this approach, even Microsoft themselves. But you will still have islands of dual-stack required, and lots of pain with legacy devices, in particular legacy applications which can only listen on an IPv4 address. You end up doing nasty things like NAT464. Again, little obvious business benefit to demonstrate.

3. Stay on IPv4 just as you are today, which works as it always did, and avoid all the pain.

Guess which option almost everyone chooses.

What I'd like to see is that at least for "green field" networks, they could be built single-stack IPv6. This doesn't work today unless you're happy to build your own NAT64 infrastructure (*). And even if you do, your NAT64 still needs an IPv4 address from your ISP, so you may as well just do NAT44 instead.

(*) A few ISPs today do provide NAT64/DNS64 for those who want to try it (e.g. AAISP).

4
1

Re: Has anyone truly made the switch?

It's just extra complexity, which means extra cost. Hence el reg is V4 only.

Actually no. El Reg is CDN'd via Cloudflare. It's a one-button setting to enable IPv6 for a Cloudflare-fronted site. That enables a IPv6 entry point to CF so the user can connect via IPv4 or 6. Your server infrastructure could be IPv4-only, IPv6-only or running dual-stack. Makes no odds. Cloudflare will accept either and connect to the server using whatever is available - entirely transparently to the user.

I had a couple of personal sites behind CF (for the free HTTPS, before my host enabled Let's Encrypt) and although the server was IPv4-only, visitors could access it on -4 or -6, because CF was doing a quiet conversion.

The only reason El Reg does not have an IPv6 address is because no one has toggled that button to "Enable".

7
0

This post has been deleted by its author

Silver badge

Re: Has anyone truly made the switch?

*cough*

3
1
Silver badge

Re: Has anyone truly made the switch?

It's worse than that.

There is literally no economic reason for a company to make its servers support IPV6 alongside IPV4.

Every consumer must be able to access IPV4 services, so you can't switch off your IPv4 support.

There's no first mover advantage, so why go to the cost?

2
2
Len
Silver badge
Happy

Re: Has anyone truly made the switch?

I would say that there are reasons (including economic) for companies to implement Dual Stack, it just doesn't apply equally to all them.

Personally my baseline has been Dual Stack, TLS and DNSSEC for a few years now. Any new project that I run supports IPv4+IPv6, encrypts all its traffic and uses DNSSEC for its domain names. Any supplier that wasn't able to deliver against that was just dropped.

Why? No very hard economic reasoning, just that I like to be a bit ahead of the curve and rather just deal with things that will be inevitable a few years down line now, rather than having to shoehorn in rubber band and duct tape solutions later while a system is already operational. But, that's just me and my fairly basic requirements, usually projects depending on fairly standard HTML+CSS+JS over HTTPS stuff for a European and North American market. Dual Stack is mostly a nice-to-have.

If I had to do more complex stuff with applications doing a lot of complex two way traffic between client and server (messaging? VOIP?) and include a lot of developing countries in my target audience (Asia!) I would be cursing CG-NAT on a daily basis and IPv6 would be top priority. Many developing countries were very poorly served when IPv4 allocations were made decades ago. In countries with one IPv4 address per 10,000 inhabitants ISPs pull out all the stops with some times six or seven layers of CG-NAT to make it work. Imagine trying to get a VOIP connecting going. For Whatsapp or Telegram engineers, that India now has such a high IPv6 penetration is a gift from the network gods!

6
0
Silver badge

Re: Has anyone truly made the switch?

If all your doing is providing a website ( eg: a high volume e-commerce site with your own servers ), the added expense of maintaining IPV6 isn't worth it.

There is nobody that won't be able to access it on IPv4, so why bother?

If you're providing VOIP or similar, IPV6 support may make sense of course.

0
0
Anonymous Coward

Re: Has anyone truly made the switch?

"There’s a reason most businesses still have fax machines."

Yes. Inertia.

Businesses may still need fax capability, but there are viable alternatives to a physical fax machine (RingCentral's service comes to mind). Heck, way back in ca. 1996 I worked in a small IT dept that ripped out the fax machines and put in a fax server (WTH was the brand? it was a bulletproof machine, 4 lines, incoming and outgoing, worked great...)

IPv4 can be the same way, legacy hardware sitting in place due to inertia, or intelligent workarounds where appropriate.

(I'll climb off my high-horse and back to my IPv4 only network now...)

2
0
Silver badge

Re: Has anyone truly made the switch?

We still have a fax machine, but it is not currently plugged into the phone line. Nobody has noticed.

2
0
Silver badge

Re: Has anyone truly made the switch?

"I've yet to work in a company that has used IPv6 internally."

Tried it once for a Server 2008 R2 DirectAccess implementation. It was less fun than drowning, although that was more to do with DA not working than IPv6. Lesson learnt, stay away from the bleeding edge and let some other poor sod do the heavy lifting.

0
0

Re: Has anyone truly made the switch?

A high-volume e-commerce site is exactly the sort of site that should be really interested in v6.

Small increases in page load time lead to large differences in the amount of users that give up on your site and try another one. (Search for "latency impact on revenue" for studies. The numbers are kinda crazy; things like 5% of total revenue for 500ms of extra waiting time.) For an ecommerce site, that means less money for you.

Facebook measured their site as loading 10-15% faster over v6 (https://code.fb.com/networking-traffic/ipv6-it-s-time-to-get-on-board/). That should be interesting to a large e-commerce site.

0
0

Another IPV6 article which exposes issues with IPV6

Another IPV6 article which exposes issues with IPV6

The issue is a lack of a proper backwards compatible transition mechanism with isp”s forcing customers through an inferior cgnat.

If customers care only about cost and not method of connectivity then cgnat will be the way forward, domestic customers won’t care so long as it works,business will pay to keep existing b2b stuff working on IPv4.

8
13
Anonymous Coward

Re: Another IPV6 article which exposes issues with IPV6

So we’ll eventually end up with 4.6 billion businesses still running IPV4, that won’t switch just in case they lose connectivity with that all important supplier/customer.

I suppose a world wide “IPV4 Turn Off Day” is out of the question?

5
5

Re: Another IPV6 article which exposes issues with IPV6

Well cgnat will be slower, and more open to abuse (thousands of users behind the same address making it very hard to block abusive or compromised hosts)...

ISPs will also have to log every outbound connection made or udp packet sent in order to track any kind of illegal or otherwise unwelcome activity, as simply knowing the ip address and timestamp will no longer be sufficient to identify a user.

7
0

Re: Another IPV6 article which exposes issues with IPV6

There is a backwards compatible transition mechanism though, specifically NAT64. What more do you want?

2
2
Silver badge

Re: Another IPV6 article which exposes issues with IPV6

What more do you want?

As I understand it, NAT64 provides a means for a host with an IPv6 stack to communicate with legacy IPv4-only hosts by means of a gateway. I gave up trying to pin down the shifting sands of IPv6 migration some time ago, so please correct me if any of the following is untrue regarding NAT64.

1/ it needs a specific form of address allocation for the local IPv6 network, the host needs to "know" when to embed IPv4 addresses in IPv6 packets and the gateway has to "know" what to do with them so it effectively adds a third mode of operation (IPv4, IPv6 and IPv4 in IPv6).

2/ It does nothing for the problem of IPv4-only hosts (either legacy systems or system sitting behind an IPv4 ISP) that want to communicate with IPv6-only systems, which would seem potentially to be a significantly greater number.

2
0
Len
Silver badge

Re: Another IPV6 article which exposes issues with IPV6

The transition mechanism for consumer broadband is DS-Lite. It gives customers a public IPv6 address and an IPv4 address behind CG-NAT for legacy applications. Over time less and less traffic will go over CG-NAT as more services become available over IPv6 and at some point ISPs will be able to switch them off altogether (or keep it only for premium plans).

Looking at current developments, within a year or two I expect the norm to be:

* DS-Lite for consumer broadband.

* Dual Stack for business broadband.

* Dual Stack for internet facing servers.

* IPv6-only for internal servers.

That situation will then stay that way for a good couple of years while IPv4 is slowly going the way of IPX.

I remember having a network where all nodes had TCP/IP and SPX/IPX side by side for a year or two until the last application had migrated to TCP/IP and we could remove SPX/IPX from the interfaces. I expect the same to happen with IPv4. In my home network I have a couple of devices (printer, Apple TV, some IoT stuff) where I could probably remove IPv4 already as they all use IPv6.

4
1

Re: Another IPV6 article which exposes issues with IPV6

Typically PBA or DNAT will be used, whereby a subscriber is given a source port range on a particular public IP (EG 100.64.0.1 -> 8.8.8.8:1025-2048, 100.64.0.2 -> 8.8.8.8:2049-3072). Saves a lot of logging, but then you've got extra fun with the likes of SIP which need a lot of TLC to run through the solution.

2
0
Anonymous Coward

Re: Another IPV6 article which exposes issues with IPV6

> The issue is a lack of a proper backwards compatible transition mechanism.

Sigh. Not this one again. How on earth do you expect to make a backwards compatible protocol ?

An as for transition mechanisms, I guess nat64/dns64/6in4/6to4/6over4/ etc..... aren't enough for you?

3
0

Re: Another IPV6 article which exposes issues with IPV6

You don't need a specific allocation for the IPv6 network. The IPv6-only host doesn't need to know about IPv4 at all.

NAT64 is usually combined with DNS64. An IPv6-only host will do a DNS request, the DNS resolver will see if the response only includes IPv4 addresses. If so, it rewrites the response to an IPv6 address that points at the gateway and encodes the IPv4 address. The gateway then has the smarts to spot this IPv6 packet is actually for an IPv4 host and translates it.

NAT works in both directions, you publish your service on a public IPv4 address and translate it to the IPv6 server sitting behind the gateway.

2
0
Silver badge

Re: Another IPV6 article which exposes issues with IPV6

"Well cgnat will be slower, and more open to abuse (thousands of users behind the same address making it very hard to block abusive or compromised hosts)..."

Addresses used for abuse will just blocked as usual except there will be a lot of collateral damage and the affected ISP support lines will light up like a Christmas tree as all the users on the same address get blocked too.

0
0

Re: Another IPV6 article which exposes issues with IPV6

As mentioned, you don't need a special address allocation on the local network; DNS64 returns addresses in the NAT64 prefix and clients connect to them like they do any other address. The router running NAT64 needs to handle the translation, but that could be at your ISP.

NAT64 translates from v6 (inside) to v4 (outside). Inbound connections from v4-only hosts are possible if you configure a port forward. Basically that's the same restriction NAT has when it's v4 on both sides.

My point really was that this is about the best you can do. You can't come up with a scheme that lets communication work directly between v6-only hosts and unmodified legacy v4 hosts. This isn't v6's fault, and there's nothing that you change in v6 to make it work. It just isn't possible, and if you're going to put the blame on anything for that then it would need to be on v4's design.

2
0
Silver badge
Windows

Not el Reg

nslookup theregister.co.uk

Server: XXXXXXX.au

Address: XXXXXXXXX

Non-authoritative answer:

Name: theregister.co.uk

Addresses: 104.18.224.129

104.18.226.129

104.18.223.129

104.18.227.129

104.18.225.129

These guys do:

X:\>nslookup facebook.com

Server: XXXXXXXXX

Address: XXXXXX

Non-authoritative answer:

Name: facebook.com

Addresses: 2a03:2880:f119:8083:face:b00c:0:25de

157.240.8.35

And yes, I get a chuckle from the latter.

19
2
Silver badge

Re: Not el Reg

Took me longer to figure out what you were on about than I care to admit.

8
1

This post has been deleted by its author

WTF?

Re: Not el Reg

Hang on! Is el reg starting to go IPv6? I just noticed that nir.regmedia.co.uk has been IPv6 for a while. I finally decided to look up what they had that was connecting to IPv6 when pages would load and I found atleast one domain that was connecting over IPv6.

>nslookup nir.regmedia.co.uk

Non-authoritative answer:

Name: nir.regmedia.co.uk

Addresses: 2606:4700::6812:fb87

2606:4700::6812:fc87

2606:4700::6812:fd87

2606:4700::6812:fe87

2606:4700::6812:ff87

104.18.251.135

104.18.252.135

104.18.253.135

104.18.254.135

104.18.255.135

0
0
Len
Silver badge

Sounds like they’re going for DS-Lite

This sounds like Dual Stack Lite to me. Give customers a public IPv6 address and an IPv4 address behind CG-NAT for legacy purposes. That is becoming more popular with ISPs globally and I expect DS-Lite to be the future.

With more and more important services becoming available on IPv6 the average user won’t even know they are on DS-Lite.

It will ultimately mean that scarce and valuable IPv4 addresses will be sold to server operators that can’t be behind NAT and need them for legacy customers.

11
1
Silver badge

Finally?

It's worth noting that some Australian ISPs have been offering IPv6 for years, some even to residential customers (e.g. Internode). However, between them the top 25 ISPs still host only 4,248 unique IPv6 addresses...

4
1
WTF?

Re: Finally?

Internode no longer supports IPv6 on the HFC (aka cable TV) NBN as they are simply reselling TPG service there.

1
1
Silver badge

Re: Finally?

Blimey, dogs and cats living together!

1
1

Re: Finally?

I guess I should not be surprised. I just got IPv6 juices flowing at home and I am shortly (yeah right!) blessed with HFC NBN.

Is this a technical limitation of the HFC infrastructure entry/exit points, or just penny pinching TPG style?

1
0
Silver badge

Re: Finally?

as they are simply reselling TPG service there.

As Internode is a subsidary of TPG (TPG bought iinet in 2015 who had previously bought Internode in 2011), is that really surprising?

1
0
Silver badge

Re: Finally?

The surprise for me is in a (or perhaps the) premium ISP reselling a budget ISP's services.

But you're right, it might be a little surprising but not entirely unexpected or unpredictable.

1
0

Re: Finally?

AAISP use TalkTalk as one of their two backhaul carriers, and the customers get an uncontended low latency service. Just because their consumer service is rancid doesn't mean their wholesale offering is.

6
0
Silver badge

Re: Finally?

Yep. talk-talks network is sound.

Indeed, I use talktalk.FTTC as a consumer, and have never had an issue - 7.7ms ping first external hop, and always 8Mb/s. It's BT to the exchange anyway.

Their customer service may be crap, but there's a lot of snobbery against them here.

IP6 would be nice, but the HE broker has been 100% stable for me for years, and having the tunnelling done on the router, the internal network is effectively native ipv6. My first ip6 hop is only 15ms.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018