back to article Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears

Microsoft has scrapped plans to go IPv6-only on one of its internal networks over fears its campus visitors would be unable to use their virtual private networks (VPNs). The decision to mothball a full shift to the new protocol for that particular network was detailed by Microsoft network architect Veronika McKillop on Monday …

  1. Oh Homer
    Paris Hilton

    Catch 22

    1. Nobody uses IPv6 because nobody supports IPv6

    2. Nobody supports IPv6 because nobody uses IPv6

    3. Goto 1

    Seems like we need a compelling reason to switch, some dire emergency, such as running out of IPv4 addresses, for example.

    Oh wait...

    1. Shades

      Re: Catch 22

      "Nobody [...] nobody [...] Nobody [...] nobody"

      Nobody? I'm using IPv6. Well, my ISP is on their network side of the router. My side of the router is still IPv4.

      1. kain preacher Silver badge

        Re: Catch 22

        My router gives me both .

    2. Anonymous Coward
      Anonymous Coward

      Re: Catch 22

      "Seems like we need a compelling reason to switch, some dire emergency, such as running out of IPv4 addresses, for example.

      Oh wait..."

      I remember the same argument being made several years back, but here we still are.

      There was (and maybe still is) a website set up to educate the public aboiut IPV6.

      It was also the first time I read a statement on an official site that said that "you should not expect privacy on the interenet" and gave the ominous warning that said: "In fact, we may be watching you even now" (or something similar)..

      Back then,many sites regarding "hardening" of computers suggested disabling IPV6.

    3. Nanashi

      Re: Catch 22

      We don't need an emergency, we need a deadline. Humans are incapable of responding to open-ended emergencies (see: global warming), but they can cope with deadlines even for the most unimportant crap.

      The problem is that there's nobody in a position to enforce a deadline on the global internet.

      1. Anonymous Coward
        Anonymous Coward

        Re: Catch 22

        A deadline won't work either.

        vSphere 5.5 end-of-general support is tomorrow (19th). You can get extended support but it's intentionally expensive. EoS announcement was a couple of years ago.

        Was recently at a large hospital that still hadn't completed the planning for how they were going to upgrade, never mind actually go do it.

        Not long ago was at a major police force who were still running hundreds of Windows 2003 instances.

        Same in the private sector. Most people work on a 'it's not broke, don't fix'. I wonder how many people upgrades to IOS 12 on day 1?

        Anon, for obvious reasons.

    4. Warm Braw Silver badge

      Re: Catch 22

      running out of IPv4 addresses

      ... has been a compelling emergency for over 20 years now. "Oh, wait" seems to be the problem...

      1. Spazturtle Silver badge

        Re: Catch 22

        Virgin Media will stop giving customers their own IPv4 address when they roll out DOCISS 3.1 and IPv6 (next year?), everyone in the same area will share a single IPv4 address.

        BT have already started rolling out CG-NAT for IPv4.

        People will suddenly start to care a lot more about IPv6 when they get told by customer support "Sorry your internet connection doesn't support online gaming/VOIP/whatever because your connection uses CG-NAT".

        1. Baldrickk Silver badge

          Re: Catch 22

          "Sorry your internet connection doesn't support online gaming/VOIP/whatever because your connection uses CG-NAT".

          Unfortunately, with things like skype going cloudy and not peer to peer, that won't be affected.

          Might have an issue with torrents? IDK, one would assume that someone has been working on a way around that.

          Hosting your own server though, that's the kicker.

          1. doublelayer Silver badge

            Re: Catch 22

            If only the process of getting dedicated IPV6 sections for a single unit were more convenient. I had cause to try to get one, going for one block for an organization rather than getting one from the ISP because we have multiple areas served by different ISPs. I figured we could assign subsections to each area and have a coherent block. Of course, blocks for end-user use are only allocated at /48 blocks, because there is never any way we could run out of addresses if they hand quadrillions to each person who has a reason, but also it turns out to be nye impossible to get an ISP to accept a block that isn't directly from them. So, of course we're using blocks allocated from the ISP themselves, losing any coherence provided by the structure, and making firewall rules (E.G. people from location A may connect to the server at location B, but people from the wide internet cannot) more complex. This happens because we have to know each subnet that the ISP has provided if someone at one place wants to run up something internal, rather than knowing our address section (which, IANA, could be a /96 without causing us any problems whatsoever). I think they might have constructed that a bit better.

  2. Anonymous Coward
    Anonymous Coward

    Welcome to the real world, MS

    "Unfortunately, we had to stop this work because we came across something that the previous internal testing had not uncovered," she revealed. "A team member attended a conference where internet access was provided as IPv6-only and 99 per cent of attendees could not get their VPN clients to connect on this network."

    What bubble do MS developers work in that they wouldn't know that many (most?) commercial VPNs are IPv4-only?

    1. ITS Retired

      Re: Welcome to the real world, MS

      Microsoft has an arrogance problem. They think if they want, or did something, everyone else will just fall in line.

      They need to answer their outside phones and read their outside e-mails for clues that they might be having problems that they don't recognize as such.

      1. Anonymous Coward
        Anonymous Coward

        @ITS Retired - Re: Welcome to the real world, MS

        Yep! Just like those who designed IPv6.

        1. Nanashi

          Re: @ITS Retired - Welcome to the real world, MS

          If the people who designed v6 answered their outside phones, they'd spend all their time talking to crackpots and people who don't understand what they're on about.

          v6 is already designed about as well as it can be given the constraints it's working under: it works almost exactly the same as v4 does (the two changes I can think of being SLAAC and NDP instead of ARP for neighbor discovery, both pretty simple things), and it's as backwards compatible with v4 as it is possible to be.

          If you think I'm wrong about that last one, all you need to do is respond and tell me how, exactly, you'd make v6 have better backwards compatibility than it does. And I suspect you'll end up demonstrating my first paragraph.

          1. Warm Braw Silver badge

            Re: @ITS Retired - Welcome to the real world, MS

            it's as backwards compatible with v4 as it is possible to be

            One of the interesting (if now entirely academic) lessons of the DECnet Phase V debacle is that technical backwards compatibility per se turned out not to be a major driver of take-up. Phase V implementations supported both Phase IV and Phase V, allowed local subnetworks and the interconnecting backbone to be in different phases and provided triggers that could automatically flip parts of the network over as migration proceeded. It ought to have been a trivial exercise.

            However, by the time it was deployed, Phase IV addresses had already run out in the networks at which Phase V was targeted and proxy servers (a kind of alternative to NAT) were in widespread use. Unpicking those turned out to be more complicated than transitioning the core network and it turned out that migrating to IP wasn't a great deal harder.

            The saving grace for IPv6 is that there isn't any obvious alternative, apart from more NAT, so perhaps we might get there eventually.

            1. Anonymous Coward
              Anonymous Coward

              @Warm Braw - Re: @ITS Retired - Welcome to the real world, MS

              You forgot to mention IPv4 inside and IPv6 outside with a translation gateway in-between. This will allow IPv4 to move into the next millennium. Smoothly.

          2. Jamie Jones Silver badge
            Facepalm

            Re: @ITS Retired - Welcome to the real world, MS

            Nanashi wrote:

            If the people who designed v6 answered their outside phones, they'd spend all their time talking to crackpots and people who don't understand what they're on about.

            And once those people who don't understand have got off the phone, they then proceed to El Reg to downvote those who do know what they're on about, because apparently there's an anti-ipv6 cult around here that prefers to hear comments that align with their world-view rather than actual facts...

            1. Charles 9 Silver badge

              Re: @ITS Retired - Welcome to the real world, MS

              It's like what you see in American politics these days. It's all "I Reject Your Reality And Substitute My Own."

          3. Nanashi

            Re: @ITS Retired - Welcome to the real world, MS

            So, it's been 11 days since I could bring myself to check the comments here, and I see that lots of people managed to downvote me but nobody managed to tell me how to make v6 more backwards compatible. I think that makes my point, no?

            (I didn't forget to mention "v4 on the inside, v6 on the outside and NAT between". I didn't mention it because it doesn't work. That said, even if it did work it wouldn't require any changes to v6, so it wouldn't be a way of improving v6's design.)

      2. bazza Silver badge

        Re: Welcome to the real world, MS

        @ITS Retired,

        Microsoft has an arrogance problem. They think if they want, or did something, everyone else will just fall in line.

        That seems unnecessarily uncharitable in this instance. It's not like they're making Windows itself IPv6 only, or any of its services. They're just trying to roll out IPV6 on its own campus and finding it very hard. OK, they may have been slow to the party in that regard, but it's not like they're the very last.

        So really we should be grateful that they're sharing their experience doing this because that helps us all appreciate the difficulties, and what might be done about them.

    2. Yes Me Silver badge

      Re: Welcome to the real world, MS

      Well, I suspect that the IPv6-only network where they made this great discovery was the one at IETF meeting 100 in Singapore last November, where IPv4 support was switched off experimentally during some sessions (but a NAT64/DNS64 service was available to reach IPv4-only sites). It was expected and observed that many corporate VPNs were broken by this.

      1. Christian Berger Silver badge

        Re: Welcome to the real world, MS

        Well NAT64/DNS64 is just as broken as IPv4 NAT, but people have not yet adapted to it.

  3. katrinab Silver badge
    Facepalm

    It’s not going to happen

    If people haven’t rolled out a 25 year old technology yet, they never will. This is around the same time that Tim Berners Lee introduced the World Wide Web, and Microsoft introduced Windows NT.

    1. Yes Me Silver badge

      Re: It’s not going to happen

      Sorry to disillusion you, but IPv6 is rolling out in a pretty big way these days. On account of we've run out of IPv4 addresses.

      The story is about trying to run an IPv6-only network, as opposed to a dual stack network. And what it shows is that it's still premature to run IPv6-only on a general purpose BYOD network. Dual stack is a very robust solution. NAT64 is brittle. That shouldn't be news to anyone.

      1. Roland6 Silver badge

        Re: It’s not going to happen

        >That shouldn't be news to anyone.

        Whilst I agree that MS (and others) should be applauded for attempting to trialing IPv6 only networks, to see what breaks and then telling everyone about it, I dsagree about this not being (tech) news.

        I remember back in the late 80's and early 90's, government ITT's all included requirements around a vendors commitment to Open Systems and OSI. Naturally, we all responded positively about our commitment etc. however, not once was I cross-examined on just what this meant in practice. I suggest what we are seeing here is a company trying to put things into practice and discovering environmental gotchas...

        I therefore suggest the lesson here is that if you are using a VPN solution, the time has now come when you need to get vendors to demonstrate their currently shipping products capabilities to support dynamic usage of IPv4, dual stack and pure play IPv6 (yes my dual stack client should be able to use a VPN product over whichever protocol stack is available to it, which will almost certainly vary between hotspots (eg. Office, Underground, Station Cafe, Train, .Home). I suspect that, prior to this news story, no one was actually testing the real-world IPv6 capabilities of VPN products...

        1. Charles 9 Silver badge

          Re: It’s not going to happen

          "I therefore suggest the lesson here is that if you are using a VPN solution, the time has now come when you need to get vendors to demonstrate their currently shipping products capabilities to support dynamic usage of IPv4, dual stack and pure play IPv6"

          Many VPN providers refuse to touch IPv6 with a ten-foot-pole at the clients' request because they feel it's too much of a security risk, particularly for those clients who are using VPNs to work around "problems" such that just ONE slip and the game's up.

      2. katrinab Silver badge

        Re: It’s not going to happen

        Can you explain the benefits of a dual-stack network over an IPv4 only network? You still have to find an IPv4 address either way.

        1. Danny 14 Silver badge

          Re: It’s not going to happen

          Dual stack is important if you want to chat with ipv6 cleanly. It saves having to go to brokers and so forth. It is also stupidly easy as any reasonable firewall will support 4 and 6. Even windows will let you have a 4 and 6 IP address.

          1. katrinab Silver badge

            Re: It’s not going to happen

            Why would I want to chat with IPv6 cleanly, or indeed at all, given that everything is available on IPv4?

            1. SImon Hobson Silver badge

              Re: It’s not going to happen

              everything is available on IPv4

              But it isn't. Most things are on IPv4, but there are some IPv6 only things out there, and over time they will get to be more numerous. At some point you will find that you want to access something that can only be accessed over IPv6, and if you are in the "why bother with IPv6 at all" camp then you'll be disappointed.

              At the moment that is a small risk. But there are already hosting outfits that will by default give you a shedload of IPv6 addresses - but charge extra (per address) if you want IPv4. Some ISPs are now waking up to the fact that it's getting more expensive to keep IPv4 going - many will no longer give you a public IP of your own because they don't have enough and they either can't get more or they are too expensive.

              And once you are behind CG-NAT then you no longer have the freedom to forward ports as you want. Good luck torrenting or doing anything else that's peer-peer then.

              TL;DR version. We're not there yet, but eventually there WILL be something you need IPv6 to access - and it'll be a lot easier and less hassle using real IPv6 than some bastardised workaround to fudge access from your IPv4 address.

              1. Charles 9 Silver badge

                Re: It’s not going to happen

                "We're not there yet, but eventually there WILL be something you need IPv6 to access - and it'll be a lot easier and less hassle using real IPv6 than some bastardised workaround to fudge access from your IPv4 address."

                OR businesses will just pony up for the IPv4 addresses to STAY in business. Put it this way. Everyone's in the existing marketplace, and there's no compelling reason to move to the new one as storefronts will just pony up whatever it takes to stay in the old market where all the customers are.

                Plus Internet traffic has evolved to work around even CG-NAT. Push solutions mean port forwarding is less of an issue (besides, most ISPs discourage home server use), and most consumer services like Skype and online gaming have servers that can be reached even through CG-NATs because things like "servers" are too geeky for consumers to grok.

              2. katrinab Silver badge

                Re: It’s not going to happen

                25 years ago, when IPv6 first came out, I had an Amiga 4000. That has long since been retired. Is there any guarantee that it will reach big-time within the lifespan of my current equipment.

                Other than a spinning logo on an IPv6 test website, can you name anything that is currently IPv6 only?

              3. JohnG Silver badge

                Re: It’s not going to happen

                "Most things are on IPv4, but there are some IPv6 only things out there..."

                Like what? Nobody is going to put their stuff only on IPv6, except those trying to make a point about using IPv6, for the simple reason that they don't want to risk being invisible to the majority of Internet users. And until there are enough useful things only available on IPv6, very few people are going to bother with IPv6.

                The majority of Internet users wouldn't care about not having a unique IPv4 address, even if the issue were explained to them.

                1. katrinab Silver badge

                  Re: It’s not going to happen

                  Actually, I think most internet users would prefer *not* to have a unique address.

  4. vtcodger Silver badge

    Two questions if I may

    "And yes, yes, yes, before you point it out, The Register is still not IPv6 compatible either. We're working on it. Really. "

    1. Why are you working on it? What benefit(s) do you expect?

    2. If IPv6 is such an easy, natural option, what's preventing the Register from rolling it out tomorrow?

    1. redpawn Silver badge

      Re: Two questions if I may

      1. Natural things grow at their own pace.

      2. The IPv6 seed might need to have its outer coating scored or scorched before it will sprout.

      1. navidier

        Re: Two questions if I may

        @redpawn

        > 2. The IPv6 seed might need to have its outer coating scored or scorched before it will sprout.

        I see you've tried to grow lychee from seed too. I've further found that the seedlings need to be constantly kept moist or they die the instant they dry out. Please feel free to extend this factoid to your analogy.

    2. Yes Me Silver badge

      Re: Two questions if I may

      1. The benefit is improved access for users (such as millions of smartphone users) that have native IPv6 support that is actually faster than their translated IPv4 support.

      2. I don't know what their hold up is. Many sites get IPv6 by simply asking their CDN provider to switch it on. But at least where I sit, El Reg doesn't seem to use a CDN. So maybe it's their server load balancer that can't handle IPv6. Most of them can.

      1. Dabbb Bronze badge

        Re: Two questions if I may

        My Vodafone Australia gives me both IP addresses but phone prefers to use IPv6 whenever possible. Which results in total inability to download anything from Play Market while on 4G connection. The only way around it when phone is not on IPv4 Wifi connection is to use IPv4 only VPN. That how good it works in real world.

        1. kain preacher Silver badge

          Re: Two questions if I may

          That's weird I have no Issues with google play on IPv6.

      2. Nanashi

        Re: Two questions if I may

        They are actually behind Cloudflare, which means v6 is just a toggle away. It also means that, with appropriate hosts file entries, you can talk to El Reg over native v6 even without them explicitly enabling it. The last time I tried this, it worked fine except that attempting to post a comment didn't work. The post just disappeared into the aether, and never showed up.

        What did show up, however, was a post from an admin complaining that they had to manually drop my post from the queue.

        I'm guessing some part of the post pipeline can't handle long addresses (e.g. a database with a short VARCHAR column). Cloudflare have a workaround to deal with that though (hashing the v6 address into 240/4) so maybe there's something else that needs the real address (geolocation/spam filtering?). Hard to tell exactly unless they feel like showing up here and telling us.

        As it happens, I do have a way to summon admins...

        1. Giovani Tapini

          Re: Two questions if I may

          summon admins while in a protective circle while chanting latin over a dancing candle? I don't know why my mind would have conjured this image based on your apparent talent of summoning over simply shouting at the next desk for example.

        2. gnarlymarley

          Re: Two questions if I may

          They are actually behind Cloudflare, which means v6 is just a toggle away. It also means that, with appropriate hosts file entries, you can talk to El Reg over native v6 even without them explicitly enabling it. The last time I tried this, it worked fine except that attempting to post a comment didn't work. The post just disappeared into the aether, and never showed up.

          Yes and any properly designed back end will just use any protocol in front of their web server without issues. Why log the IP inside the database post, when there are a few IPv4 providers change addresses using dhcp more than once a day. A system that is properly designed, I.E. uses the username to track anonymous posts and such, should work successfully with the flick of that switch.

          As it stands, SSL and such work the same over both IPv6 and IPv4. Shouldn't be that hard for dual stacking the server.

      3. gnarlymarley

        Re: Two questions if I may

        2. I don't know what their hold up is. Many sites get IPv6 by simply asking their CDN provider to switch it on. But at least where I sit, El Reg doesn't seem to use a CDN. So maybe it's their server load balancer that can't handle IPv6. Most of them can.

        Me neither. If most people's CDN do not support IPv6, they do support the ability to get a tunnel. Took me about ten minutes to set it up and then another two weeks to realize that the concepts behind IPv6 and IPv4 were very similar. IPv6 is really not that hard. And like other folks have mentioned, on cloudflare, it is just the click of a button to enable.

    3. Jamie Jones Silver badge

      Re: Two questions if I may

      One overlooked advantage for companies is user tracking... A users ip6 address is much more likely to be static that their ip4 address, and as providers move to cg-nat, the ip4 address will be even less valuable for tracking purposes.

      Don't tell El Reg that though!

      1. DougS Silver badge

        IPv6 user tracking

        One overlooked advantage for companies is user tracking

        And there you have one of the big reasons I see no rush to adopt IPv6 until I have no choice!

      2. SImon Hobson Silver badge

        Re: Two questions if I may

        A users ip6 address is much more likely to be static that their ip4 address

        The 20th century called and asked for it's Old Wives Tale back.

        "Fixed" IPv6 addresses (aka EUI-64, IIRC) were deprecated years ago for exactly that reason. Now the standard is for devices to generate (multiple) random addresses within the 2^64 address space available to it and to change them over time. Tracking by IPv6 address is impractical.

        You can track by /64 netblock, but then you get no more information than by tracking a network of devices behind a NAT gateway. My IPv4 address is as static as my /64 IPv6 block.

        The staticness of both the IPv4 address and IPv6 allocation is not inherent in either protocol - it's entirely down to the allocation mechanism done by the ISP - in some cases you can request a static IPv4, in some you can only have a dynamic one, in some cases you can only have a static one.

        1. Anonymous Coward
          Anonymous Coward

          "the standard is for devices to generate (multiple) random addresses"

          It's still a pre-small LANs approach. As if all devices are simple clients only connecting to external resources carefully managed by dedicated people, and never servers offering services to others. If you have, for example, a NAS, it can't really generate random addresses and change them over time, because how would you be able to access it? Every time check what damned addresses, in hex, it generated?

          If you want to access your other PCs, should you look every time at what random addresses they got first? What about my router and access points?

          IPv6 wholly underestimated the need to match addresses with a working name resolution mechanism, because you can't really expect people memorize IPv6 addresses, especially when they change.

          IPv6 was designed in an era when people where expected to have a single *client*, which just needed an address to make its calls.

          But now even in small networks you have many devices, and you need something like DHCP+DNS (or anything equivalent), especially when you use VLANs/subnets and simpler resolution methods for network discovery does not work.

          Just, does Android support DHCPv6 now? On the other end, Windows didn't support RDNSS until some recent version of Windows 10. That's because IPv6 instead of being built on clear standards didn't address clear, obvious needs, leaving them to implementations acceptable in 1996 only. And refusing to address them properly and fully later. IMHO SLAAC was a bad idea from the beginning, especially from a management perspective.

          Still, you may want some machines to have static addresses to access them even if the name resolution system doesn't work, and thereby you may also want to avoid to make them visible outside.

          An IPv6 roll out needs a simple way to manage the network, assign addresses and map them to host names automatically. While systems managed by dedicated and skilled people may have little issues, it could become soon a nightmare for smaller systems which doesn't have the required skills available, unless network devices have the required software to make the configuration, and the transition, easy.

          1. SImon Hobson Silver badge

            Re: "the standard is for devices to generate (multiple) random addresses"

            If you have, for example, a NAS, it can't really generate random addresses and change them over time, because how would you be able to access it?

            mDNS ? Also, a device can have many addresses - indeed it is set out in the specs that devices MUST support multiple addresses. So it's quite easy for a device to have static addresses on which it serves up services, and multiple dynamic addresses it uses for outbound connections.

            does Android support DHCPv6 now?

            No, and it probably never will. Politics (as well as technical issues) has resulted in overlap between protocols. DHCP cannot (by design) provide router/routing info to hosts - they have to get that from routers via RAs. The official line is to separate addressing/host management from routing/network management because these are often managed by different groups in large organisation. My feeling is that even where that is the case, the two teams CANNOT work in isolation.

            But the technical reason why Google won't support DHCPv6 in Android is that it doesn't provide a fast method for revoking leases when the network changes. For a mobile device, the network can change rapidly as a device moves around (handoff between cells, switching between mobile and WiFi. With RAs, the network can be quickly reconfigured by sending RAs for the disconnected addresses with a lifetime of zero - with DHCPv6 there's no such easy mechanism. There is a DHCP6 client for Android - but not from Google.

      3. katrinab Silver badge
        Mushroom

        Re: Two questions if I may

        "One overlooked advantage for companies is user tracking"

        That is a disadvantage

  5. WolfFan Silver badge

    He says "We need to start shaming. Shame! Shame! Shame!"

    Really? I never heard of 'Lasse Haugen' before. Why should I, or anyone else, give a damn about his opinion?

    I have IPv6 set up on my home router, as my ISP put in the necessary infrastructure several years ago. I have IPv6 set up on my cellphones; both my cellcos put in the necessary infrastructure years ago. 90+% of my connections on my cellphones and on my home router are IPv4. THERE IS EFFECTIVELY NOTHING TO CONNECT TO. Why should BigCorp (or even El Reg) go to the trouble of setting up IPv6 when no-one, outside of a few neckbeards, give a flying fuck at a rolling donut on the deck of a tanker in a thundering typhoon about IPv6? Setting up IPv6 costs money and takes time. Why do it unless there's a reason? IPv4 appears to be working well enough, and as almost everyone is using IPv4, anyone who goes with IPv6 will have to dual-stack until such a time as enough people move to IPv6 to make it worth while to kill the IPv4 stack. Who's gonna pay for that? Lasse Haugen?

    1. Yes Me Silver badge

      Shame!

      "THERE IS EFFECTIVELY NOTHING TO CONNECT TO"

      You don't use Google or Facebook then. Perhaps that's wise.

      1. WolfFan Silver badge

        Re: Shame!

        I have never had a Facebook account. I used to have a Gmail account. Google got into a hissy fit ‘cause I insisted on using ‘insecure’ (that would non-Google-controlled) metholds of accessing my mail and ‘could not verify that the account belongs to you.” I killed all things Google, down to DNS, on all my systems. Google can bite me.

        1. kain preacher Silver badge

          Re: Shame!

          lets cnn.com IPv6 ,whitehouse.gov, youtube, netflix 12.85 of websites are ipv6

    2. vtcodger Silver badge

      "Really? I never heard of 'Lasse Haugen' before. Why should I, or anyone else, give a damn about his opinion?"

      Indeed, I'm getting on in years and my memory is not what it once was, but I really can't recall when it was that I asked Mr Haugen for advice about how to configure my computer. Or advice on anything else for that matter.

    3. Nanashi

      We need v6 because a) we will lose important internet functionality without it, and b) maintaining v4 is expensive, and is going to get extremely more so if we try to run the internet on it forever.

      But as usual, people can't see past the next quarter when it comes to planning how they're going to spend their money.

    4. Anonymous Coward
      Anonymous Coward

      "only 16.1 per cent of them have IPv6. This is a huge shame!"

      Yes, it shows how shameful the whole IPv6 design and rollout procedures were.

      They aren't still accepting it was designed too early and thereby it didn't take into account consumer networks, SOHO, and even some SMBs needs - networks which didn't exist then. It couldn't envision some security and privacy issues.

      And most of its implementation is handled like IPv4 despite IPv6 being more complex, with very little help from devices software even if it became far more powerful than it was in 1996.

      So no surprise that shame breaks a lot of things - it requires a great deal of work to make it operative, and not everybody has the skills for an easy transition. In turn, less endpoints using it, less reason for even the bigger ones to move.

      Complaining why people don't switch just because it shines more, instead of addressing the issues, it's shameful as well.

    5. Spazturtle Silver badge

      BT have already started to roll out CG-NAT and Virgin Media will soon. We need IPv6 because we have now run out of IPv4 addresses. Soon people on BT or Virgin will not be able to do things like online gaming or VOIP over IPv4 due to the duel NAT of their router and CG-NAT.

      1. Charles 9 Silver badge

        Online gaming and VoIP will just switch to using go-between servers and keep going. That's how P2P and BitTorrent gets around the CG-NAT problem as well.

  6. Time Waster

    IPv5

    I’m going to start pushing IPv5. The crucial difference being 64-bit addresses. These will obviously more or less halve the network overhead, are twice as easy to write / remember, halve memory requirements on network gear and, rather handily fit into current 64-bit CPU artitectures. The one downside being, only 2.5 billion IP address per person on the planet, so we’ll have to be frugal with our IOT devices!

    Just for fun, might as well make it backward compatible with IPv4 (6 can go whistle).

    1. Yes Me Silver badge

      Re: IPv5

      Do you really imagine that people didn't think of that?

      There's no such thing as "backwards compatible" with IPv4. Even if you add one bit to the address, let alone 32 or 96 bits, IPv4-only hosts are unreachable without either a dual stack or an address translator.

      Nit: IPv5 was defined in October 1990, also known as "Experimental Internet Stream Protocol: Version 2."

      1. Pascal Monett Silver badge

        Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

        I really would like an explanation for that. It seems to me (not a network guy) that all you had to do was tack on a specific IP to all 32-bit addresses and that would make them 64-bit by default. Hit a 32-bit router, get rid of the excess. Receive a 32-bit IP, tack the default on again.

        Let's say 10.10.10.10 is that default. Imagine that my IP address is currently 214.31.49.16. So, I click a URL and TCP-IP carries out its task. The packets hit an IPv6 router and my address becomes 10.10.10.10.214.31.49.16 - yep, that's rather long to type. The packets mosey along and hit a 32-bit router, and my IP returns to 214.31.49.16. You can continue this example at your leisure.

        Where's the problem with that ?

        Apart from having to update all the routers, that is.

        1. John Sager

          Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

          So how does a 10.10.10.11.X.X.X.X host fit into that? You still need a NAT64 equivalent. The guys who developed v6 weren't stupid or arrogant. They just realized that a clean break was needed. Dual stack works fine for me. v4 where I have to, v6 where I can, and the latter will grow with time. The next TV I get might even be dual stack, which would be a small advance.

          1. stiine Bronze badge

            Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

            "The guys who developed v6 weren't stupid or arrogant."

            Techically, you are correct, but change that 'or' to an 'and' and the sentence becomes a lie.

        2. Nanashi

          Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

          The explanation is the pigeonhole principle.

          The problem with your suggestion is that it limits you to a range of addresses that's 32 bits in size, and those 32 bits have to map exactly onto the v4 address space. So er... it's just v4, but it won't work with all routers, so computers will still have to ship with and use their v4 stack anyway, so what do you even gain with your suggestion?

        3. Robot W

          Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

          My impression is that most (perhaps all) of the alternative ways to solve the IPv4 upgrade problem have been discussed extensively in IETF over the last decade or so. I'm pretty sure that your suggestion has been considered and already discarded for technical reasons, maybe because it has to retain a global routing table that is bloated with all the v4 entries.

          1. Nanashi

            Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

            I guess you could even argue that we did do something along those lines:

            $ curl -v https://www.theregister.co.uk/ | grep "<title>"

            * Trying 64:ff9b::104.18.225.129...

            * Connected to www.theregister.co.uk (64:ff9b::104.18.225.129) port 443 (#0)

            <title>The Register: Sci/Tech News for the World</title>

            Works fine so long as you have a translator box in your network path. It's outbound only unless you manually configure a port forward*, but then that's how NAT already works so that's hardly a new problem.

            (* This is the part that lets you avoid being restricted to a 32-bit address space. Either you allow connections to be established both ways, which restricts you to 32 bits, or you restrict it to outbound only which allows you to use the full v6 address space.)

        4. Charlie Clark Silver badge

          Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

          The packets hit an IPv6 router and my address becomes 10.10.10.10.214.31.49.16 - yep, that's rather long to type.

          You're basically pushing NAT. If you want to know the problems with that then you might want to talk to some engineers in east Asia who hit the real problems with IPv4 years ago. Europe, and particularly the US, have yet to experience the fun of multiple layers of NAT.

        5. Roland6 Silver badge

          Re: "IPv4-only hosts are unreachable without either a dual stack or an address translator"

          >I really would like an explanation for that. It seems to me (not a network guy) that all you had to do was tack on a specific IP to all 32-bit addresses and that would make them 64-bit by default.

          Back in the early 1990's this was one of the migration scenarios being suggested, namely it had the potential to get IPv4 clients out there that supported 64-bit addresses.

          The issues start to arise when you get a little further down the road and want to implement other protocol updates and/or permit the usage of addresses outside of the IPv4 walled garden. One little issue is protocol dependent applications such as VPN clients; it doesn't matter what you do with respect to address fudging, these applications still have to be aware of the fudges...

          Whilst I do complain that the IETF/IPv6 working group didn't pay sufficient attention to interworking and migration, I do understand and accept the rationale for the dual stack solution, which is something that was quite common back in the 180's and early 1990's as host systems connected to other hosts over a variety of protocol stacks, however, more was needed and still needs to be done to make real the lighting up of the IPv6 stack and get the wholesale migration off IPv4 rolling.

  7. Boohoo4u

    Besides IoT trash... Why do we need IPv6?

    I’ve been hearing “running out of IP Address” for over a decade (2 decades?).

    Seems like most people have worked around the limitations of IPv4...

    1. Yes Me Silver badge

      Re: Why do we need IPv6

      Well, now we have run out of IPv4 addresses, except for a few still available for developing countries. And yes, we've worked around the shortage with NAT, otherwise the Internet would have jammed up ten years ago. But do you really think we should have left our grandchildren with a network limited to 4 billion addresses when we can reasonably expect hundreds of devices per person in the world? What kind of sense would that make?

      1. vtcodger Silver badge

        Re: Why do we need IPv6

        "But do you really think we should have left our grandchildren with a network limited to 4 billion addresses"

        Actually, given the current state of communications security, that's exactly what I think. I do NOT want to spend my life defanging badly designed household utensils that probably shouldn't have a network interface in the first place. It's apparently only a matter of time before my can openers won't open cans if they aren't connected to a network. IPv4 at least makes it hard for them to call their maker and very hard for their maker to cold call them. I think that's good, not bad.

        I also think that communications security is an enormously difficult problem. The current "solutions" are laughable. AFAICS, they mostly just randomly break stuff. I do not expect security to improve very quickly.

        I will give you that the IPv4 addresses are poorly allocated and I'd support a well thought out and realistically implemented program of yanking back portions of the overly generous initial block allocations and making them available to latecomers.

        1. Christian Berger Silver badge

          Re: Why do we need IPv6

          "IPv4 at least makes it hard for them to call their maker and very hard for their maker to cold call them. I think that's good, not bad."

          Yes, but that's largely irrelevant as they'll simply connect to their makers or try their best to circumvent NAT. After all virtually all of those IP-Cameras joining botnets were behind NAT.

          BTW consumer routers with IPv6 support will still block unconfigured connections coming from the outside.

      2. Steve Knox

        Re: Why do we need IPv6

        Why do you believe it's reasonable for hundreds of devices per person to have public IP addresses?

        Seriously. Why more than one public IP per household, and maybe a dozen or so on average per organization?

        1. Nanashi

          Re: Why do we need IPv6

          Seriously. Why more than one public IP per household, and maybe a dozen or so on average per organization?

          Because most people have more than one device, and most organizations have more than a dozen or so devices. I guess we could all use proxies, but I know nobody wants to use those -- they actually want their devices to be connected to the internet, which is what the IPs are for.

          We are not really running out of IP4, only out obviously unallocated IP4.

          No, we're out. We're beyond out, almost nobody has enough addresses and everybody has to spend tons of time and effort trying to stretch what limited address supply they can get their hands on.

          Back in 2011, before IANA ran out, we were going through one /8 per month. Given that demand has only gone up since then, 16 million addresses would be something like a 2 week supply now. If you think DEC's block is going to save v4, then you can think again.

          You can't actually go IP6 only till everyone has IP6.

          Not true. You can certainly do v6 before everybody has v6.

          1. Steve Knox

            Re: Why do we need IPv6

            Seriously. Why more than one public IP per household, and maybe a dozen or so on average per organization?

            Because most people have more than one device, and most organizations have more than a dozen or so devices.

            No.

            Most people do not have eve ONE device which needs to be publicly accessible. That's why most ISPs only provide one IP address per consumer connection; you have to use a NATing router (some ISPs even NAT you again internally). Have you got a consumer-grade WiFi router at home? Then you're almost certainly using NAT and getting private IP addresses for devices on your home network -- probably 192.168.x.x but possibly 10.x.x.x.

            I don't know of any organization which does not use NAT to hide all non-public machines. Yes, you'll need an IP address for your webserver (but not a dedicated one if you use shared hosting), e-mail server (ditto on the shared hosting) and any edge routers you have (except those for private WAN routing) but for most companies that comes to well below a dozen IPs. Those few who need more are likely using the internet to allow tunneling VPN access to or between physical locations. This should average out to, as I said, fewer than a dozen per organization.

            1. doublelayer Silver badge

              Re: Why do we need IPv6

              I can see your point with most households, but there are some who will have publicly-facing devices and may need some more. In some cases, they may have small servers of some type, which could be quite a few. I wouldn't judge them without knowing their use case; they probably have their reasons even if you don't like them.

              As for companies, there are some who use only shared hosting, and there are those who have several IPs for the web server alone. For example, The Register has five addresses for their web servers because there are real advantages that having one would not bring them. The company might have a lot of systems running that need to be public. It would be possible for one system to have the only public IP and direct traffic as needed, but it would be inefficient and a tremendous single point of failure with the capacity to bring down a lot of access should it break. Some of these workarounds are necessary with limited address space, but if more addresses are available, I see no reason giving people the benefit of the doubt that they need a few hundred addresses. Of course, deciding that the logical unit to give each user is a /48 (2^80 addresses) may be going too far in the other direction.

              1. Charles 9 Silver badge

                Re: Why do we need IPv6

                " For example, The Register has five addresses for their web servers because there are real advantages that having one would not bring them."

                What advantages are there to using five different IP addresses versus five ports from one IP?

                1. doublelayer Silver badge

                  Re: Why do we need IPv6

                  For example, if they have five different servers that could work, they don't need to have large load-balancers to handle that case. Five ports on a public IP would mean that there was a theregester.co.uk:443, theregister.co.uk:444, etc. Who is going to type :444 when they don't have to? Nobody. Five servers running internally that are mapped to the same IP takes more networking setup that isn't really necessary. If they have servers in different places, many places can easily direct people to a nearby one, but again, doing that with the same address, while possible, takes more effort than doing it with five distinct ones. If addresses had a good reason to be rare, then I'd have more sympathy with the argument that people are just wasting them and should be better, but there isn't such a reason, as addresses can be made extremely long and extremely plentiful. So go ahead, use a hundred addresses if you have a hundred things at the other end.

                  There are plenty of reasons to dislike IPV6. I agree with most arguments, even the often-attacked hard to remember the addresses argument. However, the argument that four billion addresses should just be enough for a world of seven billion people and millions of companies, including tech companies with a lot of stuff running on them, and that we should just fix the problem of people using too many addresses, seems foolish to me.

      3. Mage Silver badge
        Coffee/keyboard

        Re: Why do we need IPv6

        US Universities, US Corps and US Gov (and to a lesser extent other entities around at the start) have huge allocations of IP, unused or misused. Often 16M per entity. Some entities have inherited blocks from other defunct companies, such as DEC.

        We are not really running out of IP4, only out obviously unallocated IP4.

        You can't actually go IP6 only till everyone has IP6.

        Also there is STILL not proper support for domestic routers. Configuration, security and privacy; is just that the router doesn't implement it all, or am I stupid?

        1. Time Waster

          Re: Why do we need IPv6

          That’s in addition to 240.0.0.0/4 (268 million addresses) “reserved for future use”, in addition to 224.0.0.0/4 (same again) multicast addresses. Given multicast is realistically only usable in highly limited environments (not across the public internet), does this really necessitate a 16th of the total IPv4 address space? As for future use, how is now not the “future”? That’s not even getting into why we need 16 million addresses for localhost (127.0.0.1 is merely the most commonly used from 127.0.0.0/8). I realise many OSes / network devices couldn’t cope with these addresses being publicly routable, but would assume it would be a relatively minor software / firmware upgrade to fix that?

    2. Spazturtle Silver badge

      "I’ve been hearing “running out of IP Address” for over a decade (2 decades?)."

      People have been warning of it for a long time, but we have now reached the point where we have run out. BT are now rolling out CG-NAT and Virgin will be soon. Say goodbye to online gaming and VOIP if your connection uses CG-NAT and the people you are trying to connect to don't have an IPv6 connection.

      1. David Nash Silver badge

        Say goodbye to online gaming and VOIP if your connection uses CG-NAT

        You've said it three times now, so I guess it must be true.

        I have not heard of CG-NAT before but I suppose if people will be prevented from using those types of online services they will have to be told in advance or there will be chaos, especially if they phone the helpline and the helpdesk people don't know the difference and just tell them to turn it off and on again!

        1. SImon Hobson Silver badge

          Re: Say goodbye to online gaming and VOIP if your connection uses CG-NAT

          I have not heard of CG-NAT before but I suppose if people will be prevented from using those types of online services they will have to be told in advance or there will be chaos

          In reality the services will carry on working, as they do now with regular NAT - BUT the reason they work now with regular NAT is because huge amounts of time and money are spent working around the problem. Take VoIP for example ...

          If you have a public IP on your phone then SIP works great - yes I;ve been in that situation. Put it behind NAT and it doesn't work AT ALL without workaroounds of which there are many. I have spent quite a few manhours with my work hat on dealing with just these problems. In the end, it usually ends up with each VoIP service provider spending a shedload of cash on proxy servers - so your phone talks to the procy server and it does the mangling/translation needed to make SIP work. Most users don't see this, but they are paying for it in their bills.

          FTP does NOT work through NAT - so every NAT gateway has to have a helper function that sniffs the FTP traffic and edits the packets en-route to make it work. So more development time to implement that function to work around a broken network.

          Gaming, ditto - so you end up having to use external proxies or servers as peer-peer isn't going to work behind CG-NAT.

          And torrenting typically requires you to set up some port forwarding in your router (NAT gateway) and your torrent software has to have a means of figuring out what it's external connection looks like (more development time wasted). With CG-NAT you don't have that ability to do port forwarding, so that's screwed.

          And CG-NAT kit costs your ISP a lot of money, so you are paying extra for your broken network connection !

  8. Joe Montana

    Nothing to connect to?

    I have dual stack here and i'm seeing about 50% of traffic going out via ipv6, mostly to google, facebook and office365...

    Also our VPN went ipv6-only a few years ago (inside the vpn, the endpoint you connect to is still dual stack) - this solved a lot of problems, not least of all the frequent address conflicts when users were trying to connect from networks which used the same internal ipv4 ranges.

  9. Christian Berger Silver badge

    Does that mean they'll bring out an IPv6 stack for Windows?

    Or do they have a NetBIOS share with Trumped Winsock for IPv6?

    1. TechDrone

      Re: Does that mean they'll bring out an IPv6 stack for Windows?

      IPv6 has been supported in the OS since at least Windows 2003 if not earlier.

      Application support was a different matter - AD is fine, DNS supports AAAA records but can't forward to IPv6 hosts and Exchange 2003 hated it. Win 2008 onwards are happy as pi.

  10. Christian Berger Silver badge

    One should note that we had bigger transitions

    I mean IPv4 and IPv6 are different networks, but they share the same infrastructure.

    On the other hand, we have successfully transitioned from ISDN to IPv4. There used to be a time when sending a file meant to dial up a Fritz!Data or Eurofile server and transfer the file that way.

    And yes, some people still use ISDN data calls, and of course phone calls, but that's such a tiny fraction that we went from tunneling IPv4 over ISDN to tunneling ISDN over IPv4.

    We are currently in a similar transition with IPv6. We used to tunnel IPv6 over IPv4, but more and more ISPs now tunnel IPv4 over IPv6, since they need to spend money on NAT for IPv4 anyhow.

  11. Potemkine! Silver badge

    "We need to start shaming. Shame! Shame! Shame!"

    Ashamed because not using IPv6? ROTFL!

    Another guy leaving in a fantasy world.

    1. Anonymous Coward
      Anonymous Coward

      Re: "We need to start shaming. Shame! Shame! Shame!"

      "Ignorant and proud" -- the motto of "The register" anti-ipv6 commentards.

      1. Anonymous Coward
        Anonymous Coward

        @AC - Re: "We need to start shaming. Shame! Shame! Shame!"

        Don't call us ignorant because we're not on the same page with you.

        Please refrain from insulting the Register commentard community. This time I gave you a down-vote but net time I'll click on that "Report abuse" link :).

  12. Charlie Clark Silver badge

    What?

    But it does explain how come Microsoft's main webite – Microsoft.com – is not IPv6 only.

    It has nothing to do with that. And websites don't need to and shouldn't be IPv6 only. IPv6 should be, as indeed IPv4 is, invisible to the vast majority of users.

    I read the article as indicating that several vendors still have work to do and now have an added incentive to get IPv6 support working. Wouldn't surprise me if the switch to IPv6 only at Microsoft happens within the next year.

    PS. Chrome UX Report provides more representative global data, Alexa has a heavy US bias.

    1. Len Silver badge
      Happy

      Re: What?

      That the Microsoft.com website should be IPv6-only is obviously a mistake or a typo. That doesn't make sense.

      The rest of the article, however, is not about the microsoft.com website but about Microsoft's internal network. MS would certainly not be the first company going IPv6-only on their internal network. Facebook famously went IPv6-only years ago. Only their edge servers are still Dual Stack. It saved their engineers having to cater to two IP versions with extra testing, troubleshooting etc. Facebook: IPv6 Is a Real-World Big Deal

      We are doing the same, though were obviously much smaller than FB. We had the luxury of starting from scratch last year so choose not to use IPv4 anywhere on our systems. The only dual stack servers are the web servers. The entire backend from database and authentication to storage and logging is IPv6-only. Nobody here needs to spend time worrying about two stacks, interoperability or future legacy headaches.

  13. Velv Silver badge
    Childcatcher

    Broken

    As the old saying goes, if it ain’t broken, don’t fix it.

    And let’s be honest, for the vast majority of internet “users” (individuals and companies), nothing is as yet broken. It all still works. Quite reliably in most cases. Until the price of operating in an IPv4 world becomes more expensive than an IPv6 there not much incentive to move (future doom doesn’t normally impact this years bottom line).

    #DevilsAdvocate

    1. Zippy´s Sausage Factory
      Devil

      Re: Broken

      I'd actually go a little bit further as #DevilsAdvocate:

      The fact that we've had so long to adopt IPv6 suggests, to me, that it just isn't going to happen. Nobody seems to be interested because the actual benefits of it don't seem to be being communicated to people.

      Yes, there are sites explaining it, but for all practical purposes nobody really cares how their iPhone connects to the Internet, and why should they? IP6 isn't going to be the selling point that makes someone spend an extra 50 quid on a new phone.

      It's done. Give up. We live in an IP4 world, and always will. Get used to it.

      Of course, I don't actually believe that, I'm just unable to come up with any arguments to refute it...

    2. SImon Hobson Silver badge

      Re: Broken

      if it ain’t broken, don’t fix it

      But it is broken, has been for a long time and it needs fixing.

      Until the price of operating in an IPv4 world becomes more expensive than an IPv6

      Which is already happening. There are hosting providers that include IPv6 with the package, but IPv4 is extra. When ISPs deploy CG-NAT which most are going to have to do sooner or later, that costs a lot of money which goes onto your bills.

      ISPs with any sense ARE pushing users to IPv6 because they know that it reduces the amount of IPv4 traffic - and that means less load on the CG-NAT gateways they are going to have to use, and that means less expense installing and running them.

      IPv4 will be around for a looooooooong time yet, but IPv6 is here to stay. The things is, people are saying that "most users" don't need IPv6 as IPv4 (even with NAT or CG-NAT) works for them. But those same users can be shifted to IPv6 (or dual stack) when they ISP upgrades the supplied router and things "just work" for them - just faster and at lower cost.

      1. Charles 9 Silver badge

        Re: Broken

        "But it is broken, has been for a long time and it needs fixing."

        It ain't broken unless I can't connect to El Reg or any other ordinary website. To the average Joe, THAT'S the definition of "broken".

        "ISPs with any sense ARE pushing users to IPv6 because they know that it reduces the amount of IPv4 traffic - and that means less load on the CG-NAT gateways they are going to have to use, and that means less expense installing and running them."

        But if they already have the machinery, and the bandwidth is going to be used either way, why do they care given the costs are already sunk and it keeps them having access to all those IPv4-ONLY customers?

  14. Paul

    Microsoft Presentation about their journey to IPv6 on youtube

    https://www.youtube.com/watch?v=iFvaqpW4vLA

  15. ZeroSum

    T-Mobile US has IPv6-only access

    Microsoft should support 464XLAT in Windows like they already to in the mobile version of it.

    T-Mobile US has avoided major problems with VPNs. But then Android includes a 464XLAT and Apple iOS requires all Apps to work in an IPv6-only NAT64/DNS64 environment.

  16. anothersysadmin

    There are sites like bgp.he.net informing ranges and IP in v4 and v6. Here can be seen who did their homework and who has poor planning.

    My college has a /19 given in '94 (every wifi AP receives public IP), my current ISP has 10 million if IPv4, although has 3M of clients. They can be calm for another 20 years.

    On the other side, who implemented CG-NAT and IPv6. An ISP that has 600 K IPv4.

    See the facts. You are not responsible for the poor forecast of an ISP.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019