back to article Worst. Birthday. Ever. IPv6's party falls flat

Last week saw celebration in the IPv6 community this week – not because adoption is finally really taking off, but because, umm, look, something must have happened, right? Well, yes, kind of: in spite of first being authored in 1999, IPv6 lay fallow for more than a decade, even though we all knew the world would run out of …

  1. razorfishsl

    The issue is the ISP's

    many still do NOT supply IPv6 for the last /first leg of the journey.

    If they sorted that out, then the uptake would be a lot faster.

    1. Yes Me Silver badge

      The issue is not only the ISPs

      It's service operators of all kinds (Vulture Central, I'm talking to you) that should have switched to dual stack years ago. The large ISPs and the CDNs are all there, but the small ones need an incentive, and that would be: zillions of web sites that work as well or better in v6.

      But no need to sneer, progress continues, and we will get there. Just a bit later than originally hoped.

    2. Pascal Monett Silver badge

      Well, in all honesty, there may be no more IPv4 addresses to give out, but the ones that ISPs already have are not going to wear out, now are they ?

      I think that, the troubles that IPv6 impose, plus the simple rule of if it's not broken, don't fix it, explain why IPv6 uptake is not the star-studded cakewalk some engineers thought it would be.

      1. Lee D Silver badge

        Then treat IPv6 as a separate network entirely. You don't have to touch, fix, fiddle or break your existing systems whatsoever. Just present an IPv6 interface and push that separately (NAT) as it it was coming from one of your own spare external IPv4's.

        75% of mobile users coming in over IPv6 is significant. 20% of Google searches too, if you read their own stats. Because 4G etc. specify IPv6 support as a requirement.

        ISP's will run out of addresses. Think: Are there going to be more people in the world tomorrow, or less? More online, or less? More devices they own online, or less? Eventually they will run out and I assure you that moving your whole ISP to a NAT configuration while simultaneously trying to get new customers on-board without enough address space is a world of hurt compared to making your IPv6 testing plans go live.

        It's all excuses, from what I see. "Because we don't have to yet" just stinks of poor planning. Imagine if they said that about Apache upgrades, HTML5 support, SSL cipher upgrades, etc.

        1. Anonymous Coward
          Anonymous Coward

          Imagine if they said that about Apache upgrades, HTML5 support, SSL cipher upgrades, etc.

          Thye do, believe me!

    3. TheVogon

      Virgin media finally kicked off a trial of ipv6 this week. Things are moving slowly forward. Very slowly, but they are moving.

    4. WolfFan Silver badge

      The issue is the ISP's

      many still do NOT supply IPv6 for the last /first leg of the journey.

      If they sorted that out, then the uptake would be a lot faster.

      Err... No. The problem is that there's no there there. My ISP has had IPv6 available for years. Almost all of my connections are still IPv4, because very little out there runs IPv6. I have cell service from multiple telcos; they all have IPv6. And they all tunnel back to IPv4 because, again, very little out there runs IPv6.

      1. bombastic bob Silver badge
        Facepalm

        very little out there runs IPv6 ?

        "very little out there runs IPv6"

        you wouldn't mind explaining that, would you? I don't think that means what you think it means.

        a) All Windows versions beginning with XP are capable of doing IPv6. W7 made it a bit more sane.

        b) Many (if not all) Linux distros appear to be configured for IPv6 out of the box

        c) some old NAT routers seem to have problems doing it right but this could be fixed with firmware updates

        d) free IPv6 tunnels are available for when ISPs don't support IPv6 [some may work better if you have a fixed IPv4, however, and may require a bit of technical expertise to set up]

        The uptake problem does seem to be at the 'last mile' or 'first mile' (whichever). What _I_ believe is that it's related to ISPs not wanting to SUPPORT it.

        There are a LOT of open ports on windows boxen that would be "on a public IPv6" if it were adopted by ISPs. They need to get those PROMISCUOUS WINDOWS BOXEN under control somehow. A normal NAT won't do it. They don't want the responsibility (not even REMOTELY being responsible) for unleashing all of this. So they drag their feet, make "hmmm" noises and do NOTHING.

        The fix: Tell MICRO-SHAFT to FIX THEIR CRAP and stop listening on ALL IP addresses with their LOCAL services [they should ONLY be listening on LOCALHOST, but NOOooooo... can't do THAT, it requires one or two EXTRA lines of code to make THAT happen...]

        1. Nanashi

          Re: very little out there runs IPv6 ?

          "There are a LOT of open ports on windows boxen that would be "on a public IPv6" if it were adopted by ISPs."

          No, not really. ISPs doing v6 do so by shipping v6-capable routers with firewalls to their customers. Also, Windows itself ships with a firewall that blocks these connections as well. So that's TWO firewalls blocking any inbound connections to those ports.

          I really wish we could stop perpetuating this "no NAT means you're wide open" meme.

        2. WolfFan Silver badge

          Re: very little out there runs IPv6 ?

          "very little out there runs IPv6"

          you wouldn't mind explaining that, would you? I don't think that means what you think it means.

          I mean that very few sites out there are on IPv6, and almost all of those are on both IPv4 and IPv6. And the ones which are only on IPv6 are almost all sites that I have no interest in. That means, simply, that there is very little point to having IPv6 until there is something to go to. Something that John Public wants/needs. If there was something like that available, then more people would be interested. As it is, because there is no there there, no-one cares. Amazon, for example, appears to be available over IPv6, but it doesn't matter because they're also on IPv4 and it's a lot easier to connect to their IPv4 addresses. It's a lot easier to do that even from a cell phone connected to the telco via IPv6, as the telco will tunnel to IPv4... because there are so few sites on IPv6 that if they didn't do that, they'd have a problem with their users.

          The fix: Tell MICRO-SHAFT to FIX THEIR CRAP and stop listening on ALL IP addresses with their LOCAL services [they should ONLY be listening on LOCALHOST, but NOOooooo... can't do THAT, it requires one or two EXTRA lines of code to make THAT happen...]

          You seem to be obsessed with Microsoft for some reason. Unfortunately for your position, I have multiple devices which are NOT running any Microsoft O/S. I have Macs. I have Linux systems. I have iPhones. I have iPads. The routers on both the home and office networks have nothing to do with Windows. If Microsoft disappeared tomorrow it would not affect my use of IPv6 in the least.

          1. Nanashi

            Re: very little out there runs IPv6 ?

            If you checked, you'd probably actually find that a decent percentage of your traffic is v6. I've seen stats from a few dual-stacked ISPs (from a few years ago, even), and it's common for around 50% of their traffic to be v6.

            That's 50% of their traffic that doesn't need to go via CGNAT, which means less money spent on CGNAT hardware -- money which ultimately would need to come from their paying customers. There's also often a small latency advantage to v6, so that's a nice benefit too.

            Obviously there's a big difference between "percentage of traffic" and "percentage of websites", but just because one of them is lower than the other doesn't mean that there are no benefits.

        3. bdg2

          Re: very little out there runs IPv6 ?

          Just as nobody with any sense would connect a Windows PC directly to an IPv4 modem that connects directly to the IPv4 internet you're not supposed to just put a Windows PC directly on the IPv6 internet, you're supposed to have a firewall which provides exactly the same security on IPv6 as an IPv4 NAT does on the IPv4 internet.

  2. Tannin

    Sad isn't it.

    19 years old and still no-one wants to kiss her.

    IPv6: Vista for networks.

    1. Adam 52 Silver badge

      Re: Sad isn't it.

      Except it's not 19 years old. It's 11 months old. The intervening period has been filled with tweaks and changes, the net result being a hodgepodge of mostly compatible but slightly broken implementations.

  3. Long John Brass
    Mushroom

    Who in their right mind wants cloud based...

    There is no way in hell I would trust my DSL router running in the cloud. The only reason I can see for this is the ISPs want more control over what flows to and from my home network.

    Hell no, no way, fuck off. I'm keeping my edge router exactly where it is thank you. You can stick your DSL routing up your "cloud" if you like; But I say what goes in my network!

    1. Ken Hagan Gold badge

      Re: Who in their right mind wants cloud based...

      "The only reason I can see for this is the ISPs want more control over what flows to and from my home network."

      If they want that, they already control the other end of the wire.

      I'm with you all the way on the "Hell no, no way, fuck off." bit, but I'm struggling to see the attraction of this product. It doesn't relieve us of the need to update firmware on our router from time to time, because there will still be some device or other at the consumer end of the wire and that device is going to have something running on it and that means occasional bugs and the need for patches. It doesn't even save money, since the only part that is different from a normal router is the CPU and the price difference between some tiny micro-controller and a CPU beefy enough to run Linux is, well, close to zero and falling with every year.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who in their right mind wants cloud based...

      As soon as you have killed net neutrality, and let ISP slurp, being able to control everything at the ISP side simplifies everything a lot. Also, the less you're able to block telemetry at your endpoint, the more data can be slurped. Power users will of course put a powerful firewall just behind Cisco CrapRouter (tm), but many won't.

    3. Lee D Silver badge

      Re: Who in their right mind wants cloud based...

      To be honest, I'd be quite happy to have something upstream that allows me to control incoming traffic.

      You'll always need equipment on the premises doing the basics, but how nice would it be to be able to ensure that even if someone gets in your network, hacks your router, etc. that you have another line of defence in the form of, say, just a basic firewall in the cloud? It would help against DDoS, too. Tell the upstream system to not send that junk down to your own line before it can even affect you. Block SMTP ports at the border, or even "all outgoing SMTP that doesn't use the ISP server" or similar (so even if you're hacked, people can't send out email from your router). Block UPnP and recent attacks before they hit your home router, etc.

      I think it's a service from an ISP that I would pay for... especially if it used just a brand-name firewall (i.e. host a virtual instance of Smoothwall which lets me configure it as front-end to my connection) and allow you to keep stats on everything as such things do... so you can work out that most of your incoming stuff is for YouTube or whatever. I imagine some high-end places do this for you already, in fact.

      If you're worried about your ISP snooping, then you should be treating every packet to them as untrusted anyway, so it wouldn't make any difference. But I remember PlusNet, back in their proper techy days, would block your web if they detected open port 139 traffic, to warn you that you were filesharing to the world. They obviously had systems on their end, and then you just needed to sign in and tick the "Yes, I know this is stupid" page if you actually wanted that. Same idea, just customer-accessible. I can remember thinking at the time "if only I could use that myself to block all the junk that comes down the line before it actually does", back in the early ADSL days.

      Hell, if it were a Smoothwall-like appliance, I'd quite like to set it up to warn me about usage during the day, particular alerts (IPS etc.), reverse proxying, etc. before they get to send packets down my home connection.

    4. bombastic bob Silver badge
      Devil

      Re: Who in their right mind wants cloud based...

      run the DSL modem "bridged" and manage the IPv4/v6 stuff with a FreeBSD or Linux machine. Then YOU have complete control, and if you ever want to wireshark "teh intarwebs" you can do it! Well, for everything on YOUR network, at any rate...

      (then you can see for REAL what kind of slurping Win-10-nic is doing)

    5. Anonymous Coward
      Anonymous Coward

      Re: Who in their right mind wants cloud based...

      mis-reporting by El Reg. Cisco's cloud-based CMTS isn't about running CPE in the cloud. It's about running the CMTS (the thing at the cable SP that your CPE talks to) in the cloud.

    6. bdg2

      Re: Who in their right mind wants cloud based...

      I don't understand what you mean. Please explain.

  4. DCFusor

    Follow the $

    As usual, and the given reason "we'll have to upgrade our capex stuff" isn't the only or even the main one. Once there are IP addresses to burn, some significant revenue streams go away - like charging you to own a fixed one for example (my ISP wants > $5/mo to give me a fixed IP on DSL) - not counting domain registration, which might open up a bit too...

    And anyone who handles money knows a stream beats an amount any time - and over time a drip fills or empties an ocean.

    On the other hand, NAT with non routable addresses inside the LAN has shown to be a good thing, in particular when port forwarding is not enabled. DDNS still works...and attacks are a lot less then for those directly on the 'net.

    1. Ken Hagan Gold badge

      Re: Follow the $

      "my ISP wants > $5/mo to give me a fixed IP on DSL"

      That doesn't change under IPv6.

      Over DSL, your connection is always on and so your ISP has to bear the cost of an IP address permanently allocated to you. It might as well be static (since that makes like easier for their DHCP server and router tables), but if they change it every month on a normal service, they can sting you for $5 to "just not do that". Some folks will pay.

      Under IPv6, expect some "enterprising" ISP to come up with the idea of changing your /48 every month unless you pay them a fee. IPv6 supports renumbering networks like this, so it wouldn't be technically difficult and, as before, some folks will pay.

      1. simpfeld

        Re: Follow the $

        Yeah that is really annoying. There is really no excuse not to statically allocate IPv6 prefixes to home users.

        A quarter star to Sky and BT that at least to sticky allocation, you will always get the same one if you don't release it.

        This is just ISP's desperate to hold onto the static allocation extra cash of IPv4 they have got used to with their small business/enterprise products.

        Sadly the protocol designers in their ivory towers mostly seemed to assume getting static allocation. It does all work just isn't very clean if it changes. They obviously didn't see how money grabbing some ISP's can be.

        An example of the hassle with this is for LAN servers that you'd like to be static. Even if you use private addresses (ULA) internally, I don't know of any host (OS) that you can say I want to statically allocate my ULA prefix but my global (Internet addresses) prefixes should be got from NDP (as it has to be as it can change, see money grabbing ISP). This means that my server coming up is now dependant on my NDP server(router) being up, not so great for reliability (or rebooting things when your router is down, or when everything is rebooting (after a power outage)).

        1. Steve the Cynic

          Re: Follow the $

          Yeah that is really annoying. There is really no excuse not to statically allocate IPv6 prefixes to home users.

          I'm on Orange (France) fibre, and I have a /56 that hasn't changed once in the more than 18 months that I've had the service. The public IPv4 has changed several times after Livebox reboots, but the IPv6 prefix is the same as it ever was. It basically just works.

          1. tip pc Silver badge

            Re: Follow the $

            I'm on Orange (France) fibre, and I have a /56 that hasn't changed once in the more than 18 months that I've had the service. The public IPv4 has changed several times after Livebox reboots, but the IPv6 prefix is the same as it ever was. It basically just works.

            I'm on VM in the UK and my IP hasn't changed in ~ 3 years despite reboots etc. 1 reason is because of the rationality of IP's in providers networks. Its also how you can be geolocated to at least your town or region, (or rather your ISP's closest address range to you) by your IP. Your routers DG is on your ISP's kit and your more than likely allocated 1 IP in a huge contiguous block designed to serve all your ISP's customers in your geographic area. It will be a huge issue to allocate you an address from Brighton if you lived in Crewe if you where part of a huge ISP like Sky or VM. Its much easier to do that if your a Tiny ISP reliant on a national provider to tunnel your connection across their infrastructure and have a small number of addresses. In other words several people on the same ISP in the same region will have related IP's distinct from the same ISP but a distance away. if the region has enough addresses for the subscriber base its easier to keep the addresses as constant as possible as it makes address capacity management easier to manage.

        2. bombastic bob Silver badge
          Devil

          Re: Follow the $

          "An example of the hassle with this is for LAN servers that you'd like to be static"

          Correct. When I got my tunnel from he.net I had 2 consecutive /64 blocks assigned to me. One of them has the "public face" and the router [on their end] has :1 . The other one is mine to use as I see fit. Both have public visibility. So what I do is use the first one for web services and DNS, and the 2nd is served up using DHCPv6 and so on (I also statically assign a couple of them). All of the computers and devices I've plugged in [or had other people access via my pathetic intarweb connection] seem to work fine with it.

          But it did take a bit of reading and some technical expertise to set it all up.

          It's probably worth pointing out, in a 'Captain Obvious' kind of way, that a /64 is BIGGER than the entire IPv4 address range (by BILLIONS of addresses), and there are NEARLY AS MANY /64 netblocks available for consumption. Think population of the world, squared, and that's kinda the magnitude of it. if they went to smaller allocations that could still include a MAC address [for automatic IPv6 address assignments based on the router info], you'd have even MORE.

          It may not make sense to have permanently assigned FOREVER IPv6 blocks. but it would make sense for an ISP to assign fixed blocks to their customers. IPv6 more or less NEEDS that to work right.

          I expect for now you'd have to type the prefix into an entry box on a router config screen, but there might be a way to automate that process. then the home router would do the DHCPv6 and route-based assignments for the LAN, and we're done!

          1. -tim

            Re: Follow the $

            "It's probably worth pointing out, in a 'Captain Obvious' kind of way, that a /64 is BIGGER than the entire IPv4 address range"

            That is the type of thinking that isn't helping IPv6 rollouts.

            A /64 is the IP equivalent of the class C network in old IPv4 networks. A /64 is ONE network that happens to allow a nearly infinite number of hosts on it. In my talks about IPv6, I tend to describe a /32 as a Class A and a /48 to /56 as a class B. Nearly every host in the world should be on a IPv6 /64.

            1. bdg2

              Re: Follow the $

              A /64 is not just "bigger" than the entire IPv4 internet, youtake the number of IPs in the entire IPv4 internet and square it -- that's the size of a /64. It's really really BIG.

  5. Anonymous Coward
    Anonymous Coward

    In the dystopian future, when our AI overlords have gained sentience and imposed SkyNet on us

    There would be no need for IP addresses. Everyone has a unique biometric IP 'code'. Fixed and only released upon death. Your GPS location, consumption habits and biological health status will be constantly monitored. There is no way to bypass this or 'get off the grid'.

    5G/IoT of 2019-2021 will be that first step.

    1. Anonymous Coward
      Anonymous Coward

      Re: In the dystopian future, when our AI overlords have gained sentience and imposed SkyNet on us

      Your GPS location, consumption habits and biological health status will be constantly monitored.

      Fucking hell no it won't. It will if you let it but the events of the recent months (FaecaeBook and Amazon listening etc) have taught the more technically savvy that you can keep your private life... well private.

      I won't be having any IoT in my home and as for health monitoring... I already know that when the 'Big C' returns again, it will be curtains for me. As I'm already living on borrowed time, I'm sure as hell not going to let some machine tell me what I can't eat and drink.

      As long as there are plugs to pull out and switches to turn off and metal boxes for the electronics, I will rebel against this 24/7 surveilance.

      Yours,

      Grumpy Old Man who is about to tuck into bacon and eggs for brekkie.

      1. Waseem Alkurdi
        Pint

        Re: In the dystopian future, when our AI overlords have gained sentience and imposed SkyNet on us

        First, I'd like to give you a (non-alcoholic) pint ... I really like your post, but I beg to differ:

        Fucking hell no it won't.

        Continuing at this rate, it unfortunately would. Forget GPS for a moment ... what about cell tower triangulation?

        It will if you let it but the events of the recent months (FaecaeBook and Amazon listening etc) have taught the more technically savvy that you can keep your private life... well private.

        Read 1984?

        I won't be having any IoT in my home

        Except if it were done in the name of national security? At least, perhaps, microphones that detect "terrorist"/suicidal/whatever words?

        and as for health monitoring... I already know that when the 'Big C' returns again, it will be curtains for me.

        No, no, you're not allowed to say that! That's suicidal and negative! (/s)

        As I'm already living on borrowed time, I'm sure as hell not going to let some machine tell me what I can't eat and drink.

        I would like to summon the 2005 movie The Island here.

        As long as there are plugs to pull out and switches to turn off and metal boxes for the electronics, I will rebel against this 24/7 surveilance.

        It will be done in the name of Big Brother -or- national security -Big Brother again.

        Rebellion will be against the law, and there you go.

        Yours,

        A cynic, pessimistic Waseem Alkurdi

        1. A Non e-mouse Silver badge
          Joke

          @ Waseem Alkurdi

          You forget to include "Think of the children"

        2. Anonymous Coward
          Anonymous Coward

          Re: The Big C

          Quote

          and as for health monitoring... I already know that when the 'Big C' returns again, it will be curtains for me.

          No, no, you're not allowed to say that! That's suicidal and negative! (/s)

          Yes I effing well can say that. After two lots of Chemo and Radiation, the docs said that if it comes back then there is less than a 10% chance of survival. It is not suicidal and negative. It is the effing truth.

          Yes I saw the /s but you don't mess with Cancer. It takes no prisoners.

    2. TheVogon

      Re: In the dystopian future, when our AI overlords have gained sentience and imposed SkyNet on us

      "Everyone has a unique biometric IP 'code'. Fixed and only released upon death. Your GPS location, consumption habits and biological health status will be constantly monitored. There is no way to bypass this or 'get off the grid'."

      Except of course for those living in the Free Republic of GDPR.

  6. kain preacher

    I'm still waiting on IPv5

    1. This post has been deleted by its author

  7. Multivac

    Lack of commitment

    IPv6 has bumped along for years with nothing really happening, it's been around that long I remember having to learn it for my Solaris networking exams!

    Tell the world that on the 1st of January 2020 IPv4 will stop working.

    Then sit back and watch as everyone panics and sorts their s**t out just like they did for Y2K.

    And on the 2nd of January you can sit bat back and wonder what all the fuss was about while cancelling all the contracts for the "legacy systems" developers you had to hire.

    1. Waseem Alkurdi

      Re: Lack of commitment

      Tabloids listen up:

      EXCLUSIVE: The World is Gonna End on Jan. 1st, 2020!

      1. Anonymous Coward
        Anonymous Coward

        Re: Lack of commitment

        Sometimes I wonder what are those Y2K fearmongers doing now? Have they retired? Are they dead?

        I was still a teenager in the 1990s, but I remember all too well.

        "Are you Y2K ready?“ ad nauseum.

        1. Lee D Silver badge

          Re: Lack of commitment

          Living off fat consultancy cheques and retirement obtained through that exact scaremongering.

        2. Multivac

          Re: Lack of commitment

          The fear mongers were COBAL and Fortran programmers, and most of them had to be brought out of retirement to fix the code, it's safe to say they are all dead now.

          1. Anonymous Coward
            Anonymous Coward

            Re: Lack of commitment

            Actually, the "fearmongers" were mostly in the tabloid press. Oh, and it's COBOL, thanks.

          2. Anonymous Coward
            Anonymous Coward

            Re: Lack of commitment

            t's safe to say they are all dead now.

            Nope, some of us Fortran programmers aren't even retired yet.

          3. bombastic bob Silver badge
            Windows

            Re: Lack of commitment

            @Multivac

            all COBOL and FORTRAN programmers are *DEAD* ? (is THAT what you meant?)

            I think NOT. I've done both, for money even, and I'm still here.

            There is still a lot of scientific stuff out there written in FORTRAN. A couple of years ago I translated some of that into Python by request from a customer. Last year I translated the Python code into C because the Python proof of concept code was grossly inefficient by a factor of 10 or more, compared to C code. I'm sure the FORTRAN code would have run about the same speed as the C code. That's an education for the younguns out there. Don't trash FORTRASH because it's old. Heh.

            (gcc does FORTRAN by the way)

            icon because it looks like an old guy

            1. RyokuMas
              Coat

              Re: Lack of commitment

              "all COBOL and FORTRAN programmers are *DEAD* ? (is THAT what you meant?)"

              Please tell me that I'm not the only one that read this and - because of the way SOMEONE uses CAPS to EMPHASISE normally - read "COBOL" and "FORTRAN" as "cobol" and "fortran"...

        3. Waseem Alkurdi

          Re: Lack of commitment

          Sometimes I wonder what are those Y2K fearmongers doing now? Have they retired? Are they dead?

          They're now GDPR consultants, last I've checked.

        4. Anonymous Coward
          Anonymous Coward

          Re: Lack of commitment

          I was still a teenager in the 1990s, but I remember all too well.

          "Are you Y2K ready?“ ad nauseum.

          I was a programmer, and I remember all too well how much effort we put in for years before, fixing things, so that we were Y2K ready. The fearmongering worked, it's why there was almost no problem.

        5. Phil O'Sophical Silver badge

          Re: Lack of commitment

          I was still a teenager in the 1990s,

          So, are you ready for 19 January 2038?

  8. VinceH
    Coat

    Optional

    FTA: " The “IPv6 Launch Day” that happened on June 6, 2012, was a cross between official switch-on by a bunch of US service providers, and promotional exercise.

    The fifth anniversary brought Vint Cerf out to grouch that the v6 rollout is still too slow, but others wanted to Look on the Bright Side of Life™."

    I've done it! I've somehow invented time travel - and in my sleep! I went to bed in 2018, and woke up in 2017!

    1. Waseem Alkurdi

      Re: Optional

      Wait, what? Are you sure it isn't the other way round?

      1. VinceH

        Re: Optional

        FTA: "The “IPv6 Launch Day” that happened on June 6, 2012, was a cross between official switch-on by a bunch of US service providers, and promotional exercise.

        The fifth anniversary brought Vint Cerf out to grouch that the v6 rollout is still too slow, but others wanted to Look on the Bright Side of Life™."

  9. tim 13

    IPv6 weekly spikes

    Looking at the Facebook IPv6 stats, its interesting to see the weekly spikes, but I can't work out if its weekdays or weekends when there is higher usage. Anyone care to postulate a reason?

    1. Anonymous Coward
      Anonymous Coward

      Re: IPv6 weekly spikes

      Anyone care to postulate a reason?

      Do Russian bots prefer IPv6?

      1. bombastic bob Silver badge
        Unhappy

        Re: IPv6 weekly spikes

        "Anyone care to postulate a reason?"

        "Do Russian bots prefer IPv6?"

        Probably not, unless with all of the EXPOSED PORTS on PUBLIC IPv6 ADDRESSES caused by PROMISCUOUSLY INSECURE Windows boxen (especially "Ape" and Win-10-nic, which add several NEW ports to the number of listening things on 'all adaptors' that don't ever change what port they listen on).

        Such Windows boxen on IPv6 addresses are as bad as an unfirewalled Windows box on a DIALUP, as far as security is concerned.

        And I wouldn't trust any MICRO-SHAFT firewall to block it, either. Not with their SLURP priority.

        So the potential for 'Russian bots' on IPv6 would be AMPLIFIED by the "Promiscuous Insecurity" of Windows machines that have services listening ALL OF THE TIME on ALL IP ADDRESSES on KNOWN PORTS, which would be easy to scan for, and relatively easy to CRACK if a zero-day exploit exists for them.

        here's a list of listening ports (from a 7 box) using 'netstat -a'

        TCP 135, 445, 554, 2869, 3389, 3587, 5357, 10243, 49152, 49153, 49154, 49155, 49156, 49157

        UDP 123, 427, 500, 3540, 3702, 4500, 5004, 5005, 5355, 56409, 56410, 58188, 58189

        All of these are listening on all IPv4 (and IPv6) addresses, meaning that for IPv6, they're publically visible. Unless you SPECIFICALLY firewall them (like me). Being windows boxen, they're vulnerable "out of the box".

        1. Nanashi

          Re: IPv6 weekly spikes

          Being windows boxen, they're vulnerable "out of the box".

          I don't exactly have the best opinion of Windows either, but Windows boxes are not vulnerable in this manner out of the box. They ship with a firewall that blocks connections from off-subnet sources by default. On top of that, ISPs ship routers that also have a firewall that stops connections from even reaching the Windows firewall in the first place.

          On top of that, v6 is really damn big and it's very difficult to find active IPs in it by random port scanning. It takes hundreds of millions of terabytes of traffic to scan a single network (or... attempt to scan, because your scan attempts will be dropped by the border router's firewall anyway), and all of that traffic has to go down your DSL's wet string -- if your wet string was 40 Gbit/s then it'd take nearly 5000 years to do a complete scan of each /64. Even if networks weren't behind firewalls and Windows didn't have its own firewall, it still wouldn't be easy to scan for devices.

          The situation is about as far from "unfirewalled Windows 95 computer on dialup" as you can get. Those Russian bots are going to have a heck of a time finding unprotected v6 targets, unlike in v4 where you can exhaustively enumerate every target just by doing a quick scan of the entire internet.

        2. bdg2

          Re: IPv6 weekly spikes

          If the box that does your IPv4 NAT doesn't automatically by default firewall your IPv6 then REJECT IT, it's not fit for use. The IPv6 firewall should provide the exact equivalent protection on IPv6 that IPv4 NAT does on IPv4, if it doesn't it's not fit for use.

        3. TheVogon

          Re: IPv6 weekly spikes

          If you choose "public" as the network type, as you should if you are on an untrusted network and then scan from a Linux box you will find:

          Target Open TCP Open UDP

          Windows 7, Standalone None None

          Windows 7, Domain Member 135 None

          Windows 10, Standalone None None

          Windows 10, Domain Member 135 None

    2. Nanashi

      Re: IPv6 weekly spikes

      but I can't work out if its weekdays or weekends when there is higher usage

      Strictly speaking, probably neither. v4 usage goes up on work days because people use Facebook from work, where v6 deployment is even worse than at home. More v4 usage combined with similar v6 usage means a lower percentage is v6. The trend is easier to see on Google's stats, since you can get the exact date from them. (Public holidays tend to be very noticeable too.)

    3. bdg2

      Re: IPv6 weekly spikes

      Higher percentage of traffic from mobiles at the weekend maybe??

  10. damian_nz

    The problem with IPv6 is that in today's cloud world majority of web server management falls onto developers. With cloud, docker, kubernets and so on devs no longer have to even think about networking.

    Before that devs were able to get their heads around basic concepts of IPv4 networking and it worked.

    With IPv6 you again start needing more of a network engineer to get the stuff working properly.

    It's why even sites like El Reg haven't converted.

    One of the networks I ran in our business a an IPv6 only network and you quickly notice the huge chunks of internet that are missing. One of the most confusing situations is Google with its services and its Android. You can get all Google's online services using IPv6 only. But Android refuses to work in IPv6 only mode. Again this is likely because developers are responsible for it in most parts, not network engineers.

    Despite all bad things people say about IPv6 the world is rather nice once you're there. I for once no longer have single person at work asking be about that 192.168.1.15 box

    1. damian_nz

      I will add to my previous post.

      Some of commenters who wrote “follow the money” are actually spot on. But for very different reason.

      A lot of web tracking, analytics, advertising isn’t ready for ipv6.

      So of course there are lots and lots of sites which won’t commit to it.

      Nobody is going to cut off their own source of revenue.

      D

  11. Anonymous Coward
    Anonymous Coward

    I'm not even aware of what IP number is on my phone.

    That's why it works, 4G is in the hands of half a dozen carriers (over here too). They put ipv6 out, and the Androids / Ios couldn't care less if they get an Ipv6 address, neither their users.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like