'IPv6 Just Turned 30 and Still Hasn't Taken Over the World, But Don't Call It a Failure' (theregister.com)
- Reference: 0180497615
- News link: https://tech.slashdot.org/story/26/01/01/1833202/ipv6-just-turned-30-and-still-hasnt-taken-over-the-world-but-dont-call-it-a-failure
- Source link: https://www.theregister.com/2025/12/31/ipv6_at_30/
"IPv6 was an extremely conservative protocol that changed as little as possible," APNIC chief scientist Geoff Huston told The Register. "It was a classic case of mis-design by committee." The protocol's lack of backward compatibility with IPv4 meant users had to choose one or run both in parallel. Network address translation, which allows thousands of devices to share a single public IPv4 address, gave operators an easier path forward. Huston adds:
> "These days the Domain Name Service (DNS) is the service selector, not the IP address," Huston told The Register. "The entire security framework of today's Internet is name based and the world of authentication and channel encryption is based on service names, not IP addresses."
>
> "So folk use IPv6 these days based on cost: If the cost of obtaining more IPv4 addresses to fuel bigger NATs is too high, then they deploy IPv6. Not because it's better, but if they are confident that they can work around IPv6's weaknesses then in a largely name based world there is no real issue in using one addressing protocol or another as the transport underlay."
But calling IPv6 a failure misses the point. "IPv4's continued viability is largely because IPv6 absorbed that growth pressure elsewhere -- particularly in mobile, broadband, and cloud environments," said John Curran, president and CEO of the American Registry for Internet Numbers. "In that sense, IPv6 succeeded where it was needed most." Huawei has sought 2.56 decillion IPv6 addresses and Starlink appears to have acquired 150 sextillion.
[1] https://www.theregister.com/2025/12/31/ipv6_at_30/
"Not Invented Here" Syndrome (Score:5, Interesting)
How may different compatibility deployments are there for IPv6?
6in4? 6to4? 6RD? NAT64, 6over4? Teredo?
Think any of those are fake names? Try again!
And that's just ONE piece of IPv6. Practically everything in the "spec" has at least 2 variants minimum, and its just a royal clusterfuck. When it is described as "protocol by comity", this is exactly the result, and its been a total pain in the ass to have anything reliable at scale.
You may be on one of the lucky ISPs that has a sane deployment and want to reply with "Well, it works for me!" - that's awesome, and I wholeheartedly mean it. That IS really awesome! But for the rest of us dealing w/ multiple ISPs in multiple regions, its a fucking shitshow to get anything reliable going consistently.
One IPS I deal with about 18 months ago entirely dropped IPv6 "support" - and now we can pull a single /128 address with no routing table at all. So we have an address that is entirely fucking useless, instead of having a normal block allocation which it was previously. Another ISP I deal with still uses PPPoE, and then uses 6RD over that, so the MTU is trash because both reduce the MTU size.
IPv6 is a fucking mess, and it pisses me off every day!
Re: (Score:2)
Literally none of them duplicate functionality, they all do different things or work in different ways. That's not "NIH syndrome" in fact most of them were "invented" in the same place.
> and its been a total pain in the ass to have anything reliable at scale.
Horseshit. IPv6 works just fine at scale. Heck it works just fine with no end user intervention on small scale just as it does for major providers. Yeah there's a lot to the standard, and most of it you can simply ignore and have a perfectly functioning setup. I literally don't know what part of this you think is a shitshow,
Re: (Score:2)
And just like daily auto traffic, you have to watch out for the other guy, who didn't signal and is talking on his phone.
The problem is: There is no standard way, just a bunch of them, because of the many mutant implementations.
This isn't horseshit, this is the reality of what network engineers have to deal with, not to mention the civilians who are just trying to learn enough to get by. Then they discover that the address space covers most atoms in the known universe, perhaps more.
Inside various operating
Re: (Score:2)
> 6in4? 6to4? 6RD? NAT64, 6over4? Teredo?
These are all completely different things...
> You may be on one of the lucky ISPs that has a sane deployment and want to reply with "Well, it works for me!" - that's awesome, and I wholeheartedly mean it. That IS really awesome! But for the rest of us dealing w/ multiple ISPs in multiple regions, its a fucking shitshow to get anything reliable going consistently.
Based on stats published by google, apnic, akamai and cloudflare it does indeed work just fine for almost half the world now meaning hundreds of millions of users, and there are many countries where users with working v6 make up a sizeable majority.
The problem is not v6, the problem is lousy ISPs, and a lousy ISP is just as likely to provide a lousy legacy service too.
In fact, legacy IP is one of the main reasons why lousy ISPs exist and are not driven out of busi
Re: "Not Invented Here" Syndrome (Score:2)
Yeah, developing countries big issue preventing them advancing is lack of IP6 connectivity LOL!
Oh man, come back down to earth space marine.
Re: (Score:2)
You don't need to be well informed to see the GP is right on that point. We've run *MULTIPLE* slashdot stories about the IPv4 address space being exhausted and corruption causing developing nations to give up their already limited pool.
Actually fuck developing countries, many rich westerners are stuck behind CG-NAT. If the OP is a space marine, what's that make you, a deep sea fish?
Re: "Not Invented Here" Syndrome (Score:2)
Sure, all those poor people with barely a pot to piss in or food to feed their kids living hand to mouth in countries run by corrupt psychopathic dictators are just thining, "If only we had access to the IP6 address space everything would be ok".
FFS , get out your basement and go visit the real world.
Re: (Score:2)
How exactly has IP6 been a nightmare? What makes is so difficult for you?
People keep saying IP6 is difficult, but once you ask them, they typically say something like addresses are longer and harder to remember (which they often aren't) or mention exotic and never used features like "IP-Address mobility" which nobody implements.
Re: (Score:2)
The whole discussion feels weird.
Whole of Africa (1.5B pop) and Asia/India (4.8B pop) since the beginning were IPv6. There were never enough IPv4 addresses for them to begin with.
And here we have another tempest in a teacup whether IPv6 was/is success or not.
Re: (Score:2)
> How exactly has IP6 been a nightmare? What makes is so difficult for you?
What makes IPv6 difficult for a lot of people, such as myself, is that we're in no position to test on it. Last I checked, US fiber ISP Frontier Communications still refused to deploy IPv6 in my city, and the alternative was Comcast.
Re: (Score:2)
Get T-Mobile. Seems like it has been IPv6 forever.
There is an unintended side effect of IPV4 (Score:5, Insightful)
If everyone used IPV6, and every device was independently routable, we wouldn't need to connect to a server to use a device remotely.
IPV4 and NAT made server connection the only workable option and allowed evil companies to brick devices by shutting down the server or charge outrageous subscription prices to use a device that the user paid for
Re: (Score:2)
Indeed NAT and the need for port forwarding is a big part of the problem that has made the cloud so much easier to use. The default for any firewall is still going to be to block even on IPv6 but a lot of people would just deploy PnP anyway and then things would just work. What we really need for the IoT that moves about, like phones, is our own address ranges that can be dynamically routed so that we can move and traffic still finds us but our IP is always the same, whether joining from the mobile network,
What the absolute fuck are you talking about? (Score:1)
Your statements are both ridiculous and patently false.
There is no IPv4 requirement to use NAT an nothing about IPv4 or NAT requires the servers of "evil companies" to access hosts remotely.
What the absolute fuck are you talking about?
Re:What the absolute fuck are you talking about? (Score:4, Informative)
Legacy IP does not scale without NAT. Virtually all mobile providers and an increasing number of fixed line providers are forced to NAT their customers.
There are literally thousands of ISPs around the world who simply don't have enough legacy address space to provide one to each customer, let alone one to each device that a customer might have. It may be technically possible to operate legacy IP without NAT, but it is neither scalable nor affordable to do so.
So instead you have NAT. If you're lucky you control the NAT and share it with your own devices, but for millions of people around the world they have no control as the NAT is performed by the ISP. If these users want to make anything available remotely via legacy IP then they have to rely on a third party service to do so.
Needing to subscribe to a relay service (Score:2)
> nothing about IPv4 or NAT requires the servers of "evil companies" to access hosts remotely.
When an entire neighborhood shares an IPv4 address through ISP-controlled carrier-grade NAT, how does a device on subscriber premises receive an incoming TCP connection? How would the NAT appliance even know for which subscriber's device the connection is intended?
Consider a subscriber whose home LAN is behind the ISP's carrier-grade NAT, and the subscriber wants to connect to a home NAS or remote desktop from outside the home LAN. Other people have recommended that such a subscriber additionally subscribe
Re: (Score:1)
Do you understand the difference between IPv4 protocol and an Internet service provider(ISP)?
Your ISP is shit.
That is not the fault nor has anything to do with IPv4.
There are lots of bad ISPs using IPv6. It's not the protocol's fault that communication is difficult or impossible.
Re: (Score:3)
> Your statements are both ridiculous and patently false.
Sigh. You not understanding the OP doesn't make them false. In fact one of the earliest examples of this was Skype, which used a central server to facilitate making a connection through NAT. Every fucking device requiring a cloud server to operate is the direct result of our obsession with making devices connected to the internet unrouteable. It's *THE* reason every consumer device requires a connection to a server somewhere, and this was the case long before anyone tried to monetise the cloud.
People gave up on the Internet... (Score:5, Interesting)
It's actually quite another issue. If you listen to people claiming that "NAT killed IPv6", that is a different point. IP is all about end to end connectivity. There are no special "server privileges" you need on IP-networks. It is like the telephone network. Everybody can do anything. You don't need special stuff to run your own "information hotline", you just get a connection and there you go.
If a person claims that "NAT is sufficient" it essentially means that they have given up on that. They are contempt with an Internet which does distinguish between those who have a public IP-Address, and those tho are behind NAT. It's a world dominated by large "hyperscalers".
IPv6 offers another Internet. It offers one, where everyone can simply run their own "webserver" from their bedroom. Everybody has their own IPv6 addresses. There is full end-to-end connectivity, if you open your firewall. There is no need to ask someone for permission to run your own IPv6 "server". It is a network that is free to anybody.
If you look into the world, you'll find logs of CGNAT, where your ISP is already doing NAT... often at great expense and often multiple times, particularly in poor countries where not even your ISP may have a public IPv4 address. In those areas IPv4 is, essentially, a closed system you cannot participate in. It's like an "Online Service" like AOL or Compuserve. In those places the only way to get actual Internet is via IPv6.
BTW we are already at roughly half the Internet traffic being IPv6, I've recently been at a colocation facility where they only provided IPv4 at special request... and that essentially just works.
Re: People gave up on the Internet... (Score:2)
I don't want people all over the world connecting to my bedroom. If I wanna host a website I pay an extra $8/mo for VPS
Re: (Score:2)
Well maybe the Internet is not exactly what you want then.
new generation (Score:1)
The us Gov't should initiate a new program to totally overhaul the internet system. To seriously rebuild the national protections, improve the systems of addressing and connections, deprecate all the old and problematic systems that are rife for abuse.
Re: new generation (Score:3)
What a great idea, the entire rest of the world (representing 93% of land and 96% of people) can't wait to use America's brand new internet. Thanks America!!
Not everything is name based (Score:2)
> "These days the Domain Name Service (DNS) is the service selector, not the IP address," Huston told The Register. "The entire security framework of today's Internet is name based and the world of authentication and channel encryption is based on service names, not IP addresses."
We are so used to the constraints put on us by IPv4 that we don't even consider what opportunities open up when every single device on the planet has its own globally routed IP address. It's like an abusive relationship. Not all service resolution works on name based principles, nor is it necessarily the best way in all cases (for example in P2P scenarios). Overlay networks, NAT and private addressing are often not really desirable nor strictly necessary, and this fact should affect how we reason about a fu
Re: (Score:2)
> We are so used to the constraints put on us by IPv4 that we don't even consider what opportunities open up when every single device on the planet has its own globally routed IP address.
Yes, all those opportunities for insecure IoT devices to be compromised.
Is it worth it (Score:2)
The general idea of global internet is that "everyone can connect to everyone". No server needed.
Concept of this being a good idea died around XP era. When many ISPs still offered public facing IPv4 address. Plug in a PC, try installing windows XP, and it got owned in about 30 seconds after install finishes.
NAT stopped this zero user interaction worm spreading nonsense. Today, I'd note that one of the big reasons IPv6 is generally not recommended for residential use is exactly this. NAT brings a very powerf
Re: (Score:2)
Is it a good thing that everyone who needs to connect to a home NAS or remote desktop from outside the home LAN be required to subscribe to a relay like Pinggy, Tailscale, or Hamachi, on top of what the user already pays the ISP per year for an Internet connection?
Re: (Score:2)
If you don't know how to set up something as basic as a proper port forwarding scheme within your local network, you probably shouldn't have public facing devices.
Re: (Score:3)
NAT is not a security mechanism, it's a kludge to get around a lack of address space. You can operate a firewall without NAT and it works better this way because it's less complex and has less to go wrong.
Plus devices these days are mobile - sure you have your own firewall at home, but take your laptop to a hotel and theres no longer anything between your laptop and the other guests.
Malware is still an epidemic, there are still millions of infected machines and new strains of malware coming out all the time
Re: (Score:2)
Except that it is. And its proliferation is what ended the worm epidemic among windows machines connected to the internet. I got to observe this first hand back in 2000s, as that was when I had to administer a residential network for a university campus building. We went from massive worm problem to almost no worm problem overnight when connections were put behind a NAT. Remaining worm problem 100% came from people who wanted a public facing IP without NAT (you could request it and get it).
So you may want t
We are stuck at 49% (Score:2)
It looks like all the isps that wanted to adopt IPv6 already have, others have grandfathered or purchased IPv4 allocations and just leach off of it, especially Virgin Media in the UK which has a dedicated website about why it hasn't adopted IPv6. With only 2 billion people not on the internet remaining they can easily be squeezed into more CGNAT while IoT usually now uses vpns with their own network laid over the top making their ips irrelevant. The only real problem is websites that still block by IP inste
Re: (Score:2)
Yeah, at 49%, how is it exactly a failure? A failure would be an inability to go into double figures, or maybe enter the 30% mark
If anything, the IPv6 community is now exploring IPv6-only and IPv6-mostly options for networks that have chosen to adapt IPv6, partly to reduce the number of attack vectors by abandoning the IPv4 backbone
Don't call it a failure... (Score:2)
Don't call it a failure! I've been here for years
Rocking my subnets, putting v4 in tears
Making the packets rain down like a monsoon
Listen to the router go BOOM!
Explosions, overpowering the limit
128-bit towering throughput in it
Reach the summit, watch the NAT tables plummet
I'm gonna take the stack by storm and I’m just gettin' warm!
In Europe (Score:2)
Every device has an IPv6 address these days, in addition to an IPv4 address. Many providers even allow you to use IPv6 exclusively but of course you can't really because sometimes the other end only supports IPv4.
Re: NAT killed IPv6 (Score:1)
NAT isn't really the end all be all of firewall. It is trivial and usually default that IPv6 ingress is blocked from external traffic.
Re: (Score:2)
> usually default that IPv6 ingress is blocked from external traffic.
But it is default and 100% guaranteed without configuration when NAT4 is engaged. Literally anyone can do it without screwing it up.
You have to go out of your way to screw up a NAT4 "firewall".
You have to go out of your way to enable an IPv6 firewall.
Re: (Score:2)
There's nothing stopping you doing NAT6 either.
In fact, I do, but that's because my ISP is incompetent and IPV6 doesn't work properly (lots of other things don't work properly either, including DNS where I have to talk to a (remote) DNS server on a non-standard port to do DNSSEC[1]).
The nice thing about IPV6-IPV6 NAT if you're using it as a poor mans firewall is that you can do 1:1 address mapping, which also makes debugging issues easier and forwarding things you do want to allow trivial too, no more only
Re: (Score:2, Interesting)
Wrong.
A NAT gateway without explicit deny rules will allow traffic inbound if there is a route - ie from adjacent hosts. Reserved legacy address space is NOT non routable, it's just filtered from global BGP tables. There's nothing stopping your ISP routing it internally, or an adjacent customer adding a route to it via your public address. Many ISPs place the wan ports of their customer's routers into a large shared subnet so this attack is very feasible.
A consumer IPv6 firewall will block inbound by defaul
Re: (Score:2)
> You have to go out of your way to enable an IPv6 firewall.
I have literally never experienced this, and I've had a lot of different routers form a lot of ISPs over the past decade with IPv6 support. Edge security is plug and play for the consumer. It's no worse than NAT and just like NAT, enabled by default.
Re: (Score:2)
Agreed, although egress filtering can be tricky if you're using SLAAC with privacy addresses and you want some clients to have external connectivity and not others unless you can partition them onto separate /64.
I use mac based tagging via an iptables firewall rather than have multiple SSID on the wlan.
But egress filtering is getting harder and harder anyway, everybody and his dog talks to something at amazon aws on port 443. So far, I've been able to use SNI inspection and there's been nothing using ESNI t
Re: (Score:2)
Doing egress filtering this way is a convenience mechanism not a security one. A compromised system can trivially change its IP address or MAC address. Having separate SSIDs is the way if you want different policies applying to different devices, and that's why it's recommended to provide a /56 v6 block. You could potentially use 802.1x identities too.
What you're running up against with android is a case of the devices being secured against you the user. These devices don't trust the user to make good decis
Re: (Score:2)
Its not really any different for the IPv6 device, it gets its own IP out but any attempts to communicate it will by default be blocked by the firewall just the same. The big difference is you can have multiple devices behind the firewall all exposed on the same port and there is no translation. IPv6 isn't perfect but it is just a better solution than NAT. NAT has delayed the need for migration of IPv4 but with CGNAT being deployed increasingly and it being a bit of a problem for a lot of people IPv6 is goi
Re: (Score:2)
Says someone who has never used IPv6 and doesn't understand how it works at all.
Firewalls work exactly the same way with both legacy IP and v6. The difference is that very few can actually afford to operate a firewall with legacy IP.
So instead you have NAT+firewall, which are two distinct functions adding complexity - now you have to keep track of two sets of addresses and correlate the logs, as well as keeping track of individual port mappings on the same address but to different devices. More complexity m
Re: (Score:2)
It's the same argument every single time IPv6 is mentioned. "I prefer NAT because it gives me security". People just don't understand the difference between a stateful firewall and a NAT.
I stopped trying to explain this. You'd think that the slashdot crowd would understand some basic networking concepts, but nope.
Re: (Score:2)
That's because people learned IPv4 and not networking. Had they learned the latter this "NAT helps security" BS wouldn't be a thing.