62 comments

[ 2.4 ms ] story [ 144 ms ] thread
I've been following this for months, and by my projection it should have cleared 10% this past weekend, but it didn't... Recent weekly increases have been very impressive.
Maybe these trends will actually drive AWS to support externally addressable IPv6 for EC2 instances.
Same goes for Google's own Compute Engine, which doesn't support IPv6 at all.

Curiously Google's managed MySQL instances receive IPv6 addresses by default, but I believe that's the only component of their service that does.

The per-country stats are interesting. US passed the 20% mark some time ago. Seems like some Canadian ISPs have started deploying IPv6 (other than beta), since it's now at 6% (it was around 1% for a long time). UK, Spain and Sweden are surprisingly low.

On the corporate side, it's annoying that Github, Twitter and OSUOSL (which hosts a lot of Free Software projects) still don't have IPv6 enabled (although I was told 2016-Q1 for OSUOSL).

Why is that annoying?
Organizations/companies with more resources should lead the way (ex: Google/Youtube, Netflix, Facebook).
Hacker News ... no IPv6.
HN is hosted behind CloudFlare, too, so this should be as simple as flipping a switch...
I've no direct knowledge at all into this, but... for my own forums I found that most of the comment spam tools I was using presumed IPv4. This was especially true of "spam from same network" type logic that these tools were using.

For example only: Stop Forum Spam only recently began testing their work for IPv6: https://www.stopforumspam.com/forum/viewtopic.php?pid=44371

I re-wrote my comment spam solution (not specifically for the comment spam problem, was doing some other stuff) and have long since enabled IPv6, but it's worth bearing in mind that network is one thing, sometimes what holds someone back from flipping the switch are the tools we use.

Doing blacklisting of IPv6 addresses is actually quite hard, because you can't know how network owners lay out their addresses. Some networks (especially VPS providers) will use one /64 (or so) per datacenter, while other will give out a /64 for individual users.

So when 2001:db8:a1:b2::c:3 has sent spam to you, you can't know if you should block the network 2001:db8:a1:b2::/64 or the specific address 2001:db8:a1:b2::c:3. Some blacklists (carelessly) take the former approach and block entire datacenters.

Honestly, if an entire datacenter is using a single /64 it sounds like they are doing something wrong. It's as easy to get a /48 with 65k individual /64 (one for each customer) as it is to get a single /64
I can't speak for Spain and Sweden, but in the UK there are only two companies who provide internet infrastructure (though one is required to lease their network out to the market for competition reasons), as far as I'm aware they simply haven't deployed IPv6 for consumer lines yet.
This isn't actually the case: yes, OpenReach (part of the BT Group) owns all of the infrastructure from telephone exchange to the property as well as the initial infrastructure in the exchange, but that all supports IPv6, and OpenReach's customers (who are ISPs, not end users) are able to deploy IPv6 if they desire. It's the ISPs individual equipment (sometimes in the exchanges, but more often the routers they provide to customers) that doesn't support IPv6 and is blocking deployment: this is why some ISPs (A&A, for example) have IPv6 live.
I heard a Dane say the Nordic ISPs had enough 'foresight' to hoard enough IPv4 addresses for the foreseeable future.
I worked for a New Zealand company that was getting into hosting and we couldn't buy IPv4 addresses at all. We were complete out. I think one of the team leads started looking at buying blocks from African companies.
Yes the major Swedish ISPs also say the same thing, except for the "foresight" part. One of our ISPs is even giving out "unlimited" public IPv4 addresses on their consumer subscriptions (previously they had a limit on 5 addresses, but now they have apparently removed the limit).

The ISPs even refuse to offer IPv6 when it comes to "big" customers, like apartment cooperatives with hundreds of apartments... You have to turn to the small/local ISPs for (consumer) IPv6 here.

Any way for someone outside of Scandinavia to purchase/rent some of these public IPv4 addresses?

VPS? Datacenter?

No, it's for consumer subscriptions only, and commercial use is prohibited. On the same ISP, commercial users have to pay depending on IP address block size and justify how they will use the addresses etc.
(comment deleted)
Twitter? Try Amazon. EC2 is IPv4-only.
So are S3 buckets. That's one reason I stuck with my Linode instead of deploying my static websites via S3.
Meanwhile my ISP still doesn't support it. And I'm paying $60 a month for 10/2. 'Murica. (and thats not even bad, 3 years ago I was getting 3/1 for $40)
It was recently that I could even talk my ISP into giving me a static ipv4, so I'm not going to try and push my luck on ipv6 just yet.
This is almost entirely attributable to v6-only mobile networks, right (at least in the US)? Anybody know what the stats look like if you exclude those, and only look at fixed connections?
I don't think so, Comcast residential is dual-stack nowadays so that would be significant traffic.
...assuming that the router on the premises supports IPv6-PD, that RAs to the LAN has been turned on, and that the machines on that LAN haven't had their IPv6 support switched off... of course. :)
I've been running dual ipv6 on comcast for about 2 years now. Now that I've got el capitan installed my traffic is > 50% ipv6
I've been doing the same for many years (and used a Hurricane Electric 6to4 tunnel before that). Haven't bothered to look at my traffic mix, but I expect it's similar to yours.

Thing is, there are still routers out there that don't support v6 out of the box, and -just as there are network admins who DROP traffic because doing so "keeps them hidden from hackers"- some people keep v6 support disabled because of cargo-cult security concerns. (Others keep v6 off because some or all of their systems are misconfigured and cannot be fixed, or their ISP is incompetent and hasn't configured their network correctly. These are reasonable reasons to keep v6 off. ;) )

I used to run IPv6 through an HE tunnel at home until YouTube became really really slow: Google had enable IPv6 on YouTube, so the traffic was now going through the tunnel. I had to get rid of my tunnel for everything but my servers that day!
Similar problem here, I can't use Netflix over IPv6 because that makes them believe I'm in the "wrong" country. Kinda weird since a whois on my IPv6 ranges gives the same country as my IPv4 address.

Tried to escalate this at Netflix support but never got anywhere.

I expect that Netflix's technical staff would be very interested in this. Have you tried -ugh- tweeting at them and telling them that their IPv6 geolocation information is wrong for your address range?
Didn't try tweeting, will try that. I'm sure the techs at Netflix would like to know and I'm sure they would fix it but it seems to be quite difficult to get pass their first-level support.
I had that happen... except that I had been running my HE.net tunnel for years. Did some diagnostics... found that the endpoint I had selected (in Fremont, CA) was being geolocated by Google as somewhere in an ex-Soviet Bloc country. Changed the endpoint, and YouTube was back up to full speed.

I've had more trouble with Comcast deliberately throttling YouTube downloads [0] than I ever had with that HE.net tunnel.

[0] I'm in a position where I can verify that it's Comcast's problem... grab the URL for the actual video file (which dictates the CDN location) and wget it at a high-bandwidth site run by a large, independent third party that's not in the business of doing hosting. Notice that the download at the site saturates a 100mbit connection, whereas at home it hardly hits 500kbit/s. Frown.

Good point, I know that there's now an HE presence in Calgary, but my understanding is that no ISP is peering in that exchange. I'll have to give it a try to confirm.
Google's OnHub device doesn't support IPv6. I was shocked when I first installed it.
And the routers that Comcast provides, which comprises like 90% of their user base, supports it.
That's all true, but I think that's a more normal case than it might seem.

I've been running IPv6 on Comcast for two years using one of their recommended Motorola (Arris) Surfboard modems and an Airport Extreme, and didn't have to configure anything at all.

Given a typical user that doesn't know what IPv6 even is, if they just plug everything in and have a Mac or recent Windows box it should all just work.

Yup. Apple routers know how to get and advertise IPv6 allocations. IIRC, they'll even establish a (6to4?) tunnel and advertise space in that if the upstream network doesn't have IPv6 service.

New gear is substantially more likely to have good (and on-by-default) v6 support than old gear, but there's a lot of old gear out there as well as many cargo-cult sysadmins. :)

Rumour has it it's the same: ISPs that are short of v4 addresses are more eager about v6 than ones with big old v4 allocations.
I don't use IPv6 even though my ISP supports it, because every time I try to enable it, it causes all my network connections to randomly choke.

This has happened with every Linux desktop I've ever used. If IPv6 is enabled, then half the time I try to visit a website, the connection doesn't go through. No error either; it just sits there forever and ever. It's particularly aggravating when AJAX is involved--you get to experience Google Maps stop working for about five minutes while you're using it.

I've observed it across multiple Linux distributions for several years now. I've learned to always add "ipv6.disable=1" to my sysctl.conf if I want a working network.

Looks like either your ISP or your router is at fault.
Just a thought, but try this; re-enable ipv6 and then add:

'options single-request' to the end of /etc/resolv.conf

Let me know if you try it and it works.

That's very, very, very strange. I've been running IPv6 (first through a tunnelbroker.net tunnel, and -much- later using native IPv6 through Comcast) for roughly eight years now. Haven't had any issue with Linux, Mac, or Windows systems.

To diagnose a thing, what happens when you disable Router Advertisements on your router, then enable IPv6 on a machine, and run Teredo [0] on that machine? (After Teredo assigns an IPv6 address to the teredo virtual interface, start a 'ping6 google.com'. It will take a few minutes for the Teredo machinery to figure out how to make a connection, but it should eventually do so.)

Are you -perhaps- rejecting or dropping ICMP on your router? If you are, don't. ICMP is required to make IPv6 work.

[0] This is the Teredo implementation that people use on Linux systems http://www.remlab.net/miredo/

I'll have to look into this sometime.

Thanks for the advice!

Maybe an mtu issue. Path mtu usually makes things work, but the isp end of the connection may be rate limiting sends; if everyone else is getting bad settings too, it's not pretty.
That is very odd and must have something to do with your setup or ISP. I worked at a company where all of us had Linux desktops and we all used IPv6. I never had any issues.

Also, remember with IPv6 has entirely different firewall rules. Remember to setup ip6tables. You might be totally protected on ipv4 and totally exposed on ipv6.

Do you have a firewall that drops ICMP packets? Some firewall admins do this believing it improves security, but it can cause exactly this to happen.

You can usually get away with it in IPv4, but with IPv6 it causes connections to stall as soon as you try to push any significant amount of data through a TCP connection.

Why is the chart go up and down?
If you zoom in you'll see higher IPv6 usage on weekends. This points to higher penetration on IPv6 on mobile and consumer (cable modem and DSL) networks, and lower penetration on work or corporate networks.
The ups are weekends, so I'd guess many more home connections have IPv6 compared to workplaces.
Are there any benefits to a website supporting IPv6?

I'm looking at the "per country" graph, which highlights latency issues, but it looks like they wouldn't really be noticeable to the user. However, is there much point when IPv4 works fine?

(Perhaps 10% of our users are from the countries marked in pink/red on Google's map.)

It doesn't really work fine - you're just used to (or don't notice) all the ways that it doesn't work. We ran out of IPv4 addresses a while back, so we're doing all sorts of stupid stuff like selling addresses, dynamic IPs, and address translation to distribute and squeeze more life out of the ones we have. This makes a lot of networks much more complicated than they really should be, and will only become a bigger problem as more devices come online.

Universal IPv4 would enable some cool stuff, like giving every device on the planet a unique IP (or even several to increase anonymity), as well as vastly simplifying many common networking problems. Here's one example: Have you ever tried to use a home internet connection to host a server, say for home automation, file sharing or gaming? It's a huge pain for anybody who isn't network-inclined. By giving everything a unique IP, routing setup for this sort of thing becomes much easier since every device has a unique, static IP address that it can always be found at.

Also, IPv6 has some security and encryption features that are not found in IPv4, which should basically end packet spoofing as an attack. It's also a bit faster too, because packet integrity isn't as rigorously checked and routing is simpler.

We have enough IPv4 addresses (1024?) that every device and VM has a public IP.

Even if we were short, would we necessarily want to enable IPv6 on the webserver? I'm interested to know if it makes any difference to users:

- Does it make things noticeably faster (or slower) for any?

- Does it totally break (or fix) access to the website for anyone?

Faster for many but slower for a few would be OK, but faster for some but broken for a few wouldn't be acceptable.

If your infrastructure has less than 5 years projected life-span, maybe you don't need to make it a #1 priority. Otherwise, if you don't start planning IPv6 now, in 5 years your infra is likely to be seen as an aging infra with too much technical debt. (similar to people just starting to realize they should probably adopt https)

One major advantage of IPv6 for the web I run into regularly: debugging attacks/issues/traffic from folks behind carrier-grade NAT is extremely annoying.

Even seemingly imperceptible latency can have an effect on user perception and retention. If you're running something like a multiplayer game then you may find more people can play (e.g. two people living in the same house weren't able to play one web game I liked, because they had the same IP address). But yeah at this stage enabling it is mostly just being a good citizen. Running v6-only is much nicer than v4-only (e.g. a static IP is much cheaper, routing is simpler), but running both will of course be somewhat harder than running v4-only.
This isn't 10% of traffic. Merely that 10% of connections to google were from IPv6 capable clients.
D'Oh! thanks
That isn't right. "The graph shows the percentage of users that access Google over IPv6." So the graph shows the percentages of users who accessed Google over IPv6.
39,69 % for Belgium looks like to be the highest? One of the Biggest PSPs flipped the switch
Belgium has been top for a while. All ISPs support IPv6* here on home internet. Mobile not yet though.

* Some need a newer modem -- which might take a while before everyone switches.