While these articles are useful in understanding the utility of IPv6, what would really help is an article explaining step by step how to configure a home network using IPv6. The tutorial should answer these questions:
- How to ensure there are no collisions in address space? Translates to, how to pick safe addresses, is there a system?
- How do I route from an external network resource to an internal network resource? Translates to, can you provide syntax on how to connect to an smb share? Set up a web service that works without WireGuard or equivalent?
- How does one segment networks, configure a vlan, set up a firewall?
- Devices using SLAAC (idk about DHCPv6) do a thing called Duplicate Address Detection to manage just this. No need to worry. If you’re manually assigning addresses and have a conflict, one of the devices will mark its address(es) as duplicate and refuse to use them. Quite useful.
- Easiest is to use your devices’ public (“global unicast”) addresses and allow traffic on your firewall. This is how IP was meant to be used; no NAPT in sight. If you like, you can use ULAs locally and then do NPTv6 for internet-facing access. But I’d recommend against that to start.
Regarding the services, there’s not really anything IPv6 specific. Whether v4 or v6, you shouldn’t be exposing SMB to the internet. Whether v4 or v6, you can put any IP-based service behind Wireguard or any other tunneling solution. There’s nothing specific to v6 there; just use v6 addresses in your config, and you’ll be good to go.
- Basically the same way as with v4; IP (whether v4 or v6) have mostly the same semantics in their layer (layer 3). The only thing is that you’ll want to allow certain kinds of ICMPv6 traffic, assuming your firewall vendor doesn’t do that out of the box. When it comes to VLANs, that’s layer 2, so your layer 3 protocol doesn’t play any role there.
Network segmentation is way more fun with v6 because you have enough address space to make nice hierarchical topologies.
I wish I could switch my network to all IPv6 and use NAT64/DNS64, but Android, the world's most popular OS, purposefully disables DHCPv6. I am forced to support IPv4/DHCPv4 for the foreseeable future to support these broken devices.
Hot take: IPv4 might be techinically worse, but it's "politically" (in the classic sense of the word) better.
IPv6 essentially enables "universal internet IDs" for every device, which could streamline a lot of things, but enable a lot of weird surveillance/power balance issues that the cruft of IPv4 is actually incidentally helping guard against.
Again, I'm old enough to remember when e.g. the ISPs were going to try to charge per device in each household.
> Groups of zeros can be omitted with two colons, but only once in an address (i.e. 2000:1::1, but not 2000::1::1 as that is ambiguous)
Can someone explain why it's ambiguous?
On the subject, IPv6 is one of the strangest inventions on the internet. Its utility and practically are obvious no matter how you look at it except... just one thing.
Network-related things are generally easy to remember and then type from memory: IPv4, domain names, standard port numbers. Back in the day it was the phone numbers, again, easy to remember and dial when you need it. IPv6 is just too long and requires copy/paste all the time. This is the only real reason in my opinion, why IPv6 is doomed to be second-grade citizen for (probably) a few more decades.
> IPv6 is just too long and requires copy/paste all the time.
That is only true for autogenerated/SLAAC IPs. In contrast, manually assigned IPs are often much simpler and easier to remember in IPv6 than in IPv4. I have one common subnet prefix that can be uniformly split to end networks and last number in IP address for such network always end with 0 (and therefore the first device is xxx::1). While in IPv4 i had multiple prefixes, each split non-uniformly based on how many devices was expected to be on that end network, and because most end network prefixes were smaller than /24 (say /26-28), the last number of IP address varies between these networks.
> There are also still a lot of misconceptions from network administrators who are scared of or don’t properly understand IPv6
Enable IPv6 on a TP-Link Omada router (ER7212PC) and all internal services are exposed to the outside world as there is no default IPv6 deny-all rule and no IPv6 firewall. I get why some people are nervous.
I need to switch my home network to at least use IPv6 externally, because my ISP recently deployed CG-NAT, which made my SSH server that used to work no longer reachable from outside of my LAN.
My two IPv6 issues (even having had a HE tunnel in the past):
- My local ISP (US Internet, soon to be part of T-Mobile Fiber) hasn't enabled it, even though the CEO has said on Reddit for years that it's a priority. Now that they've been acquired who knows if it'll ever happen.
- Linode allows transferring v4 addresses between machines, so if I need to rebuild something I can do so without involving my client who usually has control over DNS. They do not support moving v6 addresses, which means that the only sites I have control over that support v6 are the ones that I control DNS.
Making IPv6 a thing seems like it would be super easy if a couple hours could be spent solving a bunch of dumb lazy problems.
What’s the pragmatic solution to ipv6 allowing everybody in my household to be trivially and stably mapped to a unique subnet? I like the accidental semi-randomization that ipv4 and ISP NAT offered and I don’t see anything like it short of putting my entire home net on a VPN (it’s expensive and can’t keep up with my ISP’s bandwidth)
Everybody in your household is already mapped to a single IPv4 address that rarely changes with most ISPs. Mine hasn't changed in over 3 years. My IPv6 /56 prefix delegation hasn't changed, either.
Here's China's current IPv6 plan.[1] It was an explicit objective of the 14th Five Year Plan, now concluding, to get most of China's Internet on IPv6. About 70% of China's mobile users are on IPv6 now. But fixed IPv6 traffic in China is only 27%.
When I moved to an ISP that supported IPv6 earlier this year I ran into niggly problems. Ubuntu failed to update because one of its regional servers was misconfigured. OpenDNS one of its servers seemed not to be there on a regular basis over IPv6. I also had odd behaviour and latency issues where sometimes IPv6 would fail to route for short periods and it would fail and fall back to IPv4.
It was a painful experience of trying to work out if I had misconfigured it, if it was something to do with my opensource router software or if it was my ISP or the end services. I didn't get to the end of working this out and reporting issues and I just gave up. Due to the intermittent nature of the issues I was facing I never managed to get a report of issues my ISP would accept.
So I'll give it some time and give it a try after a year and see if things have improved, but it was definitely not ready for prime time.
OpenBSD makes it easy to try IPv6 tunnelbroker.net with NAT64/DNS64 if your ISP only has IPv4 ("one more lab test away.." they say).
This has worked for me well for a couple years. I do use a VLAN to keep the IPv6-only network separate (homelab) from video streamers in the household.
In my pf.conf:
# IPv6 tunnel
block in log on $tun6_if all
block in quick on $tun6_if inet6 from fd00::/8 to any
antispoof quick for $tun6_if
# allowed icmp6
pass in quick log on $tun6_if inet6 proto icmp6 icmp6-type {
unreach, toobig, timex, paramprob, echoreq
}
# MSS clamping 60 bytes less than HE 1480
# 20 byte IPv4 tcp header + 40 byte IPv6 ip header
match on $tun6_if all scrub (random-id max-mss 1420)
I’m surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing.
In my direct experience, in the USA, at least Spectrum, AT&T, and Xfinity (Comcast) still run IPv4, of course, but they also have IPv6 working and on by default on their home internet offerings.
All mainstream computer and mobile OSes support it by default and will prefer to connect with it over IPv4.
‘Everyone’ in many areas is using it. For many of us, our parents are using Facebook and watching Netflix over it. Over 50% of Google’s American traffic is over it. It just works.
T-Mobile, a major phone provider, runs an ISP which is IPv6 only. That is, your phone never gets an IPv4, unless connected to WiFi. They offer home access points with a 5G modem and a router; the external address is also IPv6 only.
It works plenty well. I access everything accessible via IPv6, and the rest through their 464XLAT, transparently.
My LAN still has IPv4, because some ancient network printers don't know IPv6. OpenWRT on my router supports IPv6 just fine. Of course I do not expose any of my home devices to the public internet, except via Wireguard.
Not all of the skepticism is "does IPv6 work", some of it is "why should I want it as an end user who values privacy and minimal attack surface?"
From my perspective:
• CGNAT is a feature, not a bug. I'm already deliberately behind a commercial VPN exit node shared with thousands of others. Anonymity-by-crowd is the point. IPv6 giving me a globally unique, stable-ish address is a regression.
• NAT + default-deny inbound is simple, effective security. Yes, "NAT isn't a firewall", but a NAT gateway with no port forwards means unsolicited inbound packets don't reach my devices. That's a concrete property I get for free.
• IPv6 adds configuration surface I don't want. Privacy extensions, temporary addresses, RA flags, NDP, DHCPv6 vs SLAAC — these are problems I don't have with IPv4. More features means more things to audit, understand, and misconfigure.
• I already solved "reaching my own stuff" without global addressing. Tailscale/Headscale gives me authenticated, encrypted, NAT-traversing connectivity. It's better than being globally routable.
So yes, my parents are using IPv6 to watch Netflix. They're also not thinking about their threat model. I am, and IPv4-only behind CGNAT + overlay networking serves it well.
"It just works" isn't the bar for me to adopt IPv6. "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will.
IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property, stateless autoconfiguration, the assumption that endpoints should be reachable. That philosophy is baked in. For someone like me, whose threat model treats obscurity, indirection, and minimal feature surface as assets, IPv6 isn't just unnecessary, it's ideologically opposed to what I want.
Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
Urgh I wish it were like that here in Australia! We have a fast, modern fiber internet connection in inner Melbourne. But my ISP still doesn't support IPv6 at all. I file a ticket about once a year, and I'm always met with more or less the same response - essentially that there's no demand for it.
I'd love to test all the internet services I host to make sure everything works over IPv6, but I can't. At least, not without using a 4to6 relay of some sort - but that adds latency to everything I do.
I just checked - apparently my ISP is "evaluating IPv6" because they're running out of IPv4 addresses and want to use CGNAT for everyone. I suppose its not the worst reason to switch to ipv6. But they've been making excuses for years. I really wish they'd get on with it.
There so e obvious caveats that make ipv6 migration impossible for most users:
1. Ipv6 bridges are not practical at scale which means best case is dual use protocols for a decade (or more) which no one wants to support.
2. Actual implementation MUST be ubiquitous (it never will be) some examples - glo fiber in Virginia, and while I can get pfsense assigned a ipv6 address, there is usually no upstream gateway (meaning that if I disable IPv4, I will not have internet). I say usually because of four times I've checked, once I did get assigned a gateway which was unresponsive even to icmp.
Starlink roam - assigns ipv6 but no bridge so if you disable v4 you lose access to most internet.
Frontier FiOS in Florida - does not support ipv6 at all on my node. I have seen business nodes in Orlando/Tampa assign addresses with bridging but again, without browser or dns translation it's not a practical solution.
3. 'Everyone' is not using ipv6, everyone plugs in or logs into a device that has whatever network stack it has. Those users are not suddenly going to jump through hoops simply to avoid CGNAT and get a unique network address
4. Infrastructure; I have two modest half racks on the east coast at decent sized datacenters (esolutions and peak10), neither of those hosts offer ipv6 routing blocks by default. No provider I have gotten quotes for offers ipv6 by default
> I’m surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing.
The more technically knowledgable you happen to be on the subject, the more you realize IPv6 is some unreliable thing when compared to IPv4. Perhaps no longer niche though.
It's unfortunately still an afterthought for many backbones - and not just US-centric ones. There is a noticeable difference in performance metrics from clients served via IPv4 endpoints vs. IPv6 for web assets in the same locations from the same transit providers.
It is pretty much the opposite of "just works" depending on your definition of "just works". It results in more Traffic Engineering per bit served by a large factor compared to IPv4.
Over the past 10 years, the majority of "my internet stopped working" cases have been solved by disabling IPv6. In each case, it's AT&T who for some reason can't seem to operate it reliably.
My own home is Verizon, and they simply do not offer IPv6 in my area (nearby Washington DC).
> Don’t blame your provider when they deploy CG-NAT, embrace IPv6 and global routing instead.
In theory this makes sense, but in practice my personal experience is that not a single wireline ISP I've ever seen deploy CG-NAT offered IPv6 service at all, nor did any of them indicate any intent or even interest when asked about it.
The mobile providers on the other hand have almost entirely gone IPv6-first, using 6>4 transition methods as the default form of v4 access which I fully support.
4>4 CG-NAT should never have existed and providers who deploy it without offering fully functional v6 should be shamed.
the reason why I explicitely disable ipv6 cause "this shit don't work" (at the moment, will probably change in the future)
- random slowdowns
- horrible routing
- larger packet overhead
- hated by a lot of the people who run the internet
- hated by companies who provide ddos protection
- my poor TCAM cache in my budget routers
- supporting ipv6 is really expensive in chassis routers
However, I believe there is a solution:
Swap ISP's to IPv6 only, swap to IPv4 unless there is an IPv6 route present then directly forward. This solves quite a few issues: Once every ISP has IPv6 you can drop ipv4 and swap directly to ipv6 without having to split your TCAM. This works because IPv6 can encode IPv4 in it.
Am I missing something? Where's the part where he actually talks about his experience in that week? This goes straight from an overview of IPv6 to the conclusions section.
I'm very surprised by the questions in this thread. There are some extremely basic things people are just not understanding. I suspect people hating on IPv6 have not spent the time with it. There is a difficulty in that it does behave quite differently to IPv4, and the lack of private addresses are also probably a shock.
> There is a difficulty in that it does behave quite differently to IPv4
Which can be fine if you have a /solid/ transition plan to move networks wholesale from v4 to v6. They absolutely failed on this point and almost purposefully refused to carry over any familiar mechanisms to make dual stack easier to manage.
It's a University protocol that escaped into commercial usage based mostly on false fears of global routing table size becoming unmanageable or impossible to store in RAM. The results are absolutely predictable.
I have firsthand experience doing that experiment about 3 months ago. Completely removed my IP4 DHCP lease from my ISP at the router. About 50% of the public sites I tried to visit didn't resolve. So many public sites, that I gave up and went back to dual stack after just a day. Google, ChatGPT, and a few other popular sites were fine with pure IPv6 traffic, however sites like eBay and even HN did not resolve. IPv6 simply is still not ready for everyone to just transition into overnight.
> Peer-to-peer communications such as gaming usually have to deal with NAT traversal, but with IPv6 this is no longer an issue, especially for multiple gamers using the same connection
You know the list of "benefits" is thin when the second item is entirely theoretical. Even though IPv6 doesn't have to do NAT traversal, it still has to punch through your router's firewall which is effectively the same problem. Most ISP provided home routers simply block all incoming IPv6 traffic unless there is outbound traffic first, and provide little to no support for custom IPv6 rules.
Even if that were not an issue, my bet is that there are close to zero popular games that actually use true peer to peer networking.
Also NAT66 exists and I use it on my home network so you still have to have the machinery to do NAT traversal when needed. It's nice to use my public addresses like elastic IPs instead of delegating ports. IPv6 stans won't be able to bully their way into pretending that NAT doesn't exist on IPv6.
My ISP has good IPv6 support. I was using it for a while and recently disabled it across my home network for simplicity of maintenance, cutting my vyos config in half. When I need to access something not available on IPv4 I'll set it up again but I'm not convinced that will happen in my lifetime.
And despite that, the place where I work, has disabled ipv6, rendering our development machines useless for trivial tasks such as debugging our iOS app on a device (which uses ipv6 under the hood)
Reasons given: the security policies say ipv6 is not safe enough.
67 comments
[ 2.7 ms ] story [ 84.4 ms ] thread- How to ensure there are no collisions in address space? Translates to, how to pick safe addresses, is there a system?
- How do I route from an external network resource to an internal network resource? Translates to, can you provide syntax on how to connect to an smb share? Set up a web service that works without WireGuard or equivalent?
- How does one segment networks, configure a vlan, set up a firewall?
- Easiest is to use your devices’ public (“global unicast”) addresses and allow traffic on your firewall. This is how IP was meant to be used; no NAPT in sight. If you like, you can use ULAs locally and then do NPTv6 for internet-facing access. But I’d recommend against that to start.
Regarding the services, there’s not really anything IPv6 specific. Whether v4 or v6, you shouldn’t be exposing SMB to the internet. Whether v4 or v6, you can put any IP-based service behind Wireguard or any other tunneling solution. There’s nothing specific to v6 there; just use v6 addresses in your config, and you’ll be good to go.
- Basically the same way as with v4; IP (whether v4 or v6) have mostly the same semantics in their layer (layer 3). The only thing is that you’ll want to allow certain kinds of ICMPv6 traffic, assuming your firewall vendor doesn’t do that out of the box. When it comes to VLANs, that’s layer 2, so your layer 3 protocol doesn’t play any role there.
Network segmentation is way more fun with v6 because you have enough address space to make nice hierarchical topologies.
Try connecting to your IPv6-only service on Hotel WiFi -- you usually can't.
It's unfortunate, but IPv6 doesn't really solve any problems for a home user. And I say this as someone that has deployed IPv6 at home before.
IPv6 essentially enables "universal internet IDs" for every device, which could streamline a lot of things, but enable a lot of weird surveillance/power balance issues that the cruft of IPv4 is actually incidentally helping guard against.
Again, I'm old enough to remember when e.g. the ISPs were going to try to charge per device in each household.
Can someone explain why it's ambiguous?
On the subject, IPv6 is one of the strangest inventions on the internet. Its utility and practically are obvious no matter how you look at it except... just one thing.
Network-related things are generally easy to remember and then type from memory: IPv4, domain names, standard port numbers. Back in the day it was the phone numbers, again, easy to remember and dial when you need it. IPv6 is just too long and requires copy/paste all the time. This is the only real reason in my opinion, why IPv6 is doomed to be second-grade citizen for (probably) a few more decades.
That is only true for autogenerated/SLAAC IPs. In contrast, manually assigned IPs are often much simpler and easier to remember in IPv6 than in IPv4. I have one common subnet prefix that can be uniformly split to end networks and last number in IP address for such network always end with 0 (and therefore the first device is xxx::1). While in IPv4 i had multiple prefixes, each split non-uniformly based on how many devices was expected to be on that end network, and because most end network prefixes were smaller than /24 (say /26-28), the last number of IP address varies between these networks.
Enable IPv6 on a TP-Link Omada router (ER7212PC) and all internal services are exposed to the outside world as there is no default IPv6 deny-all rule and no IPv6 firewall. I get why some people are nervous.
- My local ISP (US Internet, soon to be part of T-Mobile Fiber) hasn't enabled it, even though the CEO has said on Reddit for years that it's a priority. Now that they've been acquired who knows if it'll ever happen.
- Linode allows transferring v4 addresses between machines, so if I need to rebuild something I can do so without involving my client who usually has control over DNS. They do not support moving v6 addresses, which means that the only sites I have control over that support v6 are the ones that I control DNS.
Making IPv6 a thing seems like it would be super easy if a couple hours could be spent solving a bunch of dumb lazy problems.
As far as I know, the majority of websites (about 70%) do not support IPv6.
[1] https://www.cac.gov.cn/2025-05/20/c_1749446498560205.htm
https://stats.labs.apnic.net/ipv6/CN
It was a painful experience of trying to work out if I had misconfigured it, if it was something to do with my opensource router software or if it was my ISP or the end services. I didn't get to the end of working this out and reporting issues and I just gave up. Due to the intermittent nature of the issues I was facing I never managed to get a report of issues my ISP would accept.
So I'll give it some time and give it a try after a year and see if things have improved, but it was definitely not ready for prime time.
This has worked for me well for a couple years. I do use a VLAN to keep the IPv6-only network separate (homelab) from video streamers in the household.
In my pf.conf:
and in /var/unbound/etc/unbound.conf: Done. I don't have 464XLAT on Win11 but I do want to know if there's a hard coded IPv4 address anyway. I never had an issue.In my direct experience, in the USA, at least Spectrum, AT&T, and Xfinity (Comcast) still run IPv4, of course, but they also have IPv6 working and on by default on their home internet offerings.
All mainstream computer and mobile OSes support it by default and will prefer to connect with it over IPv4.
‘Everyone’ in many areas is using it. For many of us, our parents are using Facebook and watching Netflix over it. Over 50% of Google’s American traffic is over it. It just works.
Most do not.
There are far more single person, small, and mid sized companies that do not.
This includes b2b, regional ISPs, etc.
It works plenty well. I access everything accessible via IPv6, and the rest through their 464XLAT, transparently.
My LAN still has IPv4, because some ancient network printers don't know IPv6. OpenWRT on my router supports IPv6 just fine. Of course I do not expose any of my home devices to the public internet, except via Wireguard.
From my perspective:
• CGNAT is a feature, not a bug. I'm already deliberately behind a commercial VPN exit node shared with thousands of others. Anonymity-by-crowd is the point. IPv6 giving me a globally unique, stable-ish address is a regression.
• NAT + default-deny inbound is simple, effective security. Yes, "NAT isn't a firewall", but a NAT gateway with no port forwards means unsolicited inbound packets don't reach my devices. That's a concrete property I get for free.
• IPv6 adds configuration surface I don't want. Privacy extensions, temporary addresses, RA flags, NDP, DHCPv6 vs SLAAC — these are problems I don't have with IPv4. More features means more things to audit, understand, and misconfigure.
• I already solved "reaching my own stuff" without global addressing. Tailscale/Headscale gives me authenticated, encrypted, NAT-traversing connectivity. It's better than being globally routable.
So yes, my parents are using IPv6 to watch Netflix. They're also not thinking about their threat model. I am, and IPv4-only behind CGNAT + overlay networking serves it well.
"It just works" isn't the bar for me to adopt IPv6. "It serves my goals better than IPv4" is the bar, and IPv6 doesn't meet it. Never has, never will.
IPv6 wasn't designed as "IPv4 with more bits." It was designed as a reimagining of how networks should work: global addressability as a first-class property, stateless autoconfiguration, the assumption that endpoints should be reachable. That philosophy is baked in. For someone like me, whose threat model treats obscurity, indirection, and minimal feature surface as assets, IPv6 isn't just unnecessary, it's ideologically opposed to what I want.
Want me to adopt a new addressing scheme? Give me a new addressing scheme, don't impose an opinionated routing philosophy on me.
It is well supported, easy to configure, private, secure.
...and I don't have to configure and secure ipv6 in parallel
I'd love to test all the internet services I host to make sure everything works over IPv6, but I can't. At least, not without using a 4to6 relay of some sort - but that adds latency to everything I do.
I just checked - apparently my ISP is "evaluating IPv6" because they're running out of IPv4 addresses and want to use CGNAT for everyone. I suppose its not the worst reason to switch to ipv6. But they've been making excuses for years. I really wish they'd get on with it.
2. Actual implementation MUST be ubiquitous (it never will be) some examples - glo fiber in Virginia, and while I can get pfsense assigned a ipv6 address, there is usually no upstream gateway (meaning that if I disable IPv4, I will not have internet). I say usually because of four times I've checked, once I did get assigned a gateway which was unresponsive even to icmp.
Starlink roam - assigns ipv6 but no bridge so if you disable v4 you lose access to most internet.
Frontier FiOS in Florida - does not support ipv6 at all on my node. I have seen business nodes in Orlando/Tampa assign addresses with bridging but again, without browser or dns translation it's not a practical solution.
3. 'Everyone' is not using ipv6, everyone plugs in or logs into a device that has whatever network stack it has. Those users are not suddenly going to jump through hoops simply to avoid CGNAT and get a unique network address
4. Infrastructure; I have two modest half racks on the east coast at decent sized datacenters (esolutions and peak10), neither of those hosts offer ipv6 routing blocks by default. No provider I have gotten quotes for offers ipv6 by default
The more technically knowledgable you happen to be on the subject, the more you realize IPv6 is some unreliable thing when compared to IPv4. Perhaps no longer niche though.
It's unfortunately still an afterthought for many backbones - and not just US-centric ones. There is a noticeable difference in performance metrics from clients served via IPv4 endpoints vs. IPv6 for web assets in the same locations from the same transit providers.
It is pretty much the opposite of "just works" depending on your definition of "just works". It results in more Traffic Engineering per bit served by a large factor compared to IPv4.
Where can we read some examples of this
I've read commentary about pros and cons of IPv6 over the years but never anything that suggested IPv6 was "niche" or "unreliable"
My own home is Verizon, and they simply do not offer IPv6 in my area (nearby Washington DC).
In theory this makes sense, but in practice my personal experience is that not a single wireline ISP I've ever seen deploy CG-NAT offered IPv6 service at all, nor did any of them indicate any intent or even interest when asked about it.
The mobile providers on the other hand have almost entirely gone IPv6-first, using 6>4 transition methods as the default form of v4 access which I fully support.
4>4 CG-NAT should never have existed and providers who deploy it without offering fully functional v6 should be shamed.
I said the same thing for 6-6-16 too.
I have some services on IPv6 only, but it rarely convinces anyone that they need IPv6 connectivity …
- random slowdowns
- horrible routing
- larger packet overhead
- hated by a lot of the people who run the internet
- hated by companies who provide ddos protection
- my poor TCAM cache in my budget routers
- supporting ipv6 is really expensive in chassis routers
However, I believe there is a solution: Swap ISP's to IPv6 only, swap to IPv4 unless there is an IPv6 route present then directly forward. This solves quite a few issues: Once every ISP has IPv6 you can drop ipv4 and swap directly to ipv6 without having to split your TCAM. This works because IPv6 can encode IPv4 in it.
- this is from speaking with various techs in the space and holding an ASN
- T1 ISP's will never put in the work to make switching to IPv6 easier.
Which can be fine if you have a /solid/ transition plan to move networks wholesale from v4 to v6. They absolutely failed on this point and almost purposefully refused to carry over any familiar mechanisms to make dual stack easier to manage.
It's a University protocol that escaped into commercial usage based mostly on false fears of global routing table size becoming unmanageable or impossible to store in RAM. The results are absolutely predictable.
(Needing to dedicate time for it is, to some extent, either a failure of the protocol or at least a contributor to the lack of adoption.)
You know the list of "benefits" is thin when the second item is entirely theoretical. Even though IPv6 doesn't have to do NAT traversal, it still has to punch through your router's firewall which is effectively the same problem. Most ISP provided home routers simply block all incoming IPv6 traffic unless there is outbound traffic first, and provide little to no support for custom IPv6 rules.
Even if that were not an issue, my bet is that there are close to zero popular games that actually use true peer to peer networking.
That's why most routers use a stateful firewall. Then nothing has to "punch through" it just has to be established from the local side.
> block all incoming IPv6 traffic unless there is outbound traffic first, and provide little to no support for custom IPv6 rules.
This is why STUN exists.
> my bet is that there are close to zero popular games that actually use true peer to peer networking.
For game state? You're probably right. For low latency voice chat? It's more common than you'd think.
I suspect that what will actually end up being implemented, will be a core subset of the spec.
We'll have to see what's still standing, when the dust settles.
Reasons given: the security policies say ipv6 is not safe enough.