Why are so many websites (and CDNs) IPv4 only?
One of the people in an IRC channel I frequent pointed out a site I've been building uses CDNs that are IPv4 only. I never realized this, I just assumed every major provider had deployed IPv6. Oh, how very wrong I was. A quick check of some major (to me) sites shows a shocking lack of IPv6, including:
- Bootstrap (stackpath.bootstrapcdn.com)
- Discord
- FontAwesome (use.fontawesome.com)
- GitHub/GitHub pages
- GitLab/GitLab pages (self-hosted supports IPv6, but officially hosted GitLab only supports IPv4 due to Azure limitations)
- jQuery, IF you use code.jquery.com (some tutorials use ajax.googleapis.com, which does have IPv6, but an unfortunate amount use code.jquery.com, including the getting started page for Bootstrap)
- Parts of Amazon/AWS (Amazon is IPv4 only, some of AWS is IPv4 only, including S3)
- Stack Overflow/Exchange/etc
An honorable mention goes to Angular's websites because the websites themselves are IPv4 only but the libraries are hosted on ajax.googleapis.com, which is IPv6 accessible. I checked npm, PyPI, RubyGems, and Tildes, and they all support IPv6.
I can understand why companies like Amazon have partial support (upgrading can be a PITA if you're a cloud service provider with uptime requirements), but then you have services like Discord (launched in 2015 with no obligation to maintain service) that only support IPv4. At the very least, I'd expect CDNs referenced by thousands (if not millions) of webpages to be on IPv6 by now.
Am I missing something? CDNs are pretty static, it's just a matter of choosing one that supports IPv6, you don't even need to update your application if you just change the DNS entries.
If you're running your service on IPV4 and it works, why bother changing anything? It's not like IPV4 support is going to be dropped anytime soon.
Keep in mind that these are all very technical minded sites / organizations, who you would expect to appreciate the benefits that IPv6 support brings. I'm looking at you, AWS.
I think we may start to see some serious issues once less developed countries all start to come online. Our system is pretty much at the limit now but imagine if another 4 billion devices get added.
Context: I'm at attempt #6 of running IPv6 (both as a "client" and as a "server").
My guess is because it's just not prime-time ready, setting up IPv6 is straightforward, but then you run into all these weird states where technically it's working but in practice you might as well be down completely.
I'll just give one recent example:
you run your service on both ipv4 and ipv6, the client has an ipv6 connectivity problem (and there's plenty of those... especially on pppoe), they can't access your api endpoint anymore
requestslibrary in python doesn't)For every attempt, there was something silly (at least in hindsight) that broke everything -- so even if I reaaaaally want to have IPv6 support, just... no. I don't have time to be the guinea pig.
This is pretty much it. For many projects, if there is an optional goal that has a small hurdle to overcome, the people running it will decide not to pursue it.
Another factor is that there is a shocking amount of ancient networking equipment still running to this day which may actively be blocking IPv6.
Interesting, so client implementations are still not up to par? Why would IPv6 be enabled by the ISP if they can't get it working reliably?
ISPs are all struggling with the shortage of IPv4 addresses much, much more than any other segment of tech. That's because your average joe now has multiple devices that need internet access - phones, routers at home, laptops, computers, refrigerators, some cars - and eventually you can expect just about anything electronic to have one.
For most people, this is an invisible problem. If you're in the business of connecting everyone in the world as a client to the rest of the internet, however, these problems are starting to enter the danger zone as the number of devices swells. That's why ISPs are hot to change everyone over to IPv6 - so they can recover some of those sweet IPv4 addresses and regain a bit of flexibility in their networks.
That said, this is clients only, not servers, not services. They are expecting you to connect out to the internet, not re-share content from your devices to everyone else in the world. They aren't really implementing a full-spectrum IPv6, just enough of a shitty hack version of it to get data to their clients' devices.
Meanwhile everyone out there running real services and real datacenters is still dragging their feet on adoption, because it's not a problem for them to continue using v4, and because a lot of their legacy systems/hardware don't work well with v6 (and let's face it, v6 is not nearly as stable/proven as v4 yet either). Bringing everything up to v6 is a massive amount of work, auditing, and testing that no one is ever going to do until it is costing them significant money to avoid doing it.
Does you ISP (or the ISP's you're talking about) handle things differently from mine? Every single ISP I've had in my entire life only hands out one IP per account. The number of devices NAT'ed behind that IP is mostly irrelevant to the ISP.
Wireless providers haven't got that luxury, since there's no convenient firewall device to do the natting. I'm honestly not sure why cable companies are pushing v6, unless they plan to eliminate the firewall/router... and yet, all the Spectrum customers in my area are running on v6 addresses now.
True. For some reason I only associate the term "ISP" with wired providers. It does make a lot more sense for wireless providers to be motivated to switch.
It does. The cable company switch worries me a bit. I'm sure they'd love to eliminate the firewall, and ship boxes that just open all those new smart gadgets up to the corporations that are out there waiting to invade our privacy. People are lazy/uninformed enough not to care about it and let it happen, too. Free router upgrade? Sure!
I will always keep BSD in between me and the rest of the internet. pfSense for life.
My answer is that for quite some time, it's been possible to host multiple domains behind a single public static IP. No need to change to IPv6 if your existing public IPv4 range can accommodate.
Not everyone has IPv4 anymore (T-Mobile stopped using v4 years ago), and if an ISP has crappy or unreliable 6RD (or some other 6to4 service), your website will load much slower (or not at all). I know Spectrum used to have annoyingly slow 6RD, and I ended up disabling v6 until they implemented proper dual-stacking, but your average consumer will just assume your site is at fault.
It's interesting how Discord doesn't have IPv6 actually - they use Cloudflare so it's automatic. That means they disabled it manually.
Why does it matter? Can't IPv6 entities connect to IPv4 entities and vice versa?
There are translation services for IPv6 users to connect to IPv4 addresses (6-in-4, 6RD, DNS64/NAT64, etc) which could probably operate in reverse, but I am unaware of any reverse implementations. For IPv6 users, the speed of your connection using these services is dependent upon the provider (Spectrum used to have a slow 6RD server so I ended up just disabling v6 until they implemented dual-stacking), but since these are designed to operate transparently with no configuration (except for the provider operating them), and most users won't know if they're using a native IPv6 website or a website that goes through a translator. If the translator is slow or goes down, the user will only know that other websites (which are v6 ready) load just fine and will assume your website is slow or offline.
Edit: Even if a 4-to-6 solution existed, there wouldn't be much of a use for it. Very few sites are IPv6 only, and that's intentional. Nothing that you'd come across unless you were specifically looking for it. It would be cool to have, but there's no reason to have it since everything outside those few sites are IPv4 capable.
From personal experience; it's not as easy.
At the moment I have a dedicated box running at Hetzner with KVM/Qemu+Lxc. The solution for hosting via IPv6 was essentially to create a tunnel network between the internal firewall and the KVM host with it's own address space where I can forward the IPv6 traffic through. I cannot deploy a proper /64 and there doesn't seem to be an option to get a /62 or more bits so I can deploy more subnetworks.
At OVH, where I previously hosted, IPv6 was essentially broken and didn't work. I'd get frequent packet drops (as high as 20%) and the bandwidth was limited (I suspect even shared).
AWS v6 is as much fun as OVH, the configuration was intensely difficult (about 2 years back) and I couldn't assign more than 1 IPv6 to a VM (just imagine me crying "why?" at the webinterface).
Hosting providers need to get their stuff together and allow their customers to get a /62, /60 or even /56 via RA's or DHCPv6 with the necessary options enabled to allow firewall boxes to forward them via their own RA's. It also needs to be enabled by default and their hosting DNS (ie the hostname the machine gets by default assigned from a subdomain) should include the IPv6 so a simple CNAME will already provide you with IPv6.