offtopic:
ipv6 is fine, but the ipv6 internet is just broken
few days ago I had ipv6 enabled on my pi4 and was trying to update it, turns out that the ipv6 address of archive.raspberrypi.org was returning 404 (its fixed now)
but it took me like 3 seconds to just net.ipv6.conf.all.disable_ipv6 = 1, and i am not gonna enable it until something on ipv4 does not work
(and by ipv6 i mean native ipv6 from my ISP)
it has been like that for the last 15 years, since we gave native ipv6 to our users in my ISP, people just had worse experience than not having it.
Right. Dual stack IPv4 + IPv6 is strictly worse for reliability than plain IPv4 because both stacks need to work perfectly or you'll encounter issues. In that sense it provides the opposite of redundancy.
Happy Eyeballs (RFC 8305) is the typically touted solution, but even that doesn't help in the scenario you describe: IPv6 connectivity wasn't broken.
The problem is simply that we now have twice as many things that can go wrong and no plausible route away from dual stack in sight.
IMO, it is frequently seen as a solution in search of a problem, that breaks things and makes things harder when used to no real benefit. Whether any of that is accurate is left as an exercise for the reader.
Importantly it really did not focus on actually supporting a migration (ie, IPv4 only nodes connecting to IPv6 only or visa versa). And yeah, it scrambled up lots of things for very little gain - even big players like Google took a while to support it across their entire stack.
I worked at an (residential) ISP and not a single customer has ever asked about IPv4 or IPv9 or any IPvX. They were buying 'Internet' or even 'Wi-Fi'. Now, on on the DSL reports there are plenty of questions 'When will ISP_X will support IPV6'
> I work at an ISP and not a single customer has ever even mentioned IPv6. There zero demand on the residential side.
It is one of these things that customers who know they want it will look for an ISP that offers it. There is no point in asking one who doesn't in 2021 because they will be like "oh we will look into it", and then close your ticket.
> I am a customer, and I just filter out providers that don't have IPv6 as I assume they are incompetent.
> I wouldn't waste time asking someone to support it. It's 2021.
True. Glad to see I'm not the only one who thinks like this. The ISPs that don't support it usually have huge ancient antiquated middle boxes that can't be upgraded. I wouldn't choose an ISP with old cumbersome infrastructure.
You get plenty of requests for the static part of it and less so for actual ipv4. If there was an option for static ipv6 then people would also request that instead. Static IPs have use cases that people in the wild need, however I don’t think anyone cares if it’s ipv4 or ipv6.
My experience was that my ISP (major cell provider) silently moved everyone to IPv6, did DNS64 for most legacy stuff, and provided RFC1918 IPv4 NAT for anything else.
That is one of the most disappointing aspects of ipv6. Even if you implement it perfectly you are still stuck with having to deal with ipv4 with no end in sight. Had backward compatibility been a primary goal, is there any doubt we would have made vastly more progress at this point 20+ years later?
It's an address space expansion. You were always going to need hacky stuff for legacy clients, and for any service that wants to be reachable by said clients.
Exactly this. There is no "backwards compatible" way to have more addresses in a protocol that's wedded to 32-bit addresses. That's just how numbers work. The protocol with a larger address space will be incompatible, and so anybody who seems surprised/ disappointed hasn't even really thought about the problem.
I just got a /32 from ARIN to start implementing it on our network but it is by no stretch of the imagination worth the effort. I will probably have at least 40 hours into testing it and no increased revenue will be realized by it. Maybe IPv6 was the the right thing to due but the practical implementation is ridiculous.
I doubt you'll see more revenue from it. If you're low on v4 addresses and you're willing to put (some) subscribers behind CGNAT, then inplementing v6 should reduce the number of v4 addresses you need and thus reduce your costs.
If you give each subscriber an IPv4, then yeah, added operational cost, no revenue, maybe added capital cost depending on your equipment. Not much upside for a small ISP. In a competitive market, v6 can get you some points with the technical folks, but not many.
There's not much upside for a legacy network that already has all the IPv4 it needs, but an upstart ISP will do well starting with IPv6 and layering CGNAT IPv4 on top. With 30% of the Alexa top 500 supporting IPv6 (and a lot of the top traffic sites like Google/YouTube, Facebook/Instagram, Netflix etc) it will reduce the amount of IPv4 you need to buy
But in this context - I don't think this is helpful. If you care enough (and have means to do it) to move all of your network to IPv6, then you for sure aren't using DoD space internally.
> Once again as a final note: your corporate network may be using the formerly unused DoD space internally, and if so, there is a risk you could be leaking it out to a party that is actively collecting it. How could you know? Using Kentik’s Data Explorer, you could quickly and easily view the stats of exactly how much data you’re leaking to AS8003 (now AS749). May be worth a check, and if so, start a free trial of Kentik to do so.
Not that I don't appreciate the free trial offer. But before getting into data characteristics, I'm curious which addresses should be examined in a cursory internal look-see?
If you're going to look for one such risk you might as well look for them all - if it's public space and you don't own it you should get off it regardless what isn't advertised on the internet today.
Was it ever common to use 11/8 internally? Did people just roll dice because it wasn't being announced? The reference in the post is the first I've heard of people possibly using it.
Squatting on DoD / MoD ranges is rampant. Rogers and T-Mobile have done it.
My employer squats on... another popular range... for a secondary non-routed network. They can't be bothered to egress filter it on the primary routed network so we sometimes have misconfigured systems trying to ship data off to random servers on another continent.
I once worked at a place that used 100.0.0.0/8. At the time that range was not in use on the Internet. Not sure if that was intentional or a fat finger. That place was ran by idiots though, so it was probably the latter.
I mean... yes. And then there's the real world where your parent company has bought a dozen small companies over the years who have things spread across all of the 1918 ranges and you're setting up VPNs and static NAT and RIP and IS-IS paths and... you just do something easier. It's not a _good_ idea, but it's definitely a thing that happens (fortunately, for me at least, it's been a good long time since I've had to deal with that brand of network badness).
There's probably some group of network operators out there who decided amongst themselves that it'd be cheaper and easier to squat the dod ranges when shuffling traffic amongst themselves, than having to wrap each packet with a tunneling header. Or who knows maybe some third world dictator told their isps to use the dod ranges because they mistakenly assumed it would isolate their nation's traffic from the rest of the world. It's a real shame that the linked article doesn't divulge what's actually happening.
The DOD owns all IPs starting with 6, 7, 11, 21, 22, 26, 28, 29, 30, 33, 55, 214, and 215. To a network operator who spends his day filling out forms explaining why he needs each and every /32 I imagine it must make you feel like someone who spends half his income to live in a tiny crumby apartment in a city surrounded by vacant unsecured mansions. The owners of these mansions haven't set foot in them for thirty years. So surely it must be safe to just move in right?
Some corporations have exhausted the RFC1918 address space. After exhausting that they tend to fall back to the space allocated to CGNAT. And once that is finally exhausted they tend to fall back to privately used public IP addresses (PUPI addresses). We allow all of this on GCP in our VPCs: https://cloud.google.com/vpc/docs/vpc#valid-ranges
The problem is that every one reuses the same RFC1918 space and this becomes a problem when you join them all together. For instance I discovered this year there is a electronic payments processor here in Australia that uses the 29/8 space. I'm doing a project for a large retail company that has to route payments to lots of providers. Each one has a different way of handling the conflict - either through properly registered public space, or through NATting to their own or the customers space. I did raise the issue that 29/8 was now actually routable on the internet, and maybe the provider should pick another strategy. But I don't think they see it as an issue mainly because these networks are quite closed and separated from regular internet space
Formerly. But now we have wide v6 adoption so there
is much less incentive to use ambiguous addresses given the security, monitoring, internetworking, complexity etc costs & risks.
I thought it was a flight number and we were about to be hit with months of world news headlines into the investigations of a flight that simply disappeared.
Now it's a twilight zone episode: flight AS8003 disappears over the Atlantic, simultaneously star AS8003 vanishes from the night sky, and every copy of the AS8003 assembler ceases to exist on all media.
> The message above has a timestamp of 16:57 UTC (11:57am ET) on January 20, 2021, moments after the swearing in of Joe Biden as the President of the United States and minutes before the statutory end of the administration of Donald Trump at noon Eastern time.
The questions that started to surface included: Who is AS8003? Why are they announcing huge amounts of IPv4 space belonging to the U.S. Department of Defense? And perhaps most interestingly, why did it come alive within the final three minutes of the Trump administration?
From the linked article on top, as background info. Quite interesting.
Was going to ask if this was related to that story. I had thought it was announcing space to gather some kind of intelligence about traffic to those networks, or do an attack on the tor network by providing it all as exit nodes.
I also speculated that it's possible it has to do with some kind of internal policy where if you don't use address space in a certain period of time, you lose it or it must be sold, and announcing it created a record of it being in use. Depending on for how long it was announced, the captured one-way traffic to it would provide a snapshot sample of source-dest relationships in that address space for a map.
It could also have just been used as an internal DoD ASN and it got leaked and announced by mistake, with all those routes redistributed into the announcement, though we'd have to look at the data to really recognize that error. A political hypothesis was fun, but unless it yielded evidence of some underlying activity, there seem like other explanations that could indicate the cause.
I'm surprised kentik is still around. They were selling an inferior product to a company I worked at that was bought by Nokia. I figured they would've gone out of business by now.
Nobody wonders why Microsoft is still around. Selling a technically inferior product is not a problem if you can find customers. There can be many reasons. Markets are far from perfect.
