World IPv6 Launch Day Underway

A number of readers have written in with stories related to today's permanent rollout of IPv6 by several major organizations. From the looks of it, for the 1% or so of end users with IPv6 support, everything is going smoothly. For those not so lucky to have IPv6 already, an anonymous reader writes with (mostly) good news: 60% of ISPs intend to enable IPv6 by the end of 2012. For business users, darthcamaro provides some words of caution: "...the Chief Security Officer of VeriSign doesn't think IPv6 should be turned on by a whole lot of people. The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed. 'If you don't have that visibility into IPv6, you should probably consider explicitly disabling IPv6 on your systems until you can take a very concerted approach to enabling IPv6 in a secure manner,' McPherson said."

Verisign != Verisign

[tepples]

This is Verisign the operator of the .com and .net registry, not the other Verisign the certificate racket. The CA business was sold to Symantec in August of 2010. So don't mix this up with the recent news about the $99 fee to get your signed with the UEFI key that will be preloaded on every Windows 8-certified PC motherboard; that's all VeriNorton.

slashdot?

[pe1rxq]

So when is slashdot going to leave the dark ages?

Re:slashdot?

Pff, first you want unicode support and now this.

Re:slashdot?

[oodaloop]

I read that as unicorns at first, and I thought, "No, I just want ponies!"

I am the 1%

[Galestar]

With IPv6 support

Re:It will be a pain in the ass to remember...

[pe1rxq]

Google for this thing called 'DNS' it has been around for a while....

Re:It will be a pain in the ass to remember...

[i+kan+reed]

Humans have different needs than computers. It's almost like we need a table of easy to remember names that can be used to look up IP addresses automatically by a computer. Then that table needs to be distributed automatically to all the ISPs in the world. That'll never happen. Sounds impossible.

Re:It will be a pain in the ass to remember...

[bersl2]

DNS, or even a hosts file if you must

Also, the hex makes it easier to make words in statically-assigned addresses.

so what is ipv6 good for?

[alen]

other than having every single device have a unique public IP that is a wet dream for google and other marketers?

Re:so what is ipv6 good for?

[pe1rxq]

Peer to peer (the way connections were intended) actually works without strange workarounds.

Re:so what is ipv6 good for?

[gman003]

Well, no more fiddling with port forwarding to make game servers, video chat or anything else work. No more dealing with public/private IPs, or the whole NAT shitpile.

Oh, and it also makes mandatory certain things like IPsec, and should speed up packet processing by eliminating fragment reassembly (which was also, historically, a common source for security exploits).

Oh, and while every IP belongs to only one device, there's nothing saying every device should have only one IP. You could easily assign more addresses to a single IPv6 host than the entire IPv4 internet *has*. So anyone trying to track visitors based off IPv6 address will be easily fooled by anyone who tries.

Re:so what is ipv6 good for?

[gstoddart]

No more dealing with public/private IPs, or the whole NAT shitpile.

And yet I predict internally companies will still use public/private IPs (10.x.x.x anyone?) and use NAT. My internal private network will continue to use a NAT'ed firewall.

I predict this will mostly affect stuff outside of the firewall, not inside. Most companies will probably keep their internal network on IPv4. There's no way they're going to want all of their machines with an internet addressable location.

Oh, and while every IP belongs to only one device, there's nothing saying every device should have only one IP. You could easily assign more addresses to a single IPv6 host than the entire IPv4 internet *has*.

Which just sounds like more admin work that people won't want to do.

I think IPv6 does bring some usefulness, but I just don't foresee everybody changing how their internal networks operate. And I can also see a huge amount of consumer type stuff taking years before it has transitioned. IPv4 isn't going to go away overnight.

Re:so what is ipv6 good for?

[DarkOx]

Oh, and while every IP belongs to only one device, there's nothing saying every device should have only one IP.

You and the grand parent are missing the obvious outcome.

For the most part home users are going to end up with /64s some ISPs might be generous and hand out something bigger but I suspect most will decide not do so in the end.

Does that mean you can put 1,50,100,1000,10000 addresses on device sure, but the network portion the addresses will be the same. That network address is going to uniquely identify your household just like your full ipv4 address does today. Marketers will just assume that each /64 subnet is unique to a user or house hold. Just like the assume on ipv4address is an entire house hold behind NAT.

It changes little to nothing with regard to track ability.

Re:so what is ipv6 good for?

[DarkOx]

I predict this will mostly affect stuff outside of the firewall, not inside. Most companies will probably keep their internal network on IPv4. There's no way they're going to want all of their machines with an internet addressable location.

Addressable and reachable are two different things. I'd love to lose all the NATs around here.

One globally unique identifier will be handy even though I would never dream of letting most machines ingress or egress traffic to the internet without passing through some hardened application layer proxy.

Honestly it will make the firewalling and routing much more strait forward, easier to quickly understand the impact of changes on and therefore far more secure.

Re:so what is ipv6 good for?

[unixisc]

The first part - there will still be a need for private addresses, not for NAT, but for people who need to communicate within LANs, not the entire Internet. They'll do fine w/ link-local addresses, or as you say, be dual-stacked - be IPv4 in the inside, and IPv6 on the outside.

The multiple IP thing doesn't have to imply admin work. While people can set up DHCP6 configurations to assign certain addresses to certain computers, vary them and so on, what it means is that when a device is on a foreign network, it can easily get assigned, using autoconfiguration, a temporary but public IP address that will enable it to be as well connected as it was at home. It's not that straightforward when it's going from behind one NAT network to another, b'cos there exists the possibility of it running into an address collision w/ say, another 192.168.0.23

Re:so what is ipv6 good for?

[DarkOx]

You are not leaking much information of any real use.

Your routing tables beneath your gateways won't be visible to anyone outside. So they won't learn anything about your network topology.

If as I suggested you proxy everything, something you should do in a secure environment because you need to know everything that is going in and out, they won't see the address anyway! So they won't know you are using public IPs or not.

Even if you do leak that your internal addressing scheme is to use the public IPs without knowing the topology, and your company having at least a /48 it tells them exactly nothing about how to locate hosts. Think about it a /48 is still many orders of magnitude larger that then the entire RFC1918 space today. Its to big to SYN scan if they have pwnd your gateway, and they can assume you are using RFC1918 address currently not to big to SYN scan.

So even if you don't NAT they still now LESS about your network then they do on ipv4.

Re:so what is ipv6 good for?

[DarkOx]

They don't need to 'scan' anything to track you for marketing purposes they just log where the requests are coming from. When they process their logs they simply only look first 64bits of any ipv6 address, and then enhance reliability the correlation that its the person/device using the same tricks they use now, also including the user agent string, cookies, referrers, date times, etc.

Re:so what is ipv6 good for?

[HappyPsycho]

I'll point out the major reason, we have kinda run out of IPv4 addresses. Not fun when you sign up for new link from your ISP and the response is "Here's your link but we have no ips for you to use it with".

Reason enough? All the other stuff are (useful) side-effects.

As to the security implications, thats the job of a firewall, of which NAT is just a dumb (although statefull) version of.

Re:so what is ipv6 good for?

[tlhIngan]

Addressable and reachable are two different things. I'd love to lose all the NATs around here.

One globally unique identifier will be handy even though I would never dream of letting most machines ingress or egress traffic to the internet without passing through some hardened application layer proxy.

In other words, you're swapping out one box (the NAT) for another (the ALG - application layer gateway, which existed far longer than NAT).

It's still something to admin, and something that'll be a PITA to configure for gaming and what not, at which point people will just say "what does it get me?"

Hell, assuming most people will have their IPv6 machines firewalled off (they'd go to Best Buy and pick off a Linksys "firewall router" for IPv6 to prevent their PCs from getting hacked) and they'd still be poking holes in it to run some game or other, the normal user would definitely start wondering why they bothered spending another $50 on a new router when their old one worked just fine.

And marketers would love the trackability down to the PC level - sure there's the privacy IP thing, but it's defeated if there's a long-running IP connection still established (unless IPv6 has the ability to inform remote hosts that your IP was changing... which has some very interesting implications). Even so, it's usually a day's worth of tracking and a cookie can be used to bridge between days.

Sure malware has a more difficult time scanning a larger range, but htat just means scanning won't be an option. Not that it ever will be purely because firewalls or other things will prevent it from being useful in the first place. Instead they'll just adapt and figure out how to detect new IPs on a local LAN segment and proceed that way (or given the Windows majority, they'll use standard Windows browser techniques to discover).

Between UPnP, ZeroConf (Bonjour) and other methods of discovery, malware will cope just fine.

Re:so what is ipv6 good for?

[asdf7890]

Most companies will probably keep their internal network on IPv4.

Which is fine. My IPv6 hosts don't need to care. Of course they'll eventually need to ensure that they have a reliable v4-to-v6 bridge setup either locally or at their ISP, but that will most likely be easier to setup than changing their whole network to IPv6 would be.

There's no way they're going to want all of their machines with an internet addressable location.

They won't any more than they do now. Public facing routers/firewalls will simply be set not to pass through any incoming connections unless otherwise instructed, just like IPv4 routers do. NAT is a read herring here - before NAT was common things worked fine much the same way as they will work under IPv6 (just with a much smaller address space) in that regard. Most big corporate networks control outgoing connections too (which an IPv4+NAT-only setup generally won't by default) so the one incoming default "block" rule is not going to be a significant amount of extra admin.

I think IPv6 does bring some usefulness, but I just don't foresee everybody changing how their internal networks operate.

Certainly some will, though not all that many in the near future. I suspect it will quickly become normal for new networks to be IPv6, and IPv4 will vanish that way rather than due to mass conversions.

It may not be the case here or where you are but it is already getting to the point in some parts of the world that people will have to be IPv6 all the way as their ISPs have too few IPv4 addresses to hand out to the connecting modems. Said ISPs use some form v6-to-v4 bridging so that IP4v-only servers will be contactable, but while your website will be fine not all protocols will work well through this arrangement. I don't know how common it is, but I know people who have been in Hotels out east where the provided network connections are IPv6 only (presumably with some 6-to-4 system in place so v4 only hosts can be contacted). IPv4 may not die any time soon, but that doesn't mean IPv6 use won't grow rapidly.

The big win I see is for mobile devices like phones - it will make the job of large network providers for those devices easier.

And I can also see a huge amount of consumer type stuff taking years before it has transitioned.

Which is rather unfortunate as these devices are where one of the key IPv4 problems exist (Including phones as mentioned above).

IPv4 isn't going to go away overnight.

No, but IPv6 might grow very rapidly so you can't avoid interacting with it for long even if you stick with IPv4 internally.

Re:so what is ipv6 good for?

[unixisc]

People whose computers are Windows 7, rather than XP, will find that IPv6 is the default for internal networks, unless they choose to disable it for IPv4. And if they have a bunch of toys, all of which recognize IPv6, then some link local addresses will do just fine.

NAT just segments a network, and forces a handover of packets before a destination has been reached. It's true that all devices don't need to be on the internet, just being in their LANs will do. In which case, giving them a link local address is sufficient. Not switching from IPv4 however has this danger that malware will be transmitted in IPv6 tunnels over IPv4, and unless the firewall recognizes IPv6, it will be easily penetrated.

Re:so what is ipv6 good for?

[unixisc]

You are assuming that the source addresses are permanent. However, privacy extensions to autoconfigured addresses makes them temporary addresses, so even if they log them, it's of now use. And if they just take the first 8 words of the address, either they have to know what the new address is, or they have to do a 'broadcast' (actually a multicast to all nodes in that network) or do a scan.

If they do a multicast to all nodes in an IPv6 subnet, they'll just be drowned in unreachability error messages which will bring down their system. After all, say, out of the 18,446,744,073,709,551,616 addresses on that subnet, only 10 are being used. Probability is that before any of those 10 are hit, 18,446,744,073,709,551,606/18,446,744,073,709,551,616 will fail. Do the math.

And I just took a simplified case. Let's say that if there are that many devices, the owner decides to use a DHCP6 server to assign the addresses. A certain number of them may be static, such as a web server or a mail server. A certain range may be dynamic. Let's say that the dynamic ones are assigned to the 10 toys within his network, and are configured to change, say, every 24 hours. The above probability of getting even those 10 addresses right is now reduced. And this also assumes that attacks originating from the same source (or even a network) is unlikely to go un-noticed. If anything, blocking an IPv6 link is a lot easier than attacking a /64 link, since a shield will just look at the first 8 words and block it, whereas the bullets would have to look at the entire 16 words before it can penetrate anything.

Re:so what is ipv6 good for?

[JesseMcDonald]

Ignoring implementation details like whether their existing switches can handle IPv6 traffic as efficiently as IPv4, the change should be a net positive in terms of ISP infrastructure. ISPs which already hand out public IPv4 addresses will just do the same with IPv6. Their routing tables may get a bit simpler due to IPv6's mostly-hierarchical address structure. ISPs which currently use NAT will be able to skip it for IPv6 traffic, reducing CPU load and the management overhead of mapping private IPs onto a limited number of public IP / protocol / port triplets. The end-user has more addresses to work with in IPv6, but the ISP only has to track one subnet prefix per customer for routing purposes, which isn't any worse than the situation today.

One big hold-up is that many high-end routers currently in use offer hardware acceleration for IPv4, but can only deal with IPv6 packets in software. While that's fine so long as IPv6 remains rare, the ISPs will eventually need to upgrade to modern routers with hardware-accelerated IPv6 support.

Re:so what is ipv6 good for?

[Just+Some+Guy]

IPv6 is hierarchical in a way that lets routing table become much, much smaller. It's a huge win in the complexity department, especially with its fixed-length headers that make hardware acceleration vastly easier to implement.

Re:so what is ipv6 good for?

[gstoddart]

policies. LOL. 802.1x is what you need.

Which is fine and lovely if your IT department is willing to implement it.

At the time when the guy was asking for this the response from IT was "we don't care, you have two network drops, that's all you get". So he said the hell with them and got himself the router. They eventually had to resolve his issue because he had about 6 computers in his office.

In many places, IT is still operating like they did in the 90's -- with users needing to beg for scraps because the IT guys just aren't willing to do anything to "their" stuff. Mostly they act like Mordac the Preventer.

Places where IT has learned it's there to support the business tend to be able to get things done better because the tail isn't wagging the dog.

Since I currently work in one of those shops, it's a different mentality -- the business users are the clients, and real business need trumps anybody getting the idea that some infrastructure component is their own little fiefdom to be ran according to their own whims. When a user comes to us, we're expected to find a solution, not tell them it's not allowed.

Re:so what is ipv6 good for?

[DarkOx]

I think we are talking about different things. I am trying to get at marking droids attempting to answer questions like,

How many unique visits to our website did we get?
How many people who visitied our flagship site ultrap0rn.com also visited our FaceSpace page?
How many days a week did Jon Doe surf ultrap0rn.com?
Did John Zoogle ultraDildos after visiting ultrap0rn.com

I don't think in practice ipv6 is going to make this significantly easier or harder for them to do, or have much impact on the quality of their data; for the reasons I have mention.

Re:so what is ipv6 good for?

[Cramer]

Comcast (and other ISPs) use the /128 as the CPE router, and then route a /64 or /56 towards it. I'm not sure what you have to do to get Comcast to assign a /56 to you, but that's what they've said they were going to do. (it might also be a /56 internal allocation, but they're only actively using a /64 at the CPE.) This is all still "highly experimental."

(The agreed upon path is /56 per residential connection and /48 per business, but I'm not surprised to see /64's everywhere.)

Re:so what is ipv6 good for?

[Bengie]

He's saying that companies will just track the first 64bits. Privacy extensions and autoconfig only change the last 64bits. Since the destination network doesn't change, one can safely assume it's the same end-user. No different than tracking an IPv4 address with a NAT. You may not know which exact computer/person, but you can tell it's the same network.

IPv6 multi-homing status

[Bookwyrm]

Did folks ever get IPv6 multi-homed routing straightened out?

It always felt like conflicting goals at work -- on one hand, people wanted to simplify and shrink the size of the backbone routing tables, but on the other, a purely hierarchical routing space removes redundancy. That is, a tree graph has the property that there is only *one* path between any two nodes, which means a purely hierarchical routing arrangement would mean that the idea of 'routing around censorship' would go into the waste bin because there are no alternative routes possible. (Note that I am differentiating this from redundant *physical* links -- this is a matter of administrative links. If there is no multi-homing and the upstream provider is blocking/filtering/limiting traffic, there is no network route around it, physical redundancy not withstanding.)

So any current best practices for IPv6 multihoming for small ISPs/businesses?

REally....

[Lumpy]

"The problem is network security devices in many cases don't scan IPv6. So if you turn IPv6 on, you're screwed."

Funny, The ones here do. In fact the last firebox update said it covered ipV6.

What out of date garbage are people running out there that will not scan ipV6?

Define "enable?"

[Shoten]

For example, when I look at Comcast's site, I see "When Comcast decided to participate in World IPv6 Launch, we committed to enabling at least 1% of our customers with IPv6 by June 6, 2012." So, how does that figure into the 60%? If there are 50 ISPs in the world, but Comcast has 5% of the subscriber base, is that 2% out of the 60%? Or is it 5% Or is it .002%? I'm curious how this 60% number was calculated.

Re:Define "enable?"

[slamb]

I think ipv6 is available across much (maybe most or all) of the Comcast network, but will only be usable with compatible clients with ipv6 DHCP support (and specifically DHCP6-PD for routers.)

More or less. The Comcast blog says "To meet this goal, we launched and enabled IPv6 in over one-third of our broadband network ... we observe roughly 5% of users can take advantage of this. That percentage can increase dramatically if vendors act to enable IPv6 by default in software updates for existing devices and in newly shipping devices."

From what I saw on some Comcast page recently (which I can't find again, sorry), there's no prefix delegation yet, although they claim it's coming.

FWIW, I seem to be in the 1/3rd. Today I switched my Netgear WNDR3800's Advanced/IPv6 setting to "Auto Config" (as opposed to "Auto Detect", which uses 6to4...ugh) and it (somewhat oddly) doesn't show a WAN IP but does show a LAN IP of 2601:9:yadda:yadda:yadda/64. Seems to actually work, and once I disconnected my Mac from the wireless network and reconnected, it had an IPv6 address as well in the same subnet. "ping6 www.google.com" works with round trip times around 20 ms, and Chrome actually uses IPv6 - www.comcast6.net says my IPv6 address at the top of the page where it used to say my IPv4 address.

Re:It will be a pain in the ass to remember...

[zill]

"Google" won't help him. He needs to go to 74.125.226.64.

Re:It will be a pain in the ass to remember...

Thanks smartass, but some of us who run large scale networks and use computers for more than porn and Facebook need to access things by IP, need to be able to look at a routing table and have it mean something, need to look at traffic capture and know what we're looking at, and about a million other ways in which I use IPs on a daily basis. Doing a reverse lookup for every goddamn IP I ever see would be completely impractical. I do recognize the need for it, and realize it's going to happen eventually, but for a lot of us, the non humanreadability of IPv6 is a massive massive headache. Hopefully I'll be out of this shit industry before it becomes prevalent.

Re:It will be a pain in the ass to remember...

[DarkOx]

You have many options, DHCP6, you don't have to use autoconfigure you can still assign all nice consecutive address to each machine if you like. Setup DNS that actually works and use the host names. Best yet and actually probably the easiest to do and still be secure both (dhcp6 server can do the DNS updates so the hosts don't need to).

This is not that difficult, and if you think it is you are in the wrong industry.

Fun addresses

[Powys]

$> dig facebook.com aaaa

Re:It will be a pain in the ass to remember...

[daniel23]

This is IPv6 Launch day. He needs to go to 2a00:1450:4016:801::1000

If Nagios fails to ping google..

[RaBiDFLY]

..or other hostnames with AAAA records:

Add -4 to ping_check command, restart nagios and carry on.
Dan

Re:It will be a pain in the ass to remember...

[bbn]

That thing is broken. Even the default values is transformed wrong. It transforms 127.0.0.1 to 0::7f00:1 but the correct answer is ::1. Then it transforms ::1 to 0.0.0.1. And 0.0.0.1 becomes 2002::1 (WTF?).

What good is it if does not know about the special cases?

Re:It will be a pain in the ass to remember...

[WaffleMonster]

Those long IPv6 addresses are a pain in the ass to remember. So, I'm not looking forward to this.

Use the for..err dns... or manually select your 64-bits of id and things aint soo bad.

It's auto-configured SLAAC addresses which are impossible to remember but it need not be that way if you don't want it to.

Use manual configuration or DHCPv6 to assign reasonable addresses.

Some lucky stiffs have IPv6 addresses shorter than anything possible with IPv4.

Sprint for instance...
http://2600/

Re:It will be a pain in the ass to remember...

[KiloByte]

He needs to go to 2a00:1450:4016:801::1000

That's not a correct URL. You need to enclose it in brackets for any uses that don't expect a bare IP address. Oh, and Slashcode destroys IPv6 literals in <a>.

Re:It will be a pain in the ass to remember...

[Bengie]

All of my Datacenter admin friends told me how wonderful IPv6 is to setup and manage. They told me that they wish IPv4 would just die already. Large network admins love IPv6, other than the learning curve and setup, because routing is clean again.

Re:It will be a pain in the ass to remember...

[compro01]

IPv6 is the final solution to the NAT question.

Now we just need a cure to the people who have been beating their heads against a wall long enough that they think that NAT is/was a good thing.

Re:It will be a pain in the ass to remember...

[IAN]

Doing a reverse lookup for every goddamn IP I ever see would be completely impractical.

Hyperbole much? Recognizing IPv6 addresses is not that different from recognizing IPv4 ones, especially if you assign local parts manually, which you should do for the servers instead of relying on autoconfiguration, for reasons which should be obvious. So, 2001:db8:0:1001::4 is...?

• 2001:db8::/32 is your organization's prefix. You're supposed to know it by heart.
• 0:1001 is, say, Accounting. You know your network's addressing plan, right?
• ::4 is their print server.

With a bit of practice, parsing the IPv6 addresses you deal with frequently will become second nature. If it doesn't, then maybe you're not such a hot network admin.

Re:It will be a pain in the ass to remember...

[Anomalyst]

I have to wonder, how useful is a network of large scales really? Unless your verifying the weights of trucks in convoys.

Some solutions:

[JSBiff]

Well, others have already mentioned some, but let's try to get a list of possible solutions to this problem listed:

* DNS, access machines by name
* For frequently accessed machines, assign "short numbers", e.g.
1234:5678::25 (where 1234:5678 is your IPv6 prefix). For a little bit of added convenience, assign your network prefix to an environment variable, and you can, e.g.

$ ping ${IP6_Prefix}::25

* Run IPv4 *internally* as well as IPv6, then you can access machines on the local network using the EXACT SAME IPv4 private network addresses you've been using for the last 20 years. IPv6 is most useful for accessing hosts on OTHER networks on the global internet, no reason you can't use IPv4 for internal networking.

* If you use IPv6 auto-config based on Mac addresses, and you have a database of mac addresses on your network, I bet vendors will be releasing tools which allow you to automatically parse out the mac address from an IPv6 and show you which machine the address belongs to. That's good enough for machines you don't need to frequently lookup (like individual workstations of employees). For servers, printers, etc, assign "short numbers" as described above, in blocks (e.g. routers and switches might be ::1 through ::100, printers ::200-::300 , servers ::500-::600, etc, then you just have to remember what the short numbers of frequently used devices are.

And watch your latency rocket

[JSBiff]

Yeah, maybe things have improved, but I played with IP6 tunneling for a short time. It was kind of cool, but on IPv4, my typical ping times are 20-80ms to reach most hosts. On IPv6 with tunneling, the latencies were typically >100-300ms. Which, is mostly fine for web browsing, but sucks for other applications.

Re:It will be a pain in the ass to remember...

[bbn]

You sir needs to read up a little on the subject: http://en.wikipedia.org/wiki/IPv6_address

Let me simply quote a few things for you on that page.

"::1/128 — The loopback address is a unicast localhost address. If an application in a host sends packets to this address, the IPv6 stack will loop these packets back on the same virtual interface (corresponding to 127.0.0.0/8 in IPv4)."

So 127.0.0.1 should become ::1.

Alternatively, if you do not want to actually use it for anything, it could be converted into the prefix:

"::ffff:0:0/96 — This prefix designated an IPv4-mapped IPv6 address. "

Instead it was translated into this:

"The 96-bit zero-value prefix ::/96, originally known as IPv4-compatible addresses, was mentioned in 1995[38] but first described in 1998.[44] This class of addresses was used to represent IPv4 addresses within an IPv6 transition technology. Such an IPv6 address has its first (most significant) 96 bits set to zero, while its last 32 bits are the IPv4 address that is represented. In February 2006, the Internet Engineering Task Force (IETF) has deprecated the use of IPv4-compatible addresses."

I did not ask for a 6to4 conversion but even if I did, it would be wrong: http://en.wikipedia.org/wiki/6to4

"For example the global IPv4 address 192.0.2.4 has the corresponding 6to4 prefix 2002:c000:0204::/48."

So 0.0.0.1 would be 6to4 translated into 2002:0:1:: but instead they made it 2002::1.

So in fact, everything that happens on that page is simply broken.