Some Telcos and ISPs are Frustrating IPv6 Adoption

An anonymous reader writes: "There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications operators and internet service providers in the country have not adopted IPv6 which raises the issue of compatibility with other networks."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports TechGlimpse.com.

How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to Test-IPv6.com, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."

Hard to support

[Billly+Gates]

Not every level 1 helpdesk jockey in India making $5/hr can do IPv6 subnetting in their heads to fix connectivity problems

Re:Hard to support

[sjames]

To be fair, most of the tier 1 people can't do anything that's not in the flip book. That is, they can guide you to reboot the router. They can giude you to reboot Windows. If you tell them you have Linux they'll tell you that Windows Linux reboots the same way as other Microsoft operating systems.

So no real difference there.

Tell them they have a routing failure in your network and they'll transfer you to premium Windows support to explain to you how to set up your email.

Re:Isn't this good?

[johnw]

See RFC4941. You can set up your devices (or device) so that they keep changing their IPv6 addresses, concealing both which is doing what and how many devices you have.

C'mon Editors

[great+throwdini]

I typically refrain from calling out the staff supporting /., but is it really too much to postfix the submission title with "in Nigeria"? Or is that somehow at cross-purposes with what you all are trying to achieve on this site?

IPv6 is my preferred protocol now

[AlanObject]

I know it is cool here to hate on Comcast but my cable modem service supports it so easily now that I don't see any barrier's to adoption.

I used to use one of my Apple Time Capsules (so shoot me) for my router but when I needed better VPN service I got a $35 Mikrotik and made that the gateway router and the Time Capsules are now bridge-mode Wifi access points behind that.

Fast forward a couple of years and I hear about Comcast has IPv6. I found out that my Mikrotik needed an upgrade for IPv6 support but that was surprisingly painless. Once you have that and turn it on the router gets your IPv6 address assignment from the upstream DHCPv6 server Comcast runs. That gives you a 64-bit "address pool" (which is what Mikrotik calls it) and without doing anything else all your household devices get an IPv6 address according their own capabilities.

Comcast did it right, but you still need the right router software on your end. The Time Capsules didn't cut it but the Mikrotik router did. I can't speak for other products because the router worked and there was no need to try anything else.

Windows no problem. MacOS no problem. Smart phones, TV, cams and all the other junk no problem.

The only reason you need IPv4 at all is because there are still a LOT of servers and services out there that can't be reached by IPv6. But I have had no issue with Safari, Chrome, or Firefox or any other networking application.

The payoff for me is that I run a fair number of VMs out in the cloud. My co-location host is reasonably OK with giving me IPv4 addresses when I need them but now I don't even bother assigning an IPv4 address to a system unless it is for public access. IPv6 straight from my system at home to the VM out there.

Fringe benefit: The public IPv6 addresses, at least those that don't have well-known AAAA DNS records, don't get constantly assailed by bots with dictionary attacks.

Gripe: XenCenter doesn't support IPv6 for management. And it is a mess to try and install a mitigating tool like fail2ban in the XenServer hypervisor. What a pain.

That's my take anyway.

Re:IPv6 is my preferred protocol now

[Rick+Zeman]

Yep, Comcast did it right:

Between me and Comcast, we're predominantly doing ipv6:

        Your IPv4 address on the public Internet appears to be 73.187.x.y

Your IPv6 address on the public Internet appears to be 2601:982:8202:e17x:y:z:z

Your Internet Service Provider (ISP) appears to be Comcast Cable Communications, LLC

Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites. [more info]

HTTPS support is now available on this site. [more info]

Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.
Your readiness score
10/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

**********

Dec 24 16:16:14 miniserv postfix/smtp[70877]: Untrusted TLS connection established to smtp.comcast.net[2001:558:fe21:2a::5]:587: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 24 16:16:14 miniserv postfix/smtp[70877]: 290D24BA85FD: to=, relay=smtp.comcast.net[2001:558:fe21:2a::5]:587, delay=3.7, delays=0/0.08/3.3/0.36, dsn=2.0.0, status=sent (250 2.0.0 TDcyeFggV3vQATDd0e9e13 mail accepted for delivery)

Re:IPv6 is my preferred protocol now

[Rick+Zeman]

>Comcast did it right

Bullshit. They can't even set up a static address range.

Don't confuse architectural design and their overall design with everyday low-level ineptness. Haven't you seen the ads for Comcast techs: "...no experience necessary?" You said it yourself, "...the installer who came" not "the network engineer who came....."
Don't confuse the two.

NAT (IPv4 Address sharing) is not security.

[CraigCruden]

Stateful Firewalls Provide Security (Not NAT)

NAT does not provide any real network security, it actually prevents many security measures.

Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password.

By your argument -- you would be even happier if your ISP shares your IP address across many households (double NAT'd) -- which mine does.

Re:NAT (IPv4 Address sharing) is not security.

[unixisc]

Stateful Firewalls Provide Security (Not NAT) NAT does not provide any real network security, it actually prevents many security measures. Consumer grade firewalls (most of them) built into the modems they get from their ISP -- are often almost useless when it comes to providing real security. Many of them don't even bother to force the administrator to have anything more than the default password. By your argument -- you would be even happier if your ISP shares your IP address across many households (double NAT'd) -- which mine does.

That's tangential to the argument the GP appeared to be making

The GP was expressing concern about a telco, or anyone else, being able to know how many devices you're hooking up to the internet using your service. In other words, if you are paying Comcast $50 a month for a service, it's none of their business how many devices are hooked on to it. Under IPv4, it's somewhat trivial for them to find out. Under IPv6, if security extensions are being used, it no longer is.

Same thing about who's watching what: if Tamara is on Twitter on the laptop, Rick is watching porn on the Android tablet and Kayla is playing Pokémon Go on the iPhone, nobody watching from outside would be able to tell who's doing what if security extensions are used

Re:Isn't this good?

[Ramze]

Yes and No. With a proper firewall, no one can scan your network for devices as it should only allow incoming traffic through that is a reply to outgoing traffic. But, sites you visit from IPV6 devices would show their full IPV6 unique ID on your network -- so say... Facebook or Netflix might know exactly how many devices you have at your home that you use to connect to their services.... BUT, they really know this anyway because they scan for device IDs, browser fingerprinting, etc.

NAT is a hack and not a security feature. It has its own security issues as well.

https://www.internetsociety.or...

IPV6 is only bad if you have no proper hardware firewall between your ISP and your network... or if your ISP is spying on your traffic (in which case, you have bigger issues and need a VPN)

It makes NAT overload option rather than mandatory

[raymorris]

> anonymization about which device beyond the firewall is using a service.

You're not really hiding anything. Between user agent strings, cookies, etc., the trackers know one device from another. In fact since most web access is from mobile devices these days, and mobiles get new IPs all the time, IPs aren't used much for tracking anymore anyway.

Because IPv4 lacks enough addresses, you're pretty much forced to use only one IP for all of your devices. That's a hack and while it works well enough most of the time, for most people, it does have some problems.

You *can* still do that with IPv6; you aren't forced to. As mentioned above, it doesn't do you much good anyway. You can also have your devices randomly switch between millions of IPs. That's as effective as IPv4 NAT. Of course neither do anything when there are cookies involved and sch.

What's the benefits of v6?

[seoras]

I just checked that test URL. 10/10. Nice xmas surprise. I run a couple of popular websites (Amazon EC2's running Ubuntu) so I could add IPv6 easily. But why?
What's the upside to IPv6 for a website? Better Google page ranking? Security? Faster page load? Others?
It's been years since I've worked on IPv6, I was one of the small team who wrote the IPv6 stack for Cisco's high end routers.
So I know the protocol - sort of. It was still in flux back then (15 years ago) with the IETF.
Can someone bring me up to date? As a website master, why do I need it?

Re:What's the benefits of v6?

[Dagger2]

Facebook have done measurements that show v6 as giving ~10-15% faster page loads compared to v4. On some specific ISPs the difference will be even higher (for instance T-Mobile in the US backhaul all of their v4 traffic across the country to the datacenters that host their NAT64 infrastructure, while routing v6 more directly).

Re:Static or dynamic; that's the question.

[rtb61]

They are crippling IPv6 for one reason and one reason only. They have an existing investment in IPv4 addresses that they rent for profit or can sell, IPv6 simply reduces IPv4 addresses from being worth hundreds of millions of dollars to sweet fuck all. The longer they can keep out IPv6 the more money they can make out of IPv4. Straight up greed.

Re:A tale of two Verizonâ(TM)s

[kenh]

Please, turn off smart punctuation - http://lmgtfy.com/?q=disable+s...

9,007,199,254,740,991 is greater than 1

[raymorris]

> Even if my device is randomly hopping among IPv6 addresses, they're all on the same subnet (does that term still apply) meaning they can all be used to id me.

Yes they will be chosen from a range of 9,007,199,254,740,991 addresses or so. Some ISPs will assign you 32 times that many addresses, some a bit fewer, but roughly 9 quadrillion addresses. Compared to your ONE IPv4 address. As someone who has developed security systems which use IP addresses as one indicator of whether it's the same person, I'll tell you it's much easier to track your single IPv4 address than to figure out which 9, or 288 quadrillion, or 18 quadrillion, or whatever might be assigned to the same customer.

> you think I'm the kind of person who can handle user-agent-strings (and other browser fingerprinting) and cookies?

To be 100% completely honest with you, based on your posts I'd guess you're the type of person who thinks they kinda get it, so they make some attempts to hide stuff, and therefore stick out like a sore thumb in the sea of people who present standard, default profiles. When you're the guy who mucks with his iPad's user agent, but of course it still shows iPad resolution, you're the only hot on the whole site reporting 2048Ã--1536 on "Windows" and it makes you very easy to spot.

Re:IPv6 sucks ass

[johnw]

The biggest mistake the IPv6 inventors made was making it incompatible with IPv4 by creating a completely different address space.

They didn't - the IPv4 address space is embedded within the (vastly larger) IPv6 address space. The IPv4 address 1.2.3.4 is ::ffff:1.2.3.4. Any IPv6-only application can thus reference any IPv4 address (although some residual NAT is obviously needed to allow the IPv4 server to reply).

Re:Why are there so few ipv4 addresses?

[Tim+the+Gecko]

First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network.

It was pretty close. World population was estimated to cross 4 billion in April 1974, while the paper describing IP was published in May 1974. Vint Cerf has apologized for choosing 32 bits, saying "The problem is the experiment never ended".

Re: Isn't this good?

[unixisc]

For the same reason that one uses dynamic addresses currently in IPv4: to prevent any attack vectors from pinpointing a device's IP address and then using that to break into the system. In fact, 'security extensions' (which is IPv6's term for dynamic addresses) is the default Microsoft way of assigning addresses to any device: they don't use EUI-64

Re:Why are there so few ipv4 addresses?

[unixisc]

A bit of both. First, back when the Internet Protocol was created, there weren't 4 billion people on Earth let alone 4 billion devices that needed to be connected to a network. Secondly, handling and transmitting 128-bit identifiers would have been a bit much for the computers and networks of that era.

So, as I said, very few (if any) people thought the internet would get as big as it is and systems 30 to 40 years ago wouldn't have been able to handle IPv6 the way systems now can.

Actually, when the Internet Protocol was first created, it was only created for the US Department of Defense and their clients: there was never any intention for this to be used by the entire civilian population of the US, let alone the world. Once it became clear that it was catching on, the IPv6 (then IPng) started.

Also, at the time IPv4 came about, most computers were 8 or 16 bit, much less 32, so having a 128 bit address would have really slowed things down