[thomseddon]

We're an ISP, most of our customers are businesses. Of those, around 50% opt for a pre-configured LAN (i.e. we do NAT and usually CGNAT too).

For the rest we provide a static IP address, so we'll allocate a /30 (block of 4), and they get a single usable address which they will assign to their own manged router/firewall.

For the majority of our customers "networking" is either handled as overflow for their in/out IT resource or often by someone remotely savvy with tech.

For most of these people networking ranges from an infrequent concern to a vague mystery that can be sorted with a bit of googling.

For most, deploying and testing IPv6 has absolutely no upside and quite a bit of potential downside, that's because "everything works" on IPv4 and configuring IPv6 is just another potential source of error.

In addition, most people who opt for this setup do so in order to expose some internal service to the internet (port forward), again there is usually zero incentive to also deploy IPv6 as they can't be sure their client device will be using v6 when they come to connect, but they know it will support v4, everything does.

And so herin lies the issue, it's chicken and egg, they know they need v4, not every server they access or client who accesses their forwards supports v6, so they _have_ to implement v4. As such they see no reason to "faff" about with IPv6, and I don't really blame them.

We're considering charging more for dedicated v4 and possibly offering a free translation service (another point of failure :() but honestly, most would just pay the extra and then just resent us a little more. Our competitors continue to acquire v4 space as we do, this is what our customers want.

Until there is v6 only content (but who is incentivised to do this?) then I can't see any incentive for these users.

[privateSFacct]

I made a major push to try to get IPv6 running at a small business.

In the end, despite the ISP at the business supplying IPv6, and getting some client side IPv6 going with OTHER ISPS (a pain) it fell over because.

1) Things like the VPN client software didn't get routes right when client side network was IPv6 oriented so VPN connections broke - a no go.

2) We had to continue to offer ipv4, as folks in the field were not guaranteed an ipv6 connection back.

3) The WAN fallback / failover stuff didn't seem to work well with IPv6 (another ISP to work out IPv6 with).

4) Security folks continue to be worried about giving all machines in a business globally routable addresses. The tools say NOT to filter ICMP when you run ipv6 reachability, the security people say to filter ICMP. Too much of pain to figure out who is right and if/how ipv6 changed ICMP

5) ipv6 seemed to purposely make this transition harder than it needed to be. I don't get why they couldn't have kept a simpler / more familiar framework with ipv6 as an option, even if less ideal. Ie, DHCP vs autoconfig stuff, ICMPv4 style instead of having security folks worrying me about the weird things unfiltered ICMPv6 might do. Seriously, make the goodies / cool stuff the add ons.

[pilif]

>Too much of pain to figure out who is right and if/how ipv6 changed ICMP

then let me make this easy for you: ICMP has become a vital part of the inner workings of an IPv6 network. You will break all kinds of functionality by dropping ICMPv6 packets.

If you are concerned, then drop ICMP echo requests and replies, but absolutely do not drop any other ICMP packets or you'll be one of those people that turn off ipv6 "because it's too hard to make it work" (no shit - when you actively break something, it's hard to make it work).

[cmroanirgo]

> ICMP has become a vital part of the inner workings of an IPv6 network. You will break all kinds of functionality by dropping ICMPv6 packets.

You've just neatly described my experience (and naivety), because I've always dropped ICMP and wondered why ipv6 never worked. In all of the articles I've read on getting ipv6 to work, this had never been explained.

[toast0]

The key thing with ICMP is for the love of Pete, don't drop valid ICMP type 3 (destination unreachable), specifically subtype 4 (fragmentation needed, but don't fragment set), because that breaks many real world connections on both IPv4 and IPv6.

[pas]

> push

Thanks for trying! I did the same round. Tried to get v6, and finally gave up, because everything was broken in very stupid ways.

> I don't get why they

Because it happened in the early 90s, and since then all the RFCs that got layered upon that had to try and keep things consistent.

There could have been a simpler thing, but it was scrapped. IPv5 is missing for a reason.

And the goodies cannot be opt-in, otherwise no one will opt-in.

Of course this leads to a very slow deployment, because v4 with a lot of hacks just work, and will continue to work. It's easier to encapsulate things in DTLS (TLS + UDP) and gRPC and whatever (and deal with all of that in end user software) than trying to convert the whole World to IPv6.

> DHCP vs autoconfig stuff,

There's DHCPv6, so you don't have to use SLAAC.

[Dagger2]

> I don't get why they couldn't have kept a simpler / more familiar framework with ipv6 as an option, even if less ideal. Ie, DHCP vs autoconfig stuff

That's a statement made with 20 years of hindsight behind it. But if you had an extra 5 or so years of hindsight then it'd make more sense.

DHCP only predates IPv6 by two years (October 1993 on RFC 1531, vs December 1995 on RFC 1883). AppleTalk and Novell NetWare were still fairly common around that time. You're looking at DHCP as if it's ubiquitous, which indeed it is now, but it certainly wasn't while v6 was being developed and wouldn't be until a good few years afterwards.

In fact, router advertisements were defined in RFC 1256 in 1991, so they have two years of seniority on DHCP -- although I suppose you could make an argument that DHCP is a standardized set of BOOTP extensions, and that BOOTP has been around for longer.

[BurnGpuBurn]

Those are basically the same reasons why I don't use v6 at home and have turned it off in my home router. Everything just works with v4. v6 is a potential source of error and/or security risk.

I haven't felt the need to learn more about v6, and it is quite complex so it'll take me a day or so to learn enough to be able to configure my network and know that I haven't screwed that up. But I keep putting that off. There's far more interesting stuff to learn and do.

I would've gladly accepted and adopted a version that's just IPv4 plus 16 bits of extra address space, and anything else exactly the same. That would've solved the original address shortage problem, and would be a breeze to configure.

For me, and I think for a lot of people, the complexity and thus cost of v6 dwarfs the potential benefits and therefore that complexity is the primary force holding back its adoption.

[vetinari]

I actually find IPv6 simpler than IPv4. It is extra address space plus some warts fixed.

However, at home I'm using IPv4 + henet tunnel, because the native IPv6 offer from the ISP is unacceptable. At work, we are using IPv4 only, and no plans to switch, because it would be extra work with zero benefits.

[zAy0LfpBZLC8mAC]

> I haven't felt the need to learn more about v6, and it is quite complex

No, it isn't.

> I would've gladly accepted and adopted a version that's just IPv4 plus 16 bits of extra address space

That's what IPv6 is for the most part.

> That would've solved the original address shortage problem, and would be a breeze to configure.

So is IPv6.

[pas]

You are right, but it doesn't matter. Because even if v6 is easy to configure, usually the things you can't configure are broken and they are hard to fix. For example your upstream provider is stupid. Or a client's software, or some 3rd party server somewhere you have to live with.

[tuomosipola]

My ISP broke their IPv4 gateway one weekend. Fortunately they have their IPv6 stuff working in parallel. I was surprised that only maybe half of the Internet is reachable via IPv6, and there was no pattern which sites worked and which didn't. There's still some work to be done before IPv6 is usable.

[kalleboo]

One Windows PC on our LAN got flipped into "internet sharing" mode, causing a DHCP battle which randomly killed IPv4 connectivity. That one was weird to diagnose at first since random sites still worked (ones with IPv6 support)

[gant]

Is there a reason you assign a /30 instead of doing point-to-point routing?

[thomseddon]

Too many customer devices don't support /31 subnets unfortunately, for example with Draytek we've seen an issue where it would accept the 255.255.255.254 subnet but we'd see a whole raft of connection issues making the connection unusable.

If we provide a dedicated IP for a connection where we provide the LAN we just put a single /32 on the loopback and NAT onto this which is obviously much more economic with addresses.

[vbezhenar]

Why this subnet thing is even needed? I don't understand it. Why not provide just a single IP address? Seems like big waste of addresses.

[pas]

Because a lot of things that should be thrown into a volcano are used as routers. And routers need their interfaces configured. And the upstream interface needs to be in a network. And so that network needs a broadcast address, the router needs its own address, there needs to be a next hop address, and since you can't allocate 3, you do 4.