Hacker News new | ask | show | jobs
by jiggawatts 862 days ago
It's almost certainly worse in Azure than AWS.

Random examples:

Azure hands out contiguous blocks of 16 IPv6 addresses. No, not a /56 or anything useful like that. Sixteen addresses.

If you enable IPv6 in some virtual network, other peered virtual networks will have unrelated services just break. Like Postgres, Azure VPNs, and more.

There are no IPv6 to IPv4 gateways, and you can't even build such a thing yourself without enabling IPv6 in the whole virtual network... which breaks other networks!

Azure NATs IPv6, defeating the entire purpose of the thing. It's basically IPv4 with extra steps.

Azure doesn't support IPv6 for any of their PaaS offerings, especially not in their firewall rules.

Etc...

If you think there are excuses for any of this, consider this: IPv6 has been a standard for two decades and Windows has supported IPv6 since 2000.

I like to swap IPv4 and IPv6 in any sentence to gauge the insanity of it. E.g.: "Enabling IPv4 breaks unrelated services in other networks" would have you running for the hills, would it not?
2 comments
charcircuit 862 days ago
>you think there are excuses for any of this, consider this: IPv6 has been a standard for two decades and Windows has supported IPv6 since 2000.

That's like complaining that Linux came out in the 1990s yet Photoshop doesn't support Linux. Like how it doesn't make economic sense for Adobe to support Linux, it doesn't make sense for a lot of organizations to additionally support ipv6 when they can just support ipv4.

link
jiggawatts 862 days ago
Microsoft was an early IPv6 adopter, they even experimentally "forced" it onto their customers by making their DirectAccess VPN tech IPv6 only! They control both Azure, and the OS it runs on (Windows). Sure, bits of it runs on Linux, but they have their own distro of that too that they control (Mariner).

This would be more like complaining that Linus Torvalds prefers not to use open source software.

link
suncore 862 days ago
That should be 16 IPv6 /64 networks, right? Which means Azure gives you a /60 prefix, I guess?
link
cpressland 862 days ago
No, he’s right. Sixteen singular addresses. And those a quite expensive for what they are.
link
jrpelkonen 862 days ago
Very prudent of them to not hand those addresses out like candy. They don’t want to wake up one morning and realize that they’ve run out!
link
jiggawatts 861 days ago
It’s easy to guess what happened: they developed an IPv4-only network stack and baked the limitations and constraints of IPv4 into it: private addresses are mandatory, public addresses are scarce, and NAT is required.

Then they got told to “do the needful” and make IPv6 happen, so they did… by weaving IPv6 support through the tangled briar patch of their codebase. They wove it through the NAT, the tiny public address blocks, and the mandatory private address spaces on virtual networks.

The result is IPv4 with a sticker on it with a hand-written label that says “IPv6”.

“Job done boss!”

link