[Control8894]

My employer also disables it (choice made above me). And I get it. It really is duplicating lots of work for absolutely no benefit (to the organizations doing the work).

It's a shame that you're getting downvoted. I'm sure a lot of those people are shouting at their screen "well just learn it" but even if you're familiar enough with all the stuff it changes (RA, NDP, heck the lack of NAT), it's still a ton of work to get it properly set up and worse yet to maintain.

[crote]

The whole duplication doesn't have to be as bad as it might seem at first glance.

Large companies (and even ISPs) seem to be going for "IPv6-mostly" rollouts. Basically, everything is done primarily using IPv6, with fallbacks to IPv4 only when strictly necessary. This means IPv4 traffic gets converted to IPv6 at the client, forwarded over an IPv6-only network, and turned into "native" IPv4 for the internet at an edge NAT64 gateway. Legacy IPv4-only devices (printers and such) get an isolated vlan with its own gateway, and will of course be replaced with IPv6-capable alternatives as soon as it's appropriate.

I agree that for smaller companies it's relatively little benefit for the amount of work required, but if you're overhauling your network for other reasons anyways it makes little sense not to do it.

[Control8894]

Yes, IPv6-first is definitely the way to do it. Just be careful not to run into Github's issue (https://www.githubstatus.com/incidents/5y8b8lsqbbyq) or Google's issue (https://i.imgur.com/4gGECJ9.png - in case you're not familiar, 2002:: is the 6to4 prefix, and 2002:a0 is the 6to4 version of 10/8, so I guess somehow I was deleting old users from within Google's own network!)

[bobbob1921]

I’m sure this will annoy some people, but two hurdles for me in adopting ipV6 is, #1-it’s difficult/impossible to memorize the long v6 addresses versus the easy to remember ipv4 addresses (both public and private addresses I’m referring to). #2-lack of knowledge/understanding of how V6 addresses route versus a fairly deep knowledge of V4 addresses route/subnets.

[p_l]

The basic idea is that whenever you find yourself memorising an IPv4 address, there's a failure somewhere. Possibly at policy and governance level.

Hell, if you run a modern Microsoft domain (think newer than Windows Server 2008), you're hamstringing yourself if your network is IPv4 only, because since NT6 Windows is IPv6 first system, and there are indeed some corporate features that do not work if services aren't available over v6.

[Control8894]

> The basic idea is that whenever you find yourself memorising an IPv4 address, there's a failure somewhere. Possibly at policy and governance level.

Sorry, but that's a load of manure. It's not just about memorizing.

People break their DNS so often that it's a meme.

Not everything automatically does a reverse lookup on every address it sees, and when it does rDNS could quite easily be broken.

So when you need to figure out if a device is in the same building as you, is it easier to say "1.2.3. - oh, that's my building" or "1234:5678:90ab:cdef:1234:5678:90ab:: - oh, that's my building"?

> Hell, if you run a modern Microsoft domain (think newer than Windows Server 2008), you're hamstringing yourself if your network is IPv4 only, because since NT6 Windows is IPv6 first system, and there are indeed some corporate features that do not work if services aren't available over v6.

Like? I mean I avoid using MS where possible so I probably just haven't seen it but I'm quite curious what's dependent on it.

[akdev1l]

> So when you need to figure out if a device is in the same building as you, is it easier to say "1.2.3. - oh, that's my building" or "1234:5678:90ab:cdef:1234:5678:90ab:: - oh, that's my building"?

This is a very poor straw man.

In IPv6 world you wouldn’t use all the significant digits randomly and because you have so many you could actually use one of the octets to perfectly encode the building information:

Building 1: 2001:1:: Building 2: 2001:2::

(You can go further with this concept and encode region/country/state/etc into the addressing as required)

[Control8894]

This is a very poor straw man.

In IPv6 world you wouldn't get 2001::/112, you'd get 2001:1234:5678:90ab::/48. So your building might actually be at best something like 2001:1234:5678:90ab:1::.

[p_l]

That's for globally routable addresses, which you wouldn't get as nicely allocated in v4 either, if at all.

For equivalent of 10./8 space, you'd have ULA, which can be subdivided this way just fine (and arguably since fc00::/8 is left in limbo, you can use that. Or just decide to fit whatever addressing scheme you decide into 80 bits left after typical fd00::<48bit random>/48.

So sorry, your v4 strawman isn't too good either.

[p_l]

> Sorry, but that's a load of manure. It's not just about memorizing.

Ok, not just memorising. It's also the culture of cargo culted broken network designs, of excel spreadsheets from hell, of thinking everyone can memorise or put few post-its with IP addresses important to them so you don't need to care for DHCP and DNS or actually setting up routing instead of throwing a ton of NATed 10.0.0.0/8 or 192.168.0.0/24 then crying when there's a need to setup 5 layers of translation to connect two services (been there, done that, kept the scars).

As others pointed out, you should have anycast addresses for core network services (DNS at least).

IPv6 arguably even makes it easier because link-local automatic configuration actually works unlike v4 APIPA, well enough to discover and talk to other nodes on given L2. I still remember my happy surprise when HP ILOs used that to let me configure them over network by just connecting to same vlan, something I can't do on v4 without messing with DHCP rules.

The fact that link local actually works, combined with multicast and predefined multicast addresses like ff02::1 or the addresses for mDNS, DNS-SD, LLMNR etc mean that you can actually get somewhere without configuring IP on the link.

Do you need to learn new things, and possibly rearchitect the network? Sure. But it's because v4 was deficient.

Also, more often than not, the "it was DNS" involves "resolver not configured" or "put BS in DNS got BS back now crying".

> Like? I mean I avoid using MS where possible so I probably just haven't seen it but I'm quite curious what's dependent on it.

Essentially entire promise of DirectAccess, the transparent VPN system added in Vista, depends on the office network being IPv6-clean (as in, no user-used services that require v4 connectivity). Originally it required IPv6+IPsec connectivity at client side, due to lack of wide availability various fallbacks were added in Windows 7.

It's also why Vista and later had such a push to autoconfigure Teredo and similar V6 transition technologies.

[Control8894]

Should is not does, and also LOL @ anycast for some SMB's internal networking. Yeah, good luck with that bud.

> when it's broken it's broken cuz you broke it

No duh, but that doesn't make it any less broken.

[p_l]

"bad implementation and bad network design being easier to live with in v4" is not the winning argument you think it is.

Forcing the change seems to be the only way to fix some networks and some software, in fact.

> No duh, but that doesn't make it any less broken.

Nor does it make ones inability to ship minimal HOSTS file any less bad.