Support for IPv6

Indeed, but also not everyone gets the payoff that GP did. We did IPv6 only and abandoned it after a while because there were some show-stoppers in our cloud provider that didn't work (at the time, this was a few years ago). It ended up being a good investment in the two people spearheading the work, but otherwise was a waste of time/money.

Same applies for directory services, configuration management, etc. Eating vegetables

No translation, no subnet allocation issue (because no scarcity), global reachability from everybody to everybody (as internet was meant to be), no overlap (because no RFC1918)

The world is much easier when everybody has its own identity.

I'm not the OP, but I expect VPNs are easier to manage because you don't have to worry about slicing up the very, very limited IPv4 non-public space and puzzling out how to resolve addressing collisions between all of the various networks you have to manage. With IPv6 you can just calculate a /48 ULA prefix and allocate /64s for your VPNs (and every other internal network) out of that. If ever you run out of room, just calculate another /48 and carry on... easy!

Not GP but in similar setups I've had good success with using the FWs (typically Fortinet or Palo Alto) as the NAT64 gateway. Hosted services that require 1:1 NATs also end up there anyways so it's a good fit for DC.

Fun fact: US government agencies are required to progressively migrate to IPv6-only environment, beginning with completing at least one pilot of IPv6-only system by FY 2021: https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-0.... Apparently, National Archives decided to pick archived Clinton White House website for this: https://clintonwhitehouse1.archives.gov/

I didn't recommend dropping IPv4. It's a terrible it to start a new project in 2024 without IPv6 support though. It's easy enough to build in from the beginning that there's not any real reason not to go for it.

And running a dual stack is trivially easy for almost everyone using it. That chart has almost half of Google's users coming in via IPv6. I promise you less than 1% of that 50% have ever even heard of IPv6, let alone done a single thing to configure it. With my ISP I'd have to go out of my way to turn it off, which I haven't done because this isn't 2008 where it broke things more often than never.

> Running a single IP stack is infinitely simpler and easier than running two concurrently

I’d say it’s marginally simpler. Unequivocally it’s quantifiably simpler. But infinitely simpler? That’s a pretty tall claim to make.

Depends on your users; there are, for instance, plenty of phones that only natively have v6 and have to use NAT64 to reach v4 websites. So if you have such users, there might be a benefit to supporting v6 directly.

> Nothing's realistically dropping support for v4 any time soon […]

Or potentially ever, as predicted when IPng was being originally thought about:

      We believe that it is not possible to have a "flag-day" form of
      transition in which all hosts and routers must change over at
      once. The size, complexity, and distributed administration of the
      Internet make such a cutover impossible.

      Rather, IPng will need to co-exist with IPv4 for some period of
      time.  There are a number of ways to achieve this co-existence
      such as requiring hosts to support two stacks, converting between
      protocols, or using backward compatible extensions to IPv4.  Each
      scheme has its strengths and weaknesses, which have to be weighed.

      Furthermore, we note that, in all probability, there will be IPv4
      hosts on the Internet effectively forever.  IPng must provide
      mechanisms to allow these hosts to communicate, even after IPng
      has become the dominant network layer protocol in the Internet.

IMO the separate-stack nature of ipv6 was a mistake. I can see why they did it, but the changes could've been a lot more incremental otherwise, and we might've been done already. Everyone talks about the biggest change being the 128-bit address space, but the real leap is that pre-existing ipv4 blocks weren't preserved in ipv6.

IPv4 at the edge and call it a day.

Why build today with deprecated technology ? Build your infra v6-only, add a layer at the edge to support old clients via IPv4. Job's done.

You should design your infrastructure to avoid paying too much for other people's legacy.

I'm on a laptop on an ipv6 only subnet at the moment which mostly does the job with dn64/nat64.

The only benefit of this is to increase familiarity with ipv6. I'm trying to push some colleagues to do an ipv6 only section of our network which has limited interconnect, but there's a lot of concern about devices that still don't support ipv6, and ultimately what's the business reason to do it compared with subnetting 10.0/8 and natting at your firewalls

Not by default it’s not. An ipv6-only deployment cannot natively access an ipv4 network, there is no backwards comparability in the protocol.

It does seamlessly work w/ services like Apple's Private Relay. I was surprised to see an IPv6 address when checking my IP address on external websites. Maybe eventually proxies like this might be the solve for this.

how can I access IPV4 stuff over IPv6?

This is like boycotting 5G cell phones because you don't like Verizon.

They want you to run IPv4 too.

They don't desperately want you to run IPv6. They're not doing anything to incentivise it in any way.

They just deployed it because that's the direction the tech world is moving, and there was increasing IPv6 presence in end user environments.

You've perhaps seen the Onion article whose headline goes something like "Heartbreaking: The Worst Man You Know Just Made An Excellent Point"?

You're simply kneecapping yourself if you refuse to learn how to acknowledge and incorporate good ideas that happened to be uttered by execrable entities.

Just like following the sleeping schedule and daily routine of a billionaire will also make you a billionaire.

Excellent logic! Hitler drank water and, if you had the chance to ask him, he would have likely suggested you also drink water. Does that mean you won't drink water now?

Calm down. Please try to make your point less flamboyantly.

for me, its not really trouble. MY ISP has IPv6 and I have trouble using it.

Also I have lot of small VPS and the cost of the IPv4 address is the highest cost of the price of VPS. removing it reduces the cost by a lot.

>Why make so much trouble for yourself?

I'm not sure what you mean by that. I'm not GP, but I actually have to do more work to disable IPv6 on my systems than to use a dual stack.

As such, please explain what you mean by making "so much trouble for yourself."

You only need an ASN (and at least for RIPE it's a requirement) if you have multiple upstreams.

Thanks. Same process as IPv4, but my question was more focused on the ??? magical last step of getting the ISP to advertise that route.

I had a tunnel with them I was using for a while, but ended up turning it off a couple of months ago.

Any request to a CDN will be slower since you’re not hitting the cache closest to your actual ISP, and since it’s “a VPN” a lot of things start to break, need more captchas, or get blocked for you since there’s a higher level of abuse from HE’s tunnel broker IP blocks.

Oh wow, I didn’t know they were still around! I used that to get an IPv6 address more than a decade ago; I think they used the bastardized IPv4-mapped-to-v6 address format at the time. But iirc it involved extra network hops because it was tunneled rather than routed, but maybe I’m misremembering.

I’m guessing they have larger blocks for sale?

All 'boring' packets are hardware switched/routed with no CPU involvement in everything bigger than your home cable router.

For both switched and routed networks it's possible to build hardware that can route at the same speed as the ports, so in 2024 performance isn't really a reason to choose switched or routed.

Cost might be though - I believe that for the same number of gigabits, hardware sold as a switch is substantially cheaper.

Not so. IPv4->6 removes all existing v4 address blocks and redoes the addressing scheme. Those changes weren't necessary for expanding the address space. This implies that day 1 of using ipv6, all your addresses are different (and way longer), all your routes change, DNS DHCP etc all need to be swapped out, and bans/reputation are all reset with no clear replacement. And there were a bunch of smaller changes / new features.

Whatever you do to get more addresses, it will look similar in the end, but the steps could've been very different.

> IPv6 is undeniably simpler.

Perhaps to someone who's never been exposed to IPv4.

But for those who know IPv4 from before, it means almost a complete rewrite of all the knowledge. Just about every detail of setting up an IPv6 network is different from an IPv4 network, with just the superficial bits staying similar.

It also has bits that are undeniably more complex than IPv4, like dynamic address allocation. You got SLAAC, RA, stateful and stateless DHCPv6, with the latter being required in certain cases. And with that you now got two different ways to provide DNS servers to clients, and which one takes precedence is undeniably non-trivial[1] and even implementation dependent!

[1]: https://datatracker.ietf.org/doc/html/rfc8106#section-5.3.1

v4 but with a larger address space?

That's my proposal, ipv6 with extra steps. As in, incremental steps instead of one impossibly big change. tl;dr keep the pre-existing v4 /32 blocks day 1, and the rest follows.

Edit: I said "my" proposal, but pretty sure the same idea has been brought up many times.