[HN Gopher] IPv4 pricing ___________________________________________________________________ IPv4 pricing Author : terom Score : 346 points Date : 2021-07-28 12:30 UTC (6 hours ago) (HTM) web link (docs.hetzner.com) (TXT) w3m dump (docs.hetzner.com) | sdevonoes wrote: | I'm still waiting for VPCs in Hetzner. In theory within a VPC you | assign IPs in the internal range, so no need to public IPv4. I | know this is not a solution for everyone, but at least for me it | would mean: | | - 1 public IP for my nginx server - N private IPs for my | application/db/monitoring servers within the VPC | mrweasel wrote: | How would you connect to the servers with only private IPs? | sdevonoes wrote: | Via bastion server (which has one public ip) | fanf2 wrote: | Use IPv6 only for your backend internal addresses | hardwaresofton wrote: | VPCs exist in Hetzner and you can set up networks in Hetzner | Cloud now and also even link with Robot -- they're called | vSwitches and they can connect to Hetzner Private networks: | | https://docs.hetzner.com/cloud/networks/connect-dedi-vswitch... | dheera wrote: | 215 euros a month for a /24? That's still pretty cheap | kijin wrote: | Meanwhile, American datacenters are still handing out IPv4 | addresses like candy. | | I know a few people who got 5 "usable" addresses with each | dedicated server from a provider that shall go unnamed. That | actually eats up an entire /29 per server. None of those people | ever use more than 1 IP. The datacenter doesn't even bother to | configure the remaining IPs on a default install. | fri_sch wrote: | So does Hetzner itself. Each tiny 3EUR/month cloud instance has | a public IPv4 by default and no way to opt out. | DanAtC wrote: | Reminder that news.ycombinator.com still doesn't have an IPv6 | address. | DrBenCarson wrote: | Just this week I tried to turn on IPv6 for my sister's home | network and guess what...even with FTTH it's IPv4 only. Two | decades later and we still don't have a basic feature that we | knew we needed three decades ago. | [deleted] | trulyrandom wrote: | Hetzner has always been one of the cheapest providers when it | comes to pricing for additional IP addresses. I'm surprised it | took this long for them to be forced to raise the prices. This | affects me, but I understand why they have to do it. | mthoodlum wrote: | There isn't an IPv4 shortage. There is just hoarding and | mismanagement. RIPE and ARIN need to charge monthly fees to IPv4 | address hoarders. | benjojo12 wrote: | They already do in the form of the LIR and resource fee. | tialaramex wrote: | There aren't enough IPv4 addresses. It's not difficult | arithmetic. It is possible for someone to be hoarding _and_ | someone to be wasteful _and_ there not to be enough of | something to go around. Those aren 't distinct ideas only one | of which can be true for a namespace. | | Let's try a little thought experiment. Abe, Carol, Emma, | Gerald, Isobel, Kate and Mark are at the place. Everybody is | hungry. Three pizzas are delivered. Each person will be able to | eat about half a pizza, or else they'll still be hungry. | | Carol and Isobel announce that as Vegetarians they ought to | have the two veggie pizzas. Carol eats half of hers and says | she's keeping the other half "to eat later". Isobel realises | her pizza has red pepper on it, she doesn't like red pepper and | so she throws about half the pizza away as "contaminated". All | five other people are left to share the Pepperoni pizza, they | all still feel hungry after dividing it equally. | | Was there hoarding? Yes Carol hoarded half a pizza. Was there | waste? Yes Isobel wasted half a pizza. Was there not enough | pizza? Yes, three pizzas is enough to properly feed six people | and there were seven people eating even before Carol and Isobel | announced they were keeping the veggie pizzas to themselves. | saulr wrote: | iCloud Private Relay, coming in iOS 15, does appear to be native | IPv6. I wonder if this will have a noticeable effect on IPv6 | adoption stats when it's released to the public[1]? | | [1] https://www.google.com/intl/en/ipv6/statistics.html | jjice wrote: | I imagine that we're going to see more articles like this where | IPv4 is getting more and more expensive until it becomes absurd. | Once it gets too expensive, then providers will have a reason to | supply IPv6 - cost. It's the only way I can see an ISP making | this move. | gspr wrote: | Or they'll completely ignore it and start CGNAT'ing people on | IPv4. :-( | wmf wrote: | CGNAT has serious cost; IPv6 may be cheaper. | http://www.asgard.org/documents.html | p1mrx wrote: | It's generally a good idea to deploy CGNAT alongside IPv6, | because that's what will eventually make IPv6 more useful | than IPv4. | vince14 wrote: | The problem I have is that IPv6 is unusable right now. | | Most server software cannot properly handle blocking of | increasing IPv6 subnets. | | And not only that, but my ISP assigns the same /64 subnet to me | for months. Who needs cookies anymore if you can just track the | /64? Even unplugging the router for a day won't assign a | different prefix for me. | mgbmtl wrote: | Cookies are used because people want to track users across | networks. They might be on their mobile phone on home wifi, | then on 4G, then at their office, etc. | | On IPv6, your OS should also enable the privacy extensions, so | that your device has two IPs: a stable one for incoming, and a | randomly changing IP for web browsing. Sure, it's the same | subnet, but it would be silly to rely on this considering the | many other ways we can track users. | vince14 wrote: | This enables to track users not only across websites but | across the entire internet. | | It wouldn't surprise me if there are already databases which | map IPv6 subnets to real names, addresses, banking data, ... | | And anyone could just use that database or contribute to it. | mgbmtl wrote: | My ISP gives me a /56, and many provide a /48. That's huge. | We are 4 people, each with 2-3 devices, and frequent guests | on our wifi. Pretty sure such a database would be highly | unreliable. And some ISPs rotate the allocated subnet, some | make it static. You would probably have the same level of | reliability with an IPv4 database currently ("IP visitor | from a niche US-based ISP" is probably the same user, and | you could dedupe by browser and other data). | | And then jurisdictions such as the EU, Canada and | California would consider the IP address to be PII, and it | would be illegal to contribute to such a database. | | Again, there are much more easier ways to track people on | the Internet. | vince14 wrote: | With the rotating IPv4 you at least have the possibility | to make yourself more anonymous. IPv6 takes that decision | away from you. | | > You would probably have the same level of reliability | with an IPv4 database currently | | That is... a lie. The selling point of today's internet | is that you are anonymous. | | Also I don't know which "easier ways to track people" you | mean. | saltminer wrote: | >IPv6 takes that decision away from you | | No, it doesn't. Your ISP is the one who can take that | decision away from you. I have Google Fiber, and my | public IPv4 address has not changed in around six months, | while my IPv6 block has changed twice in that same time. | This is despite replacing my router and several multi- | hour power outages. I believe the only reliable way to | get a new IPv4 address is to call support. | woxko wrote: | Precisely one of the things I hate about ipv6. I want the | anonymity of cgnat, thanks. | aioprisan wrote: | This pricing is highway robbery, how is the incremental setup of | an IP in a /29 (only 6 usable addresses out of 2^3=8) when | setting up 8 (at $19/IP) total $152? I can see how the monthly | rate would change, but upfront setup that high? I guess I won't | be using Hetzner going forward.. | asah wrote: | or... just use Hetzner for expensive servers, where the IPv4 | cost is de minimus. | komuher wrote: | Did u even read the reasoning? IPv4 prices are rising for last | 5 years (or even more) price increase is nothing new (my ISP is | taking 7 euro per month for IPv4, few years ago it was 2 euro) | AndrewDucker wrote: | They want to encourage people to buy individual addresses if | that works for them. Because that way they can offer them | individual bits and pieces rather than having to find | contiguous chunks. | oarsinsync wrote: | > I can see how the monthly rate would change, but upfront | setup that high? | | Presumably this is to make it untenable for spammers to churn | through multiple blocks of /24s at little to no cost. | | Also, a /24 is going for around $10k to buy or sell on the IPv4 | market now, or approx 50% of their setup fee, making it much | more economical to buy your own space, which is probably what | they'd rather you did, since giving you 256 IPs means thats 256 | more servers that they cant sell. | | EDIT: and before the response of "but I only want a /29", if | there's no incremental setup cost to get a larger block, that | approach will get abused by nefarious users. This is why we | can't have nice things. | | EDIT2: ..and a /29 still means 8 more servers that can't be | sold. There's opportunity costs involved in leasing IP space | that could be better used elsewhere. As the cost of acquisition | of IPv4 space goes up, so does the cost to the end user. | sascha_sl wrote: | >Presumably this is to make it untenable for spammers to | churn through multiple blocks of /24s at little to no cost. | | This is exactly what it does. Hetzner Cloud will also, to the | dismay of my ssh known hosts, keep assigning you the same | IPv4 addresses until it becomes the LRU in their pool for a | new customer so you can't do this. | icehawk wrote: | Meanwhile I can't have them delegate more than one IPv6 address | to a server. I wouldn't need all the IPv4 space if I could just | do that | xena wrote: | They give you a /64 though, you can delegate anything in the | subnet that way. | lmilcin wrote: | Wow. | | And to think that 20 years ago I had /16 for free and did not | even think to keep it. I always thought IPv6 is just around the | corner. | icedchai wrote: | Did your return it voluntarily, or what happened to it? I know | several folks (myself included) with our own personal /24's | from the 90's. Mine is routed to my home lab. | lmilcin wrote: | I gave it up voluntarily. I had no need for it for a time and | so I just returned it. | | I don't understand the idea of having arbitrarily limited | amount of numbers and selling them. A lot of companies just | got them for free and are now selling them for huge bucks | because rather than do what I did -- return public good you | are not using -- they decided to hog it until such time it | becomes scarce good. | digitalsushi wrote: | 20 years ago I was a student, testing IPv6 at the UNH-IOL and | we also thought it was right around the corner. | | NAT has been so successful, that IPv6 is shocking to users who | cannot even fathom why public traffic is being introduced to | what was 'supposed' to be a private network. | lmilcin wrote: | 20-some years ago I was a student and an admin in a dorm that | housed some 200 people. | | Each had their own PC and direct, symmetric 100Mbit/s access | to the Internet with public IP and no filters whatsoever. | icedchai wrote: | When I went to college in the mid 90's, we had a similar | setup. All public IP, no firewalls, 10 megabit ethernet | jacks in each dorm room. The entire school was on a single | T1, however. | icedchai wrote: | Heh. A lot of folks don't remember the days before NAT, when | people had public IPv4 on their desktop. I worked at a couple | of ISPs and one early startup that was set up that way. No | firewalls, either! | jeroenhd wrote: | Here at several Dutch universities, the WiFi still hands | out public IP addresses, sometimes with a firewall, often | without. At the particular university I'm at right now, | every device has a publically reachable IPv4 address just | as the system was originally intended. | | This leads to some very peculiar traffic being routed | around. For example, some kind of Logitech gaming driver is | broadcasting a constant of packets with someone's PC stats | to my publically reachable desktop/server/laptop, because | the software thinks it runs behind a trusted NAT. There's | also a HUGE amount of devices you can connect to if you | open the Windows network overview because everyone clicked | "home network" when Windows asked them what kind of network | eduroam is supposed to be. | | It's funny how scared people are when they realise they're | not behind any strict firewall. They all know they | shouldn't be disabling the firewall on their devices | anyway, or so they claim, but this method of networking | still instills fear into people as if NAT is a security | measure (NAT slipstreaming works, NAT is not a firewall!) | sneak wrote: | NAT (standard one to many SNAT) is absolutely a firewall. | You can't connect to the machines behind it from outside, | which serves the exact same purpose as a default deny | inbound firewall. | | This is a false meme right up there with "docker is not a | security boundary". | zajio1am wrote: | That is not true. It is problematic in general but in | some limited cases it is possible. For example, neighbors | on WAN network could just send packets with dst address | from your private LAN range directly to the WAN port of | your router. | | If the router is configured as both NAT (SNAT) and | firewall, it will drop such packet as not associated with | any existing flow, but if it is just configured as SNAT, | then such packet would be just forwarded inside | unmodified. | noxvilleza wrote: | When I was at university in Cape Town, the IT department | started rolling something like this out for main campus | network, but didn't necessarily tell everyone. I remember | one day getting spammed emails from a compute cluster I | managed because of failed root ssh logins and was totally | confused how IPs from China were able to connect to a | network I thought was internal/private to the university. | ShrigmaMale wrote: | At MIT until only some years back this was true. They | sold half they space so not any more (i think). | user_7832 wrote: | Are there any security risks with using a public IP | address though? I also use EduRoam at a Dutch university, | should I treat it as sceptically as a coffee-shop WiFi? | (Assuming it's marked as a public network). Also, | shouldn't your university's firewall stop such a Logitech | driver sending data (if it's an uncommon port)? | | After reading up about public IP addresses I realised | that my (Dutch) ISP has also provided me a public IP... | and that the Netherlands has a lot more IP addresses per | capita than most European countries.[1] | | 1. https://www.ripe.net/participate/meetings/roundtable/j | anuary... | gargs wrote: | Just had a memory trip to the early 00s. Anyone remember | the Windows Messenger Service alerts that would randomly | pop up? It was such a common thing, and the only fix was to | turn off the service altogether in Windows XP. | | https://en.wikipedia.org/wiki/Windows_Messenger_service | dmitryminkovsky wrote: | I remember these days, and they were pretty ridiculous. One | time I was playing Quake in middle school, talking some | smack. Someone didn't like it and threatened to crash my | computer. I didn't believe it. "Oh yeah, do it!" And they | did. Got my IP from the server (the server listed users and | their IPs) and bada-bing: BSOD! I was floored. I don't | remember the exact Windows 95 exploit, but it was a staple | for a while. It was nice when firewalls came out and you | could at least have something between you and the Internet. | icedchai wrote: | Sounds like a mid-90's "ping of death." | [deleted] | dmitryminkovsky wrote: | Sounds right, thank you. | tester34 wrote: | do Departament of Defense of US and some schools still own a lot | of IPs? | sascha_sl wrote: | Yes. But also, some companies have started using these networks | as private space because historically, it has never been | announced. | | Reassigning this space would probably be a worse experience for | whoever it is assigned to than those that started using the | network internally too. | bradfa wrote: | Yes, but what's also interesting is other large IPv4 block | holders who aren't governments. Will large public companies | start selling off their address space to pad profits in order | to appease/please shareholders? | wmf wrote: | This is already happening; a lot of the old class A blocks | have been split up and sold off. | tester34 wrote: | I think organisations like DoD and schools should be force to | give it to the pool if they aren't using significant part of | those addresses. | icedchai wrote: | How are you going to "force" legacy address holders to give | up their space? Especially government agencies, which | helped to build the early internet? Early registrations, | pre-dating ARIN and the other registries, are basically | property. You don't even get charged for them unless you | sign a "legacy registration agreement." | sascha_sl wrote: | DOD-NET essentially uses their space as RFC 1918 space, | they have never announced it. | | Property, in many cases, this one included, should be | bound to making actual use of it. | | Some of nets (25/8, the CGNAT space) are essentially so | established as private-equivalent, they should just be | officially declared private. Connectivity to these will | forever be spotty now that they made their way into | corporate networks. | icedchai wrote: | True, though a few months back, a ton of DOD space | started being announced. | | See https://arstechnica.com/information- | technology/2021/04/penta... | ATsch wrote: | We used up 256 /8 blocks in roughly three decades. That's | roughly 9 per year. Even if we are more conservative now, | freeing up a /8 here or there will not significantly change | the situation. 32 bits are woefully inadequate no matter | how you slice them. | JCBird1012 wrote: | That's a good way to suddenly get those organizations to | _magically_ start using those IPs suddenly - if you | threaten to take unused IP blocks away, I'm sure those orgs | will somehow find a way to "use" them. | MinorTom wrote: | They're using them, just not very efficiently. There are | already rules forcing you to give up unused blocks | (although they do not apply to some very old ones). | terom wrote: | Looks like they are also raising pricing for the cheapest cloud | instances, and additional Floating IPv4 addresses. | | CX11 is up +40%, CPX11 is up +14% and Floating IPv4 addresses are | up +200%. | | Existing instances/floating IPs will stay at the old prices, | unless rescaled. | | Per email, no announcement link that I can find yet: | | --- | | Important customer information: Price adjustment for new CX11 und | CPX11 and Floating IPv4 addresses | | Dear Client from the moment we launched Hetzner Cloud in 2018 we | have continuously been working on expanding our platform and | offering you an excellent price/performance ratio in cloud | computing. Unfortunately, the prices to acquire IPv4 addresses | have since increased dramatically and we have no choice but to | respond. For a long time now, the pool of available IPv4 | addresses has been almost empty at RIPE, the European IP address | management agency. That's why RIPE stopped assigning IPv4 nets. | Because of this situation, there is now a fast-growing market in | IPv4 address trading with many active brokers, such as on | https://ipv4.global/reports/. Supply and demand determine the | price at IPv4 brokers, so the prices have skyrocketed. | | We have tried hard to avoid passing on these higher prices to our | customers, and have accepted the economic loss until now. | However, the prices have increased so dramatically that we can no | longer do this. We unfortunately must increase our prices. | | Starting on 1 August 2021, the price for newly created Floating | IPs (IPv4) will be increased as stated below. | | Starting on 1 September 2021, the price for newly created Cloud | Servers (CX11 and CPX11) will be increased as stated below. | | Product Price per month / hour up until now Price per month / | hour, effective 1 Sept 2021 | | Cloud Servers: | | CX11 3.088EUR / 0.00496EUR 4.328EUR / 0.00682EUR | | CPX11 4.328EUR / 0.00744EUR 4.948EUR / 0.00806EUR | | Existing Cloud Servers are not affected by this price adjustment. | Please note that these prices also apply to rescaling, effective | September 1, 2021. | | Product Price per month up until now Price per month, effective 1 | Aug 2021 | | Floating IP: | | IPv4 1.24EUR 3.72EUR | | Existing Floating IPs are not affected by this price adjustment. | | All prices incl. 24% VAT. | | Demand for IPv4 addresses will likely remain very high. And we | will need to continue to purchase nets. We assume that the prices | for IPv4 addresses will continue to rise, and that we will also | need to increase our prices again in the future. Prices for IPv4 | will likely remain high until after IPv6 has become much more | popular. | | We are confident that this is still a good price/performance | ratio and hope for your understanding. | | If you have any questions, we are happy to help. To open a | support request, please go to the menu item Settings on your | Cloud Console. We hope that you continue to place your trust in | us as we are constantly working to expand our services and you | can look forward to several new features that are already on our | roadmap. | terom wrote: | With the +1EUR/month (+VAT) price increase for the CX11 | instances, I'd happily drop the public IPv4 address from most | of my instances for a 1EUR/month discount. | rtutz wrote: | This whole problem could have been avoided if IPv6 would be | easier to memorize. I feel like especially when setting up | networks, the v6 part is not as natural as v4. It is simply | additional overhead and causes a lot of "scratching my head" | moments. Otherwise there would be no reason to not leave v4 | behind and just move on. | mnd999 wrote: | Not this one again, at this point it's an "I don't like it, | it's different!" whine. | p1mrx wrote: | It's impossible to make an addressing scheme that's both | memorizable, and abundant enough for the foreseeable future of | the Internet. The human brain just isn't capable of dealing | with numbers on that scale, which is why we invented computers | in the first place. | elric wrote: | > It's impossible to make an addressing scheme that's both | memorizable, and abundant | | Not really. In fact, pretty much _anything_ would have been | easier to memorize than this colon-separated nonsense, which | makes URL parsing more difficult, and which is _so stupidly | complex_ that it has a special syntax to ignore repeating | zeros. | ikiris wrote: | you're free to use the entire 128 bit number, or the older | dotted decimal notation. | p1mrx wrote: | An IP address is fundamentally a 32-bit or 128-bit binary | number, and hexadecimal is the most human-friendly base to | represent those. Decimal gets pretty hairy once you | introduce CIDR prefixes that aren't 8-bit aligned. | | The [IPv6]:port syntax is unfortunate, but I'm not sure | what they'd have done instead. Dotted hexadecimal would be | ambiguous, because "1.2.3.4.5.6.beef.de" looks like a DNS | hostname. | | Zero compression exists because it's more convenient than | writing all those zeroes, especially with CIDR prefixes | like "2000::/3". | lowercased wrote: | Agreed. If, in 1997/98, the ipv6 spec had been "prefix 2 more 8 | bit values at the beginning" - and all existing addresses moved | in to 0.0.a.b.c.d - we could have had a much easier path for | migration (imo). And yes, it wouldn't have been "128 bit!" but | we still would have had 255 more address spaces of 4 billion | each, which would have bought us some more time. I think we'd | have been further along _that_ migration path than where we are | now, after 23 years. | mprovost wrote: | I mean we've managed to stretch v4 for 20 years longer than | anyone thought possible. Adding one more bit to the address | would have doubled the size of the v4 space, so another 8 | bits would have been plenty. | lowercased wrote: | Yep. But... "now every star in our galaxy can have their | own /16 block!". That's a paraphrased recollection I have | from some networking colleague in '98 when this all was | coming down. It seemed a strange goal, and I'm presuming he | was just trying to illustrate how 'vast' IPv6 was. | yesco wrote: | IPv6 addresses theoretically should be easier to memorize & | work with than IPv4 thanks to the double colon shorthand acting | as a wildcard for zeros and due to it being hex grouped rather | than octet grouped. | | As an example 2001:0db8:0000:0000:0000:0000:0370:7334 could be | written as 2001:db8::370:7334 instead (notice that leading | zeros were also culled). This paired with the fact that | hexadecimal tends to be easier to memorize and doesn't have the | strange subnet masking logic like IPv4, gives it a lot of | advantages over IPv4's address notation. | | The problem is that it's almost like router firmware and ISPs | go out of their way to make their addresses harder to work with | by filling out all 8 hex groups in the addresses they grant. | Considering the sheer amount of available IPv6 addresses, it's | from my understanding, completely unnecessary and I'm really | curious if they have any kind of justification or technical | reasoning for doing this. | cortesoft wrote: | Even your shortened version is a lot harder to remember and | type than an IPv4 address. | yesco wrote: | That part is a bit more subjective I suppose. For me at | least, I find hex far easier to remember than strings of | numbers. | Symbiote wrote: | My aunt's phone number in Germany was 14 digits as dialled, | compared to her brother's 6 digits; he lived in the same | town as us. | | Giving everyone, worldwide an internet address means they | have to be longer than limiting it to the early adopters. | cortesoft wrote: | I understand that, but right now people are able to get | by with IPv4 only, and aren't going to switch until they | have to. The long term reality isn't going to make | someone voluntarily switch. | est31 wrote: | Two explanations come to mind: | | 1. easier routing tables if you can add meanings to specific | bit ranges of your ipv6 address. In the tightly assigned ipv4 | networks we have arrived at this is a bit annoying. | | 2. If the ipv6 conventions were that you set, say the highest | 5 hex groups to 0, and use the lowest 3 hex groups for | addresses, it would still be 65536 times as large as the ipv4 | space and would suit most needs for the mid term future. You | could even write ipv6 addresses nicely using e.g. | ::ef13:2.1.7.100. This is a valid ipv6 notation! If this | space ever got too tight one could open another one of the | available hex groups and use two hex group prefixes. But I | think when this happens, a lot of configurations would break | because they'd assume that only 48 bits are used of the total | 128. To prevent router,switch,firewall, etc. vendors from | putting any such assumptions into their devices, using the | full 128 bits from the start is a good option. | the8472 wrote: | Randomizing the prefix makes network scans more costly. | knuthsat wrote: | Any reason why having server infrastructure in only IPv6 is an | issue? | selfhoster11 wrote: | Plenty. If you expect to access it from IPv4-only networks, | you'll have to provide a gateway. Additionally, things like | Docker interoperate very poorly with IPv6. | gzer0 wrote: | It would be a massive problem. IPV6 adoption and | implementation was at a mere 33% (at least among Google | users). [1] | | [1] https://www.google.com/intl/en/ipv6/statistics.html | yjftsjthsd-h wrote: | If you're behind a CDN, your origin can be pure IPv6 | est31 wrote: | Then it doesn't matter whether you use ipv6 or ipv4 with | the private 10.0.0.0/8 space either. | yjftsjthsd-h wrote: | Yes! If you're behind ex. cloudflare, you should 100% | look at running pure IPv6 with no listening ports, just | their service locally. | Hamuko wrote: | You want an IPv4 address if you want to be reachable by | people. | oarsinsync wrote: | > This whole problem could have been avoided if IPv6 would be | easier to memorize. | | Thankfully, we have DNS. A lot of ISP issued consumer CPEs now | automatically create lan-local DNS entries for clients based on | hostname provided by the client at dhcp time, a lot of clients | also natively support mDNS, and there are plentiful free DNS | providers if none of the above applies to you, and you can't | host your own. | | Remembering IPs isn't something that people should need to do | at this point in our networks maturity. | pas wrote: | Um, who memorizes cloud IP addresses? | sswaner wrote: | Just 8.8.8.8 | DrBenCarson wrote: | 1.1.1.1 and 1.0.0.1 for me :) | throaway46546 wrote: | 1.1.1.1 and 1.1 | pantalaimon wrote: | 2600:: is a neat one | pas wrote: | Oh, and it pings and even serves HTTP too. Pretty neat | indeed! | est31 wrote: | I use addresses I memorize to debug broken networks, to check | whether it's a DNS or a general network issue. | taf2 wrote: | Me - I have far too many pets | orev wrote: | Contrary to popular belief, the Cloud has not actually eaten | all of IT. | pas wrote: | I mean, when you start a new VM on Hetzner (or | AWS/GCP/Azure/DO/whatever) you don't memorize that address. | | But cloud or not, if you setup a private network with v6 | you can get a nice /48 prefix, and you give out /64 | prefixes to VMs, so you'll have 48 unchanging bits to | memorize (or put it into a .txt to have it near). And most | of that will probably be zero anyway. | | For example 2a00:1450:4001 is a /48, and | 2a00:1450:4001:082b /64. Only change is "082b". | | I know, it's not the same as just remembering 1.1.1.1, but | most of the people working with v4 never had so simple | addresses to work with. (And if we're talking about | 10.0.0.0/8 and other private addresses, well, folks can | continue to use them, if they want to endlessly debug NAT | and static routing hacks.) | rtutz wrote: | Not necessarily remembering cloud adresses, but it is fairly | easy to design v4 networks. Subnet masks for example are | short and understood with a brief glance at them. If v6 would | be simpler, it would also be the first choice for more local | networks, hence more widespread. | detaro wrote: | How are IPv6 subnet masks more complicated? | api wrote: | I have been saying this for years. Nobody gets it because nerds | don't get the critical importance of ergonomics and usability. | | If we had added 16 bits to v4 we would have 100% adoption by | now. | pas wrote: | Well, accidentally we added 96 instead of 16, oops. | kaliszad wrote: | The issue would be more or less the same. You'd have to buy | new hardware and check all software anyway but would drop | many of the benefits of the IPv6 we have. E.g. in enterprise | networks, it is very nice you don't have to think about the | size of a subnet for a VLAN anymore, you just give every VLAN | /64 and it will suffice. The extra address space is also nice | for autoconfiguration and much more we don't even think about | yet. I think, IPv6 is ok as it is. A practical protocol is | never perfect and will not please everybody but IPv6 stood | the test of time, there is considerable traffic over IPv6 and | we are slowly, but surely getting there. | api wrote: | Adding IPv6 support has never really been the issue. It's | in every single piece of hardware or software I have. The | problem is that people don't want to use it, as evidenced | by the fact that people avoid it on overlay or virtual | networks and use IPv4 if possible. | | The very slight convenience you mention is far outweighed | by 32+ digit IP addresses. | | Also please don't bring up DNS. Anyone arguing that DNS is | a solution to this problem has never done devops or IT. | kaliszad wrote: | Actually, IPv6 addresses cannot be longer than 32 digits. | Some practical ones can be rather short, usually just | slightly longer than a comparable IPv4 address. Such | addresses would be used where remembering/ recognizing | the exact IPv4 or IPv6 is relevant, such as the DNS | servers or the network hand-off IP/ floating-IP on a | firewall cluster or something like that that are used for | the bring-up of other services. I have done my fare share | of devops/ IT/ administration and engineering of largish | enterprise and campus networks. | | You would be surprised how much hardware and software | doesn't support IPv6 properly. Sometimes it is the basic | things, sometimes the more advanced stuff but that just | means it takes a second or multiple days to find out. The | problem is, it just is a similar but different protocol | so you have to be quite diligent and check everything you | need for the device/ service to work. | | People do all kinds of stuff on underlay and overlay | networks. E.g. some Dell VxRail hyper-converged | appliances use IPv6 for the management network | https://i.dell.com/sites/csdocuments/Shared-Content_data- | She.... This is basically just link-local addresses for | L2 reachability if I remember correctly but they could've | gone with IPv4 there as well. It certainly would be more | common for enterprise appliances to not rely on IPv6 for | anything even when it shouldn't make a difference whether | you do. | the8472 wrote: | You can roll for an ULA prefix once, note it down in some text | files and then assign your pets to <prefix>::1, <prefix>::2, | <prefix>::3, etc. | | mDNS might also help, I haven't tried that approach. | azinman2 wrote: | If I wanted to buy a block for speculation (thus helping | accelerate ipv6), would it need to be crazy large to even be | worth it? I imagine the buyers are less interested in 4000 ips | here, 200 ips there, right? Like they'll want /16, /8, etc? | oarsinsync wrote: | > _If I wanted to buy a block for speculation (thus helping | accelerate ipv6)_ | | IPv4 sells for ~$40/IP right now. | | The smallest block you can buy that is Internet routable is a | /24. | | If you're buying, you're likely buying from another speculator, | so you're not helping accelerate anything, you're simply | a(nother) middle man in a (series of) sale(s) of a commodity, | looking to profit until the block eventually gets sold to a | user. | | None of that is said with any judgement, mind, as I've traded a | /22 of IPv4 space for quite a handsome profit over the last few | years. Just don't pretend there's any altruism or benefit to | anyone else from your speculative activities. | JamesSwift wrote: | Is the speculation actually possible? I keep reading | conflicting opinions. Some say anyone can buy a block via | auction, but some say even then you need to be vetted as a | "valid" owner by the registry themself. What was your | experience? | AgentK20 wrote: | Per ARIN (and pretty much all regional RIR) rules you're not | allowed to purchase IPV4 space without proving the need for it, | with a moderately thorough review process (https://www.arin.net | /participate/policy/nrpm//#8-5-specified...) | | Any other purchase reason is likely to result in ARIN pulling | your "ownership" entirely when they discover it. | | From what I understand most of what's being sold off right now | on ipv4 auctions are from companies who had too much IPV4 that | they no longer need, or companies that were liquidated. | [deleted] | exabrial wrote: | SRV records or a similar tech would end the artificial ipv4 | shortage. Services run on ports, there are plenty of open ports. | | I get why Google and Facebook and the like are pushing the | technology hard; it enables casual tracking of individual devices | by third parties which are normally blinded. | TekMol wrote: | As a user, I have IPv6 disabled at my router. It is just easier | for me to see xxx.xxx.xxx.xxx style IPs everywhere and avoid the | cognitive load of IPv6. | | As a tech entrepreneur, I run multiple popular websites that have | hundreds of thousands of users. I get emails from users daily. | With congratulations, feature requests etc. So far, nobody ever | requested IPv6 support. | | I have no idea what would happen if I enable IPv6 on my servers. | Probably some desaster would strike because some of the code | expects xxx.xxx.xxx.xxx style IPs. | | What would be the steps to test this? Run the application locally | in a Docker container and somehow make the requests to the | container go over IPv6? | mgbmtl wrote: | If you enable IPv6, and test it yourself (you can use an IPv6 | tunnel if your ISP does not support it), then you should be | able to quickly go over the main features of your site and see | if you have any issues (IP logging, for example). | | It would be rather unusual to run a web stack that assumes | strictly IPv4. Maybe if you have an SQL field that logs IPs, | and a developer was very clever and optimized for IPv4, but | that's pretty rare. | | I am a strong advocate of IPv6 and early adopter, but would | never bother emailing a website about it. Even GitHub. For a | long time, AWS didn't have any IPv6 support (I'm sure it's part | of their business plan too, to charge extra for IPv4 | eventually). | | As a hosting provider, the main benefit of IPv6 is that I can | have unique IP addresses for my users. Nowadays, most people on | mobile and more and more ISPs use a very small IP pool (CG- | NAT), not to mention offices behind NAT (ignoring very large | offices who use proxies). | TekMol wrote: | Well, it is not like I do regression testing by manually | trying "the main features" of my applications. I have many | hundreds of automated tests. | | But since my dev environment runs in Docker, how would I test | IPv6? I did some googling now and it seems that would not be | an easy feat. | TimWolla wrote: | You can assign a Unique Local Address [1] subnet to Docker. | Unique Local Addresses are the IPv6 equivalent of | 192.168/16, 10/8, ... | | Docker's documentation explains how to assign an IPv6 | subnet to Docker: | https://docs.docker.com/config/daemon/ipv6/ and | https://docs.docker.com/network/bridge/#use-ipv6 | | You then can lookup a container's IPv6 address using | 'docker inspect' and then directly connect to it from your | host. | | [1] https://en.wikipedia.org/wiki/Unique_local_address | TekMol wrote: | Docker's documentation | | Yes, I looked at it and that is what I referred to with | "No easy feat". | El_RIDO wrote: | Start by enabling IPv6 on your docker daemon: | https://docs.docker.com/config/daemon/ipv6/ | | I assume your scenario is that you don't currently use | IPv6, so you probably can't assign a subnet of your /48 | block of IPv6 range to be routed to your docker host. You | can probably use a subnet from a reserved range in that | case, for example from: | https://en.wikipedia.org/wiki/Unique_local_address | | With that new subnet set up, you would at least be able to | test the services running inside containers from that host | itself. | | In my own experience I never encountered services that | don't work with IPv6 at all, but as others mentioned the | most common issues are with truncated addresses in a db | column designed for IPv4 or log parsers that refuse to | match on IPv6. Worst case I found was a log based rate | limiter that ignored IPv6 addresses and therefore let all | requests using that stack pass. | blibble wrote: | give it a v6 address in the same way you give it a v4 | address? | TekMol wrote: | You mean something like this: | | docker run -p 127.0.0.1:80:80 ... | | But with an IPv6 address? Which address would I use? | mgbmtl wrote: | If I recall correctly, you can do "docker run -p | [::1]:80:80 .." (::1 is the equivalent to 127.0.0.1). | | Although I don't know at what point that will test your | application. I guess it will at least make sure that it | can handle IPs such as "::1". | TekMol wrote: | docker run -p [::1]:80:80 .. | | And then how do I send a request to the container? I | tried like this: wget 'http://[::1]:80' | | But that gives me "connection refused". | eb0la wrote: | I used to type ::1:9092 to connect to my Kafka brokers on | my laptop. Best shortcut ever. | blibble wrote: | that would suggest your app isn't listening on the v6 | address | | so you are already testing it :) | TekMol wrote: | I don't think so. | | I get the same result when I run "ncat -6 -lp 80" inside | the container and try to wget from the outside. | | When I do the wget inside the container, I get | "Connecting to [::1]:80... failed: Cannot assign | requested address.". | | As I said, reading around the net about "docker ipv6", it | seems Docker is not IPv6 ready out of the box. | DavideNL wrote: | > and avoid the cognitive load of IPv6 | | That's the same reason i gave up and disabled ipv6... i think i | might be too old to wrap my head around it. Ipv6 _seems_ really | complicated to setup compared to ipv4. | nousermane wrote: | Out of curiosity - did you get any users feature-requesting | HTTP/2 or HTTP/3? SameSite cookie attributes? jquery library | version upgrade? Anything low-level like that... | TekMol wrote: | They would "request" low level things if something breaks | because of those. That certainly happened in the past. But it | is very rare. So rare that no example comes to mind right | now. | saltminer wrote: | You don't have to enable v6 internally, you can just put v6 | addresses on your public endpoints. Create a little testing | environment and access it exclusively via v6 to test for bugs. | | > So far, nobody ever requested IPv6 support | | I have actually put in feature requests for v6 support before | (probably not your stuff, since I have no idea what you work | on). | metafunctor wrote: | Meanwhile, you cannot get a EUR2.49/mo virtual server from | Hetzner _without_ an IPv4 address... | NmAmDa wrote: | They raised its price to EUR3.49. I got this in the samr email | announcement today. | metafunctor wrote: | Hmm, I can still create a CX11 server for EUR2.49. Maybe they | are slowly rolling this change out? | sparkling wrote: | It looks like the Cloud machines are not affected by this price | change? | noxvilleza wrote: | They are, just got a mail about it actually: | https://i.imgur.com/m9z67mB.png (I have a few cloud and | dedicated machines on Hetzner). | metafunctor wrote: | Yep, floating IPs are _additional_. One IPv4 address is | still included (and non-optional) in, say, a CX11 cloud | server. | a254613e wrote: | They are. The cheapest server plans and ipv4 floating IPs are | affected by this change. The FAQ only covers the root servers | part though. | terom wrote: | Is there an announcement for this somewhere? | | The marketing page [1] still lists the same EUR2.49 + VAT | /month price for the cheapest CX11. | | [1] https://www.hetzner.com/cloud?country=ot | [deleted] | NmAmDa wrote: | They sent Email to all their customers about that. They | raised prices. | | Product. Price per month / hour up until now Price per | month / hour, effective 1 Sept 2021 | | CX11 2.49EUR / 0.004EUR 3.49EUR / 0.0055EUR CPX11 3.49EUR | / 0.006EUR 3.99EUR / 0.0065EUR | metafunctor wrote: | Indeed, just got that email 30 minutes ago. Apologies for | any misinformation I may have pushed elsewhere in this | thread. | | Still, it sucks to pay EUR1.00/mo for an IPv4 address I | don't want or use. | TimWolla wrote: | The pricing change is only about additional IP addresses for | a single machine. Each machine will still come with one IPv4 | included for "free": | | > Our dedicated root servers will continue to include one | free main IP; there will be no change here. | metafunctor wrote: | Yep. A "dedicated root server", though, is dedicated | hardware. They start at about 30-40 EUR/mo. TFA does not | mention cloud servers (virtual machines) at all. | | Virtual machines from Hetzner, however, always come with an | IPv4 address. For security reasons, I'd much prefer to get | them without one (I disable the interface and firewall it | 100% anyway), but it's not an option to get a virtual | machine without the public IPv4 address. One would think | they'd provide that option if they are already hitting | commercial limits with the IPv4 address space. | TimWolla wrote: | > For security reasons, I'd much prefer to get them | without one (I disable the interface and firewall it 100% | anyway), but it's not an option to get a virtual machine | without the public IPv4 address. | | I agree and hopefully without leaking anything: This is | also an request within their customer forum [1]. | | [1] https://forum.hetzner.com/index.php?thread/28220/&pos | tID=277... | fri_sch wrote: | You don't leak anything as the link doesn't seem to be | accessible publicly (at least for me). | | But it also feels kind of strange to me, that they | complain about IPv4 shortage while still handing them out | with each VPS instance despite a lot of users actually | don't need or even don't want to have them. There should | be an option, or even a small fee for a public IPv4 on | cloud servers. | TimWolla wrote: | > You don't leak anything as the link doesn't seem to be | accessible publicly (at least for me). | | Yes, the forum requires registration and is open for | customers only. That's why I said that I hope I don't | leak anything (by saying that this topic was discussed in | their (private) forum). | noxvilleza wrote: | This (firewalling the IPv4) is actually a great idea, I | never considered it before because I use their basic | downtime metrics / alerts - but that could easily be | pushed to IPv6 (or just another external service | entirely). | Hamuko wrote: | Still waiting for my ISP to actually implement IPv6 addresses for | fixed connections. It's only been about 7 years since the | Transport and Communications Agency issued a recommendation to | issue IPv6 addresses with consumer connections. | dtx1 wrote: | I think this is a good thing. IPv4 must die at some point and its | time for that. IPv6 has been standardized in 1998, 23 years ago. | elric wrote: | I'm still waiting for Hetzner to support servers (physical and | virtual) without public IPv4 addresses. I could easily free up | the ~50 public addresses I'm using. One public IP will do, I can | reverse proxy everything else. | | But there's no support for that. So every time I spin up a 1 vCPU | tiny VM, which will never connect to the public internet, I'm | wasting an expensive resource. Sorry. | zz865 wrote: | I wish you could have your own IPv4 subnet with your VPC, like | at home, with 192.168 etc | piceas wrote: | Zerotier is one answer. | metafunctor wrote: | You can; Hetzner Cloud has private networks. | fredsted wrote: | Yeah, me too. Was confused why they needed to have an IP at the | beginning, coming from AWS, since they have internal networking | now. The public IP doesn't serve any purpose for me, and would | perhaps also improve security. | freedomben wrote: | Kind of unrelated, but ~50 public addressed, do you have a | serious production environment on Hetzner? If so is it pretty | reliable? Considering using. | sneak wrote: | Hetzner is great: professional, high quality, and cheap, | cheap, cheap. | | Their margins are low, however, so I understand it is | possible to get fired as a customer if your support burden is | too high and your ROI goes negative, so be on your best | behavior to keep access to those prices. | spurgu wrote: | +1, it's been very reliable (have between 50-100 VM's | there). | 9dev wrote: | With my previous employer, we deployed several thousand VMs | at Hetzner (incidentally, we were one of their biggest | customers in Germany). Really can recommend, billing was | fair, support was quick and their Infrastructure worked | without a hiccup for multiple years. Im just waiting for them | to offer a k8s environment... | GolDDranks wrote: | This! I don't see any reason for _internal infra_ to use IPv4, | if it's under your control. At least AWS lets you have | "private" IPv4's only. (Dunno about the situation with GCP or | Azure, happy to learn about that.) But I'd gladly set up my | stuff in IPv6 and expose only the endpoints in IPv4. | hoppyhoppy2 wrote: | If you are willing to go ipv6-only on Vultr.com it brings the | price of their smallest virtual-server option down to | $2.50/month (the same server offering _with_ an ipv4 address | costs $3.50 /month). It's nice to see them offering that kind | of discount, but I have no idea whether or not there's anything | similar for their more powerful offerings. | oarsinsync wrote: | The only downside is you cannot do BGP on those IPv6-only | hosts, as their BGP speaker is IPv4-only, so you cannot | BYOIPv4 to those hosts, unless you route via their private | network to another IPv4 enabled host first. | Rogach wrote: | They discontinued this offer quite a while ago, now there's | only the usual $5 instances. | hoppyhoppy2 wrote: | Huh, I just deployed one yesterday. And I'm looking at the | Vultr "deploy instance" page right now and it's showing | both the $2.50/mo and $3.50/mo options out of the "New York | (NJ)" location. | muttantt wrote: | OVH still gives them out like candy | halz wrote: | I wonder if part of this pricing scheme is to counter (or at | least to short-term profit from and eventually change the | behavior of) the provider being abused by spammers/scammers who | could previously scoop up benign reputation IPv4 addresses from | the far corners of the world and pull them over to Hetzner for | very little $. | xvilka wrote: | At the same time IPv6 adoption basically stopped except a few | countries like US, China, Japan, India, Canada, Brazil, and most | of the Europe (sorry if missed someone). The rest of the world | looks like simply don't care. | eb0la wrote: | In Spain ISPs went from having some IPv6 networks eback to | IPv4. | | The reason? | | They must block pirate tv sites and the Allot network equipment | that does that does not support IPv6. | Hamuko wrote: | They'd care if they suddenly lost access to a bunch of services | because they don't have an IPv6 address. The problem is that | basically no one is going to cut off people from accessing | their website just because their ISP is too cheap. | bluejekyll wrote: | Is most of this driven by mobile device usage and density | practically requiring IPv6? | hanche wrote: | I asked my mobile service provider when they might start | supporting IPv6, and got the answer that they have enough | IPv4 addresses, so no plans to implement IPv6. The mind | boggles. | ev1 wrote: | This is odd/amusing, because in US as far as I know there | are no carriers doing IPv4 anymore - it's all IPv6 with | 464xlat or equivalent translation proxies. | | And these are companies with more IPv4 than your carrier | most likely. | tialaramex wrote: | The sheer size of the US and thus the US market drives | this in part. | | Suppose you're a "big" ISP in Norway. Maybe you have | almost half a million customers, and your corporate | growth plan says you want a million customers by 2030. | | Your engineers need a way to address all the backend | infrastructure on your network. So, they give it all 10/8 | addresses. No problem. "Do you need IPv6? Our customers | are saying they want it?" "Not really, put it on the | nice-to-have list and we'll get to it when we get to it". | | In contrast your American equivalent has 20 million | customers and hopes to expand to 40 million customers by | 2030. Their engineers ran out of addresses in 10/8 for | infrastructure _years_ ago. So there are awful, miserable | hacks they can do, but _just go to IPv6_ solves the | problem. And hey, since your backend network is IPv6 | anyway, you can just as well give it to your customers. | | Once you bite the bullet, IPv6 first is actually cheaper. | But most organisations aren't set up to think that way. | The big changes resulting from the pandemic illustrate | that. Can some (many? almost all?) of your office workers | be more effective if they don't spend an hour every day | commuting and then sit in a small cubicle most days of | the week? The answer to that question didn't change from | May 2019 to May 2020 but whether your employer _knew the | answer_ changed. | ev1 wrote: | > there are awful, miserable hacks they can do | | They definitely did those, I've gotten everything from | 172.* to CGNAT 100.* IPs to UK MoD 25.* IPs as NAT, all | on the same carrier, hah | codetrotter wrote: | I live in Norway, we have some of the best mobile internet | speeds in the world, meaning that mobile internet | infrastructure in this country is pretty good. | | And yet here we are in 2021 and my carrier is only giving me | IPv4 access by default. No IPv6. This is with 4G connection and | 70GB data per month by the way, for which I pay about $50 per | month for the subscription. | Denvercoder9 wrote: | _> US, China, Japan, India, Canada, Brazil, and most of the | Europe_ | | That's about half of the worlds population (and I bet more than | half of the internet-connected population). If those countries | start going exclusively IPv6, the rest of the world cannot | afford to don't care much longer. | noxvilleza wrote: | It's insane to think that just the 6 countries mentioned are | ~44.4% of the world's population - but the whole of Europe | (~52 countries) are only 9.45%. | rapsey wrote: | Half the population and the vast majority of purchasing | power. | m348e912 wrote: | At this point I was wondering if it would be reasonable to use | ipv6 exclusively. I figured ipv6 addressing is reachable by most | by now. That's until I tried to reach ipv6.google.com and it | failed. So I answered my own question. | the8472 wrote: | Making hobby projects ipv6-only would be a start. | lvncelot wrote: | Since I'm using Hetzner Cloud for my hobby cluster, this is | as good a kick as any to start moving that stuff to ipv6. | | (Although there's no mention whether HCloud ipv4 pricing is | actually affected by those changes) | kaliszad wrote: | You should still get an IPv4 address with the VM for free. | But you can make sure you support IPv6 anyway for the day, | when even the very first IPv4 will cost extra. | lvncelot wrote: | Yes I'm currently using floating IPs as ingress | addresses, and I'll switch to IPv6 ones. | Tenoke wrote: | My ISP had some sort of v4 outage where only v6 worked fine. | That was really nice except that even services or games that | supposedly work over v6 rely on v4 and are borderline unusable | without it. | kalleboo wrote: | Yeah I had some issue where my home router's NAT died so IPv4 | broke, but IPv6 kept working. My wife said that Google, | YouTube, Facebook etc work but nothing else does. It didn't | take me long to realize what was happening. | kalleboo wrote: | Even in the countries with the highest adoption, it's only | around 50% | https://www.google.com/intl/en/ipv6/statistics.html#tab=per-... | DaiPlusPlus wrote: | IPv6 adoption figures are artificially inflated by LTE and 5G | smartphone connections (which are invariably IPv6) whereas | landline/DSL/DOCSIS connections are still IPv4 on so many | ISPs. | | I'll say one thing about Comcast in the US: they have | atrocious customer service, scummy upselling, and that horrid | wi-fi network sharing... but they do 2 things that mean I'll | forever give them a free-pass: | | 1. They have CBC channels in the US so I can watch the | Olympics without watching NBC's horribly dumbed-down, | artificially time-shifted, and condescending feed. | | 2. They have a rock solid IPv6 network _for everyone_. | scratcheee wrote: | At the current rate (approximately linear over the last 10 | years), in just 30 more years we'll have 100% adoption. | | Realistically adoption will slow down if nothing changes, | everyone willing to put the effort in for zero immediate | reward has already done so, and some will allow their support | to degrade due to low usage. | | At some point I guess ipv4 availability will really start to | collapse and adoption will speed up again. | | Not sure which will come first to be honest, but better if | adoption is relatively high when the shit evebtually hits the | fan, to avoid the temptation of insane NAT solutions. | hutrdvnj wrote: | > At some point I guess ipv4 availability will really start | to collapse and adoption will speed up again. | | I think this will be more like a linear function. As the | IPv4 prices increase, the IPv6 adoption increases until it | reaches 100%. I don't think that there will be a collapse. | mprovost wrote: | Adoption is already slowing down, by half in 2020 vs 2019. | | https://blog.apnic.net/2021/02/08/ipv6-in-2020/ | GolDDranks wrote: | I bet that at some point we'll have another inflection | point, as the IPv4 prices soar and the IPv6 becomes | commonplace enough for some (free/hobbyist-run?) services | to say: "sorry, IPv6 only". | mprovost wrote: | An inflexion point can go either way, the question is | have we already passed that point with v6 or is this the | start of a decline that ends with it failing to replace | v4? (Stealing this from Geoff Huston, see page 41 of his | presentation [0]) | | [0] https://www.potaroo.net/presentations/2021-03-02-ipv6 | -deploy... | netr0ute wrote: | Why even pay for IPv4 addresses? Who says who gets to | "use" them? | ShrigmaMale wrote: | Markets generally are good for determining allocation of | scarce resources. They push people with the ability to | substitute to do that, in this case, use ipv6. Pay for | ipv4 so nobody takes more than he needs. Imperfect but | probably the least bad option, just waiting to get ipv6 | over time hasnt worked so maybe scarcity and high prices | do it. | [deleted] | dcow wrote: | Hmm so maybe the market will drive IPv6 adoption where the | commons collectively could not. | Pick-A-Hill2019 wrote: | The Set-Up Fees are eye-watering. | | The monthly fee I can understand (but also feel there is a bit of | mark-up on it to nudge customers towards IPv6). | | I guess since it's their service, they have an absolute right to | charge what they like (and let the competition decide) but the | set up fees are just not going market rates. | | Point I'm trying to make is - charging EUR 435.20 per month for a | /24 is expensive but sort of ok ... but the EUR 4864.00 set-up | fee? | | Seriously? It costs EUR 152.00 for a /29 subnet but it costs 32x | MORE to set up a /24 subnet? Is it really 32 times more work to | set up? | sneak wrote: | I think at their tiny margins one of their major costs in any | sort of setup is going to be staff interaction/attention. | sascha_sl wrote: | Hetzner is a host living at a price and popularity point where | they always have to consider massive scale abuse. | | I'd imagine this is a major incentive for long-term ownership | of their freshly acquired IP space instead of churning them | through customers to end up on every blacklist for every | conceivable type of service. | ShrigmaMale wrote: | Very important since lazy admins just blacklist whole ranges | or even cloud providers sometimes if there is too many abuse | coming from it. | qalmakka wrote: | If only ISPs actually bothered giving out IPv6 addresses to their | customers. It's 2021, I have a 1 Gbps FTTH connection and still | no trace of IPv6. This is a complete disgrace. | nickcw wrote: | IPv6 is a hard sell for the average customer and because of | that to the ISPs that provide service to them. | | IPv6 doesn't make anything go faster, or let customers access | anything they can't already access and quite likely it will | make difficult to diagnose networking problems which break | stuff (speaking from personal experience with IPv6 here!). | | I don't think ISPs will be motivated to give out IPv6 addresses | routinely until there are important areas of the internet which | are IPv6 only. Until that point they would just be making more | support burden for themselves. | | And I can't see important stuff going IPv6 only any time soon | since you don't make a new and exciting service which the | majority of people can't access. | xur17 wrote: | I think it was 5 or 10 years ago, but there were some | websites that did exactly that. I distinctly remember setting | up an ipv6 gateway so I could get access to free newsgroups. | I think there was other stuff as well, I just don't remember | it all. | | [0] https://www.reddit.com/r/usenet/comments/k9aqjy/newszilla | 6xs... | oarsinsync wrote: | One of the largest ISPs in the UK (BT) provides dual stack | connectivity as standard. Their CPE is configured to enable | dual stack LANs as standard. Few consumers login to their CPE | to change anything. | | "It Just Works." | billpg wrote: | Are you sure? I use BT and I all of the IPv6 testing | websites I found report no-support. | alerighi wrote: | But there is motivation for ISP to use IPv6. They save a ton | of money on IP addresses, and they don't need the | infrastructure to keep a NAT. | | And I don't mean only the cost of running it, in my country | for example by law the ISP has to maintain a log for 5 or 10 | years of all the IP addresses assigned to the user, and in | case of a NAT even of all connection and source ports | associated with each client. That is a cost that you will | save with IPv6, just assigning an entire /64 subnet to every | customer. | | Of course you will start to save money at the point where we | can switch off IPv4, that is not something we will see | tomorrow, but if we don't start, the problem will not become | better with time, but worse. | | IPv6 is an investment for ISP, more than customers (that it's | not true they don't care, they maybe don't understand the | term, but when they find out that they can't play online with | their PlayStation/Xbox because they are behind a NAT, they | will complain to the ISP). | jiggawatts wrote: | 1 Gbps fibre here also, and miraculously with native IPv6 that | "just works". | | I say miraculously, because most of the rest of the ISPs in my | country have "experimental" IPv6 "coming soon". Any decade now. | Any decade... | tomjen3 wrote: | I loath this normally, but this is one case where we really | need the government to set standards. Everybody is better of on | IPV6: | | 1. Mandate that all ISPs have a fully functional IPv6 assigned | for each IPv4 given to customers. It must route just as their | IPv4 does. If a customer doesn't have an IPv4 number, they must | assign as many IPv6 as if the customer had one IPv4. 1. Mandate | that all servers and all services accessible over IPv4 be | accessible over IPv6 1. Institute sufficient fines for | businesses that don't follow these requirements. | foepys wrote: | People talk a lot of bad things about German ISPs, but I have | IPv6 on my DSL connection since 2015 and on my phone since 2019 | (maybe earlier). | shoeffner wrote: | I also remember having IPv6 in Germany for years now, but it | came with lots of problems: routers cannot forward things | properly, thus self-hosting at home becomes tricky, or | playing games with friends without dedicated servers (yes, | they still exist, no, not all support IPv6). It gets even | worse with "DS-Lite", where multiple customers share the same | external IPv4 address, to enable support for all the | webservices not supporting IPv6 yet. | | All in all, I had so many troubles with setting up anything | behind IPv6 or DS-lite, that I asked my ISP to give me an | additional IPv4 address, so that I don't have troubles. While | they usually provide bad service, this came for free -- but | other ISPs, for example my parents' ISP, want you to pay 50 | or more euros per month for an "enterprise contract" to get a | dedicated IPv4. I still haven't found a way for my dad to | setup his old webcam server at home such that others can | reach it from the outside world, and I tried every couple | months over the last 6 years or so. | brutopia wrote: | How about keeping connection open from the webcam server or | any host on the same LAN with a ssh reverse tunnel to a | cheap cloud server? | | For example when the webcam server is reachable on LAN at | 192.168.1.2:1337 you can do | | $ ssh -N -T -R 1338:192.168.1.2:1337 user@cloudserver.com | | on a raspberry pi on the same LAN or locally in the webcam | server and then you can access the webcam server from | anywhere using cloudserver.com:1338 | dathinab wrote: | Besides provider sometimes have strange port rules it's | not uncommon for them to forcefully change your IP from | time to time, even if there is an open connection. It | tends to happen at night and it tends to be a forceful | disconnect from your router to the outside world for | <5min. | | At least I ran into this frequently (multiple times a | week, I really need to fix my sleep cycle). | shoeffner wrote: | I considered such options before but if I remember | correctly, the webhost does not allow SSH. However, I | haven't checked for some time and I will definitely look | into this, thank you! | pimeys wrote: | I have a Vodafone cable in Berlin and it gives you one ipv6 | address in NAT mode. Not really helping if using your own | router and needing more than one ipv6 address (that is | typically the case). | | I do VPN from the router, giving me a proper /64 block... | dtx1 wrote: | Same setup here but my VPN provider only gives me a /128 | IPv6 Net so i have to use IPv6 NAT which is possible but | ugly. Which one do you use? | pimeys wrote: | Azire gives a nice /64 block. | | https://www.azirevpn.com/ | dathinab wrote: | Giving you a dual stack IPv4/6 address (with IPv4 often | NATed) is one of the thinks the German ISPs do well. | | But for many other thinks there are to often to many problems | including bad availability of speeds about 50Mb/10Mb and they | still selling you faster speeds which technically can't be | delivered. | | And for many areas of Germany it boils down to: | | - If you live in a city and only go for 50Mb it's often ok | (but even in cities there tend to be areas with faulty | installations causing problems for the citizens in that area | for years, e.g. my sister and a co-worker of mine had/have | that problem). | | - If you live in the metro area but not in the city it's | spotty sometimes going with LTE is better, sometimes it's | not, sometimes you should by both to make sure at least one | of them works (my former co-worker had that problem). | | - If you live outside the metro area it's random either you | get reliable reasonable fast internet if you buy from the | right provider or you get less then 1Mb no matter what | provider you choose (multiple of my friends had/have that | problem). | zeeZ wrote: | People like to shit on Telefonica/o2, and after half a year | of trying to get my bills corrected I can see why. But I've | had dual stack on my DSL for several years now without issue | (caused by them). | noxvilleza wrote: | Yeah since moving to Germany in 2016 I've been getting IPv4 & | IPv6 addresses (on 1&1 / Versatel). Was very surprised when | first noticing it! | benttoothpaste wrote: | One of the very few good things I can say about my Comcast | connection is that they gave me a 60-bit IPv6 prefix. | dmitryminkovsky wrote: | Here in Baltimore County, Maryland, Comcast provides my cable | modem an IPv4 and IPv6 address. Is that unusual? I'm not sure, | but I think Time Warner in New York also allocated IPv6. | mindcrime wrote: | AIUI, Time Warner had rolled out ipv6 pretty widely before | the merger and becoming Spectrum. I have had native dual- | stack ipv4/ipv6 from TWC/Spectrum for several years now, in | the RTP, NC area. | technofiend wrote: | Comcast will hand you the smallest routable ipv6 network | (/64) by default, however people have had varying success | with prefix delegation hints to get larger address spaces. | | Without passing judgement on a) medium.com articles, b) | Comcast or c) pfsense here is an article that covers making | IPV6 work in that specific instance. | https://circuitguy.medium.com/home-network-virtualized- | pfsen... - Worst case scenario someone can take this and | adapt it to opnsense or their OS of choice. | ArchOversight wrote: | Comcast will happily hand out a prefix delegation larger | than a /64 if you ask for it, and set the prefix delegation | request to 1 instead of 0. | | This is done because many routers were built with bad IPv6 | support that requested a /48 even though they only needed a | single /64 for a LAN and Comcast was handing out /60's | (their largest size) like candy with almost no use. | | So my config was to request two prefix delegation, one | tagged 0, which would always get a /64, and then one tagged | 1 which would get a /60. | | Not sure if you still can do it or not, but at one point | you could continue to ask for prefix delegations (/60's) | and get even more address space. | | Here's the dhcp6c.conf: interface em0 { | send ia-pd 0; send ia-pd 1; send ia-na 1; | }; id-assoc pd 0 { prefix ::/64 | infinity; prefix-interface lagg0 { | sla-id 0; sla-len 0; }; | }; id-assoc pd 1 { prefix ::/60 | infinity; prefix-interface vlan10 { | sla-id 1; sla-len 4; }; | prefix-interface vlan11 { sla-id 2; sla-len | 4; }; prefix-interface vlan20 { | sla-id 3; sla-len 4; }; | prefix-interface vlan21 { sla-id 4; sla-len | 4; }; prefix-interface vlan22 { | sla-id 5; sla-len 4; }; }; | id-assoc na 1 { }; | | Note: ia-pd 0 will only ever pull a /64, even if you ask | for a /60 all you'll ever get back is a /64. ia-pd 1 on the | other hand will allow you to pull anywhere from a /64 to a | /60. | | Yes, this means you get 16 + 1 /64's to use. | | On top of that I pull a single /128 for the external | interface of my router. | Akronymus wrote: | Better than getting cgnat'ed with a ipv6 address. Mind the | address, not address range. | ocdtrekkie wrote: | To my knowledge, actually, by default, Comcast solely | provides IPv6 by default... but then if you plug in a device | that requires (or is configured to require) IPv4, it'll give | you an IPv4 address. During the transition, I'd occasionally | find weird things would spontaneously break on consumer PCs, | like old Office Click-to-Run versions which didn't support | IPv6, and then discover the user no longer had an IPv4 | address. | | Usually happens if the customer's computers connect to the | Comcast gateway directly. If they have their own router, it | usually gets an IPv4 address. | ArchOversight wrote: | Comcast is dual stack, and will hand out IPv6 and IPv4. | There are times when their IPv4 DHCP server is slow or | seems to be out to lunch though, and during that time you | might get IPv6 only. | throaway46546 wrote: | Not giving users who connect to the gateway directly a v4 | address seems like a decent security feature. | ocdtrekkie wrote: | That is probably just a side benefit. Your two largest | ISPs pushing IPv6 are Verizon and Comcast, because | they're also (including wireline and mobile) the largest | ISPs. The number of IPv4 addresses they'd need to meet | their customers needs would be astronomical if they | didn't find any excuse to go IPv6 only where possible. | lizknope wrote: | I have AT&T Fiber along with my sister and parents. They live | 20 and 30 miles west of me. Both of them have IPv6 but I don't | and I live in a bigger city in the area. I don't understand. | defaultname wrote: | My ISP assigned my home an IPv6 address, but the net result is | that I get captchas and bot checks _endlessly_. Even a simple | grocery order on Walmart 's website yields a dozen "Are you a | robot" interruptions during a session. | p1mrx wrote: | walmart.com is IPv4-only (according to IPvFoo), so the | captchas you're seeing can't possibly be related to your IPv6 | address. | | If your ISP uses CGNAT for IPv4, then Walmart could _fix_ the | captcha problem by supporting IPv6, where your address is | distinct from the bots. | defaultname wrote: | I have never bothered digging into it, just noticed a | pretty irritating rise in bot gates after enabling IPv6 | through the router (though it could be entirely | coincidental). I of course still have an IPv4 address. | | Walmart uses a litany of external services, presumably | including real-time threat/bot analytics. For instance | AdobeDTM, which does indeed serve via ipv6. It seems | possible that IPv6 could be playing a part regardless of | the status of the base site. These bot gates aren't at HTTP | responses, but are in client interrogations and javascript | triggers while interacting with the page. | sfblah wrote: | Yes. This. I tried using ipv6 and had to turn it off because | of problems like this. | saltminer wrote: | What ISP are you using? | | I have Google Fiber, and I can't say I get a ton of | captchas (other than sites that have them for everyone, | e.g. unauthenticated contact forms). The only downside to | v6 was I had to get a new router because my old one | couldn't route v6 at gigabit speeds (could easily do | gigabit symmetric on v4 only, but topped out at 400/400 | Mbps on dual-stack). | | Back when I had Spectrum (which was Charter in my area pre- | merger), their v6 worked fine as well. | FractalParadigm wrote: | Where do you live? Here in Canada I've had native IPv6 | through Rogers for the better part of 10 years and have | _never_ had problems in any way. In fact I have IPv4 | straight up disabled on a few devices because v6 has been | marginally faster in any test I 've done. So far Reddit and | HackerNews are the only two websites I regularly visit | without v6 support (why?). | defaultname wrote: | I (the guy two comments up) am in Canada through another | provider. Whether the address range just isn't as well | known and documented on whitelists, or one of my | neighbors (IPv6 wise) runs botnets, there is no doubt | that it is treated as much more suspicious traffic when | I'm going through IPv6. | | And this is well known in the industry. The IPv4 world | has had enormous mapping and trust ratings and | understanding -- coupled with a scarcity that gives range | owners or operators a higher incentive to care about what | happens on it -- while a lot of people are still | completely in the dark about IPv6 and still treat it like | some scary unknown. | oarsinsync wrote: | > _The IPv4 world has had enormous mapping and trust | ratings and understanding_ | | Indeed, and residential ranges are wholesale blocked from | participating in various services, because of abuse | through compromised hosts in residential networks. | | Budget cloud providers are wholesale blocked from | participating in various services, either at thier local | edge, or the remote edge, because of abuse through | deliberate malicous customers and/or compromised hosts. | ikiris wrote: | I've used generic comcast IPv6 for years and never had this | problem. | Akronymus wrote: | We have a dual uipv4 and ipv6 address at home. But both are | CGNAT'ed, which really annoys me. | zahllos wrote: | In Switzerland it is a level of insanity above this. Major ISPs | are now promising 10Gbit and 25Gbit fibre to the home, but only | one ISP natively supports IPv6 (init7, not the country's major | provider Swisscom). | | This is utterly bonkers. While the ethernet cables they give | out can likely do 10Gbit (but definitely not 25Gbit) very few | people have 10Gbit-capable ethernet or wifi chipsets and there | is no way they will actually be able to routinely transmit data | at this speed. | | Swisscom do 6rd and don't offer static IPv6 either presumably | because of how 6rd works. So it is a pain to configure anything | except using their own box. | brnt wrote: | At least you can get speedy connections. Here in the NL | offers still start at 40/5-type connections, and ISP have you | pay premiums to get 300/500 Mbit. If you're lucky, you can | sell your first born for 1Gbit. | dathinab wrote: | Offers starting at 40/5 is already good, in Berlin offers | currently start at 10/2 with 100GB volume limit for | 25EUR/Month with 2 year minimum contract duration. | | (Through to be fair you get 50/10 for 30EUR/Month without | limit.) | dmurray wrote: | > While the ethernet cables they give out can likely do | 10Gbit (but definitely not 25Gbit) very few people have | 10Gbit-capable ethernet or wifi chipsets and there is no way | they will actually be able to routinely transmit data at this | speed. | | Bit of future proofing, the fibre cables will be in the | ground for 10 years and who knows whether consumer devices | can routinely do 10G by then. The cost is dominated by the | price of digging up the roads, not by sticking a few extra | strands in the ducts. | awruko wrote: | what do you mean by natively? I am using iway and can clearly | use ipv6. Most of the whatismyip sites give me my ipv6. | ubanholzer wrote: | Depends on the location. If iWay does have a POP in your | network, they can offer native IPv6 because their DHCP does | support it. If they don't have a POP, they often (need to) | use Swisscom to "proxy" your packages (like Crossover7). | And because the Swisscom DHCP Server can't assign IPv6 | leases currently, your router needs to tunnel IPv6 packages | in IPv4 packages to the infrastructure of iWay. | | https://de.wikipedia.org/wiki/6rd | ShrigmaMale wrote: | > 10Gbit and 25Gbit fibre to the home | | That is suprising, why? Can most people even use that much | speed? Netflix only need so much bandwith. Good for homelabs, | just most people don't have them. | ThePadawan wrote: | Speaking of insanity: I'm a customer with init7. Great | service! | | You know what's not great? I live in a new building. It was | built in ~2015. It's not even on Google Street View. | | They decided to go with a commercial solution | ("digitalStrom") for Ethernet that caps out at 100Mbit. | | I now have to use Wifi to get anywhere close to the 1Gbit I | pay for. The lack of forethought (or the grift for the | company that bought that tech) is astounding. | | Thank god I only rent. | moooo99 wrote: | Reading this in Germany, I'd happily overpay for a 1Gbit | connection even though I couldn't use it. Unfortunately, | the fastest available connection here is a 50mbps, and | thats a significant improvement. Three years ago, we were | limited to a 16mbps connection for a household of four. | | But I wouldn't be surprised if my 50mbps connection is as | expensive as your connection, presumably while offering | worse service. | ubanholzer wrote: | 60EUR / month plus a one-time-fee of 100EUR. if you want | 25 gbit/s (and if the POP supports it), you pay a one- | time-fee of 310EUR. But the availability is currently | very restricted to urban regions | dathinab wrote: | A 50Mb/10Mb connection often cost around 30EUR/Month + | 70EUR one time in Germany but: | | - You often only get it in city areas, I say city areas | because metro areas include small settlements around the | city still connected with the metro. And in many | experience it's quite likely the best you can get in that | settlements is either _way_ less or unreliable high | latency LTE. | | - There are faster contracts like 250Mb/40Mb for | 45EUR/Month but availability is spotty, _and companies | will sell it to you even if not technical available_. | E.g. most 100Mb contracts say serving 60Mb would still be | "valid" for your 100Mb contract. | | - It's not uncommon that many DSL of different people | will go through choke points in areas with high | population density but not that much money, so speeds | dropping sometime randomly noticeable are not uncommon. | | - It's common that if there are technical problems (which | are not uncommon when switching providers) it can take | days to fix them, my previous (small) company went a | month without proper internet connection due to this, | they fell back to using a LTE router temporary but they | had to buy it themself it wasn't provided by the internet | provider. | | A good point is that all the internet contracts tend | include a land line phone number and tend to have | "unlimited" data volume (which isn't always truly | unlimited, but close enough to unlimited). | | Frequent stories include internet being so bad that it | frequently is short term temporary(<15min) unavailable, | randomly temporary super slow internet, or a supposedly | 100Mb internet connection frequently slowing down to | close to 1Mb causing video conferences to fail. And that | is in the city. | | Outside of cities it's common to have insanely slow | internet all the time to a point that people fall back to | use LTE->WLAN routers, but then it's common to hear that | the LTE is frequently overloaded around "rush hours" | making people at the "outer ranges" of the closest LTE | tower lose connection. | | The state of the German internet infrastructure is kinda | a sad joke. | | Through I should note that things differ depending on the | area of Germany you are in. | | Anyway the best thing I can buy (and get) in my area (in | a relatively wealthy area of Berlin) is ~60Mb/10Mb | connection which is somewhat reliable (fails 0-4 times | every day for ~1-5min each, but it only happens between | 2am and 6am, so ok, not a problem and at least one | failure is probably the router). | | EDIT: Just to be clear the biggest joke are not the ISP's | but the politicians which let themself be bribed not only | to tolerate but actively support this situation. Through | it's also incompetence not to long ago some politician | responsible for making regulations in this area stated | (and believed) that ???Kb (forgot the actual value but it | was less then 1Mb) is high speed internet. It's sad if | politician are stuck years in the past and are so | arrogant and incompetent that educating them about their | mistake is destined to fail. | lukeqsee wrote: | Green.ch supports IPv6, and they include a /48 when you have | a static IP. | | I've wanted to switch to init7 for a longtime, but Green's | service and price is hard to argue with. | api wrote: | Just got an Orbi WiFi setup. Great hardware but v6 was disabled | by default and enabling it is under "advanced." This is a | fairly new product in 2021. ISP supplies it no problem. | tyingq wrote: | It's also very clear that it's possible, with the right | motivation. Cell phone networks get it. | theandrewbailey wrote: | FiOS? | | I've been on FiOS for almost 10 years. Every few months, I | check to see if I or any other FiOS customer has IPv6. It's | been on in one testing market (or two) for years, but nothing | else outside that. | thinkmassive wrote: | I'm FIOS with an IPv6 address right now. | | I first discovered this when I started presenting a terraform | demo from home, and it broke because at least one of the AWS | modules didn't support IPv6. When developing I only used my | Xfinity connection, which gives an IPv4 address. Apparently | my laptop had switched to my other wifi Network right before | the presentation. Luckily the interviewer was understanding, | and we used the experience as a troubleshooting exercise. | deathanatos wrote: | I think you might be a unicorn. | | I'm also on FiOS, in a major MSA, and nope, IPv4 only. | drewg123 wrote: | I'm on FiOS in the Richmond VA area with an IPv6 | sodality2 wrote: | I'm only a few miles from you and cannot figure out how to | enable IPv6. Did you do it within the router admin page? | Did you have to do anything extra? | mrweasel wrote: | My ISP have at one point stated that they did not have ANY | plans to provide customers with IPv6, as there was no demand. | This is beyond stupid, of cause there's no demand, the average | user isn't even demanding an IPv4 address. They don't know that | they need one. | | Claiming that they don't see a return on investment is equally | silly. Most ISPs have rolled out fibre, or new equipment in the | last 10 years. They could just have rolled out IPv6 when new | equipment came online over the last decade. | | Maybe the ISP deliberately bought equipment without IPv6 | support, like we did, but by accident. Two years ago we bought | new Cisco equipment, for a remote office, only to discover that | there where no IPv6 support. So back to Cisco it went. Why did | Cisco even bother to make network equipment that doesn't | support IPv6? | | Still, it's better than IBM who claims IPv6 support in their | software, but haven't bothered to test it the last 7 years, so | it doesn't actually work in the current versions. | DaiPlusPlus wrote: | > Why did Cisco even bother to make network equipment that | doesn't support IPv6? | | The same reason credit-card payment terminal people sold | almost-EMV terminals to retailers in the US around 2010-2015: | so their customers will come back 5 years later needing | another upgrade to something they _should_ have bought | originally. | spurgu wrote: | Unfortunately this sounds highly plausible. :( | throw0101a wrote: | > _This is beyond stupid, of cause there 's no demand, the | average user isn't even demanding an IPv4 address._ | | In other words: the demand is for connectivity--or rather the | services being connect gives you, like the ability to view | YouTube videos and see tweets--not for addresses. | blowski wrote: | I imagine if you only have IPv6 then some parts of the | internet will stop working, and customers will then blame the | ISP. I can see why ISPs keep the status quo when it probably | costs them very little to do so. | TheSmiddy wrote: | IPv4 can be addressed from an IPv6 only device when an ISP | configures their network with the feature, many mobile | phone providers already have fully IPv6 networks: | https://www.sidn.nl/en/news-and-blogs/australias-telstra- | swi... | pantalaimon wrote: | Eh, in Germany most ISPs will only give you DSLite for new | contracts - Dual Stack Lite where you only get a NATed | private IPv4 address but full IPv6 connectivity. | Semaphor wrote: | My contract is from 2014, no IPv6 at all, but also a real | IP and not behind a CGNAT. Kabel Deutschland/Vodafone | business account (which is available for everyone and | doesn't mention anything about NAT) | froh42 wrote: | Nah. My home internet is originally Dual-Stack lite IPv6 | mainly with IPv4 being tunneled over an Enterprise-like NAS | (so my outgoing IPv4 connections share the address with | other users). | | I just switched to full dual stack (by leasing a static | IPv4 address from my provider) to be able to handle | incoming connections for my VPN. As long as you don't want | to host anything on IPv4, dual stack lite is fine. | DannyB2 wrote: | ISP says there's no demand for IPv6 addresses. There's no | demand because other people don't have them. Others don't | have them because ISPs don't issue them. | | It's not circular logic, it's no loose ends. | | Reminds me of a story in The Dragon Book. (compiler design | book from the 1970s) FORTRAN IV doesn't (didn't) allow arrays | with more than three dimensions. Because programmers didn't | write programs using arrays with more than three dimensions. | Programmers didn't write programs using arrays with more than | three dimensions because the compiler didn't allow arrays | with more than three dimensions. | codesnik wrote: | I wonder, if, with such a spotty support, and being forgotten and | overlooked by many administrators, ipv6 is already a major attack | surface | JepZ wrote: | 4 years ago, I assumed, that by 2021 we would have about 50% IPv6 | adoption: | | https://news.ycombinator.com/item?id=14855347 | | Now it looks like I was wrong and we got just about 33% and the | curve seems to flatten already: | | https://www.google.com/intl/en/ipv6/statistics.html#20 | gowthamgts12 wrote: | is it because of NAT adoption everywhere? | | related: major indian telcos like Jio and Airtel are rolling | out CGNAT. | maccolgan wrote: | Jio has spearheaded IPv6 too, but OTOH Airtel hasn't but is | still slowly rolling it out | emilfihlman wrote: | Everything would be solved if we just made ipv6v2 which is ipv4 | but with longer addresses. | chillydawg wrote: | This worked. I had an idle /29 and gave it up to them instead of | paying. | rmoriz wrote: | Still waiting for Hetzner to support announcing provider | independent (PI) IPv4/IPv6 subnets like vultr does for ages. | justinclift wrote: | GitHub Pages doesn't serve over IPv6 either. :( | | If your website/docs/whatever are on GitHub pages, it's IPv4 and | a lot of the world can't access them. | DanAtC wrote: | What ISPs are doing IPv6-only? Can't imagine they'd still have | any customers. | karmanyaahm wrote: | I moved off of GH Pages for that very reason. | kstrauser wrote: | In related news, last week was the first time ever that Google's | IPv6 traffic never dipped below 1/3 of their total traffic: | https://www.google.com/intl/en/ipv6/statistics.html | jtchang wrote: | ARIN has been constantly raising prices on both IPv4 AND IPv6 | registrations and fees. It's really annoying because you'd think | you'd get a break for adopting IPv6 but nope. | | I've expressed my disagreement on the public mailing list but it | seems like it is happening anyway. | orev wrote: | This is the inevitable and foreseeable result of the scarcity of | IPv4 addresses, and it perversely discourages IPv6 adoption. Once | something has a cost, it has the potential to become revenue | generating, and once that happens the incentive for companies | changes to preserving the revenue stream. At that point, why | would they make the effort to provide a free alternative? | pimeys wrote: | I was just thinking this when reading the email Hetzner sent | me. Would it be a good investment to buy 1000 IPv4 addresses | now and sell them in a few years? | wmf wrote: | Note that this is "illegal". | tialaramex wrote: | You can't do this. | | The thing that's saleable is _routable_ IPv4 address space. | That is, blocks of addresses which can just be announced | somewhere by a new owner. I can 't meaningfully sell say | 81.2.89.126 even though that address is "mine". | | The RIRs still manage this namespace. Their rules only allow | transfers of space _to_ LIRs that have a justified need for | the addresses, the "sale" just allows you to bump their | request to the top of the queue matched against your return | of those addresses. At exhaustion (where most regions are | now), the queue won't move unless either some kind soul gives | back some addresses or, more likely they _sell_ those | addresses to somebody not at the front of the queue. | | So, you can't really just buy 1000 IPv4 addresses. You would | need to create an entity that needs 1000 addresses, that | could buy them, and then it could use them, but then that's | not really an "investment in IPv4 addresses" it's a company | (ISP? Cloud provider maybe?) that you founded and provided | some capital to in the form of the address space it needed. | dmurray wrote: | Seems like a bad long term investment, since there's a plan | for them to be worthless eventually. Economically speaking, | if the market is rational, the price should tend down over | time. | | Of course the market may not be rational (it's obviously not | super liquid, either), and it's very plausible the price | creeps up over time before eventually crashing, or that we | never get to widespread IPv6 adoption after all. Maybe you | have some insight that they are underpriced at the moment and | IPv6 adoption is further away than the market thinks. But I | wouldn't contemplate this as an investment unless I had some | plan to collect rent for the assets to make up for the | expected eventual depreciation. | p1mrx wrote: | I think this is good news for IPv6 deployment. As ISPs start | charging more for IPv4, companies will finally have a financial | reason to seek the alternative. | | It's sort of like taxing carbon to make non-carbon energy more | competitive. | skybrian wrote: | That doesn't make sense as stated. The company offering IPv4 | doesn't get the revenue. It's an increasing cost to them that | they will try to minimize. | | It might make a bit more sense as justification to raise retail | prices, but there is a risk that competition will undercut that | price. | est31 wrote: | It won't generate revenue but investment into ipv4 can be | used to build a moat around your cloud business. Anyone who | wants to compete with the big cloud vendors now needs not | just a global network of data centers and good uplinks, but | also a large pool of ipv4 addresses. | orev wrote: | It would be very rare that any company passes the wholesale | cost directly to the customer. There's almost always some | kind of markup, even for things like "administrative | overhead". Maybe that's not widespread now, but the clear | trend is reduced supply and increasing demand, so the costs | will definitely go up. | whoknowswhat11 wrote: | Hetzner is a spammer / scammer hell hole. I didn't even realize | they had clean ip addresses. Anyone spin up an instance recently | and test deliverability? | Vespasian wrote: | Yup. No problem whatsoever. | | I also had several resources there for years. Never got | anything to complain about. | ev1 wrote: | Never an issue here, no blacklisting, no bad IP neighbours. | | If anything they are too picky on who they host. | whoknowswhat11 wrote: | Good feedback - maybe I'm getting them confused with another | of the AWS lite folks (linode or ...). I had a miserable time | on one of these with just trashed IP address rep (but | unlimited bandwidth supposedly). | ev1 wrote: | Digitalocean used to offer unlimited bandwidth (not | anymore). They are completely trashed, half on DNSBL, most | people I know drop traffic from them due to relentless | bruteforcing and abuse. | whoknowswhat11 wrote: | That was it! Sorry hetzner! | | I remembered one of these players and just being totally | shocked had how bad they were in this area - like no care | - despite trying to compete with AWS. I don't remember if | there was also internal to their network scan / attack | stuff going unaddressed in addition to just issues with | deliverability out (non marketing) but I honestly felt | like I was working with kids vs adults a bit (this is | some time ago though). | | I'd been told I was an idiot for paying for AWS and that | there was lots to be saved on their unlimited bandwidth | etc - but it ended up being absolutely not worth it. AWS | support is really good. They seem to take abuse issues | quasi seriously etc. | ev1 wrote: | Yeah I don't know what is up with digitalocean. I can | think of several things, like free EDU credit (abused | relentlessly, seemingly mostly by CN/IN with fake edu | emails or stolen identity ones) and $5 to $10 free | trials, though this has been reduced a bit via card | requirements. | | They do have very long term customers that are abusive as | fuck, spray high-PPS port scans and bruteforces out under | the false guise of security research (with no IRB, no | studies, no affiliation or notice of who they are), | pretty much floods that abuse has ignored. | adevx wrote: | I remember while trying to figure out why Microsoft was blocking | emails that IPv6 SMTP source addresses had a much higher risk of | being blocked despite having done all the required stuff like | PTR, SPF, DKIM. Microsoft's form to submit delisting an IP | address does not even accept an IPv6 address: | https://sender.office.com/ | | Stuff like this really hinders adoption. | dathinab wrote: | Microsoft has been ab-using IPv4 in context of Mail to target- | specific hinder competition, so they have a lot of reasons to | not support IPv6 well where this isn't as much doable. | | (For example Microsoft has blocked whole IPv4 ranges of cloud | providers (i.e. Microsoft Azure competition) for E-Mail, | supposedly because of abuse. But all cloud providers are used | by people "producing bad mails" and somehow only small to mid- | sized ones are blacklisted while e.g. Google or Amazon are not | and to be clear that had not been cloud providers in some | arbitrary small country but e.g. the EU). | PedroBatista wrote: | Microsoft + Email has been a combo from Hell for many years, | blocking IPv6 addresses, deliverability issues all the time, | psychotic Spam detector, complete disregard for the most basic | rules on how Email works and the list goes on. | kureikain wrote: | And icloud too. They are very sensitive to ipv6. | | In case of icloud, I attribute it to the Proofpoint spam | filtering system, which also sell service to ups.com. | | And even gmail, but at least gmail accept the email, then | just flagged it as spam. | xroche wrote: | My first experience with MS Exchange long time ago was that | the team responsible for the infrastructure (company with | more than 100k employees) committed to reboot the server once | a week, because otherwise it would blow up. | | So yes, this is a long story. | marcosdumay wrote: | Oh, my first contact with Exchange was discovering that the | recently updated server couldn't read any of the backups on | the proprietary format of the pre-update version of it. It | seemed to be a common enough occurrence, because the email | people just shrugged and started hacking the backup. I | don't think that group was ever capable of restoring any | Exchange backup, normally because of Exchange's problems. | | But that was a long time ago. From what I hear, things are | different now. | jcpham2 wrote: | Sounds like unchecked IIS SMTP transport logs but hey it's | been years since I maintained an on-premises Exchange | server | zahllos wrote: | Yes, I remember seeing this as well. | | The irony here is that much of the inter-service traffic on the | internet could already be sent over IPv6 without anyone | noticing. Getting end users onto IPv6 is always going to be a | challenge as, well, ISPs, but when my mail server talks to your | mail server there's no need for this to be IPv4. | dndx wrote: | Same with Google's Report IP problems form, if you tries to put | an IPv6 address it will always return: "Invalid IP address" and | wouldn't let you submit the form. | | Link: | https://support.google.com/websearch/workflow/9308722?hl=en | kmeisthax wrote: | I wouldn't be surprised if that's intentional. There's an | explicit hesitance on the part of mail providers to accept v6 | mail, since they use IP addresses as a reputation mechanism. | IPs that originate spam mail get summarily executed, and | getting new IPs that have a high antispam reputation is | actually quite expensive. | | In other words, it's a Sybil-resistance mechanism, called | Proof-of-IPv4. It works specifically _because_ v4 addresses are | scarce. v6 addresses are not nearly as such. Everything that | makes IPv6 great for the Internet at large makes it _terrible_ | for mail providers. For example, because the original v6 design | wanted to eat lower link layers, it reserves half the v6 | address for an embedded MAC64. This never really panned out, | but it 's terrible for security, so every v6-capable OS | nowadays will rotate addresses every few hours. The average | machine will have _hundreds_ of addresses. How do you assign a | usable notion of per-IP reputation to _that_? | | You could use v6 subnets for reputation, but there's still 64 | subnet bits - enough to stick an entire IPv4 subnetwork inside | of each IPv4 address. Some ISPs actually will assign a /64 per | customer (because Comcast needs _something_ to sell to Business | customers), while others assign /56s or /48s. So there isn't | even one granularity of subnetting that you can use for | reputation tracking on v6. | | Meanwhile, v4 pricing is getting worse and worse, which is | great for mail providers. They don't necessarily need to turn a | profit on incoming mail, but they _do_ need to make it | expensive for people who want to send lots of spam. | dathinab wrote: | > do need to make it expensive for people who want to send | lots of spam. | | You can use cloud providers, sure small ones do get | blacklisted (which happens to also benefit Microsoft as they | also are a cloud provider) but they can't really blacklist | Googles or Amazons Cloud. | kmeisthax wrote: | Google is not a good place to send spam. They'll delete | your account and ban the cell number you used to SMS | verify. | GoblinSlayer wrote: | Can't the reputation mechanism rely on DKIM for | identification? | adevx wrote: | This could likely be the reason for poor IPv6 support but | highlights the importance of shifting (much more) to domain | based reputation. If a domains reputation is at risk, you can | bet domain holders will be extremely careful not to allow | outgoing spam. | rinron wrote: | Spammers and scammers already use domains as a disposable | commodity creating them or using hacked ones for single | campaigns and moving on. Part of filtering based on IPv4 is | not only scarcity but accountability. When the owner of the | netblock reassigns the ip and its already blacklisted it | can create a problem for them and incentivize them to | police their own network. Domains are also worse in that | its easier to use fake information and be untraceable. its | also understandably easier to get a response legal or | otherwise from a co-location or isp than a domain | registrar. Maybe ipv4 will always be preferred for email | just because its more difficult/expensive and therefore | less appealing for temporary malicious use. | syshum wrote: | Or more strict enforcement by the world on SPF, DMARC and | DKIM policies | | The problem of spam is actually solved, the problem is no | one setups any of these security parameters correct, large | and small companies alike all have bad SPF Records, bad or | no DMARC, etc etc etc | friendzis wrote: | Go to any internet-related forum and search history for | those keywords. You will find countless stories of | seemingly technically people who in the end give up on | self hosting and switch to managed mail provider. Because | even if you solve those policies perfectly, a personal | mail server will have such a low rate of outgoing mail | that all the big players will effectively treat it as | history-less server and will occasionally route the mail | into the black hole. There is no recourse for that. | | If 99% of contacts you want to send mail to are on | google/yahoo/microsoft you have to play by their rules. | And those rules are effectively "send mail internally or | gtfo". | nanidin wrote: | I have self hosted personal mail for over a decade. There | are occasional hiccups with deliverability to new gmail | addresses, but that is it. In those cases, once a | recipient marks me as not spam once, there aren't any | more problems. | | I think maybe once in the last 3 years I ended up in | someone's spam box, total. In fact I just sent to a new | gmail address and to a university I have never contacted | before this week and both were delivered without issue. | | Setting up DKIM/SPF/etc isn't that hard and it's fairly | easy to verify with existing tools FYI. | jtchang wrote: | How is that solved then if no one setups any of the | security parameters correctly? That sounds like the exact | opposite. | throw0101a wrote: | > _If a domains reputation is at risk, you can bet domain | holders will be extremely careful not to allow outgoing | spam._ | | Generating domains is fairly cheap though. | | lsjfdlakj.com | | There, I just generated a new one with a clean reputation. | Just spend US$ 10 to register it and off we go. | wrycoder wrote: | It has _no_ reputation. That 's different from a 'clean' | reputation, which takes history to establish. | adevx wrote: | You often have to build a domain reputation first. | Certainly for Microsoft hosted email. I for instance show | users with a Microsoft email a plain | mailto:support@domain.tld link on my contact/support | form. This way the first email is from them to me which | helps building reputation and minimizes the chances of my | response going straight into the spam box or worse, | silently dropped. Regular users can fill in a proper form | and submit it from the support page. | blibble wrote: | I'm surprised there's not some sort of database which records | the size of subnets allocated to end-users | | would be very useful | | (business opportunity here guys!) | formerly_proven wrote: | Sort of like a public suffix list, except for IP addresses, | which in my eyes makes the idea even worse. | | Edit: Seeing your use-case, this should probably be part of | the whois records. | blibble wrote: | > Edit: Seeing your use-case, this should probably be | part of the whois records. | | absolutely, assuming people subnetting to their customers | delegate the space in the whois accordingly | | (they do have an incentive to do that -- prevents all of | their customers being banned if one misbehaves!) | mfrye0 wrote: | I've been working on this and have built that database, | though we only expose at the IP level: | https://bigpicture.io/docs/api/#ip-api. | | What did you have in mind as far as a use case? | blibble wrote: | given abuse coming from a given IPv6 address: which | subnet do I need to block to stop the user behind that | address | | (for fraud detection it switches from block to identify) | | for IPv4 this is generally the /32 (the single IPv4 | address) | | for IPv6 it's probably a /64, but may be a /56 or even a | /48, and on some crappy providers even a /128 | | if the subnet is smaller than you think it is you risk | banning an entire ISP (or country), whereas if if it's | too large the abuse continues | | it's quite a complicated problem as by design you can | have subletting (subnetting!) within a block, e.g. a VPS | provider gets a /48 from its ISP, and then they sublets | out /64s to their customers (while not necessarily giving | them all their own RIPE/ARIN records) | 2Gkashmiri wrote: | can i ask a question? is it possible for people to "own" | ipv4 addresses? like we can own domain names? something | like /29 Subnet or /28? | | if i spent like a hundred bucks or something, i dont | know... just asking. how would that work, does that | "bring your own ip" that vps providers talk about mean | this? | | i | mfrye0 wrote: | Got it. Yeah, it's definitely tricky. | | The other aspect is that a decent chunk of the IPv4 space | at least is fairly dynamic. We've seen some blocks change | owners every few weeks. | cm2187 wrote: | You could have a reputation based on /64 and to extend the | subnet when you see a large number of spam coming from the | same /56 or /48. | [deleted] | tgragnato wrote: | Classifying IP sets is a fantastic idea, I've seen mail | bounce for the ASN. That parameter is unchanged between | IPv4 and IPv6. Certainly, you can do it only when the | provider is a classic spam heaven. | sneak wrote: | This is a perfectly reasonable approach that mirrors that | of the current ipv4 reputation scheme. | | Treating individual v6 addresses like individual v4 | addresses is silly and nobody serious will take that | approach. | Dunedan wrote: | Not that this matters much, as the chance to get an IP address | delisted is pretty slim anyway. | | I've completely given up to try to get my personal mail server | delisted, as I can't even get Microsoft to tell me why they | blacklisted it in the first place. | | Instead I'm nowadays just rejecting all incoming emails | originating from Microsoft with a message telling the sender to | use another non-Microsoft email account. | | It's just stupid. I never had problems with any other mail | provider, but trouble with Microsoft as long as I can think of. | gowthamgts12 wrote: | exactly, we're operating a fleet of SMTP servers and IPv4 | procurement is big problem. We do by asking AWS to allocate a | block and send email traffic via those IPs. We want to adopt | IPv6 but the current email infrastructure doesn't support this. | 55555 wrote: | IPv6s are too cheap for most mailbox providers to take | seriously. If someone sends spam, you need to block their IP, | but they also need to lose money. Spammers don't care if they | lose an IPv6. They'll just send spam from another. | | (I don't really know what I'm talking about.) | thayne wrote: | That's where DKIM and SPF come in. | ikiris wrote: | Not really. If you look at the numbers, spam almost always | has these. | corty wrote: | Yes really. With DKIM, you blacklist domains, not IPs. Of | course, only if you do it properly. Hotmail doesn't... | thayne wrote: | Because most email providers will block you if yo don't | have them now. And because of that, if you get | blacklisted you need to buy a new domain, not just a new | ip address. | ATsch wrote: | That's to be expected. All it does is ensure the accuracy | of the email sender. Which finally lets you attach | reputation to domains instead of addresses. | nousermane wrote: | Anther example of big cloud providers not taking v6 seriously - | AWS wouldn't even let your IPv6 hosts talk to their API: | $ dig +short a ec2.amazonaws.com 52.46.140.46 | $ dig +short aaaa ec2.amazonaws.com (no response) | corty wrote: | Same with GCP, they just announced IPv6 availability for VMs | in the last few days. Unbelievably you couldn't even get a | IPv6 address for a GCP instance up to now! APIs don't work | over IPv6, and lots of other stuff doesn't as well. | usrlocal1023 wrote: | They now have a dual stack EC2 API endpoint. But you have to | go out of your way to use as it is on a totally different | domain, and also it is limited to few regions. us-east-2 | region for example api.ec2.us-east-2.aws | | https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Using. | .. | colmmacc wrote: | Our reason for this is that customers may have IP-based | rules in their IAM policies. If we silently turned on IPv6 | for existing endpoints, those policies would suddenly break | without notice. Hence new names and SDK options for dual- | stack. | NmAmDa wrote: | Hetzner also raises the price of entry level VPSs to cover the | cost of giving a new IPv4 address for each machine. | logronoide wrote: | I have invested in cryptos, stock markets, startups... and | probably the most profitable assets ever were several ripe ipv4 | prefixes that we owned for years. Insane. | donmcronald wrote: | How did you get them? I checked a few years ago to see if I | could buy a /29 or something small and remember thinking I | couldn't do it as an individual. | hattmall wrote: | If you figure this out let me know, I've wanted to invest in | IP/V4 for years. | logronoide wrote: | We obtained them in late '00 for our tech company. We used | them for several years, but the cloud was gaining momentum | and we gave up using our own colo platform. We sold them in | 2017, redistributing the benefits to the partners of the | company as dividends. Fully compliant with the tax laws of my | country, of course. | donmcronald wrote: | Ah, thanks. That's kind of the impression I got. 20 years | ago you could get them by asking, but now it's much more | difficult and you have to get them routed somewhere / use | them right away. | [deleted] | sschueller wrote: | Great, so now there is a marketplace for IPs meaning that there | are people solely making money buying and selling IPs pushing the | price up irregardless of usage. | eru wrote: | Huh? How does a marketplace push up prices? | drdec wrote: | That appears to be the biggest reason BitCoin marketplaces | exist | cat199 wrote: | the marketplace becomes full of speculators | | https://en.wikipedia.org/wiki/Tulip_mania | 0x0000000 wrote: | I think you'll have trouble getting the necessary ARIN | approvals if your goal is to speculate on the pricing of IPv4 | addresses. | intev wrote: | Yea, and I really want this to happen. I want it to get | expensive enough to the point where cloud providers realize | they are literally throwing away money by participating in | these markets rather than just adopting ipv6 and solving the | challenges that come with it. That's how we move forward. They | aren't going to do anything until theres $$s on the table. | haolez wrote: | On a side note, I've had a terrible experience trying to use | Hetzner in the past. I had some machines at Scaleway at the time | and I decided to try Hetzner as well. I filled some sign up form | and received a reply email that basically said: | | "We've evaluated your sign up data and we've decided to not do | business with you. Your account was rejected and we won't review | it again for the next six months." | | There was nothing shady in my sign up data. It took me a moment | to realize that the reply e-mail was real. Crazy stuff. | mrweasel wrote: | Do you happen to know why they rejected you? It's kinda weird | that based only they would reject you based on just the sign up | form. | haolez wrote: | No. I got a reply from an automated system with no reason | whatsoever. They also state that they wouldn't read any | replies, since they don't have the manpower to double check | each and every account rejection. | xfer wrote: | They have a reputation of doing this kind of opaque | "verification" asking for ID and nonsense like that. meanwhile | there are still a lot of botnets being hosted there: | https://www.spamhaus.org/news/article/813/spamhaus-botnet-th... | . Even digitalocean is doing better. | nik736 wrote: | Where are you from? | haolez wrote: | South America. This was clear in my sign up data. | notanormalnerd wrote: | I am sorry for your experience, but Hetzner is a european | Hoster in Germany and mostly does business with german and | european companies. Rejecting a customer because he is on | another continent is a valid reason for me. | | The sole overhead of doing the accounting and even abuse | handling for other continents is probably not worth the | money. | | Maybe it isn't clear from their page and they should be | more open about which markets they serve. | leotaku wrote: | Just as another data point, I am from Europe and my | application was accepted very quickly. Im currently using | Hetzner for most of my personal cloud stuff and have been | very happy with their services thus far. ___________________________________________________________________ (page generated 2021-07-28 19:00 UTC)