[HN Gopher] IPv4 pricing
___________________________________________________________________
IPv4 pricing
Author : terom
Score : 346 points
Date : 2021-07-28 12:30 UTC (6 hours ago)
(HTM) web link (docs.hetzner.com)
(TXT) w3m dump (docs.hetzner.com)
| sdevonoes wrote:
| I'm still waiting for VPCs in Hetzner. In theory within a VPC you
| assign IPs in the internal range, so no need to public IPv4. I
| know this is not a solution for everyone, but at least for me it
| would mean:
|
| - 1 public IP for my nginx server - N private IPs for my
| application/db/monitoring servers within the VPC
| mrweasel wrote:
| How would you connect to the servers with only private IPs?
| sdevonoes wrote:
| Via bastion server (which has one public ip)
| fanf2 wrote:
| Use IPv6 only for your backend internal addresses
| hardwaresofton wrote:
| VPCs exist in Hetzner and you can set up networks in Hetzner
| Cloud now and also even link with Robot -- they're called
| vSwitches and they can connect to Hetzner Private networks:
|
| https://docs.hetzner.com/cloud/networks/connect-dedi-vswitch...
| dheera wrote:
| 215 euros a month for a /24? That's still pretty cheap
| kijin wrote:
| Meanwhile, American datacenters are still handing out IPv4
| addresses like candy.
|
| I know a few people who got 5 "usable" addresses with each
| dedicated server from a provider that shall go unnamed. That
| actually eats up an entire /29 per server. None of those people
| ever use more than 1 IP. The datacenter doesn't even bother to
| configure the remaining IPs on a default install.
| fri_sch wrote:
| So does Hetzner itself. Each tiny 3EUR/month cloud instance has
| a public IPv4 by default and no way to opt out.
| DanAtC wrote:
| Reminder that news.ycombinator.com still doesn't have an IPv6
| address.
| DrBenCarson wrote:
| Just this week I tried to turn on IPv6 for my sister's home
| network and guess what...even with FTTH it's IPv4 only. Two
| decades later and we still don't have a basic feature that we
| knew we needed three decades ago.
| [deleted]
| trulyrandom wrote:
| Hetzner has always been one of the cheapest providers when it
| comes to pricing for additional IP addresses. I'm surprised it
| took this long for them to be forced to raise the prices. This
| affects me, but I understand why they have to do it.
| mthoodlum wrote:
| There isn't an IPv4 shortage. There is just hoarding and
| mismanagement. RIPE and ARIN need to charge monthly fees to IPv4
| address hoarders.
| benjojo12 wrote:
| They already do in the form of the LIR and resource fee.
| tialaramex wrote:
| There aren't enough IPv4 addresses. It's not difficult
| arithmetic. It is possible for someone to be hoarding _and_
| someone to be wasteful _and_ there not to be enough of
| something to go around. Those aren 't distinct ideas only one
| of which can be true for a namespace.
|
| Let's try a little thought experiment. Abe, Carol, Emma,
| Gerald, Isobel, Kate and Mark are at the place. Everybody is
| hungry. Three pizzas are delivered. Each person will be able to
| eat about half a pizza, or else they'll still be hungry.
|
| Carol and Isobel announce that as Vegetarians they ought to
| have the two veggie pizzas. Carol eats half of hers and says
| she's keeping the other half "to eat later". Isobel realises
| her pizza has red pepper on it, she doesn't like red pepper and
| so she throws about half the pizza away as "contaminated". All
| five other people are left to share the Pepperoni pizza, they
| all still feel hungry after dividing it equally.
|
| Was there hoarding? Yes Carol hoarded half a pizza. Was there
| waste? Yes Isobel wasted half a pizza. Was there not enough
| pizza? Yes, three pizzas is enough to properly feed six people
| and there were seven people eating even before Carol and Isobel
| announced they were keeping the veggie pizzas to themselves.
| saulr wrote:
| iCloud Private Relay, coming in iOS 15, does appear to be native
| IPv6. I wonder if this will have a noticeable effect on IPv6
| adoption stats when it's released to the public[1]?
|
| [1] https://www.google.com/intl/en/ipv6/statistics.html
| jjice wrote:
| I imagine that we're going to see more articles like this where
| IPv4 is getting more and more expensive until it becomes absurd.
| Once it gets too expensive, then providers will have a reason to
| supply IPv6 - cost. It's the only way I can see an ISP making
| this move.
| gspr wrote:
| Or they'll completely ignore it and start CGNAT'ing people on
| IPv4. :-(
| wmf wrote:
| CGNAT has serious cost; IPv6 may be cheaper.
| http://www.asgard.org/documents.html
| p1mrx wrote:
| It's generally a good idea to deploy CGNAT alongside IPv6,
| because that's what will eventually make IPv6 more useful
| than IPv4.
| vince14 wrote:
| The problem I have is that IPv6 is unusable right now.
|
| Most server software cannot properly handle blocking of
| increasing IPv6 subnets.
|
| And not only that, but my ISP assigns the same /64 subnet to me
| for months. Who needs cookies anymore if you can just track the
| /64? Even unplugging the router for a day won't assign a
| different prefix for me.
| mgbmtl wrote:
| Cookies are used because people want to track users across
| networks. They might be on their mobile phone on home wifi,
| then on 4G, then at their office, etc.
|
| On IPv6, your OS should also enable the privacy extensions, so
| that your device has two IPs: a stable one for incoming, and a
| randomly changing IP for web browsing. Sure, it's the same
| subnet, but it would be silly to rely on this considering the
| many other ways we can track users.
| vince14 wrote:
| This enables to track users not only across websites but
| across the entire internet.
|
| It wouldn't surprise me if there are already databases which
| map IPv6 subnets to real names, addresses, banking data, ...
|
| And anyone could just use that database or contribute to it.
| mgbmtl wrote:
| My ISP gives me a /56, and many provide a /48. That's huge.
| We are 4 people, each with 2-3 devices, and frequent guests
| on our wifi. Pretty sure such a database would be highly
| unreliable. And some ISPs rotate the allocated subnet, some
| make it static. You would probably have the same level of
| reliability with an IPv4 database currently ("IP visitor
| from a niche US-based ISP" is probably the same user, and
| you could dedupe by browser and other data).
|
| And then jurisdictions such as the EU, Canada and
| California would consider the IP address to be PII, and it
| would be illegal to contribute to such a database.
|
| Again, there are much more easier ways to track people on
| the Internet.
| vince14 wrote:
| With the rotating IPv4 you at least have the possibility
| to make yourself more anonymous. IPv6 takes that decision
| away from you.
|
| > You would probably have the same level of reliability
| with an IPv4 database currently
|
| That is... a lie. The selling point of today's internet
| is that you are anonymous.
|
| Also I don't know which "easier ways to track people" you
| mean.
| saltminer wrote:
| >IPv6 takes that decision away from you
|
| No, it doesn't. Your ISP is the one who can take that
| decision away from you. I have Google Fiber, and my
| public IPv4 address has not changed in around six months,
| while my IPv6 block has changed twice in that same time.
| This is despite replacing my router and several multi-
| hour power outages. I believe the only reliable way to
| get a new IPv4 address is to call support.
| woxko wrote:
| Precisely one of the things I hate about ipv6. I want the
| anonymity of cgnat, thanks.
| aioprisan wrote:
| This pricing is highway robbery, how is the incremental setup of
| an IP in a /29 (only 6 usable addresses out of 2^3=8) when
| setting up 8 (at $19/IP) total $152? I can see how the monthly
| rate would change, but upfront setup that high? I guess I won't
| be using Hetzner going forward..
| asah wrote:
| or... just use Hetzner for expensive servers, where the IPv4
| cost is de minimus.
| komuher wrote:
| Did u even read the reasoning? IPv4 prices are rising for last
| 5 years (or even more) price increase is nothing new (my ISP is
| taking 7 euro per month for IPv4, few years ago it was 2 euro)
| AndrewDucker wrote:
| They want to encourage people to buy individual addresses if
| that works for them. Because that way they can offer them
| individual bits and pieces rather than having to find
| contiguous chunks.
| oarsinsync wrote:
| > I can see how the monthly rate would change, but upfront
| setup that high?
|
| Presumably this is to make it untenable for spammers to churn
| through multiple blocks of /24s at little to no cost.
|
| Also, a /24 is going for around $10k to buy or sell on the IPv4
| market now, or approx 50% of their setup fee, making it much
| more economical to buy your own space, which is probably what
| they'd rather you did, since giving you 256 IPs means thats 256
| more servers that they cant sell.
|
| EDIT: and before the response of "but I only want a /29", if
| there's no incremental setup cost to get a larger block, that
| approach will get abused by nefarious users. This is why we
| can't have nice things.
|
| EDIT2: ..and a /29 still means 8 more servers that can't be
| sold. There's opportunity costs involved in leasing IP space
| that could be better used elsewhere. As the cost of acquisition
| of IPv4 space goes up, so does the cost to the end user.
| sascha_sl wrote:
| >Presumably this is to make it untenable for spammers to
| churn through multiple blocks of /24s at little to no cost.
|
| This is exactly what it does. Hetzner Cloud will also, to the
| dismay of my ssh known hosts, keep assigning you the same
| IPv4 addresses until it becomes the LRU in their pool for a
| new customer so you can't do this.
| icehawk wrote:
| Meanwhile I can't have them delegate more than one IPv6 address
| to a server. I wouldn't need all the IPv4 space if I could just
| do that
| xena wrote:
| They give you a /64 though, you can delegate anything in the
| subnet that way.
| lmilcin wrote:
| Wow.
|
| And to think that 20 years ago I had /16 for free and did not
| even think to keep it. I always thought IPv6 is just around the
| corner.
| icedchai wrote:
| Did your return it voluntarily, or what happened to it? I know
| several folks (myself included) with our own personal /24's
| from the 90's. Mine is routed to my home lab.
| lmilcin wrote:
| I gave it up voluntarily. I had no need for it for a time and
| so I just returned it.
|
| I don't understand the idea of having arbitrarily limited
| amount of numbers and selling them. A lot of companies just
| got them for free and are now selling them for huge bucks
| because rather than do what I did -- return public good you
| are not using -- they decided to hog it until such time it
| becomes scarce good.
| digitalsushi wrote:
| 20 years ago I was a student, testing IPv6 at the UNH-IOL and
| we also thought it was right around the corner.
|
| NAT has been so successful, that IPv6 is shocking to users who
| cannot even fathom why public traffic is being introduced to
| what was 'supposed' to be a private network.
| lmilcin wrote:
| 20-some years ago I was a student and an admin in a dorm that
| housed some 200 people.
|
| Each had their own PC and direct, symmetric 100Mbit/s access
| to the Internet with public IP and no filters whatsoever.
| icedchai wrote:
| When I went to college in the mid 90's, we had a similar
| setup. All public IP, no firewalls, 10 megabit ethernet
| jacks in each dorm room. The entire school was on a single
| T1, however.
| icedchai wrote:
| Heh. A lot of folks don't remember the days before NAT, when
| people had public IPv4 on their desktop. I worked at a couple
| of ISPs and one early startup that was set up that way. No
| firewalls, either!
| jeroenhd wrote:
| Here at several Dutch universities, the WiFi still hands
| out public IP addresses, sometimes with a firewall, often
| without. At the particular university I'm at right now,
| every device has a publically reachable IPv4 address just
| as the system was originally intended.
|
| This leads to some very peculiar traffic being routed
| around. For example, some kind of Logitech gaming driver is
| broadcasting a constant of packets with someone's PC stats
| to my publically reachable desktop/server/laptop, because
| the software thinks it runs behind a trusted NAT. There's
| also a HUGE amount of devices you can connect to if you
| open the Windows network overview because everyone clicked
| "home network" when Windows asked them what kind of network
| eduroam is supposed to be.
|
| It's funny how scared people are when they realise they're
| not behind any strict firewall. They all know they
| shouldn't be disabling the firewall on their devices
| anyway, or so they claim, but this method of networking
| still instills fear into people as if NAT is a security
| measure (NAT slipstreaming works, NAT is not a firewall!)
| sneak wrote:
| NAT (standard one to many SNAT) is absolutely a firewall.
| You can't connect to the machines behind it from outside,
| which serves the exact same purpose as a default deny
| inbound firewall.
|
| This is a false meme right up there with "docker is not a
| security boundary".
| zajio1am wrote:
| That is not true. It is problematic in general but in
| some limited cases it is possible. For example, neighbors
| on WAN network could just send packets with dst address
| from your private LAN range directly to the WAN port of
| your router.
|
| If the router is configured as both NAT (SNAT) and
| firewall, it will drop such packet as not associated with
| any existing flow, but if it is just configured as SNAT,
| then such packet would be just forwarded inside
| unmodified.
| noxvilleza wrote:
| When I was at university in Cape Town, the IT department
| started rolling something like this out for main campus
| network, but didn't necessarily tell everyone. I remember
| one day getting spammed emails from a compute cluster I
| managed because of failed root ssh logins and was totally
| confused how IPs from China were able to connect to a
| network I thought was internal/private to the university.
| ShrigmaMale wrote:
| At MIT until only some years back this was true. They
| sold half they space so not any more (i think).
| user_7832 wrote:
| Are there any security risks with using a public IP
| address though? I also use EduRoam at a Dutch university,
| should I treat it as sceptically as a coffee-shop WiFi?
| (Assuming it's marked as a public network). Also,
| shouldn't your university's firewall stop such a Logitech
| driver sending data (if it's an uncommon port)?
|
| After reading up about public IP addresses I realised
| that my (Dutch) ISP has also provided me a public IP...
| and that the Netherlands has a lot more IP addresses per
| capita than most European countries.[1]
|
| 1. https://www.ripe.net/participate/meetings/roundtable/j
| anuary...
| gargs wrote:
| Just had a memory trip to the early 00s. Anyone remember
| the Windows Messenger Service alerts that would randomly
| pop up? It was such a common thing, and the only fix was to
| turn off the service altogether in Windows XP.
|
| https://en.wikipedia.org/wiki/Windows_Messenger_service
| dmitryminkovsky wrote:
| I remember these days, and they were pretty ridiculous. One
| time I was playing Quake in middle school, talking some
| smack. Someone didn't like it and threatened to crash my
| computer. I didn't believe it. "Oh yeah, do it!" And they
| did. Got my IP from the server (the server listed users and
| their IPs) and bada-bing: BSOD! I was floored. I don't
| remember the exact Windows 95 exploit, but it was a staple
| for a while. It was nice when firewalls came out and you
| could at least have something between you and the Internet.
| icedchai wrote:
| Sounds like a mid-90's "ping of death."
| [deleted]
| dmitryminkovsky wrote:
| Sounds right, thank you.
| tester34 wrote:
| do Departament of Defense of US and some schools still own a lot
| of IPs?
| sascha_sl wrote:
| Yes. But also, some companies have started using these networks
| as private space because historically, it has never been
| announced.
|
| Reassigning this space would probably be a worse experience for
| whoever it is assigned to than those that started using the
| network internally too.
| bradfa wrote:
| Yes, but what's also interesting is other large IPv4 block
| holders who aren't governments. Will large public companies
| start selling off their address space to pad profits in order
| to appease/please shareholders?
| wmf wrote:
| This is already happening; a lot of the old class A blocks
| have been split up and sold off.
| tester34 wrote:
| I think organisations like DoD and schools should be force to
| give it to the pool if they aren't using significant part of
| those addresses.
| icedchai wrote:
| How are you going to "force" legacy address holders to give
| up their space? Especially government agencies, which
| helped to build the early internet? Early registrations,
| pre-dating ARIN and the other registries, are basically
| property. You don't even get charged for them unless you
| sign a "legacy registration agreement."
| sascha_sl wrote:
| DOD-NET essentially uses their space as RFC 1918 space,
| they have never announced it.
|
| Property, in many cases, this one included, should be
| bound to making actual use of it.
|
| Some of nets (25/8, the CGNAT space) are essentially so
| established as private-equivalent, they should just be
| officially declared private. Connectivity to these will
| forever be spotty now that they made their way into
| corporate networks.
| icedchai wrote:
| True, though a few months back, a ton of DOD space
| started being announced.
|
| See https://arstechnica.com/information-
| technology/2021/04/penta...
| ATsch wrote:
| We used up 256 /8 blocks in roughly three decades. That's
| roughly 9 per year. Even if we are more conservative now,
| freeing up a /8 here or there will not significantly change
| the situation. 32 bits are woefully inadequate no matter
| how you slice them.
| JCBird1012 wrote:
| That's a good way to suddenly get those organizations to
| _magically_ start using those IPs suddenly - if you
| threaten to take unused IP blocks away, I'm sure those orgs
| will somehow find a way to "use" them.
| MinorTom wrote:
| They're using them, just not very efficiently. There are
| already rules forcing you to give up unused blocks
| (although they do not apply to some very old ones).
| terom wrote:
| Looks like they are also raising pricing for the cheapest cloud
| instances, and additional Floating IPv4 addresses.
|
| CX11 is up +40%, CPX11 is up +14% and Floating IPv4 addresses are
| up +200%.
|
| Existing instances/floating IPs will stay at the old prices,
| unless rescaled.
|
| Per email, no announcement link that I can find yet:
|
| ---
|
| Important customer information: Price adjustment for new CX11 und
| CPX11 and Floating IPv4 addresses
|
| Dear Client from the moment we launched Hetzner Cloud in 2018 we
| have continuously been working on expanding our platform and
| offering you an excellent price/performance ratio in cloud
| computing. Unfortunately, the prices to acquire IPv4 addresses
| have since increased dramatically and we have no choice but to
| respond. For a long time now, the pool of available IPv4
| addresses has been almost empty at RIPE, the European IP address
| management agency. That's why RIPE stopped assigning IPv4 nets.
| Because of this situation, there is now a fast-growing market in
| IPv4 address trading with many active brokers, such as on
| https://ipv4.global/reports/. Supply and demand determine the
| price at IPv4 brokers, so the prices have skyrocketed.
|
| We have tried hard to avoid passing on these higher prices to our
| customers, and have accepted the economic loss until now.
| However, the prices have increased so dramatically that we can no
| longer do this. We unfortunately must increase our prices.
|
| Starting on 1 August 2021, the price for newly created Floating
| IPs (IPv4) will be increased as stated below.
|
| Starting on 1 September 2021, the price for newly created Cloud
| Servers (CX11 and CPX11) will be increased as stated below.
|
| Product Price per month / hour up until now Price per month /
| hour, effective 1 Sept 2021
|
| Cloud Servers:
|
| CX11 3.088EUR / 0.00496EUR 4.328EUR / 0.00682EUR
|
| CPX11 4.328EUR / 0.00744EUR 4.948EUR / 0.00806EUR
|
| Existing Cloud Servers are not affected by this price adjustment.
| Please note that these prices also apply to rescaling, effective
| September 1, 2021.
|
| Product Price per month up until now Price per month, effective 1
| Aug 2021
|
| Floating IP:
|
| IPv4 1.24EUR 3.72EUR
|
| Existing Floating IPs are not affected by this price adjustment.
|
| All prices incl. 24% VAT.
|
| Demand for IPv4 addresses will likely remain very high. And we
| will need to continue to purchase nets. We assume that the prices
| for IPv4 addresses will continue to rise, and that we will also
| need to increase our prices again in the future. Prices for IPv4
| will likely remain high until after IPv6 has become much more
| popular.
|
| We are confident that this is still a good price/performance
| ratio and hope for your understanding.
|
| If you have any questions, we are happy to help. To open a
| support request, please go to the menu item Settings on your
| Cloud Console. We hope that you continue to place your trust in
| us as we are constantly working to expand our services and you
| can look forward to several new features that are already on our
| roadmap.
| terom wrote:
| With the +1EUR/month (+VAT) price increase for the CX11
| instances, I'd happily drop the public IPv4 address from most
| of my instances for a 1EUR/month discount.
| rtutz wrote:
| This whole problem could have been avoided if IPv6 would be
| easier to memorize. I feel like especially when setting up
| networks, the v6 part is not as natural as v4. It is simply
| additional overhead and causes a lot of "scratching my head"
| moments. Otherwise there would be no reason to not leave v4
| behind and just move on.
| mnd999 wrote:
| Not this one again, at this point it's an "I don't like it,
| it's different!" whine.
| p1mrx wrote:
| It's impossible to make an addressing scheme that's both
| memorizable, and abundant enough for the foreseeable future of
| the Internet. The human brain just isn't capable of dealing
| with numbers on that scale, which is why we invented computers
| in the first place.
| elric wrote:
| > It's impossible to make an addressing scheme that's both
| memorizable, and abundant
|
| Not really. In fact, pretty much _anything_ would have been
| easier to memorize than this colon-separated nonsense, which
| makes URL parsing more difficult, and which is _so stupidly
| complex_ that it has a special syntax to ignore repeating
| zeros.
| ikiris wrote:
| you're free to use the entire 128 bit number, or the older
| dotted decimal notation.
| p1mrx wrote:
| An IP address is fundamentally a 32-bit or 128-bit binary
| number, and hexadecimal is the most human-friendly base to
| represent those. Decimal gets pretty hairy once you
| introduce CIDR prefixes that aren't 8-bit aligned.
|
| The [IPv6]:port syntax is unfortunate, but I'm not sure
| what they'd have done instead. Dotted hexadecimal would be
| ambiguous, because "1.2.3.4.5.6.beef.de" looks like a DNS
| hostname.
|
| Zero compression exists because it's more convenient than
| writing all those zeroes, especially with CIDR prefixes
| like "2000::/3".
| lowercased wrote:
| Agreed. If, in 1997/98, the ipv6 spec had been "prefix 2 more 8
| bit values at the beginning" - and all existing addresses moved
| in to 0.0.a.b.c.d - we could have had a much easier path for
| migration (imo). And yes, it wouldn't have been "128 bit!" but
| we still would have had 255 more address spaces of 4 billion
| each, which would have bought us some more time. I think we'd
| have been further along _that_ migration path than where we are
| now, after 23 years.
| mprovost wrote:
| I mean we've managed to stretch v4 for 20 years longer than
| anyone thought possible. Adding one more bit to the address
| would have doubled the size of the v4 space, so another 8
| bits would have been plenty.
| lowercased wrote:
| Yep. But... "now every star in our galaxy can have their
| own /16 block!". That's a paraphrased recollection I have
| from some networking colleague in '98 when this all was
| coming down. It seemed a strange goal, and I'm presuming he
| was just trying to illustrate how 'vast' IPv6 was.
| yesco wrote:
| IPv6 addresses theoretically should be easier to memorize &
| work with than IPv4 thanks to the double colon shorthand acting
| as a wildcard for zeros and due to it being hex grouped rather
| than octet grouped.
|
| As an example 2001:0db8:0000:0000:0000:0000:0370:7334 could be
| written as 2001:db8::370:7334 instead (notice that leading
| zeros were also culled). This paired with the fact that
| hexadecimal tends to be easier to memorize and doesn't have the
| strange subnet masking logic like IPv4, gives it a lot of
| advantages over IPv4's address notation.
|
| The problem is that it's almost like router firmware and ISPs
| go out of their way to make their addresses harder to work with
| by filling out all 8 hex groups in the addresses they grant.
| Considering the sheer amount of available IPv6 addresses, it's
| from my understanding, completely unnecessary and I'm really
| curious if they have any kind of justification or technical
| reasoning for doing this.
| cortesoft wrote:
| Even your shortened version is a lot harder to remember and
| type than an IPv4 address.
| yesco wrote:
| That part is a bit more subjective I suppose. For me at
| least, I find hex far easier to remember than strings of
| numbers.
| Symbiote wrote:
| My aunt's phone number in Germany was 14 digits as dialled,
| compared to her brother's 6 digits; he lived in the same
| town as us.
|
| Giving everyone, worldwide an internet address means they
| have to be longer than limiting it to the early adopters.
| cortesoft wrote:
| I understand that, but right now people are able to get
| by with IPv4 only, and aren't going to switch until they
| have to. The long term reality isn't going to make
| someone voluntarily switch.
| est31 wrote:
| Two explanations come to mind:
|
| 1. easier routing tables if you can add meanings to specific
| bit ranges of your ipv6 address. In the tightly assigned ipv4
| networks we have arrived at this is a bit annoying.
|
| 2. If the ipv6 conventions were that you set, say the highest
| 5 hex groups to 0, and use the lowest 3 hex groups for
| addresses, it would still be 65536 times as large as the ipv4
| space and would suit most needs for the mid term future. You
| could even write ipv6 addresses nicely using e.g.
| ::ef13:2.1.7.100. This is a valid ipv6 notation! If this
| space ever got too tight one could open another one of the
| available hex groups and use two hex group prefixes. But I
| think when this happens, a lot of configurations would break
| because they'd assume that only 48 bits are used of the total
| 128. To prevent router,switch,firewall, etc. vendors from
| putting any such assumptions into their devices, using the
| full 128 bits from the start is a good option.
| the8472 wrote:
| Randomizing the prefix makes network scans more costly.
| knuthsat wrote:
| Any reason why having server infrastructure in only IPv6 is an
| issue?
| selfhoster11 wrote:
| Plenty. If you expect to access it from IPv4-only networks,
| you'll have to provide a gateway. Additionally, things like
| Docker interoperate very poorly with IPv6.
| gzer0 wrote:
| It would be a massive problem. IPV6 adoption and
| implementation was at a mere 33% (at least among Google
| users). [1]
|
| [1] https://www.google.com/intl/en/ipv6/statistics.html
| yjftsjthsd-h wrote:
| If you're behind a CDN, your origin can be pure IPv6
| est31 wrote:
| Then it doesn't matter whether you use ipv6 or ipv4 with
| the private 10.0.0.0/8 space either.
| yjftsjthsd-h wrote:
| Yes! If you're behind ex. cloudflare, you should 100%
| look at running pure IPv6 with no listening ports, just
| their service locally.
| Hamuko wrote:
| You want an IPv4 address if you want to be reachable by
| people.
| oarsinsync wrote:
| > This whole problem could have been avoided if IPv6 would be
| easier to memorize.
|
| Thankfully, we have DNS. A lot of ISP issued consumer CPEs now
| automatically create lan-local DNS entries for clients based on
| hostname provided by the client at dhcp time, a lot of clients
| also natively support mDNS, and there are plentiful free DNS
| providers if none of the above applies to you, and you can't
| host your own.
|
| Remembering IPs isn't something that people should need to do
| at this point in our networks maturity.
| pas wrote:
| Um, who memorizes cloud IP addresses?
| sswaner wrote:
| Just 8.8.8.8
| DrBenCarson wrote:
| 1.1.1.1 and 1.0.0.1 for me :)
| throaway46546 wrote:
| 1.1.1.1 and 1.1
| pantalaimon wrote:
| 2600:: is a neat one
| pas wrote:
| Oh, and it pings and even serves HTTP too. Pretty neat
| indeed!
| est31 wrote:
| I use addresses I memorize to debug broken networks, to check
| whether it's a DNS or a general network issue.
| taf2 wrote:
| Me - I have far too many pets
| orev wrote:
| Contrary to popular belief, the Cloud has not actually eaten
| all of IT.
| pas wrote:
| I mean, when you start a new VM on Hetzner (or
| AWS/GCP/Azure/DO/whatever) you don't memorize that address.
|
| But cloud or not, if you setup a private network with v6
| you can get a nice /48 prefix, and you give out /64
| prefixes to VMs, so you'll have 48 unchanging bits to
| memorize (or put it into a .txt to have it near). And most
| of that will probably be zero anyway.
|
| For example 2a00:1450:4001 is a /48, and
| 2a00:1450:4001:082b /64. Only change is "082b".
|
| I know, it's not the same as just remembering 1.1.1.1, but
| most of the people working with v4 never had so simple
| addresses to work with. (And if we're talking about
| 10.0.0.0/8 and other private addresses, well, folks can
| continue to use them, if they want to endlessly debug NAT
| and static routing hacks.)
| rtutz wrote:
| Not necessarily remembering cloud adresses, but it is fairly
| easy to design v4 networks. Subnet masks for example are
| short and understood with a brief glance at them. If v6 would
| be simpler, it would also be the first choice for more local
| networks, hence more widespread.
| detaro wrote:
| How are IPv6 subnet masks more complicated?
| api wrote:
| I have been saying this for years. Nobody gets it because nerds
| don't get the critical importance of ergonomics and usability.
|
| If we had added 16 bits to v4 we would have 100% adoption by
| now.
| pas wrote:
| Well, accidentally we added 96 instead of 16, oops.
| kaliszad wrote:
| The issue would be more or less the same. You'd have to buy
| new hardware and check all software anyway but would drop
| many of the benefits of the IPv6 we have. E.g. in enterprise
| networks, it is very nice you don't have to think about the
| size of a subnet for a VLAN anymore, you just give every VLAN
| /64 and it will suffice. The extra address space is also nice
| for autoconfiguration and much more we don't even think about
| yet. I think, IPv6 is ok as it is. A practical protocol is
| never perfect and will not please everybody but IPv6 stood
| the test of time, there is considerable traffic over IPv6 and
| we are slowly, but surely getting there.
| api wrote:
| Adding IPv6 support has never really been the issue. It's
| in every single piece of hardware or software I have. The
| problem is that people don't want to use it, as evidenced
| by the fact that people avoid it on overlay or virtual
| networks and use IPv4 if possible.
|
| The very slight convenience you mention is far outweighed
| by 32+ digit IP addresses.
|
| Also please don't bring up DNS. Anyone arguing that DNS is
| a solution to this problem has never done devops or IT.
| kaliszad wrote:
| Actually, IPv6 addresses cannot be longer than 32 digits.
| Some practical ones can be rather short, usually just
| slightly longer than a comparable IPv4 address. Such
| addresses would be used where remembering/ recognizing
| the exact IPv4 or IPv6 is relevant, such as the DNS
| servers or the network hand-off IP/ floating-IP on a
| firewall cluster or something like that that are used for
| the bring-up of other services. I have done my fare share
| of devops/ IT/ administration and engineering of largish
| enterprise and campus networks.
|
| You would be surprised how much hardware and software
| doesn't support IPv6 properly. Sometimes it is the basic
| things, sometimes the more advanced stuff but that just
| means it takes a second or multiple days to find out. The
| problem is, it just is a similar but different protocol
| so you have to be quite diligent and check everything you
| need for the device/ service to work.
|
| People do all kinds of stuff on underlay and overlay
| networks. E.g. some Dell VxRail hyper-converged
| appliances use IPv6 for the management network
| https://i.dell.com/sites/csdocuments/Shared-Content_data-
| She.... This is basically just link-local addresses for
| L2 reachability if I remember correctly but they could've
| gone with IPv4 there as well. It certainly would be more
| common for enterprise appliances to not rely on IPv6 for
| anything even when it shouldn't make a difference whether
| you do.
| the8472 wrote:
| You can roll for an ULA prefix once, note it down in some text
| files and then assign your pets to <prefix>::1, <prefix>::2,
| <prefix>::3, etc.
|
| mDNS might also help, I haven't tried that approach.
| azinman2 wrote:
| If I wanted to buy a block for speculation (thus helping
| accelerate ipv6), would it need to be crazy large to even be
| worth it? I imagine the buyers are less interested in 4000 ips
| here, 200 ips there, right? Like they'll want /16, /8, etc?
| oarsinsync wrote:
| > _If I wanted to buy a block for speculation (thus helping
| accelerate ipv6)_
|
| IPv4 sells for ~$40/IP right now.
|
| The smallest block you can buy that is Internet routable is a
| /24.
|
| If you're buying, you're likely buying from another speculator,
| so you're not helping accelerate anything, you're simply
| a(nother) middle man in a (series of) sale(s) of a commodity,
| looking to profit until the block eventually gets sold to a
| user.
|
| None of that is said with any judgement, mind, as I've traded a
| /22 of IPv4 space for quite a handsome profit over the last few
| years. Just don't pretend there's any altruism or benefit to
| anyone else from your speculative activities.
| JamesSwift wrote:
| Is the speculation actually possible? I keep reading
| conflicting opinions. Some say anyone can buy a block via
| auction, but some say even then you need to be vetted as a
| "valid" owner by the registry themself. What was your
| experience?
| AgentK20 wrote:
| Per ARIN (and pretty much all regional RIR) rules you're not
| allowed to purchase IPV4 space without proving the need for it,
| with a moderately thorough review process (https://www.arin.net
| /participate/policy/nrpm//#8-5-specified...)
|
| Any other purchase reason is likely to result in ARIN pulling
| your "ownership" entirely when they discover it.
|
| From what I understand most of what's being sold off right now
| on ipv4 auctions are from companies who had too much IPV4 that
| they no longer need, or companies that were liquidated.
| [deleted]
| exabrial wrote:
| SRV records or a similar tech would end the artificial ipv4
| shortage. Services run on ports, there are plenty of open ports.
|
| I get why Google and Facebook and the like are pushing the
| technology hard; it enables casual tracking of individual devices
| by third parties which are normally blinded.
| TekMol wrote:
| As a user, I have IPv6 disabled at my router. It is just easier
| for me to see xxx.xxx.xxx.xxx style IPs everywhere and avoid the
| cognitive load of IPv6.
|
| As a tech entrepreneur, I run multiple popular websites that have
| hundreds of thousands of users. I get emails from users daily.
| With congratulations, feature requests etc. So far, nobody ever
| requested IPv6 support.
|
| I have no idea what would happen if I enable IPv6 on my servers.
| Probably some desaster would strike because some of the code
| expects xxx.xxx.xxx.xxx style IPs.
|
| What would be the steps to test this? Run the application locally
| in a Docker container and somehow make the requests to the
| container go over IPv6?
| mgbmtl wrote:
| If you enable IPv6, and test it yourself (you can use an IPv6
| tunnel if your ISP does not support it), then you should be
| able to quickly go over the main features of your site and see
| if you have any issues (IP logging, for example).
|
| It would be rather unusual to run a web stack that assumes
| strictly IPv4. Maybe if you have an SQL field that logs IPs,
| and a developer was very clever and optimized for IPv4, but
| that's pretty rare.
|
| I am a strong advocate of IPv6 and early adopter, but would
| never bother emailing a website about it. Even GitHub. For a
| long time, AWS didn't have any IPv6 support (I'm sure it's part
| of their business plan too, to charge extra for IPv4
| eventually).
|
| As a hosting provider, the main benefit of IPv6 is that I can
| have unique IP addresses for my users. Nowadays, most people on
| mobile and more and more ISPs use a very small IP pool (CG-
| NAT), not to mention offices behind NAT (ignoring very large
| offices who use proxies).
| TekMol wrote:
| Well, it is not like I do regression testing by manually
| trying "the main features" of my applications. I have many
| hundreds of automated tests.
|
| But since my dev environment runs in Docker, how would I test
| IPv6? I did some googling now and it seems that would not be
| an easy feat.
| TimWolla wrote:
| You can assign a Unique Local Address [1] subnet to Docker.
| Unique Local Addresses are the IPv6 equivalent of
| 192.168/16, 10/8, ...
|
| Docker's documentation explains how to assign an IPv6
| subnet to Docker:
| https://docs.docker.com/config/daemon/ipv6/ and
| https://docs.docker.com/network/bridge/#use-ipv6
|
| You then can lookup a container's IPv6 address using
| 'docker inspect' and then directly connect to it from your
| host.
|
| [1] https://en.wikipedia.org/wiki/Unique_local_address
| TekMol wrote:
| Docker's documentation
|
| Yes, I looked at it and that is what I referred to with
| "No easy feat".
| El_RIDO wrote:
| Start by enabling IPv6 on your docker daemon:
| https://docs.docker.com/config/daemon/ipv6/
|
| I assume your scenario is that you don't currently use
| IPv6, so you probably can't assign a subnet of your /48
| block of IPv6 range to be routed to your docker host. You
| can probably use a subnet from a reserved range in that
| case, for example from:
| https://en.wikipedia.org/wiki/Unique_local_address
|
| With that new subnet set up, you would at least be able to
| test the services running inside containers from that host
| itself.
|
| In my own experience I never encountered services that
| don't work with IPv6 at all, but as others mentioned the
| most common issues are with truncated addresses in a db
| column designed for IPv4 or log parsers that refuse to
| match on IPv6. Worst case I found was a log based rate
| limiter that ignored IPv6 addresses and therefore let all
| requests using that stack pass.
| blibble wrote:
| give it a v6 address in the same way you give it a v4
| address?
| TekMol wrote:
| You mean something like this:
|
| docker run -p 127.0.0.1:80:80 ...
|
| But with an IPv6 address? Which address would I use?
| mgbmtl wrote:
| If I recall correctly, you can do "docker run -p
| [::1]:80:80 .." (::1 is the equivalent to 127.0.0.1).
|
| Although I don't know at what point that will test your
| application. I guess it will at least make sure that it
| can handle IPs such as "::1".
| TekMol wrote:
| docker run -p [::1]:80:80 ..
|
| And then how do I send a request to the container? I
| tried like this: wget 'http://[::1]:80'
|
| But that gives me "connection refused".
| eb0la wrote:
| I used to type ::1:9092 to connect to my Kafka brokers on
| my laptop. Best shortcut ever.
| blibble wrote:
| that would suggest your app isn't listening on the v6
| address
|
| so you are already testing it :)
| TekMol wrote:
| I don't think so.
|
| I get the same result when I run "ncat -6 -lp 80" inside
| the container and try to wget from the outside.
|
| When I do the wget inside the container, I get
| "Connecting to [::1]:80... failed: Cannot assign
| requested address.".
|
| As I said, reading around the net about "docker ipv6", it
| seems Docker is not IPv6 ready out of the box.
| DavideNL wrote:
| > and avoid the cognitive load of IPv6
|
| That's the same reason i gave up and disabled ipv6... i think i
| might be too old to wrap my head around it. Ipv6 _seems_ really
| complicated to setup compared to ipv4.
| nousermane wrote:
| Out of curiosity - did you get any users feature-requesting
| HTTP/2 or HTTP/3? SameSite cookie attributes? jquery library
| version upgrade? Anything low-level like that...
| TekMol wrote:
| They would "request" low level things if something breaks
| because of those. That certainly happened in the past. But it
| is very rare. So rare that no example comes to mind right
| now.
| saltminer wrote:
| You don't have to enable v6 internally, you can just put v6
| addresses on your public endpoints. Create a little testing
| environment and access it exclusively via v6 to test for bugs.
|
| > So far, nobody ever requested IPv6 support
|
| I have actually put in feature requests for v6 support before
| (probably not your stuff, since I have no idea what you work
| on).
| metafunctor wrote:
| Meanwhile, you cannot get a EUR2.49/mo virtual server from
| Hetzner _without_ an IPv4 address...
| NmAmDa wrote:
| They raised its price to EUR3.49. I got this in the samr email
| announcement today.
| metafunctor wrote:
| Hmm, I can still create a CX11 server for EUR2.49. Maybe they
| are slowly rolling this change out?
| sparkling wrote:
| It looks like the Cloud machines are not affected by this price
| change?
| noxvilleza wrote:
| They are, just got a mail about it actually:
| https://i.imgur.com/m9z67mB.png (I have a few cloud and
| dedicated machines on Hetzner).
| metafunctor wrote:
| Yep, floating IPs are _additional_. One IPv4 address is
| still included (and non-optional) in, say, a CX11 cloud
| server.
| a254613e wrote:
| They are. The cheapest server plans and ipv4 floating IPs are
| affected by this change. The FAQ only covers the root servers
| part though.
| terom wrote:
| Is there an announcement for this somewhere?
|
| The marketing page [1] still lists the same EUR2.49 + VAT
| /month price for the cheapest CX11.
|
| [1] https://www.hetzner.com/cloud?country=ot
| [deleted]
| NmAmDa wrote:
| They sent Email to all their customers about that. They
| raised prices.
|
| Product. Price per month / hour up until now Price per
| month / hour, effective 1 Sept 2021
|
| CX11 2.49EUR / 0.004EUR 3.49EUR / 0.0055EUR CPX11 3.49EUR
| / 0.006EUR 3.99EUR / 0.0065EUR
| metafunctor wrote:
| Indeed, just got that email 30 minutes ago. Apologies for
| any misinformation I may have pushed elsewhere in this
| thread.
|
| Still, it sucks to pay EUR1.00/mo for an IPv4 address I
| don't want or use.
| TimWolla wrote:
| The pricing change is only about additional IP addresses for
| a single machine. Each machine will still come with one IPv4
| included for "free":
|
| > Our dedicated root servers will continue to include one
| free main IP; there will be no change here.
| metafunctor wrote:
| Yep. A "dedicated root server", though, is dedicated
| hardware. They start at about 30-40 EUR/mo. TFA does not
| mention cloud servers (virtual machines) at all.
|
| Virtual machines from Hetzner, however, always come with an
| IPv4 address. For security reasons, I'd much prefer to get
| them without one (I disable the interface and firewall it
| 100% anyway), but it's not an option to get a virtual
| machine without the public IPv4 address. One would think
| they'd provide that option if they are already hitting
| commercial limits with the IPv4 address space.
| TimWolla wrote:
| > For security reasons, I'd much prefer to get them
| without one (I disable the interface and firewall it 100%
| anyway), but it's not an option to get a virtual machine
| without the public IPv4 address.
|
| I agree and hopefully without leaking anything: This is
| also an request within their customer forum [1].
|
| [1] https://forum.hetzner.com/index.php?thread/28220/&pos
| tID=277...
| fri_sch wrote:
| You don't leak anything as the link doesn't seem to be
| accessible publicly (at least for me).
|
| But it also feels kind of strange to me, that they
| complain about IPv4 shortage while still handing them out
| with each VPS instance despite a lot of users actually
| don't need or even don't want to have them. There should
| be an option, or even a small fee for a public IPv4 on
| cloud servers.
| TimWolla wrote:
| > You don't leak anything as the link doesn't seem to be
| accessible publicly (at least for me).
|
| Yes, the forum requires registration and is open for
| customers only. That's why I said that I hope I don't
| leak anything (by saying that this topic was discussed in
| their (private) forum).
| noxvilleza wrote:
| This (firewalling the IPv4) is actually a great idea, I
| never considered it before because I use their basic
| downtime metrics / alerts - but that could easily be
| pushed to IPv6 (or just another external service
| entirely).
| Hamuko wrote:
| Still waiting for my ISP to actually implement IPv6 addresses for
| fixed connections. It's only been about 7 years since the
| Transport and Communications Agency issued a recommendation to
| issue IPv6 addresses with consumer connections.
| dtx1 wrote:
| I think this is a good thing. IPv4 must die at some point and its
| time for that. IPv6 has been standardized in 1998, 23 years ago.
| elric wrote:
| I'm still waiting for Hetzner to support servers (physical and
| virtual) without public IPv4 addresses. I could easily free up
| the ~50 public addresses I'm using. One public IP will do, I can
| reverse proxy everything else.
|
| But there's no support for that. So every time I spin up a 1 vCPU
| tiny VM, which will never connect to the public internet, I'm
| wasting an expensive resource. Sorry.
| zz865 wrote:
| I wish you could have your own IPv4 subnet with your VPC, like
| at home, with 192.168 etc
| piceas wrote:
| Zerotier is one answer.
| metafunctor wrote:
| You can; Hetzner Cloud has private networks.
| fredsted wrote:
| Yeah, me too. Was confused why they needed to have an IP at the
| beginning, coming from AWS, since they have internal networking
| now. The public IP doesn't serve any purpose for me, and would
| perhaps also improve security.
| freedomben wrote:
| Kind of unrelated, but ~50 public addressed, do you have a
| serious production environment on Hetzner? If so is it pretty
| reliable? Considering using.
| sneak wrote:
| Hetzner is great: professional, high quality, and cheap,
| cheap, cheap.
|
| Their margins are low, however, so I understand it is
| possible to get fired as a customer if your support burden is
| too high and your ROI goes negative, so be on your best
| behavior to keep access to those prices.
| spurgu wrote:
| +1, it's been very reliable (have between 50-100 VM's
| there).
| 9dev wrote:
| With my previous employer, we deployed several thousand VMs
| at Hetzner (incidentally, we were one of their biggest
| customers in Germany). Really can recommend, billing was
| fair, support was quick and their Infrastructure worked
| without a hiccup for multiple years. Im just waiting for them
| to offer a k8s environment...
| GolDDranks wrote:
| This! I don't see any reason for _internal infra_ to use IPv4,
| if it's under your control. At least AWS lets you have
| "private" IPv4's only. (Dunno about the situation with GCP or
| Azure, happy to learn about that.) But I'd gladly set up my
| stuff in IPv6 and expose only the endpoints in IPv4.
| hoppyhoppy2 wrote:
| If you are willing to go ipv6-only on Vultr.com it brings the
| price of their smallest virtual-server option down to
| $2.50/month (the same server offering _with_ an ipv4 address
| costs $3.50 /month). It's nice to see them offering that kind
| of discount, but I have no idea whether or not there's anything
| similar for their more powerful offerings.
| oarsinsync wrote:
| The only downside is you cannot do BGP on those IPv6-only
| hosts, as their BGP speaker is IPv4-only, so you cannot
| BYOIPv4 to those hosts, unless you route via their private
| network to another IPv4 enabled host first.
| Rogach wrote:
| They discontinued this offer quite a while ago, now there's
| only the usual $5 instances.
| hoppyhoppy2 wrote:
| Huh, I just deployed one yesterday. And I'm looking at the
| Vultr "deploy instance" page right now and it's showing
| both the $2.50/mo and $3.50/mo options out of the "New York
| (NJ)" location.
| muttantt wrote:
| OVH still gives them out like candy
| halz wrote:
| I wonder if part of this pricing scheme is to counter (or at
| least to short-term profit from and eventually change the
| behavior of) the provider being abused by spammers/scammers who
| could previously scoop up benign reputation IPv4 addresses from
| the far corners of the world and pull them over to Hetzner for
| very little $.
| xvilka wrote:
| At the same time IPv6 adoption basically stopped except a few
| countries like US, China, Japan, India, Canada, Brazil, and most
| of the Europe (sorry if missed someone). The rest of the world
| looks like simply don't care.
| eb0la wrote:
| In Spain ISPs went from having some IPv6 networks eback to
| IPv4.
|
| The reason?
|
| They must block pirate tv sites and the Allot network equipment
| that does that does not support IPv6.
| Hamuko wrote:
| They'd care if they suddenly lost access to a bunch of services
| because they don't have an IPv6 address. The problem is that
| basically no one is going to cut off people from accessing
| their website just because their ISP is too cheap.
| bluejekyll wrote:
| Is most of this driven by mobile device usage and density
| practically requiring IPv6?
| hanche wrote:
| I asked my mobile service provider when they might start
| supporting IPv6, and got the answer that they have enough
| IPv4 addresses, so no plans to implement IPv6. The mind
| boggles.
| ev1 wrote:
| This is odd/amusing, because in US as far as I know there
| are no carriers doing IPv4 anymore - it's all IPv6 with
| 464xlat or equivalent translation proxies.
|
| And these are companies with more IPv4 than your carrier
| most likely.
| tialaramex wrote:
| The sheer size of the US and thus the US market drives
| this in part.
|
| Suppose you're a "big" ISP in Norway. Maybe you have
| almost half a million customers, and your corporate
| growth plan says you want a million customers by 2030.
|
| Your engineers need a way to address all the backend
| infrastructure on your network. So, they give it all 10/8
| addresses. No problem. "Do you need IPv6? Our customers
| are saying they want it?" "Not really, put it on the
| nice-to-have list and we'll get to it when we get to it".
|
| In contrast your American equivalent has 20 million
| customers and hopes to expand to 40 million customers by
| 2030. Their engineers ran out of addresses in 10/8 for
| infrastructure _years_ ago. So there are awful, miserable
| hacks they can do, but _just go to IPv6_ solves the
| problem. And hey, since your backend network is IPv6
| anyway, you can just as well give it to your customers.
|
| Once you bite the bullet, IPv6 first is actually cheaper.
| But most organisations aren't set up to think that way.
| The big changes resulting from the pandemic illustrate
| that. Can some (many? almost all?) of your office workers
| be more effective if they don't spend an hour every day
| commuting and then sit in a small cubicle most days of
| the week? The answer to that question didn't change from
| May 2019 to May 2020 but whether your employer _knew the
| answer_ changed.
| ev1 wrote:
| > there are awful, miserable hacks they can do
|
| They definitely did those, I've gotten everything from
| 172.* to CGNAT 100.* IPs to UK MoD 25.* IPs as NAT, all
| on the same carrier, hah
| codetrotter wrote:
| I live in Norway, we have some of the best mobile internet
| speeds in the world, meaning that mobile internet
| infrastructure in this country is pretty good.
|
| And yet here we are in 2021 and my carrier is only giving me
| IPv4 access by default. No IPv6. This is with 4G connection and
| 70GB data per month by the way, for which I pay about $50 per
| month for the subscription.
| Denvercoder9 wrote:
| _> US, China, Japan, India, Canada, Brazil, and most of the
| Europe_
|
| That's about half of the worlds population (and I bet more than
| half of the internet-connected population). If those countries
| start going exclusively IPv6, the rest of the world cannot
| afford to don't care much longer.
| noxvilleza wrote:
| It's insane to think that just the 6 countries mentioned are
| ~44.4% of the world's population - but the whole of Europe
| (~52 countries) are only 9.45%.
| rapsey wrote:
| Half the population and the vast majority of purchasing
| power.
| m348e912 wrote:
| At this point I was wondering if it would be reasonable to use
| ipv6 exclusively. I figured ipv6 addressing is reachable by most
| by now. That's until I tried to reach ipv6.google.com and it
| failed. So I answered my own question.
| the8472 wrote:
| Making hobby projects ipv6-only would be a start.
| lvncelot wrote:
| Since I'm using Hetzner Cloud for my hobby cluster, this is
| as good a kick as any to start moving that stuff to ipv6.
|
| (Although there's no mention whether HCloud ipv4 pricing is
| actually affected by those changes)
| kaliszad wrote:
| You should still get an IPv4 address with the VM for free.
| But you can make sure you support IPv6 anyway for the day,
| when even the very first IPv4 will cost extra.
| lvncelot wrote:
| Yes I'm currently using floating IPs as ingress
| addresses, and I'll switch to IPv6 ones.
| Tenoke wrote:
| My ISP had some sort of v4 outage where only v6 worked fine.
| That was really nice except that even services or games that
| supposedly work over v6 rely on v4 and are borderline unusable
| without it.
| kalleboo wrote:
| Yeah I had some issue where my home router's NAT died so IPv4
| broke, but IPv6 kept working. My wife said that Google,
| YouTube, Facebook etc work but nothing else does. It didn't
| take me long to realize what was happening.
| kalleboo wrote:
| Even in the countries with the highest adoption, it's only
| around 50%
| https://www.google.com/intl/en/ipv6/statistics.html#tab=per-...
| DaiPlusPlus wrote:
| IPv6 adoption figures are artificially inflated by LTE and 5G
| smartphone connections (which are invariably IPv6) whereas
| landline/DSL/DOCSIS connections are still IPv4 on so many
| ISPs.
|
| I'll say one thing about Comcast in the US: they have
| atrocious customer service, scummy upselling, and that horrid
| wi-fi network sharing... but they do 2 things that mean I'll
| forever give them a free-pass:
|
| 1. They have CBC channels in the US so I can watch the
| Olympics without watching NBC's horribly dumbed-down,
| artificially time-shifted, and condescending feed.
|
| 2. They have a rock solid IPv6 network _for everyone_.
| scratcheee wrote:
| At the current rate (approximately linear over the last 10
| years), in just 30 more years we'll have 100% adoption.
|
| Realistically adoption will slow down if nothing changes,
| everyone willing to put the effort in for zero immediate
| reward has already done so, and some will allow their support
| to degrade due to low usage.
|
| At some point I guess ipv4 availability will really start to
| collapse and adoption will speed up again.
|
| Not sure which will come first to be honest, but better if
| adoption is relatively high when the shit evebtually hits the
| fan, to avoid the temptation of insane NAT solutions.
| hutrdvnj wrote:
| > At some point I guess ipv4 availability will really start
| to collapse and adoption will speed up again.
|
| I think this will be more like a linear function. As the
| IPv4 prices increase, the IPv6 adoption increases until it
| reaches 100%. I don't think that there will be a collapse.
| mprovost wrote:
| Adoption is already slowing down, by half in 2020 vs 2019.
|
| https://blog.apnic.net/2021/02/08/ipv6-in-2020/
| GolDDranks wrote:
| I bet that at some point we'll have another inflection
| point, as the IPv4 prices soar and the IPv6 becomes
| commonplace enough for some (free/hobbyist-run?) services
| to say: "sorry, IPv6 only".
| mprovost wrote:
| An inflexion point can go either way, the question is
| have we already passed that point with v6 or is this the
| start of a decline that ends with it failing to replace
| v4? (Stealing this from Geoff Huston, see page 41 of his
| presentation [0])
|
| [0] https://www.potaroo.net/presentations/2021-03-02-ipv6
| -deploy...
| netr0ute wrote:
| Why even pay for IPv4 addresses? Who says who gets to
| "use" them?
| ShrigmaMale wrote:
| Markets generally are good for determining allocation of
| scarce resources. They push people with the ability to
| substitute to do that, in this case, use ipv6. Pay for
| ipv4 so nobody takes more than he needs. Imperfect but
| probably the least bad option, just waiting to get ipv6
| over time hasnt worked so maybe scarcity and high prices
| do it.
| [deleted]
| dcow wrote:
| Hmm so maybe the market will drive IPv6 adoption where the
| commons collectively could not.
| Pick-A-Hill2019 wrote:
| The Set-Up Fees are eye-watering.
|
| The monthly fee I can understand (but also feel there is a bit of
| mark-up on it to nudge customers towards IPv6).
|
| I guess since it's their service, they have an absolute right to
| charge what they like (and let the competition decide) but the
| set up fees are just not going market rates.
|
| Point I'm trying to make is - charging EUR 435.20 per month for a
| /24 is expensive but sort of ok ... but the EUR 4864.00 set-up
| fee?
|
| Seriously? It costs EUR 152.00 for a /29 subnet but it costs 32x
| MORE to set up a /24 subnet? Is it really 32 times more work to
| set up?
| sneak wrote:
| I think at their tiny margins one of their major costs in any
| sort of setup is going to be staff interaction/attention.
| sascha_sl wrote:
| Hetzner is a host living at a price and popularity point where
| they always have to consider massive scale abuse.
|
| I'd imagine this is a major incentive for long-term ownership
| of their freshly acquired IP space instead of churning them
| through customers to end up on every blacklist for every
| conceivable type of service.
| ShrigmaMale wrote:
| Very important since lazy admins just blacklist whole ranges
| or even cloud providers sometimes if there is too many abuse
| coming from it.
| qalmakka wrote:
| If only ISPs actually bothered giving out IPv6 addresses to their
| customers. It's 2021, I have a 1 Gbps FTTH connection and still
| no trace of IPv6. This is a complete disgrace.
| nickcw wrote:
| IPv6 is a hard sell for the average customer and because of
| that to the ISPs that provide service to them.
|
| IPv6 doesn't make anything go faster, or let customers access
| anything they can't already access and quite likely it will
| make difficult to diagnose networking problems which break
| stuff (speaking from personal experience with IPv6 here!).
|
| I don't think ISPs will be motivated to give out IPv6 addresses
| routinely until there are important areas of the internet which
| are IPv6 only. Until that point they would just be making more
| support burden for themselves.
|
| And I can't see important stuff going IPv6 only any time soon
| since you don't make a new and exciting service which the
| majority of people can't access.
| xur17 wrote:
| I think it was 5 or 10 years ago, but there were some
| websites that did exactly that. I distinctly remember setting
| up an ipv6 gateway so I could get access to free newsgroups.
| I think there was other stuff as well, I just don't remember
| it all.
|
| [0] https://www.reddit.com/r/usenet/comments/k9aqjy/newszilla
| 6xs...
| oarsinsync wrote:
| One of the largest ISPs in the UK (BT) provides dual stack
| connectivity as standard. Their CPE is configured to enable
| dual stack LANs as standard. Few consumers login to their CPE
| to change anything.
|
| "It Just Works."
| billpg wrote:
| Are you sure? I use BT and I all of the IPv6 testing
| websites I found report no-support.
| alerighi wrote:
| But there is motivation for ISP to use IPv6. They save a ton
| of money on IP addresses, and they don't need the
| infrastructure to keep a NAT.
|
| And I don't mean only the cost of running it, in my country
| for example by law the ISP has to maintain a log for 5 or 10
| years of all the IP addresses assigned to the user, and in
| case of a NAT even of all connection and source ports
| associated with each client. That is a cost that you will
| save with IPv6, just assigning an entire /64 subnet to every
| customer.
|
| Of course you will start to save money at the point where we
| can switch off IPv4, that is not something we will see
| tomorrow, but if we don't start, the problem will not become
| better with time, but worse.
|
| IPv6 is an investment for ISP, more than customers (that it's
| not true they don't care, they maybe don't understand the
| term, but when they find out that they can't play online with
| their PlayStation/Xbox because they are behind a NAT, they
| will complain to the ISP).
| jiggawatts wrote:
| 1 Gbps fibre here also, and miraculously with native IPv6 that
| "just works".
|
| I say miraculously, because most of the rest of the ISPs in my
| country have "experimental" IPv6 "coming soon". Any decade now.
| Any decade...
| tomjen3 wrote:
| I loath this normally, but this is one case where we really
| need the government to set standards. Everybody is better of on
| IPV6:
|
| 1. Mandate that all ISPs have a fully functional IPv6 assigned
| for each IPv4 given to customers. It must route just as their
| IPv4 does. If a customer doesn't have an IPv4 number, they must
| assign as many IPv6 as if the customer had one IPv4. 1. Mandate
| that all servers and all services accessible over IPv4 be
| accessible over IPv6 1. Institute sufficient fines for
| businesses that don't follow these requirements.
| foepys wrote:
| People talk a lot of bad things about German ISPs, but I have
| IPv6 on my DSL connection since 2015 and on my phone since 2019
| (maybe earlier).
| shoeffner wrote:
| I also remember having IPv6 in Germany for years now, but it
| came with lots of problems: routers cannot forward things
| properly, thus self-hosting at home becomes tricky, or
| playing games with friends without dedicated servers (yes,
| they still exist, no, not all support IPv6). It gets even
| worse with "DS-Lite", where multiple customers share the same
| external IPv4 address, to enable support for all the
| webservices not supporting IPv6 yet.
|
| All in all, I had so many troubles with setting up anything
| behind IPv6 or DS-lite, that I asked my ISP to give me an
| additional IPv4 address, so that I don't have troubles. While
| they usually provide bad service, this came for free -- but
| other ISPs, for example my parents' ISP, want you to pay 50
| or more euros per month for an "enterprise contract" to get a
| dedicated IPv4. I still haven't found a way for my dad to
| setup his old webcam server at home such that others can
| reach it from the outside world, and I tried every couple
| months over the last 6 years or so.
| brutopia wrote:
| How about keeping connection open from the webcam server or
| any host on the same LAN with a ssh reverse tunnel to a
| cheap cloud server?
|
| For example when the webcam server is reachable on LAN at
| 192.168.1.2:1337 you can do
|
| $ ssh -N -T -R 1338:192.168.1.2:1337 user@cloudserver.com
|
| on a raspberry pi on the same LAN or locally in the webcam
| server and then you can access the webcam server from
| anywhere using cloudserver.com:1338
| dathinab wrote:
| Besides provider sometimes have strange port rules it's
| not uncommon for them to forcefully change your IP from
| time to time, even if there is an open connection. It
| tends to happen at night and it tends to be a forceful
| disconnect from your router to the outside world for
| <5min.
|
| At least I ran into this frequently (multiple times a
| week, I really need to fix my sleep cycle).
| shoeffner wrote:
| I considered such options before but if I remember
| correctly, the webhost does not allow SSH. However, I
| haven't checked for some time and I will definitely look
| into this, thank you!
| pimeys wrote:
| I have a Vodafone cable in Berlin and it gives you one ipv6
| address in NAT mode. Not really helping if using your own
| router and needing more than one ipv6 address (that is
| typically the case).
|
| I do VPN from the router, giving me a proper /64 block...
| dtx1 wrote:
| Same setup here but my VPN provider only gives me a /128
| IPv6 Net so i have to use IPv6 NAT which is possible but
| ugly. Which one do you use?
| pimeys wrote:
| Azire gives a nice /64 block.
|
| https://www.azirevpn.com/
| dathinab wrote:
| Giving you a dual stack IPv4/6 address (with IPv4 often
| NATed) is one of the thinks the German ISPs do well.
|
| But for many other thinks there are to often to many problems
| including bad availability of speeds about 50Mb/10Mb and they
| still selling you faster speeds which technically can't be
| delivered.
|
| And for many areas of Germany it boils down to:
|
| - If you live in a city and only go for 50Mb it's often ok
| (but even in cities there tend to be areas with faulty
| installations causing problems for the citizens in that area
| for years, e.g. my sister and a co-worker of mine had/have
| that problem).
|
| - If you live in the metro area but not in the city it's
| spotty sometimes going with LTE is better, sometimes it's
| not, sometimes you should by both to make sure at least one
| of them works (my former co-worker had that problem).
|
| - If you live outside the metro area it's random either you
| get reliable reasonable fast internet if you buy from the
| right provider or you get less then 1Mb no matter what
| provider you choose (multiple of my friends had/have that
| problem).
| zeeZ wrote:
| People like to shit on Telefonica/o2, and after half a year
| of trying to get my bills corrected I can see why. But I've
| had dual stack on my DSL for several years now without issue
| (caused by them).
| noxvilleza wrote:
| Yeah since moving to Germany in 2016 I've been getting IPv4 &
| IPv6 addresses (on 1&1 / Versatel). Was very surprised when
| first noticing it!
| benttoothpaste wrote:
| One of the very few good things I can say about my Comcast
| connection is that they gave me a 60-bit IPv6 prefix.
| dmitryminkovsky wrote:
| Here in Baltimore County, Maryland, Comcast provides my cable
| modem an IPv4 and IPv6 address. Is that unusual? I'm not sure,
| but I think Time Warner in New York also allocated IPv6.
| mindcrime wrote:
| AIUI, Time Warner had rolled out ipv6 pretty widely before
| the merger and becoming Spectrum. I have had native dual-
| stack ipv4/ipv6 from TWC/Spectrum for several years now, in
| the RTP, NC area.
| technofiend wrote:
| Comcast will hand you the smallest routable ipv6 network
| (/64) by default, however people have had varying success
| with prefix delegation hints to get larger address spaces.
|
| Without passing judgement on a) medium.com articles, b)
| Comcast or c) pfsense here is an article that covers making
| IPV6 work in that specific instance.
| https://circuitguy.medium.com/home-network-virtualized-
| pfsen... - Worst case scenario someone can take this and
| adapt it to opnsense or their OS of choice.
| ArchOversight wrote:
| Comcast will happily hand out a prefix delegation larger
| than a /64 if you ask for it, and set the prefix delegation
| request to 1 instead of 0.
|
| This is done because many routers were built with bad IPv6
| support that requested a /48 even though they only needed a
| single /64 for a LAN and Comcast was handing out /60's
| (their largest size) like candy with almost no use.
|
| So my config was to request two prefix delegation, one
| tagged 0, which would always get a /64, and then one tagged
| 1 which would get a /60.
|
| Not sure if you still can do it or not, but at one point
| you could continue to ask for prefix delegations (/60's)
| and get even more address space.
|
| Here's the dhcp6c.conf: interface em0 {
| send ia-pd 0; send ia-pd 1; send ia-na 1;
| }; id-assoc pd 0 { prefix ::/64
| infinity; prefix-interface lagg0 {
| sla-id 0; sla-len 0; };
| }; id-assoc pd 1 { prefix ::/60
| infinity; prefix-interface vlan10 {
| sla-id 1; sla-len 4; };
| prefix-interface vlan11 { sla-id 2; sla-len
| 4; }; prefix-interface vlan20 {
| sla-id 3; sla-len 4; };
| prefix-interface vlan21 { sla-id 4; sla-len
| 4; }; prefix-interface vlan22 {
| sla-id 5; sla-len 4; }; };
| id-assoc na 1 { };
|
| Note: ia-pd 0 will only ever pull a /64, even if you ask
| for a /60 all you'll ever get back is a /64. ia-pd 1 on the
| other hand will allow you to pull anywhere from a /64 to a
| /60.
|
| Yes, this means you get 16 + 1 /64's to use.
|
| On top of that I pull a single /128 for the external
| interface of my router.
| Akronymus wrote:
| Better than getting cgnat'ed with a ipv6 address. Mind the
| address, not address range.
| ocdtrekkie wrote:
| To my knowledge, actually, by default, Comcast solely
| provides IPv6 by default... but then if you plug in a device
| that requires (or is configured to require) IPv4, it'll give
| you an IPv4 address. During the transition, I'd occasionally
| find weird things would spontaneously break on consumer PCs,
| like old Office Click-to-Run versions which didn't support
| IPv6, and then discover the user no longer had an IPv4
| address.
|
| Usually happens if the customer's computers connect to the
| Comcast gateway directly. If they have their own router, it
| usually gets an IPv4 address.
| ArchOversight wrote:
| Comcast is dual stack, and will hand out IPv6 and IPv4.
| There are times when their IPv4 DHCP server is slow or
| seems to be out to lunch though, and during that time you
| might get IPv6 only.
| throaway46546 wrote:
| Not giving users who connect to the gateway directly a v4
| address seems like a decent security feature.
| ocdtrekkie wrote:
| That is probably just a side benefit. Your two largest
| ISPs pushing IPv6 are Verizon and Comcast, because
| they're also (including wireline and mobile) the largest
| ISPs. The number of IPv4 addresses they'd need to meet
| their customers needs would be astronomical if they
| didn't find any excuse to go IPv6 only where possible.
| lizknope wrote:
| I have AT&T Fiber along with my sister and parents. They live
| 20 and 30 miles west of me. Both of them have IPv6 but I don't
| and I live in a bigger city in the area. I don't understand.
| defaultname wrote:
| My ISP assigned my home an IPv6 address, but the net result is
| that I get captchas and bot checks _endlessly_. Even a simple
| grocery order on Walmart 's website yields a dozen "Are you a
| robot" interruptions during a session.
| p1mrx wrote:
| walmart.com is IPv4-only (according to IPvFoo), so the
| captchas you're seeing can't possibly be related to your IPv6
| address.
|
| If your ISP uses CGNAT for IPv4, then Walmart could _fix_ the
| captcha problem by supporting IPv6, where your address is
| distinct from the bots.
| defaultname wrote:
| I have never bothered digging into it, just noticed a
| pretty irritating rise in bot gates after enabling IPv6
| through the router (though it could be entirely
| coincidental). I of course still have an IPv4 address.
|
| Walmart uses a litany of external services, presumably
| including real-time threat/bot analytics. For instance
| AdobeDTM, which does indeed serve via ipv6. It seems
| possible that IPv6 could be playing a part regardless of
| the status of the base site. These bot gates aren't at HTTP
| responses, but are in client interrogations and javascript
| triggers while interacting with the page.
| sfblah wrote:
| Yes. This. I tried using ipv6 and had to turn it off because
| of problems like this.
| saltminer wrote:
| What ISP are you using?
|
| I have Google Fiber, and I can't say I get a ton of
| captchas (other than sites that have them for everyone,
| e.g. unauthenticated contact forms). The only downside to
| v6 was I had to get a new router because my old one
| couldn't route v6 at gigabit speeds (could easily do
| gigabit symmetric on v4 only, but topped out at 400/400
| Mbps on dual-stack).
|
| Back when I had Spectrum (which was Charter in my area pre-
| merger), their v6 worked fine as well.
| FractalParadigm wrote:
| Where do you live? Here in Canada I've had native IPv6
| through Rogers for the better part of 10 years and have
| _never_ had problems in any way. In fact I have IPv4
| straight up disabled on a few devices because v6 has been
| marginally faster in any test I 've done. So far Reddit and
| HackerNews are the only two websites I regularly visit
| without v6 support (why?).
| defaultname wrote:
| I (the guy two comments up) am in Canada through another
| provider. Whether the address range just isn't as well
| known and documented on whitelists, or one of my
| neighbors (IPv6 wise) runs botnets, there is no doubt
| that it is treated as much more suspicious traffic when
| I'm going through IPv6.
|
| And this is well known in the industry. The IPv4 world
| has had enormous mapping and trust ratings and
| understanding -- coupled with a scarcity that gives range
| owners or operators a higher incentive to care about what
| happens on it -- while a lot of people are still
| completely in the dark about IPv6 and still treat it like
| some scary unknown.
| oarsinsync wrote:
| > _The IPv4 world has had enormous mapping and trust
| ratings and understanding_
|
| Indeed, and residential ranges are wholesale blocked from
| participating in various services, because of abuse
| through compromised hosts in residential networks.
|
| Budget cloud providers are wholesale blocked from
| participating in various services, either at thier local
| edge, or the remote edge, because of abuse through
| deliberate malicous customers and/or compromised hosts.
| ikiris wrote:
| I've used generic comcast IPv6 for years and never had this
| problem.
| Akronymus wrote:
| We have a dual uipv4 and ipv6 address at home. But both are
| CGNAT'ed, which really annoys me.
| zahllos wrote:
| In Switzerland it is a level of insanity above this. Major ISPs
| are now promising 10Gbit and 25Gbit fibre to the home, but only
| one ISP natively supports IPv6 (init7, not the country's major
| provider Swisscom).
|
| This is utterly bonkers. While the ethernet cables they give
| out can likely do 10Gbit (but definitely not 25Gbit) very few
| people have 10Gbit-capable ethernet or wifi chipsets and there
| is no way they will actually be able to routinely transmit data
| at this speed.
|
| Swisscom do 6rd and don't offer static IPv6 either presumably
| because of how 6rd works. So it is a pain to configure anything
| except using their own box.
| brnt wrote:
| At least you can get speedy connections. Here in the NL
| offers still start at 40/5-type connections, and ISP have you
| pay premiums to get 300/500 Mbit. If you're lucky, you can
| sell your first born for 1Gbit.
| dathinab wrote:
| Offers starting at 40/5 is already good, in Berlin offers
| currently start at 10/2 with 100GB volume limit for
| 25EUR/Month with 2 year minimum contract duration.
|
| (Through to be fair you get 50/10 for 30EUR/Month without
| limit.)
| dmurray wrote:
| > While the ethernet cables they give out can likely do
| 10Gbit (but definitely not 25Gbit) very few people have
| 10Gbit-capable ethernet or wifi chipsets and there is no way
| they will actually be able to routinely transmit data at this
| speed.
|
| Bit of future proofing, the fibre cables will be in the
| ground for 10 years and who knows whether consumer devices
| can routinely do 10G by then. The cost is dominated by the
| price of digging up the roads, not by sticking a few extra
| strands in the ducts.
| awruko wrote:
| what do you mean by natively? I am using iway and can clearly
| use ipv6. Most of the whatismyip sites give me my ipv6.
| ubanholzer wrote:
| Depends on the location. If iWay does have a POP in your
| network, they can offer native IPv6 because their DHCP does
| support it. If they don't have a POP, they often (need to)
| use Swisscom to "proxy" your packages (like Crossover7).
| And because the Swisscom DHCP Server can't assign IPv6
| leases currently, your router needs to tunnel IPv6 packages
| in IPv4 packages to the infrastructure of iWay.
|
| https://de.wikipedia.org/wiki/6rd
| ShrigmaMale wrote:
| > 10Gbit and 25Gbit fibre to the home
|
| That is suprising, why? Can most people even use that much
| speed? Netflix only need so much bandwith. Good for homelabs,
| just most people don't have them.
| ThePadawan wrote:
| Speaking of insanity: I'm a customer with init7. Great
| service!
|
| You know what's not great? I live in a new building. It was
| built in ~2015. It's not even on Google Street View.
|
| They decided to go with a commercial solution
| ("digitalStrom") for Ethernet that caps out at 100Mbit.
|
| I now have to use Wifi to get anywhere close to the 1Gbit I
| pay for. The lack of forethought (or the grift for the
| company that bought that tech) is astounding.
|
| Thank god I only rent.
| moooo99 wrote:
| Reading this in Germany, I'd happily overpay for a 1Gbit
| connection even though I couldn't use it. Unfortunately,
| the fastest available connection here is a 50mbps, and
| thats a significant improvement. Three years ago, we were
| limited to a 16mbps connection for a household of four.
|
| But I wouldn't be surprised if my 50mbps connection is as
| expensive as your connection, presumably while offering
| worse service.
| ubanholzer wrote:
| 60EUR / month plus a one-time-fee of 100EUR. if you want
| 25 gbit/s (and if the POP supports it), you pay a one-
| time-fee of 310EUR. But the availability is currently
| very restricted to urban regions
| dathinab wrote:
| A 50Mb/10Mb connection often cost around 30EUR/Month +
| 70EUR one time in Germany but:
|
| - You often only get it in city areas, I say city areas
| because metro areas include small settlements around the
| city still connected with the metro. And in many
| experience it's quite likely the best you can get in that
| settlements is either _way_ less or unreliable high
| latency LTE.
|
| - There are faster contracts like 250Mb/40Mb for
| 45EUR/Month but availability is spotty, _and companies
| will sell it to you even if not technical available_.
| E.g. most 100Mb contracts say serving 60Mb would still be
| "valid" for your 100Mb contract.
|
| - It's not uncommon that many DSL of different people
| will go through choke points in areas with high
| population density but not that much money, so speeds
| dropping sometime randomly noticeable are not uncommon.
|
| - It's common that if there are technical problems (which
| are not uncommon when switching providers) it can take
| days to fix them, my previous (small) company went a
| month without proper internet connection due to this,
| they fell back to using a LTE router temporary but they
| had to buy it themself it wasn't provided by the internet
| provider.
|
| A good point is that all the internet contracts tend
| include a land line phone number and tend to have
| "unlimited" data volume (which isn't always truly
| unlimited, but close enough to unlimited).
|
| Frequent stories include internet being so bad that it
| frequently is short term temporary(<15min) unavailable,
| randomly temporary super slow internet, or a supposedly
| 100Mb internet connection frequently slowing down to
| close to 1Mb causing video conferences to fail. And that
| is in the city.
|
| Outside of cities it's common to have insanely slow
| internet all the time to a point that people fall back to
| use LTE->WLAN routers, but then it's common to hear that
| the LTE is frequently overloaded around "rush hours"
| making people at the "outer ranges" of the closest LTE
| tower lose connection.
|
| The state of the German internet infrastructure is kinda
| a sad joke.
|
| Through I should note that things differ depending on the
| area of Germany you are in.
|
| Anyway the best thing I can buy (and get) in my area (in
| a relatively wealthy area of Berlin) is ~60Mb/10Mb
| connection which is somewhat reliable (fails 0-4 times
| every day for ~1-5min each, but it only happens between
| 2am and 6am, so ok, not a problem and at least one
| failure is probably the router).
|
| EDIT: Just to be clear the biggest joke are not the ISP's
| but the politicians which let themself be bribed not only
| to tolerate but actively support this situation. Through
| it's also incompetence not to long ago some politician
| responsible for making regulations in this area stated
| (and believed) that ???Kb (forgot the actual value but it
| was less then 1Mb) is high speed internet. It's sad if
| politician are stuck years in the past and are so
| arrogant and incompetent that educating them about their
| mistake is destined to fail.
| lukeqsee wrote:
| Green.ch supports IPv6, and they include a /48 when you have
| a static IP.
|
| I've wanted to switch to init7 for a longtime, but Green's
| service and price is hard to argue with.
| api wrote:
| Just got an Orbi WiFi setup. Great hardware but v6 was disabled
| by default and enabling it is under "advanced." This is a
| fairly new product in 2021. ISP supplies it no problem.
| tyingq wrote:
| It's also very clear that it's possible, with the right
| motivation. Cell phone networks get it.
| theandrewbailey wrote:
| FiOS?
|
| I've been on FiOS for almost 10 years. Every few months, I
| check to see if I or any other FiOS customer has IPv6. It's
| been on in one testing market (or two) for years, but nothing
| else outside that.
| thinkmassive wrote:
| I'm FIOS with an IPv6 address right now.
|
| I first discovered this when I started presenting a terraform
| demo from home, and it broke because at least one of the AWS
| modules didn't support IPv6. When developing I only used my
| Xfinity connection, which gives an IPv4 address. Apparently
| my laptop had switched to my other wifi Network right before
| the presentation. Luckily the interviewer was understanding,
| and we used the experience as a troubleshooting exercise.
| deathanatos wrote:
| I think you might be a unicorn.
|
| I'm also on FiOS, in a major MSA, and nope, IPv4 only.
| drewg123 wrote:
| I'm on FiOS in the Richmond VA area with an IPv6
| sodality2 wrote:
| I'm only a few miles from you and cannot figure out how to
| enable IPv6. Did you do it within the router admin page?
| Did you have to do anything extra?
| mrweasel wrote:
| My ISP have at one point stated that they did not have ANY
| plans to provide customers with IPv6, as there was no demand.
| This is beyond stupid, of cause there's no demand, the average
| user isn't even demanding an IPv4 address. They don't know that
| they need one.
|
| Claiming that they don't see a return on investment is equally
| silly. Most ISPs have rolled out fibre, or new equipment in the
| last 10 years. They could just have rolled out IPv6 when new
| equipment came online over the last decade.
|
| Maybe the ISP deliberately bought equipment without IPv6
| support, like we did, but by accident. Two years ago we bought
| new Cisco equipment, for a remote office, only to discover that
| there where no IPv6 support. So back to Cisco it went. Why did
| Cisco even bother to make network equipment that doesn't
| support IPv6?
|
| Still, it's better than IBM who claims IPv6 support in their
| software, but haven't bothered to test it the last 7 years, so
| it doesn't actually work in the current versions.
| DaiPlusPlus wrote:
| > Why did Cisco even bother to make network equipment that
| doesn't support IPv6?
|
| The same reason credit-card payment terminal people sold
| almost-EMV terminals to retailers in the US around 2010-2015:
| so their customers will come back 5 years later needing
| another upgrade to something they _should_ have bought
| originally.
| spurgu wrote:
| Unfortunately this sounds highly plausible. :(
| throw0101a wrote:
| > _This is beyond stupid, of cause there 's no demand, the
| average user isn't even demanding an IPv4 address._
|
| In other words: the demand is for connectivity--or rather the
| services being connect gives you, like the ability to view
| YouTube videos and see tweets--not for addresses.
| blowski wrote:
| I imagine if you only have IPv6 then some parts of the
| internet will stop working, and customers will then blame the
| ISP. I can see why ISPs keep the status quo when it probably
| costs them very little to do so.
| TheSmiddy wrote:
| IPv4 can be addressed from an IPv6 only device when an ISP
| configures their network with the feature, many mobile
| phone providers already have fully IPv6 networks:
| https://www.sidn.nl/en/news-and-blogs/australias-telstra-
| swi...
| pantalaimon wrote:
| Eh, in Germany most ISPs will only give you DSLite for new
| contracts - Dual Stack Lite where you only get a NATed
| private IPv4 address but full IPv6 connectivity.
| Semaphor wrote:
| My contract is from 2014, no IPv6 at all, but also a real
| IP and not behind a CGNAT. Kabel Deutschland/Vodafone
| business account (which is available for everyone and
| doesn't mention anything about NAT)
| froh42 wrote:
| Nah. My home internet is originally Dual-Stack lite IPv6
| mainly with IPv4 being tunneled over an Enterprise-like NAS
| (so my outgoing IPv4 connections share the address with
| other users).
|
| I just switched to full dual stack (by leasing a static
| IPv4 address from my provider) to be able to handle
| incoming connections for my VPN. As long as you don't want
| to host anything on IPv4, dual stack lite is fine.
| DannyB2 wrote:
| ISP says there's no demand for IPv6 addresses. There's no
| demand because other people don't have them. Others don't
| have them because ISPs don't issue them.
|
| It's not circular logic, it's no loose ends.
|
| Reminds me of a story in The Dragon Book. (compiler design
| book from the 1970s) FORTRAN IV doesn't (didn't) allow arrays
| with more than three dimensions. Because programmers didn't
| write programs using arrays with more than three dimensions.
| Programmers didn't write programs using arrays with more than
| three dimensions because the compiler didn't allow arrays
| with more than three dimensions.
| codesnik wrote:
| I wonder, if, with such a spotty support, and being forgotten and
| overlooked by many administrators, ipv6 is already a major attack
| surface
| JepZ wrote:
| 4 years ago, I assumed, that by 2021 we would have about 50% IPv6
| adoption:
|
| https://news.ycombinator.com/item?id=14855347
|
| Now it looks like I was wrong and we got just about 33% and the
| curve seems to flatten already:
|
| https://www.google.com/intl/en/ipv6/statistics.html#20
| gowthamgts12 wrote:
| is it because of NAT adoption everywhere?
|
| related: major indian telcos like Jio and Airtel are rolling
| out CGNAT.
| maccolgan wrote:
| Jio has spearheaded IPv6 too, but OTOH Airtel hasn't but is
| still slowly rolling it out
| emilfihlman wrote:
| Everything would be solved if we just made ipv6v2 which is ipv4
| but with longer addresses.
| chillydawg wrote:
| This worked. I had an idle /29 and gave it up to them instead of
| paying.
| rmoriz wrote:
| Still waiting for Hetzner to support announcing provider
| independent (PI) IPv4/IPv6 subnets like vultr does for ages.
| justinclift wrote:
| GitHub Pages doesn't serve over IPv6 either. :(
|
| If your website/docs/whatever are on GitHub pages, it's IPv4 and
| a lot of the world can't access them.
| DanAtC wrote:
| What ISPs are doing IPv6-only? Can't imagine they'd still have
| any customers.
| karmanyaahm wrote:
| I moved off of GH Pages for that very reason.
| kstrauser wrote:
| In related news, last week was the first time ever that Google's
| IPv6 traffic never dipped below 1/3 of their total traffic:
| https://www.google.com/intl/en/ipv6/statistics.html
| jtchang wrote:
| ARIN has been constantly raising prices on both IPv4 AND IPv6
| registrations and fees. It's really annoying because you'd think
| you'd get a break for adopting IPv6 but nope.
|
| I've expressed my disagreement on the public mailing list but it
| seems like it is happening anyway.
| orev wrote:
| This is the inevitable and foreseeable result of the scarcity of
| IPv4 addresses, and it perversely discourages IPv6 adoption. Once
| something has a cost, it has the potential to become revenue
| generating, and once that happens the incentive for companies
| changes to preserving the revenue stream. At that point, why
| would they make the effort to provide a free alternative?
| pimeys wrote:
| I was just thinking this when reading the email Hetzner sent
| me. Would it be a good investment to buy 1000 IPv4 addresses
| now and sell them in a few years?
| wmf wrote:
| Note that this is "illegal".
| tialaramex wrote:
| You can't do this.
|
| The thing that's saleable is _routable_ IPv4 address space.
| That is, blocks of addresses which can just be announced
| somewhere by a new owner. I can 't meaningfully sell say
| 81.2.89.126 even though that address is "mine".
|
| The RIRs still manage this namespace. Their rules only allow
| transfers of space _to_ LIRs that have a justified need for
| the addresses, the "sale" just allows you to bump their
| request to the top of the queue matched against your return
| of those addresses. At exhaustion (where most regions are
| now), the queue won't move unless either some kind soul gives
| back some addresses or, more likely they _sell_ those
| addresses to somebody not at the front of the queue.
|
| So, you can't really just buy 1000 IPv4 addresses. You would
| need to create an entity that needs 1000 addresses, that
| could buy them, and then it could use them, but then that's
| not really an "investment in IPv4 addresses" it's a company
| (ISP? Cloud provider maybe?) that you founded and provided
| some capital to in the form of the address space it needed.
| dmurray wrote:
| Seems like a bad long term investment, since there's a plan
| for them to be worthless eventually. Economically speaking,
| if the market is rational, the price should tend down over
| time.
|
| Of course the market may not be rational (it's obviously not
| super liquid, either), and it's very plausible the price
| creeps up over time before eventually crashing, or that we
| never get to widespread IPv6 adoption after all. Maybe you
| have some insight that they are underpriced at the moment and
| IPv6 adoption is further away than the market thinks. But I
| wouldn't contemplate this as an investment unless I had some
| plan to collect rent for the assets to make up for the
| expected eventual depreciation.
| p1mrx wrote:
| I think this is good news for IPv6 deployment. As ISPs start
| charging more for IPv4, companies will finally have a financial
| reason to seek the alternative.
|
| It's sort of like taxing carbon to make non-carbon energy more
| competitive.
| skybrian wrote:
| That doesn't make sense as stated. The company offering IPv4
| doesn't get the revenue. It's an increasing cost to them that
| they will try to minimize.
|
| It might make a bit more sense as justification to raise retail
| prices, but there is a risk that competition will undercut that
| price.
| est31 wrote:
| It won't generate revenue but investment into ipv4 can be
| used to build a moat around your cloud business. Anyone who
| wants to compete with the big cloud vendors now needs not
| just a global network of data centers and good uplinks, but
| also a large pool of ipv4 addresses.
| orev wrote:
| It would be very rare that any company passes the wholesale
| cost directly to the customer. There's almost always some
| kind of markup, even for things like "administrative
| overhead". Maybe that's not widespread now, but the clear
| trend is reduced supply and increasing demand, so the costs
| will definitely go up.
| whoknowswhat11 wrote:
| Hetzner is a spammer / scammer hell hole. I didn't even realize
| they had clean ip addresses. Anyone spin up an instance recently
| and test deliverability?
| Vespasian wrote:
| Yup. No problem whatsoever.
|
| I also had several resources there for years. Never got
| anything to complain about.
| ev1 wrote:
| Never an issue here, no blacklisting, no bad IP neighbours.
|
| If anything they are too picky on who they host.
| whoknowswhat11 wrote:
| Good feedback - maybe I'm getting them confused with another
| of the AWS lite folks (linode or ...). I had a miserable time
| on one of these with just trashed IP address rep (but
| unlimited bandwidth supposedly).
| ev1 wrote:
| Digitalocean used to offer unlimited bandwidth (not
| anymore). They are completely trashed, half on DNSBL, most
| people I know drop traffic from them due to relentless
| bruteforcing and abuse.
| whoknowswhat11 wrote:
| That was it! Sorry hetzner!
|
| I remembered one of these players and just being totally
| shocked had how bad they were in this area - like no care
| - despite trying to compete with AWS. I don't remember if
| there was also internal to their network scan / attack
| stuff going unaddressed in addition to just issues with
| deliverability out (non marketing) but I honestly felt
| like I was working with kids vs adults a bit (this is
| some time ago though).
|
| I'd been told I was an idiot for paying for AWS and that
| there was lots to be saved on their unlimited bandwidth
| etc - but it ended up being absolutely not worth it. AWS
| support is really good. They seem to take abuse issues
| quasi seriously etc.
| ev1 wrote:
| Yeah I don't know what is up with digitalocean. I can
| think of several things, like free EDU credit (abused
| relentlessly, seemingly mostly by CN/IN with fake edu
| emails or stolen identity ones) and $5 to $10 free
| trials, though this has been reduced a bit via card
| requirements.
|
| They do have very long term customers that are abusive as
| fuck, spray high-PPS port scans and bruteforces out under
| the false guise of security research (with no IRB, no
| studies, no affiliation or notice of who they are),
| pretty much floods that abuse has ignored.
| adevx wrote:
| I remember while trying to figure out why Microsoft was blocking
| emails that IPv6 SMTP source addresses had a much higher risk of
| being blocked despite having done all the required stuff like
| PTR, SPF, DKIM. Microsoft's form to submit delisting an IP
| address does not even accept an IPv6 address:
| https://sender.office.com/
|
| Stuff like this really hinders adoption.
| dathinab wrote:
| Microsoft has been ab-using IPv4 in context of Mail to target-
| specific hinder competition, so they have a lot of reasons to
| not support IPv6 well where this isn't as much doable.
|
| (For example Microsoft has blocked whole IPv4 ranges of cloud
| providers (i.e. Microsoft Azure competition) for E-Mail,
| supposedly because of abuse. But all cloud providers are used
| by people "producing bad mails" and somehow only small to mid-
| sized ones are blacklisted while e.g. Google or Amazon are not
| and to be clear that had not been cloud providers in some
| arbitrary small country but e.g. the EU).
| PedroBatista wrote:
| Microsoft + Email has been a combo from Hell for many years,
| blocking IPv6 addresses, deliverability issues all the time,
| psychotic Spam detector, complete disregard for the most basic
| rules on how Email works and the list goes on.
| kureikain wrote:
| And icloud too. They are very sensitive to ipv6.
|
| In case of icloud, I attribute it to the Proofpoint spam
| filtering system, which also sell service to ups.com.
|
| And even gmail, but at least gmail accept the email, then
| just flagged it as spam.
| xroche wrote:
| My first experience with MS Exchange long time ago was that
| the team responsible for the infrastructure (company with
| more than 100k employees) committed to reboot the server once
| a week, because otherwise it would blow up.
|
| So yes, this is a long story.
| marcosdumay wrote:
| Oh, my first contact with Exchange was discovering that the
| recently updated server couldn't read any of the backups on
| the proprietary format of the pre-update version of it. It
| seemed to be a common enough occurrence, because the email
| people just shrugged and started hacking the backup. I
| don't think that group was ever capable of restoring any
| Exchange backup, normally because of Exchange's problems.
|
| But that was a long time ago. From what I hear, things are
| different now.
| jcpham2 wrote:
| Sounds like unchecked IIS SMTP transport logs but hey it's
| been years since I maintained an on-premises Exchange
| server
| zahllos wrote:
| Yes, I remember seeing this as well.
|
| The irony here is that much of the inter-service traffic on the
| internet could already be sent over IPv6 without anyone
| noticing. Getting end users onto IPv6 is always going to be a
| challenge as, well, ISPs, but when my mail server talks to your
| mail server there's no need for this to be IPv4.
| dndx wrote:
| Same with Google's Report IP problems form, if you tries to put
| an IPv6 address it will always return: "Invalid IP address" and
| wouldn't let you submit the form.
|
| Link:
| https://support.google.com/websearch/workflow/9308722?hl=en
| kmeisthax wrote:
| I wouldn't be surprised if that's intentional. There's an
| explicit hesitance on the part of mail providers to accept v6
| mail, since they use IP addresses as a reputation mechanism.
| IPs that originate spam mail get summarily executed, and
| getting new IPs that have a high antispam reputation is
| actually quite expensive.
|
| In other words, it's a Sybil-resistance mechanism, called
| Proof-of-IPv4. It works specifically _because_ v4 addresses are
| scarce. v6 addresses are not nearly as such. Everything that
| makes IPv6 great for the Internet at large makes it _terrible_
| for mail providers. For example, because the original v6 design
| wanted to eat lower link layers, it reserves half the v6
| address for an embedded MAC64. This never really panned out,
| but it 's terrible for security, so every v6-capable OS
| nowadays will rotate addresses every few hours. The average
| machine will have _hundreds_ of addresses. How do you assign a
| usable notion of per-IP reputation to _that_?
|
| You could use v6 subnets for reputation, but there's still 64
| subnet bits - enough to stick an entire IPv4 subnetwork inside
| of each IPv4 address. Some ISPs actually will assign a /64 per
| customer (because Comcast needs _something_ to sell to Business
| customers), while others assign /56s or /48s. So there isn't
| even one granularity of subnetting that you can use for
| reputation tracking on v6.
|
| Meanwhile, v4 pricing is getting worse and worse, which is
| great for mail providers. They don't necessarily need to turn a
| profit on incoming mail, but they _do_ need to make it
| expensive for people who want to send lots of spam.
| dathinab wrote:
| > do need to make it expensive for people who want to send
| lots of spam.
|
| You can use cloud providers, sure small ones do get
| blacklisted (which happens to also benefit Microsoft as they
| also are a cloud provider) but they can't really blacklist
| Googles or Amazons Cloud.
| kmeisthax wrote:
| Google is not a good place to send spam. They'll delete
| your account and ban the cell number you used to SMS
| verify.
| GoblinSlayer wrote:
| Can't the reputation mechanism rely on DKIM for
| identification?
| adevx wrote:
| This could likely be the reason for poor IPv6 support but
| highlights the importance of shifting (much more) to domain
| based reputation. If a domains reputation is at risk, you can
| bet domain holders will be extremely careful not to allow
| outgoing spam.
| rinron wrote:
| Spammers and scammers already use domains as a disposable
| commodity creating them or using hacked ones for single
| campaigns and moving on. Part of filtering based on IPv4 is
| not only scarcity but accountability. When the owner of the
| netblock reassigns the ip and its already blacklisted it
| can create a problem for them and incentivize them to
| police their own network. Domains are also worse in that
| its easier to use fake information and be untraceable. its
| also understandably easier to get a response legal or
| otherwise from a co-location or isp than a domain
| registrar. Maybe ipv4 will always be preferred for email
| just because its more difficult/expensive and therefore
| less appealing for temporary malicious use.
| syshum wrote:
| Or more strict enforcement by the world on SPF, DMARC and
| DKIM policies
|
| The problem of spam is actually solved, the problem is no
| one setups any of these security parameters correct, large
| and small companies alike all have bad SPF Records, bad or
| no DMARC, etc etc etc
| friendzis wrote:
| Go to any internet-related forum and search history for
| those keywords. You will find countless stories of
| seemingly technically people who in the end give up on
| self hosting and switch to managed mail provider. Because
| even if you solve those policies perfectly, a personal
| mail server will have such a low rate of outgoing mail
| that all the big players will effectively treat it as
| history-less server and will occasionally route the mail
| into the black hole. There is no recourse for that.
|
| If 99% of contacts you want to send mail to are on
| google/yahoo/microsoft you have to play by their rules.
| And those rules are effectively "send mail internally or
| gtfo".
| nanidin wrote:
| I have self hosted personal mail for over a decade. There
| are occasional hiccups with deliverability to new gmail
| addresses, but that is it. In those cases, once a
| recipient marks me as not spam once, there aren't any
| more problems.
|
| I think maybe once in the last 3 years I ended up in
| someone's spam box, total. In fact I just sent to a new
| gmail address and to a university I have never contacted
| before this week and both were delivered without issue.
|
| Setting up DKIM/SPF/etc isn't that hard and it's fairly
| easy to verify with existing tools FYI.
| jtchang wrote:
| How is that solved then if no one setups any of the
| security parameters correctly? That sounds like the exact
| opposite.
| throw0101a wrote:
| > _If a domains reputation is at risk, you can bet domain
| holders will be extremely careful not to allow outgoing
| spam._
|
| Generating domains is fairly cheap though.
|
| lsjfdlakj.com
|
| There, I just generated a new one with a clean reputation.
| Just spend US$ 10 to register it and off we go.
| wrycoder wrote:
| It has _no_ reputation. That 's different from a 'clean'
| reputation, which takes history to establish.
| adevx wrote:
| You often have to build a domain reputation first.
| Certainly for Microsoft hosted email. I for instance show
| users with a Microsoft email a plain
| mailto:support@domain.tld link on my contact/support
| form. This way the first email is from them to me which
| helps building reputation and minimizes the chances of my
| response going straight into the spam box or worse,
| silently dropped. Regular users can fill in a proper form
| and submit it from the support page.
| blibble wrote:
| I'm surprised there's not some sort of database which records
| the size of subnets allocated to end-users
|
| would be very useful
|
| (business opportunity here guys!)
| formerly_proven wrote:
| Sort of like a public suffix list, except for IP addresses,
| which in my eyes makes the idea even worse.
|
| Edit: Seeing your use-case, this should probably be part of
| the whois records.
| blibble wrote:
| > Edit: Seeing your use-case, this should probably be
| part of the whois records.
|
| absolutely, assuming people subnetting to their customers
| delegate the space in the whois accordingly
|
| (they do have an incentive to do that -- prevents all of
| their customers being banned if one misbehaves!)
| mfrye0 wrote:
| I've been working on this and have built that database,
| though we only expose at the IP level:
| https://bigpicture.io/docs/api/#ip-api.
|
| What did you have in mind as far as a use case?
| blibble wrote:
| given abuse coming from a given IPv6 address: which
| subnet do I need to block to stop the user behind that
| address
|
| (for fraud detection it switches from block to identify)
|
| for IPv4 this is generally the /32 (the single IPv4
| address)
|
| for IPv6 it's probably a /64, but may be a /56 or even a
| /48, and on some crappy providers even a /128
|
| if the subnet is smaller than you think it is you risk
| banning an entire ISP (or country), whereas if if it's
| too large the abuse continues
|
| it's quite a complicated problem as by design you can
| have subletting (subnetting!) within a block, e.g. a VPS
| provider gets a /48 from its ISP, and then they sublets
| out /64s to their customers (while not necessarily giving
| them all their own RIPE/ARIN records)
| 2Gkashmiri wrote:
| can i ask a question? is it possible for people to "own"
| ipv4 addresses? like we can own domain names? something
| like /29 Subnet or /28?
|
| if i spent like a hundred bucks or something, i dont
| know... just asking. how would that work, does that
| "bring your own ip" that vps providers talk about mean
| this?
|
| i
| mfrye0 wrote:
| Got it. Yeah, it's definitely tricky.
|
| The other aspect is that a decent chunk of the IPv4 space
| at least is fairly dynamic. We've seen some blocks change
| owners every few weeks.
| cm2187 wrote:
| You could have a reputation based on /64 and to extend the
| subnet when you see a large number of spam coming from the
| same /56 or /48.
| [deleted]
| tgragnato wrote:
| Classifying IP sets is a fantastic idea, I've seen mail
| bounce for the ASN. That parameter is unchanged between
| IPv4 and IPv6. Certainly, you can do it only when the
| provider is a classic spam heaven.
| sneak wrote:
| This is a perfectly reasonable approach that mirrors that
| of the current ipv4 reputation scheme.
|
| Treating individual v6 addresses like individual v4
| addresses is silly and nobody serious will take that
| approach.
| Dunedan wrote:
| Not that this matters much, as the chance to get an IP address
| delisted is pretty slim anyway.
|
| I've completely given up to try to get my personal mail server
| delisted, as I can't even get Microsoft to tell me why they
| blacklisted it in the first place.
|
| Instead I'm nowadays just rejecting all incoming emails
| originating from Microsoft with a message telling the sender to
| use another non-Microsoft email account.
|
| It's just stupid. I never had problems with any other mail
| provider, but trouble with Microsoft as long as I can think of.
| gowthamgts12 wrote:
| exactly, we're operating a fleet of SMTP servers and IPv4
| procurement is big problem. We do by asking AWS to allocate a
| block and send email traffic via those IPs. We want to adopt
| IPv6 but the current email infrastructure doesn't support this.
| 55555 wrote:
| IPv6s are too cheap for most mailbox providers to take
| seriously. If someone sends spam, you need to block their IP,
| but they also need to lose money. Spammers don't care if they
| lose an IPv6. They'll just send spam from another.
|
| (I don't really know what I'm talking about.)
| thayne wrote:
| That's where DKIM and SPF come in.
| ikiris wrote:
| Not really. If you look at the numbers, spam almost always
| has these.
| corty wrote:
| Yes really. With DKIM, you blacklist domains, not IPs. Of
| course, only if you do it properly. Hotmail doesn't...
| thayne wrote:
| Because most email providers will block you if yo don't
| have them now. And because of that, if you get
| blacklisted you need to buy a new domain, not just a new
| ip address.
| ATsch wrote:
| That's to be expected. All it does is ensure the accuracy
| of the email sender. Which finally lets you attach
| reputation to domains instead of addresses.
| nousermane wrote:
| Anther example of big cloud providers not taking v6 seriously -
| AWS wouldn't even let your IPv6 hosts talk to their API:
| $ dig +short a ec2.amazonaws.com 52.46.140.46
| $ dig +short aaaa ec2.amazonaws.com (no response)
| corty wrote:
| Same with GCP, they just announced IPv6 availability for VMs
| in the last few days. Unbelievably you couldn't even get a
| IPv6 address for a GCP instance up to now! APIs don't work
| over IPv6, and lots of other stuff doesn't as well.
| usrlocal1023 wrote:
| They now have a dual stack EC2 API endpoint. But you have to
| go out of your way to use as it is on a totally different
| domain, and also it is limited to few regions. us-east-2
| region for example api.ec2.us-east-2.aws
|
| https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Using.
| ..
| colmmacc wrote:
| Our reason for this is that customers may have IP-based
| rules in their IAM policies. If we silently turned on IPv6
| for existing endpoints, those policies would suddenly break
| without notice. Hence new names and SDK options for dual-
| stack.
| NmAmDa wrote:
| Hetzner also raises the price of entry level VPSs to cover the
| cost of giving a new IPv4 address for each machine.
| logronoide wrote:
| I have invested in cryptos, stock markets, startups... and
| probably the most profitable assets ever were several ripe ipv4
| prefixes that we owned for years. Insane.
| donmcronald wrote:
| How did you get them? I checked a few years ago to see if I
| could buy a /29 or something small and remember thinking I
| couldn't do it as an individual.
| hattmall wrote:
| If you figure this out let me know, I've wanted to invest in
| IP/V4 for years.
| logronoide wrote:
| We obtained them in late '00 for our tech company. We used
| them for several years, but the cloud was gaining momentum
| and we gave up using our own colo platform. We sold them in
| 2017, redistributing the benefits to the partners of the
| company as dividends. Fully compliant with the tax laws of my
| country, of course.
| donmcronald wrote:
| Ah, thanks. That's kind of the impression I got. 20 years
| ago you could get them by asking, but now it's much more
| difficult and you have to get them routed somewhere / use
| them right away.
| [deleted]
| sschueller wrote:
| Great, so now there is a marketplace for IPs meaning that there
| are people solely making money buying and selling IPs pushing the
| price up irregardless of usage.
| eru wrote:
| Huh? How does a marketplace push up prices?
| drdec wrote:
| That appears to be the biggest reason BitCoin marketplaces
| exist
| cat199 wrote:
| the marketplace becomes full of speculators
|
| https://en.wikipedia.org/wiki/Tulip_mania
| 0x0000000 wrote:
| I think you'll have trouble getting the necessary ARIN
| approvals if your goal is to speculate on the pricing of IPv4
| addresses.
| intev wrote:
| Yea, and I really want this to happen. I want it to get
| expensive enough to the point where cloud providers realize
| they are literally throwing away money by participating in
| these markets rather than just adopting ipv6 and solving the
| challenges that come with it. That's how we move forward. They
| aren't going to do anything until theres $$s on the table.
| haolez wrote:
| On a side note, I've had a terrible experience trying to use
| Hetzner in the past. I had some machines at Scaleway at the time
| and I decided to try Hetzner as well. I filled some sign up form
| and received a reply email that basically said:
|
| "We've evaluated your sign up data and we've decided to not do
| business with you. Your account was rejected and we won't review
| it again for the next six months."
|
| There was nothing shady in my sign up data. It took me a moment
| to realize that the reply e-mail was real. Crazy stuff.
| mrweasel wrote:
| Do you happen to know why they rejected you? It's kinda weird
| that based only they would reject you based on just the sign up
| form.
| haolez wrote:
| No. I got a reply from an automated system with no reason
| whatsoever. They also state that they wouldn't read any
| replies, since they don't have the manpower to double check
| each and every account rejection.
| xfer wrote:
| They have a reputation of doing this kind of opaque
| "verification" asking for ID and nonsense like that. meanwhile
| there are still a lot of botnets being hosted there:
| https://www.spamhaus.org/news/article/813/spamhaus-botnet-th...
| . Even digitalocean is doing better.
| nik736 wrote:
| Where are you from?
| haolez wrote:
| South America. This was clear in my sign up data.
| notanormalnerd wrote:
| I am sorry for your experience, but Hetzner is a european
| Hoster in Germany and mostly does business with german and
| european companies. Rejecting a customer because he is on
| another continent is a valid reason for me.
|
| The sole overhead of doing the accounting and even abuse
| handling for other continents is probably not worth the
| money.
|
| Maybe it isn't clear from their page and they should be
| more open about which markets they serve.
| leotaku wrote:
| Just as another data point, I am from Europe and my
| application was accepted very quickly. Im currently using
| Hetzner for most of my personal cloud stuff and have been
| very happy with their services thus far.
___________________________________________________________________
(page generated 2021-07-28 19:00 UTC)