Skip to content(if available)orjump to list(if available)

I spent a week without IPv4

I spent a week without IPv4

59 comments

·December 20, 2025
Visit

jrmg

I’m surprised home many technically knowledgeable people on Internet forums still think IPv6 is some niche, unreliable thing.

In my direct experience, in the USA, at least Spectrum, AT&T, and Xfinity (Comcast) still run IPv4, of course, but they also have IPv6 working and on by default on their home internet offerings.

All mainstream computer and mobile OSes support it by default and will prefer to connect with it over IPv4.

‘Everyone’ in many areas is using it. For many of us, our parents are using Facebook and watching Netflix over it. Over 50% of Google’s American traffic is over it. It just works.

idatum

OpenBSD makes it easy to try IPv6 tunnelbroker.net with NAT64/DNS64 if your ISP only has IPv4 ("one more lab test away.." they say).

This has worked for me well for a couple years. I do use a VLAN to keep the IPv6-only network separate (homelab) from video streamers in the household.

In my pf.conf:

    # IPv6 tunnel
    block in log on $tun6_if all
    block in quick on $tun6_if inet6 from fd00::/8 to any
    antispoof quick for $tun6_if
    # allowed icmp6
    pass in quick log on $tun6_if inet6 proto icmp6 icmp6-type {
        unreach, toobig, timex, paramprob, echoreq
    }
    # MSS clamping 60 bytes less than HE 1480
    # 20 byte IPv4 tcp header + 40 byte IPv6 ip header
    match on $tun6_if all scrub (random-id max-mss 1420)
and in /var/unbound/etc/unbound.conf:

    # DNS64/NAT64
    module-config: "dns64 validator iterator"
    dns64-prefix: 64:ff9b::/96
Done. I don't have 464XLAT on Win11 but I do want to know if there's a hard coded IPv4 address anyway. I never had an issue.

mojuba

> Groups of zeros can be omitted with two colons, but only once in an address (i.e. 2000:1::1, but not 2000::1::1 as that is ambiguous)

Can someone explain why it's ambiguous?

On the subject, IPv6 is one of the strangest inventions on the internet. Its utility and practically are obvious no matter how you look at it except... just one thing.

Network-related things are generally easy to remember and then type from memory: IPv4, domain names, standard port numbers. Back in the day it was the phone numbers, again, easy to remember and dial when you need it. IPv6 is just too long and requires copy/paste all the time. This is the only real reason in my opinion, why IPv6 is doomed to be second-grade citizen for (probably) a few more decades.

clashandcarry

2000:1::1 would expand to 2000:0001:0000:0000:0000:0000:0000:0001

2000::1::1 could be 2000:0000:0000:0000:0001:0000:0000:001, or 2000:00000000:0001:0000:0000:0000:001

There's ambiguity on where to fill in the five groups of 0000 in the second case.

rockskon

The second address is invalid. You can only use :: once per address.

Edit: Whoops. Didn't read what the above post was in response to. My bad.

tpetry

That exactly what was the question about and they explained why it is invalid…

throw0101c

> This is the only real reason in my opinion, why IPv6 is doomed to be second-grade citizen for (probably) a few more decades.

Except if you're using a mobile phone, in which case many telcos hand out only IPv6 addresses to handsets. 2018 NANOG presentation "T-Mobile's journey to IPv6":

* https://www.youtube.com/watch?v=d6oBCYHzrTA

From 2014, "Case Study: T-Mobile US Goes IPv6-only Using 464XLAT":

* https://www.internetsociety.org/deploy360/2014/case-study-t-...

But who cares about mobile phones, right? They're only second-grade devices.

ck2

my tmobile 5g modem has ipv4 but changes ip every single page load, it's wild

I'm used to cablemodems with static ipv4 for months basically until mac changes

nwellinghoff

I said this in a previous post and was shot down hard. I think you are right. Every time I look at a ipv6 address my brain goes “fack this”.

WarOnPrivacy

> Every time I look at a [long] ipv6 address my brain goes “fack this”.

I do get that but I also get 'There are so many I could have all I wanted ... or I could if any of our fiber ISPs would support it, that is'

mike_d

IPv4 isn't perfect, but it was designed to solve a specific set of problems.

IPv6 was designed by political process. Go around the room to each engineer and solve for their pet peeve to in turn rally enough support to move the proposal forward. As a bunch of computer people realized how hard politics were they swore never to do it again and made the address size so laughably large that it was "solved" once and for all.

I firmly believe that if they had adopted any other strategy where addresses could be meaningfully understood and worked with by the least skilled network operators, we would have had "IPv6" adoption 10 years ago.

My personal preference would have been to open up class E space (240-255.*) and claw back the 6 /8s Amazon is hoarding, be smarter about allocations going forward, and make fees logarithmic based on the number of addresses you hold.

boob

> Can someone explain why it's ambiguous?

Because you don’t know how many zeroes are on each side around the 0001 in the middle.

It can be 2000:0000:1:0000:0000:0000:0000:1 or 2000:0000:0000:0000:0000:1:0000:1 etc.

koakuma-chan

This shortcut system of ipv6 only makes it worse. It's too hard to remember how it works.

icedchai

Is it really hard to remember? A hint is in the syntax itself. What's in between the two colons '::'? Nothing. In other words, all zeros.

IPv4 also has a similar, though rarely documented or utilized, shortcut system. Try `ping 1.1` for example. It expands to 1.0.0.1.

karlshea

":: is all zeros" is too hard??

WarOnPrivacy

> Network-related things are generally easy to .. type from memory [but] IPv6 is just too long

I was reminded of this 2d ago; I was testing one IPv6 WAN from another. DDNS had failed so I didn't have my usual crutch to lean on.

null

[deleted]

api

I've said this since time immemorial, and networking people often dismiss it. "Just use DNS," say people who have never actually worked netops or devops.

The length of the addresses and the clunky nature of their ASCII representation is absolutely the #1 reason the IPv6 has taken this long. User experience is the most powerful force affecting large scale adoption, and IPv6 has poor UX.

I think the UX is partly fixable by creating less horrible ASCII representation, but this would take a lot of coordination that was hard even back then and is virtually impossible now. If someone told me in 500 years we're still running dual-stack IPv4/IPv6 absolutely unchanged, I'd believe it.

ggm

whats the rule to say where the first 1 floats between the 2000: and the :1 at the end? the :: rule says "all zeros" but not how long.

doubletwoyou

the :1 is short for :0001 basically and then just put that bit of the address at the very end and put the first bit of the address at the front, and then just fill each missing group inbetween with 0000

webignition

"just"

mlangenberg

> There are also still a lot of misconceptions from network administrators who are scared of or don’t properly understand IPv6

Enable IPv6 on a TP-Link Omada router (ER7212PC) and all internal services are exposed to the outside world as there is no default IPv6 deny-all rule and no IPv6 firewall. I get why some people are nervous.

throw0101c

> Enable IPv6 on a TP-Link Omada router (ER7212PC) and all internal services are exposed to the outside world as there is no default IPv6 deny-all rule and no IPv6 firewall. I get why some people are nervous.

A router routing traffic makes people nervous? Isn't that what it's supposed to do? I'd be annoyed if my router did not pass traffic.

Now, if the ER7212PC was a firewall that would be something else.

(And no, I'm not being pedantic: routers should pass traffic unless told otherwise, firewalls should block traffic unless told otherwise. The purposes of the two device classes are different, they just happen to both deal with Layer 3 protocol data units.)

gz09

I believe that was more a bug in the firmware that's been fixed for a while now.

karlshea

My two IPv6 issues (even having had a HE tunnel in the past):

- My local ISP (US Internet, soon to be part of T-Mobile Fiber) hasn't enabled it, even though the CEO has said on Reddit for years that it's a priority. Now that they've been acquired who knows if it'll ever happen.

- Linode allows transferring v4 addresses between machines, so if I need to rebuild something I can do so without involving my client who usually has control over DNS. They do not support moving v6 addresses, which means that the only sites I have control over that support v6 are the ones that I control DNS.

Making IPv6 a thing seems like it would be super easy if a couple hours could be spent solving a bunch of dumb lazy problems.

toast0

> My local ISP (US Internet, soon to be part of T-Mobile Fiber) hasn't enabled it, even though the CEO has said on Reddit for years that it's a priority. Now that they've been acquired who knows if it'll ever happen.

Being a priority doesn't mean it's high priority. It could be a priority, but the lowest ranked one, so other stuff always comes first. :P

T-Mobile wireless US is pretty invested on IPv6, so if they take over the network, they may well push it.

Animats

Here's China's current IPv6 plan.[1] It was an explicit objective of the 14th Five Year Plan, now concluding, to get most of China's Internet on IPv6. About 70% of China's mobile users are on IPv6 now. But fixed IPv6 traffic in China is only 27%.

[1] https://www.cac.gov.cn/2025-05/20/c_1749446498560205.htm

PaulKeeble

When I moved to an ISP that supported IPv6 earlier this year I ran into niggly problems. Ubuntu failed to update because one of its regional servers was misconfigured. OpenDNS one of its servers seemed not to be there on a regular basis over IPv6. I also had odd behaviour and latency issues where sometimes IPv6 would fail to route for short periods and it would fail and fall back to IPv4.

It was a painful experience of trying to work out if I had misconfigured it, if it was something to do with my opensource router software or if it was my ISP or the end services. I didn't get to the end of working this out and reporting issues and I just gave up. Due to the intermittent nature of the issues I was facing I never managed to get a report of issues my ISP would accept.

So I'll give it some time and give it a try after a year and see if things have improved, but it was definitely not ready for prime time.

glitchc

While these articles are useful in understanding the utility of IPv6, what would really help is an article explaining step by step how to configure a home network using IPv6. The tutorial should answer these questions:

- How to ensure there are no collisions in address space? Translates to, how to pick safe addresses, is there a system?

- How do I route from an external network resource to an internal network resource? Translates to, can you provide syntax on how to connect to an smb share? Set up a web service that works without WireGuard or equivalent?

- How does one segment networks, configure a vlan, set up a firewall?

candiddevmike

- if you're talking a private/local prefix, you can use tools like this to generate one: https://unique-local-ipv6.com/. Otherwise DHCPv6 and SLAAC will ensure no collisions for the most part.

- Use global/public addresses on all your devices (using something like prefix delegation) or use NAT.

- Same as IPv4. Prefix delegation will let your ISP assign you multiple networks, and then most routers will break these up into /64 networks for each of your VLANs.

Latty

- SLAAC - the address spaces for IPv6 are so huge, collisions are extremely unlikely outside of intentional actions.

- Open holes through firewalls, point DNS at the address, and it should just work, the joys of actually having public addresses.

- Same way as with IPv4 mostly. The only real difference is because SLAAC assumes a /64 you probably want your networks to be at least that big.

layer8

If Google would announce that Chrome is dropping IPv4 support in n months, that would probably get things moving. ;)

rao-v

What’s the pragmatic solution to ipv6 allowing everybody in my household to be trivially and stably mapped to a unique subnet? I like the accidental semi-randomization that ipv4 and ISP NAT offered and I don’t see anything like it short of putting my entire home net on a VPN (it’s expensive and can’t keep up with my ISP’s bandwidth)

lloeki

Each device gets directly addressable from WAN with v6 but it also gets a randomised privacy IP that rotates very frequently so each individual device is just as "hidden" as it was with v4+NAT.

Your v6 subnet prefix is no different than whatever WAN-side v4 your NAT had. "Accidental semi-randomization" of the WAN side IP is not something one could reliably count on. Many ISPs just hand over a static-like IP, that is, even when it's supposed to be random the pool of IPs is so constrained that it's usually the same simply through the IP lease surviving power cycling. And that was before CGNAT.

If your concern is being identifiable through your IP then counting on whatever v4 artifact is the wrong move. Use a VPN with randomised exit nodes.

yjftsjthsd-h

It's true that you won't get CGNAT without having CGNAT. Depending on your concern, it is possible to NAT66 to make your entire network appear as one IP.

candiddevmike

I wish I could switch my network to all IPv6 and use NAT64/DNS64, but Android, the world's most popular OS, purposefully disables DHCPv6. I am forced to support IPv4/DHCPv4 for the foreseeable future to support these broken devices.

dmm

Android supports DHCPv6, just not stateful DHCPv6. You can give each device its own /64 or if you really want to track a devices usage you should use an authenticated layer on top of your base network.

franklyworks

Android supports SLAAC and has good support transitional tech like xlat464 and DHCP option 108.

I have used these on my network and office to move to IPv6-only for Android.

What about lack of DHCPv6 prevents you from using IPv6 on Android?

candiddevmike

I can't run SLAAC and DHCPv6 at the same time without giving devices multiple addresses, and Android doesn't support DHCPv6, so I'd have to carve out a separate, SLAAC-based, android-only network. And then figure out firewall rules, multicast reflection, etc.

justincormack

Why is giving multiple addresses a problem?

gspr

I thought this was a problem too. Then I realized that addresses are not in short supply, so I stopped caring that some devices get multiple addresses. The ones I care about are handed out over DHCPv6, and the firewall works accordingly. The rest gets basic connectivity and nothing else.

Works great for me.

avidiax

Why can't you use stateless autoconfig?

candiddevmike

Because I want to control the suffix assigned to devices for firewall rules and monitoring purposes.

tlogan

As a normal user: why do I need IPv6?

As far as I know, the majority of websites (about 70%) do not support IPv6.

badgersnake

I don’t think that’s true. But of course it depends how you’re measure the majority of websites.

Most of the figures I see show 60-70% of the top 100 sites do support it. But maybe that does not reflect your usage.

Why do you need it? Maybe you don’t right now since ipv6 only sites are niche. The most tangible advantage I’ve seen is avoiding CGNAT. Gamers in particular don’t like that because it introduces latency. Services like Xbox live definitely do support ipv6 for this reason.