Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
IPv6 should concede to using v4 addresses, for now
6 points by hot_gril on Sept 28, 2022 | hide | past | favorite | 10 comments
tl;dr everything that currently has a v4 address should have the same v6 address (with padding), in every kind of dual-stack network, to ease the transition

IPv6 is generally considered better and even simpler than v4. Slow adoption has usually been blamed on old systems, but I'm getting tired of that explanation. Currently, many networks are dual-stack, meaning both v4 and v6 are spoken on it totally independently. Not only is v4 still around, but the phrase "IP address" is generally understood to mean v4. Why is this still a thing?

First I considered the human side. Say a device's IPv4 address is 71.177.17.171 (seriously I used to have this one). Maybe I also get v6 address 2345:0425:2CA1:::0567:5673:23b5. You're telling me this ::::ing eyesore of base16 is an upgrade? Even making it a longer octal like 71.177.17.171.77.111.11.11 would've been easier for most people. Yes, either way it's just a number to the computer, but human-friendliness still matters (consider JSON).

When I mentioned this to some network expert colleagues over lunch (I'm no expert), they each said, the human-unfriendly v6 addresses are a feature to encourage use of DNS within an enterprise system. Something is wrong if you care about the address rather than just using DNS. DNS also solves the v4->6 migration. I get it, but doesn't that sound user-hostile? If the benefit of switching from 4 to 6 is repeatedly too small for companies to justify in the short term, shouldn't this be nicer?

So I asked, why is v4 still king if DNS can resolve to v6, and the answer confirmed my guess: It's not a lack of hardware/software support for v6. It's all these old, shoddy systems with hardcoded peer ipv4 addresses within datacenters, enterprise setups, etc. Maybe a sensor hardcodes the controller address. And a v4 network will often include all sorts of middleware like NATs that you don't put into a v6 network, so often everything changes going from 4 to 6. For companies that don't need v6 today, the value proposition doesn't make sense. I'm "guilty" of this at home too, setting static ipv4s for devices and disabling v6 entirely cause who needs it. v4 is king because v4 addresses are king.

The common enterprise workaround is predictable. Configure a 4->6 middlebox for legacy parts of the network, but of course that requires special configuration coding in the 4->6 address mapping. And in dual-stack networks, you get a confusing mix of v4 and v6 addresses. Even home networks and consumer ISPs are in that situation now. It's a mess.

As we spoke at the lunch table, each person who sat down to join us left this insanely boring conversation within a minute.

So I had previously thought about shoving the v4 address into the v6 with some padding. Turns out there's a spec* for this, but it's optional. Here's my proposition: In every dual-stack setup, make each host's v6 address always the same as its v4 address (with padding). I don't just mean within one company, I mean globally as part of the IP spec. Change ipv4 networks to speak v6, from ISPs to tiny subnets, but don't change any addresses. Crappy old code just needs a protocol change, nothing else. Humans should even represent such padded v6 address in the v4 octal notation; don't scare people with hexes. Your gateway is still 192.168.1.1, your DNS is 8.8.8.8, but you're speaking v6. Once that single step is complete, we can take the next steps with the critical mass of adoption put behind us. Maybe some v4-padded addresses will survive, but IPv4 won't.

In some ways, this makes no technical sense. The address shouldn't matter, and why use padded v4 addresses even in dual-stack networks that don't have this problem of hardcoded addresses? Because this is less confusing, and it's not about the technical perfection, it's about getting people on the same page.

* https://docs.oracle.com/cd/E19683-01/817-0573/transition-4/index.html



IPv4-compatible (all zeroes in front of IPv4 address) addresses are deprecated. They were intended for automatic tunneling (see RFC 1933/2893, it’s about tunneling IPv6 through IP4-only networks) which was deprecated in favour of 6to4 (RFC 3056, 2002::/16).

IPv4-mapped addresses are supported, depending on your network stack (I think for example OpenBSD doesn’t allow it for security reasons), but only to have a combined socket listening to both IPv4 and IPv6.

NAT64 is what you want I guess, but there is no requirement for a prefix (in a sense you can choose who handles the 6-to-4 translation by choosing the prefix). There is a “well-known” prefix though: 64:ff9b::/96

NAT64 is often combined with a DNS server translating A records into the corresponding AAAA records (DNS64). I don’t know whether they solved how that works together with DNSSEC though


I figured there were compatibility modes like this. I wanted it to be more comprehensive, a widely-accepted rule that if you're running both versions, they use the same address in every context. Fewer variables this way. Maybe this had to be from the beginning.


You could even get an ipv4 from a DNS A record and speak ipv6 with it anyway.


1. legacy ip allocations are a huge mess, largely due to growth - mirroring that haphazard, patchwork allocation model for ipv6 would be obscenely inefficient & make the v6 dfz table as bad as the legacy ip counterpart

2. as much as 41% of the world already has ipv6 - why should they not continue what they’re doing?

3. “Not only is v4 still around, but the phrase "IP address" is generally understood to mean v4.” no, that’s really not a thing.

4. “Say a device's IPv4 address is 71.177.17.171 (seriously I used to have this one). Maybe I also get v6 address 2345:0425:2CA1:::0567:5673:23b5.” …what? how did you get from point a to point b? i would have expected something containing 47 b1 11 ab but…what?

5. “Even making it a longer octal like 71.177.17.171.77.111.11.11 would've been easier for most people.” that’s…not octal. an octal representation of that ip would be 107 261 21 253 which is…not really an improvement, i don’t think?

6. “When I mentioned this to some network expert colleagues over lunch (I'm no expert), they each said, the human-unfriendly v6 addresses are a feature to encourage use of DNS within an enterprise system.” the idea of hexadecimal addresses is intended to be more user-friendly than a long string of unnecessarily verbose octets like 251.82.40.105.0.49.61.129.87.46.0.0.31.96.255 . should you be using dns? sure - but you also should be using it for legacy ip. can you memorize legacy ip addresses? yes. can many ppl also memorize ipv6 addresses? also yes. should either of those things be standard practice? no - there are better uses for brain cells.

7. “The common enterprise workaround is predictable.” no, it’s not. nat46 is rarely used. nat64 is much, much more common. (the common enterprise “workaround” is “stonewall on ipv6 as long as possible.”)

8. “Humans should even represent such padded v6 address in the v4 octal notation;” oh. there’s the problem: legacy ip addresses aren’t octal, they’re decimal. have you genuinely never seen a legacy ip address containing an 8 or 9? wait. do you know what octal is? (also, there’s an octet missing from my example two points above. did you notice?)

9. “Slow adoption has usually been blamed on old systems, but I'm getting tired of that explanation.” i’m getting tired of harebrained THIS IS HOW WE SHOULD OF DONE IPV6 theories that are 20+ years too late, but here we are.


1. Yes, it'd be a compromise, for a future of having v6 actually adopted. I'm surprised nobody has yet mentioned that it'd burn ~32 bits of the v6 address space just for v4 addresses. Once your network is all-v6 and nothing is relying on the mapped addresses, you drop this.

2. Because a bunch of those are also stuck running v4 on the side and would probably love for v6 adoption to move forward so they can drop the technical debt.

3. https://www.google.com/search?client=firefox-b-1-d&q=what+is...

4. My v6 addr is different from my v4, is what I'm saying.

5. My bad, I mixed up "octal" and "octet." It's decimal notation, which is made of octets.

6. Yeah, idk, it's what they said. Do people memorize IPs, probably not, except for local 192. or 10. ones. Do people note them in short-term memory while debugging, yes. The colon-separated hex is more annoying to me, maybe because I'm used to decimal, but then again so are most people.

7. I would say then, common workaround for enterprises that actually need/want to use ipv6 sooner or later.

8. Gee, I'm sorry for the mixup. Seems you got which one I meant anyway.

9. It probably is too late to do this everywhere. Maybe ISPs could hand out 4-mapped v6 addresses at least, idk if that's possible.


1. what? i thought the idea was that the v6 space be based on the legacy ip space? how would you “drop this” if that was what you were using?

2. that’s what ipv6-only w/ nat64 is for (thank goodness)

3. i’m not sure this is the flex you think it is: https://twitter.com/noipv6/status/1575662492063174656

4. okay?

5. okay

6. that people are “used to” dotted decimal ip addresses just means ppl can learn arbitrary things. there’s nothing inherently more natural about legacy ip addresses than ipv6 addresses.

7. enterprises that need/want ipv6 are deploying ipv6. source: my job

8. okay

9. this almost sounds like 6rd fwiw

=D


1. Once the world collectively moves on from v4, you stop assigning v4-mapped v6 addresses. And nothing stops you from assigning two v6 addresses to a single iface in the meantime.

3. Yeah, it shows my ipv4 only, and I have both. Do you not have a v4?

6. No, there's not, but the reality is everyone you're trying to switch over to v6 is already used to v4, and it's like herding cats.


hey, sorry i didn’t respond. i may have read the reply & gotten drunk. hard to say.

1. why would you add the extra step of using a “v4-mapped v6 address” if you’re just going to end up using regular ones?

3. if you have ipv6 but that google link shows a legacy ip address, your ipv6 connectivity is broken somehow. you’re not behind some sort of weird nat66, are you?

6. that’s getting less true with every passing year, thankfully


That ship sailed long ago.


Yeah, probably.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: