I think it could be argued that the flaws in IPv6 are significant enough to result in an scenario where IPv4 is never actually retired and therefore IPv6 is never fully adopted.

Its been decades, but still IPv6 is deployed (at best) as a parallel network that effectively doubles management/maintenance overhead. And at worst sites just add an IPv6 reverse proxy.

What's the problem with an IPv6 reverse proxy? If the Internet-exposed endpoint is IPv6, then from my point-of-view of a client, it's effectively that. For what I care about, they could be running fax machines over an analog phone line beneath that point.

We are way past the critical mass for IPv6, it has enough momentum to become predominant "internet" in the next decade or so. Thinking that it won't happen is pretty ludicrous at this point

My concern is that v4 may never be decommissioned. Sure, v6 could become predominant, but fundamentally there being two separate protocols running in parallel is a failed migration.

On a much smaller scale it's analogous to migrating from mariadb to postgres, but the migration takes 50 years and you end up realistically maintaining both.

IPv4 may never be decommissioned, in the same way that unencrypted HTTP may never be decommissioned. But it can sure be completely marginalized.

Retiring IPv4 was never a strong goal of IPv6. The "inter-" in internet was always about "interoperability" between networks and side-by-side networks that interoperate was always the plan. Dual stack IPv4/IPv6 was in part chosen because it doesn't sweep the interoperability problems under the rug like some of these old "IPv4 extended" proposals did. You are never going to upgrade all devices at once and you were always going to have two networks, it was just a little bit easier with some of the other proposals to pretend it was one network if you squinted really hard and ignored all the interoperability problems that would crop up in practice because devices didn't update to understand the extensions.

What do you think are the biggest flaws in IPv6?

Dual Stack. Means twice the work for barely any benefit.

I should be able to have a router with a ipv4 network and multiple ipv6 networks without losing access to the ip4 network. The ip6 network should be reachable via port natting on the ip4 IP

I.E I have three networks on my router, two on ipv6

1000:2000:3000:4001::1/64

1000:2000:3000:4002::1/64

192.168.0.1/24

the ipv6 only server on

1000:2000:3000:4001::10

should cope with sending a packet to

1000:2000:3000:4002::10

By routing it via the router

It should also transparently convert a target of 192.168.0.3 to ::ffff:c0a8:3 and send via the gateay.

The router should then convert it to 192.168.0.3, with a source of 192.168.0.1, and maintaining a NAT state so return traffic goes back to 1000:2000:3000:4001::10

If there's a service that 1000:2000:3000:4001::10 needs to expose, the router can do a dst-nat on say 192.168.0.1 port 80 and forward to 1000:2000:3000:4001::10 port 80

That way you can comfortably deploy ipv6 wherever possible and not have to worry about ipv4 other than at the router, where you just have the ipv4 subnet

Likewise my ipv6 network can reach 209.216.230.240 by running ipv6 across my network until it comes to a device with an ipv4 address, where it gets natted. Just like it runs across my private rfc19xx ipv4 range before srcnatting at the edge of my network.

Poor interoperability with NAT is a feature, not a bug, IMHO. NAT rarely makes sense in IPv6. In your scenario, why wouldn't you just set up your router so you can directly address the V6 subnets over V6 to begin with?

IPv6 works best when all addresses are globally routable (whether firewalled off or not). We're all so used to RFC1918 that we forget it was an ugly kludge that fundamentally broke how the internet was meant to work. IPv6 is the fix for that breakage: the address of every individual device can actually mean the same thing everywhere on the internet, as it was meant to be. L3 routing can be stateless again.

The primary intent of IPv6 is to replace IPv4, not coexist with it. Coexistence is transitory and not worth optimizing for over the future of the internet when V4 is dead.

V6-V6 sure, that doesn't need nat. It's the V6->V4. NAT is preferably to dual stack. I don't want to double my administration efforts by maintaining a v4 and a v6 network on every machine and every router, which appears to be best practice. Let me deploy v6, and only v6, but still interoperate with v4 until everyone has migrated.

As for nat being a cludge, lets assume I have a simple small office network with two independent ISPs. Normally I want to send half my users out of ISP1 and half out of ISP2.

If ISP2 fails, I want to send them all out of ISP1, OK there's less bandwidth to go round, but better than having no bandwidth for half my users.

How do I do that with ipv6 without natting (assuming I'm not large enough to be running my own AS and peering with two different providers)

What I've been told is both ISP's v6 prefix should be advertised with different priorities to the clients, which also yields the net bonus that applications that are stateless (UDP) or use MP-TCP can seamlessly fail over or adapt to network conditions without the intervention of another network device.

I don't have easy access to multiple V6-PD enabled providers to test this theory, and as someone with quite the neck beard I really don't know how I feel about ceeding this level of control to endpoints. But also, I'm not sure I hate it either.

Oh and don't forget link-local and a ula prefix for your local addressing requirements for pinters and whatnot that shouldn't be using dynamic discovery.

> What I've been told is both ISP's v6 prefix should be advertised with different priorities to the clients

That basically doesn't work with real clients. They'll do dumb stuff like use address from provider A to send through the router advertising addresses from provider B. And take forever to do anything in response to prefixes that are advertised as no longer usable or simply no longer advertised.

Is this conjecture or something you’ve tested or known to be tested? V6 devices are actually expected to be able to understand multiple route advertisements and I know for sure they do properly understand the mix of link-local, ULA and public prefixes.

I tested it; I was trying to get failover (preferably automated failover) between DSL and LTE on IPv6. Should be simple: advertise from DSL as normal priority (would do high priority, but I can't change how the modem advertises it), advertise from the LTE as low priority, somehow make the DSL modem advertise deprecated or at least stop advertising when it's disconnected.

V6 devices are expected to understand that and do the right thing, but Windows (10) doesn't, Linux was worse, and I don't remember what Android did and I didn't get around to testing FreeBSD, and that's all the OSes I have.

If you've got experience otherwise, I'd love to know, one of these days I need to setup IPv6 again, but what I'd really like to do is too much work, so I'm IPv4 only for the foreseeable future.

I tried turning on IPv6 on my VPS server running Docker. Not knowing much about IPv6, I naively assumed it’d just work. Evidently not, and you either need to run a NAT service or your containers become publicly routable, both having major caveats that I didn’t want to deal with.

The notion that every endpoint has a globally unique address, with prefixes coming down from some upstream provider is just fundamentally incompatible with how IPv4 networks are designed today.

I believe that the comment is not a personal opinion but a reflection of the acceptance rate of IPv6. If most of the web still uses IPv4 and not using IPv6 is still defended with the "people against new things" arguments, it shows that there is at least one thing that prevents people from using it. Considering that the new kid on the block is 26 years old, I think, there is more than one.

Any new protocol is going to have adoption costs. The "issue" with ipv6 is that for a lot of people/organizations, the tolerable cost of adoption is still pretty much zero. Adding yet another protocol to the mix would not make that better.

You are right, v6 is mostly a new protocol. But it's been been advertised as an updated version. It just contains essentially 100% breaking changes.

By no means I did support the use of another protocol. All I focused on was that the IPv6 could not be a huge success over IPv4. For the previous 26 years, pros weren't enough to eliminate the cons. At least the overall usage ratio can be comprehended this way.

I've been advocating for this for a long long time. Just NAT to IPv6 or IPv4 and go about your business.

2012 wasn't a bad time to discuss alternate options. Now is maybe a little late, but that's arguable.

There's a whole generation of people and experience that wasn't able to enter the discussions in 1993 and is available now. Maybe new eyes or experienced eyes would have a better solution.

The problem is clearer now than then. IPv6 makes many changes to address many problems, but maybe only address space is a real problem, because only address space seems to be motivating people to join IPv6.

Of course, the downside is not a lot of people want to be on three parallel networks, it's a lot of work. But perhaps, if that third network were more desirable and easier to implement, it could get larger coverage in a shorter amount of time than IPv6. Sort of like how TLS 1.1 never had more users than TLS 1.0, but TLS 1.2 overtook them both.

You would need real consensus and commitment from lastmile ISPs, backbone ISPs, networking vendors, OS vendors, CPE vendors, mobile networks, content providers, etc, though and that's tough. The consensus on IPv6 seems to be clearly, we'll do it eventually, when we really have to (which for some networks was 2012, and some networks is now, and some networks seems to be never)

If we open up the issue for discussion again, what we will get is some Google/Cloudflare protocol which “incidentally” centralizes everything.