22

While hosting new service these days, what would be best decision. IPv4 or IPv6 ?

If we decided to launch it on IPv4 address:

  1. How easy/difficult to get IPv4 address (considering they getting exhausted out soon)?
  2. Can it be ported easily to IPv6 in coming future?
  3. How can existing IPv6 users be able to communicate with it?

If we decide to launch it on IPv6 address:

  1. How can existing IPv4 users be able to communicate with it?
Atul
  • 396
  • 2
  • 11
  • 1
    Just don’t think at ipv4 exhaustion too fast. There is [CGN](https://en.wikipedia.org/wiki/Carrier-grade_NAT), and I’ve seen people complaining there public IP address is share by many other subscriber of their INTERNET provider. – user2284570 Jan 08 '15 at 13:14
  • 5
    @user2284570 Large scale NAT breaks applications which require end-to-end connectivity, such as VoIP, multiplayer gaming, and some others I've forgotten about. Which is why Xbox Live actually provides IPv6 tunnels (via Teredo) to people who don't have native IPv6. – Michael Hampton Jan 08 '15 at 16:44
  • 6
    Related: [Should I use IPv6 only or both IPv4 and IPv6 in my web server?](http://serverfault.com/q/421445/126632) – Michael Hampton Jan 08 '15 at 16:50
  • @MichaelHampton : Yes, but many providers don’t care. In my country there is even one which block source ports <1024 and any listening port on an higher value would trigger a lawsuit. They also block icmp and only allow HTTPs or HTTP. The biggest problem with GCN is when the public ip is shared with spambots or other zombie machines which cause the ip to be blacklisted on many websites. – user2284570 Jan 08 '15 at 17:57
  • 4
    @user2284570 Have you considered moving to a more civilised ISP (or country!)? – Michael Hampton Jan 08 '15 at 18:00
  • @MichaelHampton : No, there is [one folk](https://en.wikipedia.org/wiki/Xavier_Niel) which got fed up of this 15 years ago and he created the most successful ISP. His last offer aimed at giving [this](http://www.dailymotion.com/video/xw2h1f_pub-nouveau-forfait-2-euros-de-free-mobile_tech) causing 1 million new subscribers per day. For those who accept to pay higher prices, we also have [ISPs which are runned by there users](https://en.wikipedia.org/wiki/French_Data_Network) and exist as nonprofit organizations. – user2284570 Jan 08 '15 at 18:15
  • @user2284570 This madness is in France? – Sebb Jan 08 '15 at 23:13
  • 1
    @user2284570 that ISP was good back then but it's so bad now; their peering links with Google are overloaded since years now and they want to force Google to pay which of course won't happen, and meanwhile Youtube barely loads at 360p. And I don't even want to talk about their mobile offer, it's good when it works but so far the quality has been awful (disconnections, etc) and the Youtube-related problems also apply there. –  Jan 09 '15 at 00:30
  • Ipv4. v6 is a failed standard, created by a dilettant committee. – peterh Jan 09 '15 at 12:42
  • 1
    @AndréDaniel : Remember, there is [this](https://fr.wikipedia.org/wiki/French_Data_Network). For 40€ per month you’ve got an ADSL connection were you parameter the DSLAM yourself and the switch/routers behind it. They don’t supply home ADSL routers : you’ll have to buy your own one. – user2284570 Jan 09 '15 at 19:28
  • @Sebb : Yes it was. – user2284570 Jan 09 '15 at 19:34
  • 2
    @PeterHorvath Many of our internet standards turned out be quiet inefficent (take http, that thingy with backwards compatibility spoiles most innovations) and your are not even guaranteed that people follow it (see browser compatibilty for html5 elements and CSS 3). IPv6 may be a bad standard (I don't know, I didn't read that much about this topic), but at least it solves some problems we're facing like IPv4 exhaustion and especially the run for static ips (and ignorant programmers like Notch and many others who do not accept domain names as identification for their servers). – Sebb Jan 09 '15 at 20:35
  • @PeterHorvath That the standard creating people usually have few knowledge of there topic isn't something new, at least here in germany many high politicans have a doctor, but few do actually work in that area of politics. I also have to admit that I never used any v6 execpt ::1 just because they're impossible to recognize. But v6 seems to be the new accepted standard, even if it does the v4 mistakes _again_ ("there are never gonna be that much devices..."). But why are there so many people even on SE which talk about v4 exhaustion? (see below) Never heard anyone saying anything against it. – Sebb Jan 09 '15 at 20:49
  • @Sebb Go to any hosting company in your region and check their monthly prices with or without an ipv4 address. In most cases, the second option doesn't even exist. – peterh Jan 09 '15 at 20:53
  • 1
    @PeterHorvath Sure, but w/o IPv4 you can't use many of todays webservices. Also, that we're approaching a lot more than 4 billion devices (with propably 2+ devices per person in industrialized countrys) isn't hard to believe. So why do you think that there are still enough? Going to 4 billion webservices which can't work with NAT may be futuristic by now, but hosting your own server (web, mc or something) isn't rare these days and I don't wanna pay x00€ for a single v4 bc. normal users can't have one. Also, why has v6 been accepted 'so far'? – Sebb Jan 09 '15 at 21:25
  • @PeterHorvath : I read no one should use bitmask bitmask <~110 because of a design flaw in ipv6 which allow any attacker to fill some kind of table *(can’t remember what)* allocating all the memory with the number of IP available in the subnet *(2⁶⁴ addresses if /64 and only 2²⁸ if /110)*. The paper which described how to perform the attack was on cryptome 2/3 years ago, and I can’t find it again. – user2284570 Jan 09 '15 at 23:50
  • 3
    @PeterHorvath: you are just plain wrong. In many regions (RIPE, APNIC, LACNIC) the main supply of IPv4 addresses has run out. I'm co-chair of the RIPE Address Policy WG, so I'll focus on this region. Here every LIR (usually an ISP) can get a single block of 1024 IPv4 addresses and that's it. If they need anything more they'll have to buy it on the market from another ISP. Those 1024 are just to let them do *something* on the IPv4 internet, but are not nearly enough. NAT, virtual hosting etc are common, but we still run out. What you are seeing are existing ISPs using up their final supplies... – Sander Steffann Jan 10 '15 at 11:50
  • 1
    @user2284570: that issue has been solved by now. It came down to: i.e. an IPv4 /24 contains 256 addresses so an ARP cache never needs to store more than 256 entries. An IPv6 /64 contains 18446744073709551616 addresses. A naive ND cache implementation might try to store them all, which will make the router run out of memory. Modern implementations are smarter and switch caching algorithms when the cache grows too much. And in many cases there is a firewall in the path that filters traffic to unused addresses before it reaches the last-hop router so those caches are never hit in the first place. – Sander Steffann Jan 10 '15 at 11:57
  • @user2284570 If an internet provider worries about that ND memory usage problem on links to their customers, there is an easy way around it. They can configure the link prefix between their router and customer's router as a /124. The rest of that /64 should not be routed anywhere. On the link prefix the ISP assign prefix::1 to their own router and prefix::2 to the customer's router. And finally the important step: Allocate a /48 and route it to the customer's router. – kasperd Jan 10 '15 at 13:53
  • @kasperd : No, they convert ipv6 to ipv4 inside their network and provide ipv6 through tunneling. It also avoid to buy public routers wich support IPV6. – user2284570 Jan 12 '15 at 00:45
  • @user2284570 Sounds like you are not sure if what you are speaking of is a tunnel or a translation. Either way tunnels and translations are only temporary solutions. – kasperd Jan 12 '15 at 01:33

3 Answers3

34

Both of course. IPv4 will stay a long time, and it's way past time to start with IPv6.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • 2
    `IPv4 will stay a long time`: Sure, I’ve seen reports that some providers started to distribute private addresses to their subscriber instead of public ones. In the same time they don’t provide IPV6 acess *(prefer GCN over ipv6 access)*. – user2284570 Jan 08 '15 at 13:16
  • 3
    @user2284570: That started a long time ago. I got [DS-Lite](http://en.wikipedia.org/wiki/IPv6_transition_mechanisms#Dual-Stack_Lite_.28DS-Lite.29) with my home cable internet 2 years ago, which is the default for many providers now. Luckily, I could convince them I needed full DS. – Sven Jan 08 '15 at 13:16
  • 1
    No, this different, there is no IPV6 parts. But maybe I’m too localized, in France every subscribers *(whether private or companies)* still get public ipv4 addresses – user2284570 Jan 08 '15 at 13:22
  • 1
    @user2284570: This is absolutely depending on the provider. It's also not really relevant as the important bit still is that IPv4 is here to stay for a long time. – Sven Jan 08 '15 at 13:23
  • 2
    @user2284570 I think that happened to me in like 2002-2003 or so. – user Jan 08 '15 at 15:14
  • @Sven : No, there is no provider which won't give you a public ipv4 address here. – user2284570 Jan 12 '15 at 00:48
31

IPv4 and IPv6 are separate protocols that don't talk to each other. You'll have to support both protocols for now.

Getting IPv4 addresses is getting more difficult and expensive, but you'll have to make your service available over it because not all users will have IPv6. On the other side there will be users who don't have full IPv4 anymore. They might have to share their IPv4 address with many others, they only have IPv6 and need a translation service to reach IPv4 services etc. For those users and for future users you want to offer your service over IPv6 so that they can reach it in the most optimal way.

And hopefully in the not-so-distant future everybody will have IPv6 and we can get rid of IPv4 and the hacks and costs required to keep it working.

One way you could start your new service is to build everything for IPv6-only and put a translator (SIIT-DC or reverse proxy) next to it to translate incoming requests over IPv4 to IPv6. You'll be able to handle both protocols for now, and it will also be easy to clean up and remove the obsolete IPv4 stuff later.

This strategy is especially useful if your service runs on a cluster of servers. The whole cluster can run IPv6-only and you need only one IPv4 address on your translator. It's easier to only have to maintain one protocol on the majority of your machines and requiring less IPv4 addresses can also save you money. That's why companies like Facebook are doing this as well.

Sander Steffann
  • 7,572
  • 18
  • 29
  • And of course this single protocol translator will become the biggest single point of failure you will have, so you have to buy at least two, and configure as a ha cluster which of course is easy unless you have no idea how to do it.. but as you will be big as Facebook, believe me, it is really easy at this scale. – kakaz Oct 15 '18 at 15:41
  • 1
    @kakaz A translator like described can be implemented in a completely stateless fashion, which will make it trivial to replicate. Of course since sites of that size need load-balancing, they may as well integrate the translator with load-balancing. Of course since the connection from load balancer to backend use an IP tunnel the need to translate can go away since the outer packet can be IPv6 even if the inner packet is IPv4. – kasperd Oct 15 '18 at 17:02
  • But you know what is single point of failure? – kakaz Oct 15 '18 at 17:21
3

While hosting new service these days, what would be best decision. IPv4 or IPv6 ?

Assuming this is a service intended for use over the public internet by clients on machines or networks outside your control you should support both.

How easy/difficult to get IPv4 address (considering they getting exhausted out soon)?

For individual addresses you generally rent them from your hosting provider, most providers still include one with each server, but some are starting to charge extra for it. As the market price of IPv4 addresses rises we can expect the rental fees charged by service providers to rise too.

If you need blocks to run your own network things get harder. There is a market in IP blocks but AIUI it's more like buying real eastate than buying servers. In Europe it's also possible to register as a LIR and get a "final allocation" from RIPE, the downside of that approach is the ongoing fees (fees for a LIR are much higher than for "provider-independent" allocations).

Update: RIPE's pool for "final allocations" is now exhausted too.

Can it be ported easily to IPv6 in coming future?

IPv6 addresses are bigger than IPv4 ones so anything that stores IPs in a fixed-size field (whether text or binary) is problematic. Similarly IPv6 addresses in text form use colons rather than dots so anything that stores IP addresses in a structured text format is potentially problematic.

It is almost certainly easier to support both from the start than to try and track down every place IP addresses are stored and processed after the fact.

How can existing IPv6 users be able to communicate with it?

Currently a large proportion of the Internet is v4 only, so providers have to provide some means for their clients to access v4 only resources. Increasingly as IPv4 addreses get more expensive and harder to obtain they will be looking for mechanisms that allow them to do this without giving each customer a dedicated public IPv4 address.

There are a variety of approaches to this, including conventional IPv4 NAT at the ISP level, DS-Lite which tunnels IPv4 packets to a special IPv4 NAT over IPv6 and NAT64 which translates IPv6 packets to IPv4 packets. All of them will come at a cost in performance, reliability and ability to trace abuse.

How can existing IPv4 users be able to communicate with it?

Unlike in the previous case this is mostly your problem. Some clients may use teredo but windows disables teredo by default when it detects a domain controller and most other operating systems didn't support it out of the box at all. Even when teredo is enabled it's not exactly the most reliable mechanism.

So if you want your service to work for the majority of Internet users you need to offer it on IPv4.

That doesn't necessarily mean your servers have to support IPv4 though. For example if you front with a CDN like Cloudflare or Akamai then the CDN can receive the traffic over IPv4 and forward it to you over IPv6. I am also aware of one hosting provider that offers a free reverse proxy service for this customers. I expect such things to become more common as the price of IPv4 addresses and the proportion of clients supporting IPv6 both rise.

Peter Green
  • 4,056
  • 10
  • 29