IPv6 and the coming IP Apocalypse:2024

A story about trying out IPv6 in 2024 for a home ISP behind CGNAT (like Community Fibre in London)

I first worked for a networking company in the last century and I got a certificate on TCP/IP. Back then it was all IPv4. They didn’t even call it that — it was just IP, Internet Protocol. Then people realised that the number of devices which needed to be contactable on the internet was going to exceed the number of IP addresses available with IPv4. They came up with a modified protocol which was similar, but radically different in that respect. Web servers, proxies, routers, and gateways, largely all talk both. But it isn’t universal.

Hunky Dory?

Indeed, most things that can talk IPv4 can also talk IPv6 but that is not the whole story. Firstly you can’t talk one protocol and have it magically turn into the other — not without some server sitting in between and being the end of one connection and the start of another.

A typical scenario is that you have some private network, either in the data centre or the cloud, accessed through some sort of server available to the public internet. This public server is typically a proxy or HTTP server which has a TLS certificate for security but then forwards traffic to its internal network once the traffic has been validated. The internal network does not need to have public IP addresses and so can be IPv4 using local IP addresses. Local IP addresses can be reused by any organisation without going to some central repository. For example, there will be thousands (millions?) of machines thinking they are 192.168.1.1

In this scenario, only the public server needs to talk IPv6 for the whole system to be available to IPv6 clients. I mention this first of all because this is the technique I (and most organisations) have been using for years to avoid having to think about IPv6

All the Young Dudes

But that isn’t the whole story. What about all the households on ADSL or Fibre internet or the millions of users with mobile smartphones. Don’t they need IP addresses too? Yes — and for the most part they each get their own IPv4 address that they can use permanently or temporarily. The phone users mostly don’t care about IPv6 because they assume that everything they want to access has an IPv4 address. Every website and every Telegram/WhatsApp/VPN service. Nothing much needs to talk directly to their phone as their phone isn’t running any servers. (Most of the time).

But home users quite often have more than one machine at home. They will have a Router with WiFi capability and every machine on their network will typically share the one IP address allocated to it through NAT (Network Address Translation) and using local IPv4 addresses like I described above.

Most of the time nothing needs to directly access those internal household machines, just the other way around with outbound connections.

In rare cases the thing you are connecting to needs to know the IP address you are coming from and it gets that from the NAT device — typically your ADSL router.

Five Years

So that is all fine, right? I feel this is a bit like climate change. There is a coming problem — we may run out of IPv4 addresses so new devices cannot be connected to the IPv4 internet — but it is being mitigated and ignored. We limit the number of public IP addresses we use and make most of them local private ones. However it is still getting harder to obtain public IPv4 addresses.

Your cloud service provider will charge you for public IP addresses, or in some cases charge you for having one which you reserve but don’t use.

Fashion

The big elephant in the room is the new Fibre Internet Service Providers like Community Fibre in London. (Yes — we spell “Fiber” “Fibre” in the UK). They suddenly need lots of new IP addresses and being new companies they did not request a whole bunch of them back in the midst of time.

So what do these new companies do? They can spend more on getting the last few of an ever-rarer resource, or they can avoid the issue entirely.

Community Fibre does not give you your own IPv4 address. It explains this briefly in the legal terms of service but most people won't read that far. And to be honest, most people won't care or be affected by it.

They use their version of NAT (Network Address Translation) called CGNAT (Carrier Grade Network Address Translation). In summary, instead of getting your own public IPv4 address, you get to share one with hundreds (thousands?) of other Community Fibre customers.

Never Let Me Down

But does this matter? Not if all you are doing is making outbound connections — as most people are. You fetch a web page. You fetch a video. You fetch some music. Even webpage adverts are being pulled towards you by the code within your browser. Not many people run their own web servers from their own houses, for instance.

If you want some other service someone being able to ring you on your internet phone you can still initiate the request by setting up a connection to the “exchange” which supplies your internet phone service.

An alternative is to set up a VPN to some other server on the public internet and have that server act as your “listener” for incoming connections. There are techniques for this that I have investigated and may write about if you have to stick with IPv4 but I went a different route.

If something needed to directly access one of my home machines then I would use IPv6 because all of my machines do have a publically routable IPv6 address. This is still secure because there is a firewall between my network and the internet and I decide what is let in (and out).

Earthling

In summary, I did the following:

1. I installed a simple web server on my main home machine which is up all the time. (This is called rio23 by the way for historical reasons)
2. I checked that it could access the IPv6 Internet with https://ipv6-test.com/
3. I fixed any local problems that https://ipv6-test.com/ reported (in particular I changed my router firewall so that it allowed ICMP/ping traffic through. This is often disabled by default but that is not necessary any more)
4. I changed my router firewall so that it allowed http and https traffic through, but only to that one machine: rio23.
5. I set up Dynamic DNS so that I had a domain name which I could use anywhere in the world and get the IPv6 address of my web server. (Also checked with http://dnschecker.org ) (I also mapped that domain to one of my wider domains already in use)
6. I tested the website using my phone (disconnected from my local WiFi and using the mobile carrier’s network).
7. I asked my friends to test access to the web server and also used some online website checkers.

This took me almost a couple of days as I had to do some research and I also went down some blind alleys. In particular, ddclient was hard to set up with IPv6. There was a lot of conflicting information out there.

This all deserves its own blog article as other Community Fibre users might be interested — and other users too if more fibre ISPs use CGNAT.

The verdict: Some could access the website, and some could not. There was nothing I could do about it to fix it.

But I could investigate it.

Here is what the website should look like :

Station to Station

The first one I tested was just using my own mobile phone. This is connected through Giff Gaff (which provides its telephony using the O2 network). This works fine if I have WiFi switched on because I am on the same network as the web server. If I only use the mobile phone network then: Failure. It can’t even get an IP address.

The reason is that it does not even attempt to do IPv6. A quick test through https://ipv6-test.com/ confirmed this. There is no IPv4 address for this server because there is no routable path to it using IPv4 — remember it is behind Community Fiber’s CGNAT for IPv4.

I tried with some website checkers:

Responsinator.com seemed to work fine. Hooray!!!

But some others failed:

I asked some friends to do their own tests. (Yes, I know a lot of bored geeks.)

Almost all the ones using a phone failed. It seems like almost every UK phone operator does not offer IPv6 to its devices. (As an example here is a discussion on the topic from about a year ago https://www.ispreview.co.uk/talk/threads/ipv6-with-a-three-unlimited-phone-sim.39314/ )

However several others had problems too even with desktop web browsers. Here https://ipv6-test.com/stats/country/GB is an interesting list of UK ISPs which have IPv6 (There may be others too of course)

Unfortunately, I can’t find a nice simple list of those that do not offer IPv6, and even those that do may have customers who switch it off.

Ashes to Ashes

So what do I deduce from all this? If I want to offer a service to the whole internet but do it via only IPv6 that is just not going to work. A large proportion just don’t use it or can’t. If I want to have a private network which is not accessible to the internet then IPv4 is still fine. But if I want to offer a service to some subset of the internet and I can check that they have it then IPv6 is fine.

It all feels like trying to limbo when I thought I could run.

Are we going to hit an apocalypse where everything stops working? Probably not. We are going to go out with a whimper, not a bang. What will be happening is that new users and new devices are going to find it harder and harder to get a public routable IPv4 address. They will become more expensive and we will have to actively choose to have one instead of getting one by default. There will be two types of machines on the internet — those that provide services for others, and those that don’t. The latter will just request services and only be contactable when they have set up a connection for that purpose.

Is IPv6 the solution? Yes and No. We can carry on using IPv4 for years to come and apply different workarounds for the lack of new IPv4 addresses. We can accept that there are some things we can no longer do with IPv4 that a few of us took for granted. Like climate change we are just going to keep putting up with the downsides until we can’t any more.

I would like to see more and more companies implement IPv6 because it is the right thing to do, but even so, the customers are not shouting out demanding it. So in a capitalist world there seems to be little demand for IPv6. Hopefully the engineers concerned will explain to the business that the cost of not implementing IPv6 outweighs the cost of having it broken.

Useful Links

• https://www.ispreview.co.uk/index.php/2023/12/broadband-isp-vodafone-uk-confirms-start-of-ipv6-rollout.html News article from last month explains that one of the biggest phone companies in the UK is just starting a “limited trial” of IPv6 internet addressing.
• https://responsinator.com/ for website testing
• https://ipv6-test.com/ to test your web browser/machine
• The amusingly named https://www.havevirginmediaenabledipv6yet.co.uk/
• A government report on IPv6 from 2010 TWELVE YEARS AGO https://assets.publishing.service.gov.uk/media/5a79d7c840f0b66d161ae898/10-1229-ipv6-rollout-in-the-uk.pdf
• https://github.com/ddclient/ddclient Note that the latest release is improved wrt IPv6 and may not be the same as the one supplied by your Linux provider (such as Ubuntu).
• https://dynv6.com/ Free Dynamic DNS for IPv4 and IPv6

Credits

• All words, screenshots and mistakes by Alex McLintock Please use https://bit.ly/m/alexmclintock to contact me.
• Section headings are song titles from David Bowie.
• Photo of “Audio Connectors” by Vincent Botta on Unsplash. Thanks!
• Photo of “Fred Halsall Networking Textbook” by Alex McLintock