IP Addresses Through 2025

Posted by petercooper 1/20/2026

IP Addresses Through 2025(www.potaroo.net)

194 points | 147 commentspage 2

kincl 1/20/2026|

The country code GB in some of the tables should show the source economy being Great Britain right? Am I misunderstanding the table?

graemep 1/20/2026|

That looks weird. I am guessing that someone knows about the mismatch between ccTLDs (where the UK is .uk) and ISO codes (where the UK is GB and Ukraine is UA) and tried to correct something and got it wrong.

its correct in other tables.

pumplekin 1/20/2026||

.uk being the TLD, and .gb being the ISO 3166-1 alpha-2 code is a quirk of history that comes with .uk being on the internet very early.

1vuio0pswjnm7 1/20/2026||

What happens when a so-called "tech" company that cannot be trusted wants to punch holes in the user's firewall without prior consent from the user

Purely hypothetical, of course

For example, WhatsApp tries to connect to at least two servers on UDP port 3478 without asking the user if this is what they want to do or explaining the purposes of these connections

Example server addresses are

57.144.221.54

31.13.70.48

3478 is the port used for "Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", or "STUN" for short

https://www.ietf.org/rfc/rfc3489.txt

Perhaps IPv6 would obviate the need for STUN

alexinavar 1/20/2026||

Unrelated to the post, but please include a viewport tag[0] on your website; it's one line of code that makes things far easier to read on mobile.

[0]: `<meta content="initial-scale=1,width=device-width" name="viewport">`

chrismorgan 1/20/2026||

I’m curious about that meta viewport declaration and where it came from: I don’t believe I’ve ever seen it in that order. The customary ordering has the attributes and content properties all reversed:

  <meta name="viewport" content="width=device-width,initial-scale=1">

kccqzy 1/20/2026||

No. You either design the site to be fully responsive (which would necessarily include CSS changes), or leave out that line. If your CSS assumes a desktop layout, it is strictly better not to set the viewport width to device-width so that the mobile browsers will use the traditional desktop viewport and the user can zoom around without anything broken. In contrast, carelessly slapping that line without CSS changes will often lead to content being clipped and invisible on mobile. This is why I have a bookmarklet to delete any viewport meta elements.

Ericson2314 1/20/2026||

Really need governments to start pushing harder on IPv6 adoption. We need sticks, not just carrots. My favorite is chaos engineering forced IPv4 downtime.

dunder_cat 1/20/2026||

In the US, I really want the FCC to mandate that an ISP provides IPv6 connectivity in order to meet the criteria to be considered broadband (and access the subsidies related to that). Don't even care if the functionality is off by default / you have to call and agree the routing may be sub-optimal, whatever. I currently use HE tunnels but on top of additional latency, the HE <-> Cogent peering dispute still makes it difficult to access services over IPv6.

ianburrell 1/20/2026||

There should be rule that ISP with CGNAT must offer IPv6 as an alternative. The US doesn't use CGNAT as much as other countries, but would help people stuck behind crappy CGNAT.

patmorgan23 1/20/2026||

Yeah I this is the bigger issue. CG-NATs break things, you shouldn't be able to sell a pooled IP CG-NAT only service as broadband connection. Looking at you MetroNet

autoexec 1/20/2026|||

Nah, we just need actual carrots. If something new is better than what people currently have, and you make it easy for them to get the new thing, people will naturally abandon the old thing. They'll do it happily. In fact, it will be hard to stop them from abandoning the old thing for the new thing.

IPv6 has failed at being better, being accessible, or both. Rather than punish people for failing to adopt something that isn't better or easy to get, either improve IPv6 so that it's actually attractive or admit defeat and start work on the next version that people will genuinely want.

The moment you start thinking "Let's make what people have now worse until they move to this other thing they don't want" its an admission that whatever you're pushing people to is shit.

bigstrat2003 1/20/2026||

> IPv6 has failed at being better, being accessible, or both.

I don't agree that it has. IPv6 is clearly better (no collisions between address space and thus no NAT requirement), and it's perfectly accessible to anyone who actually tries. I'm not by any means a top tier network guy but even to me IPv6 is dead easy to setup. The problem with the v6 transition is that people have very inaccurate views on one or both of those points (usually they falsely believe NAT provides security benefits, or they falsely believe IPv6 is a difficult thing to implement). I'm not sure how to fix this widespread misinformation but that is the problem from what I've seen.

autoexec 1/20/2026|||

IPv6 primarily solves a problem that most people either don't have ("I have IPv4 IPs already") or don't care about ("I don't know/care what my IP is") and it introduces a bunch of problems people didn't have before like worries over comparability with existing hardware/software (improving all the time) or even just "now I have to spend a bunch of time learning about how to correctly and securely implement this on my network" (still a problem)

Maybe one day in the distant future, IPv4 collisions/shortages will be an actual problem for most people. If that happens, those people will naturally make the switch. Until then, why would they?

It turns out a bunch of people actually like NAT. They like it so much that they pushed for solutions like NAT66 so that they can keep it even after switching to IPv6.

If IPv6 offered substantially better security/privacy, speeds, reliability, or introduced some new killer feature people didn't even know they wanted until they learned about it there wouldn't be any reason to try to force people to move to v6. Because it doesn't do any of that, and most people are happy with IPv4, they'll stick with what has been working for them.

fpoling 1/20/2026|||

Even 15 years ago IPv6 was much worse than IPv4 for most of the people. Only when the mobile operators has started to insist on it then the usage started to grow to significant numbers. Which showed the real problem with IPv6: lack of compatibility with IPv4. That was absolutely possible 30 years ago, but the designers decided that it would just complicate things.

orangeboats 1/21/2026|||

I am tired of people claiming that you can make a "new Internet protocol that is compatible with IPv4".

No, backwards compatibility is not the problem here: IPv6-only hosts can easily connect to IPv4 hosts. Just append "64:ff9b::" to an existing IPv4 address, like so: 64:ff9b::8.8.8.8. Even prior to NAT64, we have plenty of schemes like 6to4 to bridge IPv4 and IPv6.

But no IPv4 hosts can ever connect to IPv6 hosts, or IPv7, or IPvInfinite for that matter. I will refer to my previous comment on why that is: https://news.ycombinator.com/item?id=46469336

positr0n 1/22/2026||

I think the people complaining about compatibility are more talking about the concepts in IPv4 and IPv6. IPv6 could have been "everything is the same except the IP address is 16 bytes instead of 4". Instead there are new ways to do everything.

Addressing works differently (no broadcast, multicast everywhere, link-local is mandatory). Configuration works differently (SLAAC, RA, DHCPv6 is not a drop-in replacement for regular DHCP). Neighbor discovery replaces ARP and depends on ICMPv6 working. Fragmentation behavior changed. NAT is “not a thing” by design, which breaks a bunch of assumptions people built entire networks around.

Dagger2 1/21/2026|||

No they didn't? v6 is compatible with v4 in tons of different ways, probably in almost every way that it's possible to be compatible with v4.

Admittedly, it's not compatible in the ways that _aren't_ possible. But it's highly unreasonable to blame that on the people who designed v6.

ianburrell 1/20/2026|||

The US government is pushing IPv6 for government sites and contractors.

I think there needs to be a push for IPv6-first networks for companies. ISPs in the US are pretty good about IPv6. But network engineers learned IPv4, and don't want to change what works, so companies lag behind. Changing existing networks is hard, but IPv6 is good candidate for new networks. This includes writing docs and eventually the education so IPv6 is the default.

dorfsmay 1/20/2026|||

Or we should start a wall of shame of services not available on IPv6.

apearson 1/20/2026||

https://whynoipv6.com/

johnisgood 1/20/2026||

What holds them back though? Even my shitty self-hosted website on a not-so-known VPS supports IPv6.

apearson 1/20/2026|||

I'm assuming priorities and convincing the old guard it's something to do

zorpner 1/20/2026|||

It provides no benefit, so even the smallest amount of added complexity or additional engineering effort required isn't worthwhile.

johnisgood 1/20/2026||

I did not have to put any additional engineering effort into it though.

tredre3 1/20/2026||

Because in your own words what you built is "a shitty self-hosted website", not a complex web of distributed services that need to talk to each-other.

positr0n 1/22/2026||

What's the public good that justifies the government dictating which networking stack people use?

psim1 1/20/2026||

In 2021 I speculated on IP and acquired a /23 block by ARIN wait list. I figured on running some services from the IP space for a while and after the 5 years mandated wait time would cash in when surely it would fetch $100k from some party desperate for IPv4.

At this point the services I am running are far more lucrative than the IP space itself is turning out to be.

neoromantique 1/20/2026||

how realistic is it to buy a block in 2026 as an individual? I understand that it is useless, but how much so

zamadatix 1/20/2026|

Different RIRs & LIRs have different policies, but the "foolproof" way is to just set up an LLC and register resources through that. There are usually renewal fees as well. If you're not hoping to be able to sell them after you get them, a careful reading of RIR policies can usually net you one or two /24s without needing to buy any blocks.

In either case, if you end up with internet resources you can trawl through sites like https://bgp.services/ to find a cheap VPS provider near you that supports peering. I run my own AS and advertise 3 network blocks (2 IPv4 + 1 IPv6) out of 2 different DCs for several hundred $ per year all in all (including renewal fees, VPS, taxes, etc).

ramon156 1/20/2026||

Unrelated to the post, but I love the left texture when I'm on vertical tab mode in FF. Very cool

Imustaskforhelp 1/20/2026|

I am on zen which you can consider to be as vertical tab mode in FF as well (considering zen is based on FF) (but all be it, I love how slick zen looks! Zen is amazing)

And I have the same texture too! I hadn't observed it until your message

seszett 1/20/2026||

Unless I misunderstand something, that texture is not especially related to Firefox or vertical tabs.

I have it both under Firefox or Chromium, and whether my tabs are vertical or not. It's just the website's background.

billyjobob 1/20/2026||

My ISP added IPv6 support and my router began handing out IPv6 addresses. How did I know this?

1. My AppleTV began stuttering during playback.

2. My old iMac began crashing every time it connected to the wifi.

At least the iMac has an option to disable IPv6. The AppleTV has no such option so I had to do it in the router.

jakey_bakey 1/20/2026|

It always sends me to sleep when IP enthusiasts lament the lack of adoption for IPv6.

It's obvious to anyone that looks at the two formats that any kind of hacky workaround like NAT gateways will be preferable indefinitely to actually adopting the monstrosity that is IPv6.

shmerl 1/20/2026||

NAT is the monstrosity, not IPv6.

dist-epoch 1/20/2026||

But has the nice side-effect of working as a firewall, before traffic gets to you.

RiverCrochet 1/20/2026|||

- Did you disable UPnP on your router? If not, any device behind the router can simply ask the router to open a port, typically without authentication, bypassing this "firewall" completely.

- TURN and STUN trivially bypass this side-effect, and a side effect of that is a third party has to often be involved, which can be collecting data later leaked or used against you.

- The monstrosity of NAT is that it's the core thing that drives centralization - because of NAT any two Internet hosts generally have to involve a third party to communicate, a third party which again, can be collecting data later leaked or used against you.

If you don't care about the security implications of the above, then you don't really care about the "firewall" either.

dist-epoch 1/20/2026|||

That third party involved is my ISP which will see the packets anyway, even if NAT is not used.

And the attacks you mentioned are initiated from the inside. Not what I stated, that NAT is a sort of a firewall for incoming connections.

RiverCrochet 1/21/2026||

> That third party involved is my ISP which will see the packets anyway, even if NAT is not used.

The ISP doesn't meaningfully see packets as long as encryption is used. It sees stuff that if analyzes can be used to make guesses, but that's about it. I probably should have used a better term than "third party" but I was meaning services that collect data on everyone like Facebook, Twitter, etc. These services actually receive meaningful, trackable, surveillable data about you and they would not have to receive as much if NAT wasn't a thing.

Inside attacks are important. If you don't care about those, saying you like NAT because of any security benefit doesn't make sense.

cyberax 1/20/2026|||

I've yet to see UPnP work...

RiverCrochet 1/21/2026||

I was surprised as well as it's something I turn off on devices I control and I haven't really assumed it was a thing. But recently at a friends house I decided to install upnpc on my Linux laptop and give this a try:

| upnpc -a 192.x.x.x 8080 80 tcp

And to my surprise it just worked. This friend just upgraded to fiber and had just received a new router.

ianburrell 1/20/2026||||

IPv6 routers use a stateful firewall just like NAT includes. Just without the problems of NAT.

simoncion 1/20/2026||

As a bonus, because most (nearly all?) SOHO IPv6 routers are Linux under the hood, they are also capable of IPv6 NAT.

MaKey 1/20/2026||

I doubt that most consumer routers expose this functionality. IPv6 NAT is rarely needed and should be avoided. Interestingly enough I stumbled upon a use case today. No IPv6 connectivity at my office but at my dad's house. Since a WireGuard tunnel is layer 3 I can't use router advertisements and the prefix is dynamic, so private IPv6 addresses and NAT66 it is. It was an exercise out of curiosity though, route64.org works much better for IPv6 connectivity.

shmerl 1/20/2026||||

No, it does not. Always use a firewall if you need a firewall. NAT is not a replacement for it.

megous 1/21/2026||||

You just have outbound NAT enabled, so that your internal nodes can access the internet, no mapping to any internal nodes is set from the outside and no firewall. (just NAT alone) So all packets to your router's address will terminate at the router. Right?

OK, let's say I send a packet to your router's external interface with destination IP set to internal address of one of nodes in your network.

Will it reach your internal host? Will I get a response? ;-) I hope you now appreciate how NAT is not a firewall at all.

9rx 1/20/2026||||

NAT has the side-effect of working as a shower curtain. It will mostly keep light drops of water out, but will not stand up to a fire.

Dylan16807 1/21/2026|||

Having one and a half firewalls doing overlapping work and making things more complicated is not what I call nice.

kalleboo 1/21/2026||

The real hacky workaround that we have adopted is just centralizing the whole internet in like 5 giant companies and making everyone else into passive consumers who can't even make a voice call to each other without giving some form of payment to a cloud giant.

More comments...