Google Hits 50% IPv6 - Hacker News

Posted by barqawiz 13 hours ago

Google Hits 50% IPv6(blog.apnic.net)

367 points | 361 commentspage 3

decorner 4 hours ago|

When your router ships with IPv6 default on, this makes sense

Cider9986 12 hours ago||

How does IPV6 affect ip blocking. As a VPN user I wish it wasn't used as a metric for sites shaking you down.

lxgr 10 hours ago||

It's just as easy or hard to map out a VPN's egress subnets on v6 than it is on v4.

BadBadJellyBean 11 hours ago||

I assume for aggressive blocking the only prefix size will change. What is a /32 for IPv4 might become a /64 or smaller for IPv6.

mahboi 5 hours ago|||

Shouldn't blocking v6 also be based on /32 if you want the attacker's cost to be the same?

BadBadJellyBean 2 hours ago||

Well in the IPv4 world /32 would be a single IP or what a residential connection usually gets. With IPv6 you have 128 bits for the whole IP and usually a residential connection get get between a /64 to /48 prefix. Going above a /64 might hit other unrelated customers. Going to a /128 prefix would only block a single IP but since we started doing privacy extensions your computer will have multiple IPv6 addresses with a short lifetime which means that the user will be able to connect again soon after you block them. There are 18,446,744,073,709,551,616 IPs in a single /64 prefix so it would be useless to block every single one of them.

A more reasonable approach might be to block a /64 first, monitor if you get more blocks within the /56 block that contains the /64 and maybe block that.

hdgvhicv 10 hours ago|||

Larger. A /56 and get multiple hits from nearby /56s and you block the /48.

jessinra98 9 hours ago||

> Is IPv6 really that widely used? Mobile carriers use it almost exclusively, which is already a huge chunk of the internet, and newer ISPs are switching to it too.

bilsbie 9 hours ago||

It’s weird we’re all still behind NATs. IPv6 was supposed to be trillions of devices all having their own ip.

inigyou 7 hours ago|

On IPv6 we're not. Are you saying it's weird we still use IPv4 in addition?

bilsbie 26 minutes ago||

So when I go to hn.com I’m on v4?

hugodan 9 hours ago||

In Portugal one of the biggest ISPs (NOS) still does not have IPv6

CrLf 8 hours ago|

That's not exactly true, they've been increasing in the last few months and are close to 30% now. Let's hope they don't revert it like one year ago.

This graph even shows them doing step deployments:

https://radar.cloudflare.com/adoption-and-usage/as2860?dateR...

commandersaki 9 hours ago||

Still not fit for purpose.

sherburt3 8 hours ago||

Literally all we had to do was add a byte to IPv4 and we'd be done but noooo we need to overengineer the next protocol and make it as painful as possible to adopt.

bluGill 3 hours ago||

That would be just as hard to switch to and even more complex. If you think ipv6 is over engineered you haven't had to deal with ipv4. (Source routing is a pain)

inigyou 8 hours ago|||

Why one byte? Is that enough bytes? An extra 4 bits each for source and destination? Maxing out at 2^36 addresses? That seems uncomfortably small safety margin.

sherburt3 7 hours ago||

I was saying adding a byte to the address so its a 40 bit address which would be two bytes to the header. Obviously it would still have the same issue where hardware and software would be incompatible and would need to be replaced but the same concepts that worked in IPv4 would work in my fake protocol instead of IPv6 where the network needs to be redesigned from the ground up.

Also IPv6 addresses are ugly

inigyou 7 hours ago||

How sure are you that 40 bits is a good number of bits? What's your justification? It takes over 30 years to deploy new bits, so you have to be really sure before you start that effort.

sherburt3 6 hours ago|||

40 bits would've bought us a lot of time and would've kicked the can down the road several decades. People from the future would be much better equipped to design a new protocol because they understand their needs better.

ralfd 7 hours ago|||

> It takes over 30 years

Only because it is overengineered. Parents pragmatic protocol would have been adopted faster

convolvatron 7 hours ago|||

this keeps coming up, if you add a byte to ipv4 you still have a transition problem. 5 byte machines can't talk to 4 byte machines. pretty much the only thing that solves is people not liking the :: syntax. the only other change is auto configuration, which...kind of doesn't matter? is that really causing problems?

sherburt3 4 hours ago|||

I think the addresses are a big issue. The address space is just stupid big, I don't understand why we need to prepare for every grain of sand on Earth having a WiFi chip in it.

Most people can pick up calculating subnets in their head in ipv4 pretty quickly and ipv4 addresses are easy to memorize on accident. My brain turns to mush as soon as I start seeing hexadecimal characters in addresses.

mahboi 5 hours ago|||

Yeah but they could've picked something that at least lets the 4 byte host talk to a 5 byte one. Like if I have 8.8.8.8 and they want to give me 8.8.8.8.0, cool. Or make it 8 bytes instead of 5, same thing.

convolvatron 5 hours ago||

well, if you want to add an extra byte you kinda have a problem, since v4 is fixed format and is actually cooked into hardware in a lot of places. so if you want to keep v4 mostly untouched you have to use an option, which is going to be pretty slow on the backbone.

you can send a packet from an extended address host to a vanilla v4 host if you map the address space into a range like you suggest..but that v4 host just has no way of sending a message back..so its kinda useless

mahboi 5 hours ago||

It'd be useless until everyone switches to the 5-byte thing and people can start putting something besides 0 into that last byte. But at least they could turn on v5 or whatever it's called without having to think about it. Right now I could have two hosts that both agree to use ipv6 and it's still hard because you have to reconfigure everything.

TacticalCoder 3 hours ago||

> ... but noooo we need to overengineer ...

We need to pretend we overengineer. But some in the committee made it sure data exfil would be basically impossible to detect / block with IPv6, which all the others, always in love with the most rube-goldberg design possibles, loved the "overengineered" solution.

With rube-goldberg designs, you can then always say stuff like:

"The xz backdoor was TOTALLY unrelated to systemd"

Yet it only concerned distro that shipped with systemd.

Go figure.

It's always "because insert-crazy-non-sensical-hair-pulling-reason-here".

Ah yes, it's because of that. So it's so totally unrelated right?

Except it still only affect distro using systemd.

Or maybe, you know, backdoors and exfils were the plan from the very start.

"The protocol won't work correctly unless you let crazy ping packets doing you-know-what". And nobody is ever going to properly firewall all that.

Overengineering is one thing, yes.

But we know for a fact that there are xxxINTs infiltrating committees and pushing "solutions" that are only solutions to them.

agnishom 7 hours ago||

Finally some good news in 2026

tonymet 2 hours ago|

it’s safe to say that we will never see total adoption, not within 2 generations. We will taper around 65% at best.

Think about the migration plan, and nearly every positive force to move to ipv6 has been exhausted. Routing hardware, consumer hardware, server hardware & software all have the capability. Mobile deployments were a big driver of ipv6, and that didn’t reach the level of adoption expected. Now hosting providers are charging for ipv4 addresses, and it’s not having a measurable impact.

Most migrations start to hit the hockey stick well before this stage, and the taper occurs around 95%+ when outlier hardware or legacy devices are the last remnants. We are not seeing a pattern like that here.

More comments...