Ping 240.whatever.whatever.whatever from Windows. You just can’t. General failure.

And Windows is not the exception here.

They can lobby all they want, all the effort is going to be in vain. Imagine having to debug a problem where your services are sitting on 240.0.0.0/4, but some customers have routers that just drop the packets to that destination. It’d be a nightmare and “get better networking gear” might not even be a solution, because their ISPs routers could also be doing that.

This proposal is provably worse than just adopting IPv6, because when IPv6 works, it just works. This? This would fragment the IPv4 internet with undefined behaviour.

If they really want more v4 space, they should advocate for yoinking the v4 space that e.g. the DoD, Daimler, Ford or Apple doesn’t use. And they have a lot of v4 space. But that’s also not going to happen, and one of the reasons why not would be similar. A lot of people are actually squatting on DoD space in their internal networks if they run out of 10/8.

https://news.ycombinator.com/item?id=39100317

https://news.ycombinator.com/item?id=36996003

https://news.ycombinator.com/item?id=35047061

...

"Simply draw the rest of the Owl".

Easy to remember, indeed

- What is IPv6 google DNS? Hell if I can remember it. 2001:4680:something?

Guess which one is going into the DNS config of a new machine that I have to bring up and am forced to deliver results on short notice.

If you can't remember that, the problem's not the protocol.

For almost all the thing, I use DNS For DNS resolvers, I use root servers

Never shall I use 8.8.8.8 : why would I ..

For example, 2eff:ff:a0ee::/54 is a prefix and 2eff:ff:a0ee::dead:beef is an address within that prefix. It is invalid for "::" to appear more than once, as that would be ambiguous.

They're all wondering why IPv6 adoption is so slow, I'm telling them right here plain and simple.

IPv6 isn't perfect, but it's not really practical to change the fundamentals of a 25 year old protocol.

On the other hand, as an ISP, you can pull some of those addresses for your CGNAT's external address pool. Your customers' gear will never see those. Server side will, though. But then, troubleshooting cloud/server front-end to reliably let those through sounds like a more doable chore?

You're right but ugh, CGNAT. We just had fiber deployed here (yay!) and then I got assigned an ISP that has me behind CGNAT. The list of things that can make icky Spectrum better than fiber (for me) is super short, but CGNAT in the 1 or 2 spot.

It's more reasonable to expect ISPs to provide native IPv6 alongside CGNAT, than avoid CGNAT entirely.

You'd think so but of our fiber ISPs, 0 of 8 support IPv6 or have plans to do so - inc the NATty ones.

I suggest that you complain about their lack of IPv6, and encourage other customers to do the same.

Oh and thanks for inserting this dystopic hellscape into my awareness, btw. I hope you're wrong for a long time.

> advocate for yoinking the v4 space that e.g. the DoD, Daimler, Ford or Apple doesn’t use

Isn't it a travesty that owning a sizeable chunk of limited-supply IP addresses doesn't cost much, but exact same number of (nearly-)unlimited-supply domains does cost dearly per-domain to own?

We don't hear horror stories how somebody is hoarding 16 millions .com domains, right? Too expensive to do so.

Then again, we can generate nearly infinite amount of gTLDs so it is not too big deal.

Also note the proposal is for 240/4 to be added to the RFC1918 list, not to be globally routable.

I’ve been using 240/4 successfully in internal networks for over a decade now. The only devices I’ve had problems with are Windows. So for a quick win, Windows just needs to drop special checks they do for 240/4.

I recall the 240/4 idea being floated at least 5-10 years ago. If Windows was changed to allow it at that point, today hardly anyone would be complaining that Ciscos or Junipers or other core routers don’t support it.

Don’t let perfect be the enemy of good.

Yes. But it wasn’t. Making this proposal a day late and a dollar short.

Notging special because it's actually in the routing table, as it should be.

Issue ROUTE PRINT to see it yourself.

    netsh interface ipv4>add add "4084" 200.0.0.1 255.255.255.0

    netsh interface ipv4>add add "4084" 240.0.0.1 255.255.255.0
    The parameter is incorrect.

    netsh interface ipv4>sh add 4084

    Configuration for interface "4084"
        DHCP enabled:                         No
        IP Address:                           200.0.0.1
        Subnet Prefix:                        200.0.0.0/24 (mask 255.255.255.0)
        InterfaceMetric:                      10

I think when conceiving of potential issues with this, or thinking about the possible problems of trying to merge two overlapping networks together, your imagination is coming up a little short.

It's never that simple.

I’ve also worked with companies where their networks filled up almost all the 10/8 space and they were running out of room. Having to do things like shrink subnets at individual locations and deal with issues around not able to install all the equipment they originally wanted. It’s a real pain.

And yes, the entire 10/8 space needed to be routable through to the corporate support desk, SIEM tools, payment systems, loyalty systems, security and other IoT systems, etc.

Yes sure you could probably NAT things, or switch to tools/approaches that don’t require every device to have an internally routable IP, but then that’s a terrible argument akin to arguments against IPv6.

I hate the idea of wasting 6% of the original internet on rfc1918 space.

Whereas 240/4 was never declared public.

Apples and Oranges.

Like I said, if people squat on reserved space and the status changes, that's too bad for them if it's reallocated and made routable. Network operators have no right to dictate that space cannot be made routable, simply because they are using space internally and against current policies.

I cannot tell you how many devices or software have had a notice of "just disable IPV6, that will fix X" and it's worked perfectly.

If V6 was working everywhere and it was a simple toggle I'd say sure. But it's not.

I’ve heard this advice dozens of times, but it hasn’t worked once, to the point where I firmly believe that everyone giving out such advice either completely doesn’t care or know anything about networking, or, is suffering from some sort of a mental difficulty.

I support all kinds of devices and turning off IPv6 was sometimes a thing I did. No so much now. Maybe once in the last 5 years.

Here IPv6 works perfectly and doesn't cause any problems. Many sites are much faster over v6 than legacy IP. Google stats show 45% of users access google over IPv6 so clearly it's working for all those millions of users too.

If IPv6 is not working you need to fix it, not turn it off.

Also no consumer can be at limit pf rfc1918 even if throwing /24 right and left.

People get issues with v4. But “just switch off v4” is never suggested as a solution cos it’s either all people have or they need it for the sites that only have it. So people fix problems they get with v4. If they get a problem with v6? Switch it off, v4 is working.

Granted v6 has had many teething problems and still isn’t as hassle-free as v4. But in recent years things have improved an awful lot.

I now run my own ASN, rent a server with a BGP session that’s pretty close to my home (~50km/2ms), and tunnel v6 over that.

I have a /32 of v6. That’s 2^96 individual addresses. Or 65k /48s.

It was a great learning experience actually and is within the reach of anyone. You can get a BGP enabled VPS for $5/month, and ASN and a /40 for $50/lifetime.

When I looked into this I only found relatively expensive options.

RIPE does have a requirement that you use your ASN, and that it’s multihomed.

Multihoming rule isn’t enforced (meaning a single upstream is fine), but they do require you to actually use it.

I know a guy with 15x /29s.

I actually find this scary too, but I mean, it’s /29s, not /8s.

The /32 I’m renting however.

All you need is proof of network presence within RIPE region (and yes, a $5/mo BGP VPS from Vultr satisfies that requirement). Then you can announce your RIPE v6 wherever you want.

https://ifog.ch/en/ip/lir-services

CHF 60/lifetime for natural persons , which is about $60.

The guy that did my ASNs still does IP space - https://my.cloudie.sh/index.php?rp=/store/lir-services

$10/y for a /40.

A bit more expensive than the $50/lifetime that I promised, but that was the deal I got from Cloudie.

Announced one /48 over AWS and tunneled to it to browse the internet via my own IPv6. It works fine.

Honestly, where do I get that ?

Like, what if TikTok was IPv6 only? We would have 100% IPv6 by now.

It's for network operators (and equipment vendors). Telling network operators "Let's just switch to V6" is not in anyway problematic. If every network operator decided to make it a priority we could have 90% of internet customers on v6 enable networks within 2 years. Easily.

Of course SaaS/Content providers need to run dual stack for a while. But ISPs need to stop dragging their damn feet and deploy v6.

But, why would they if dragging their feet makes them a lot of money? Why would they bother unless there's massive demand from the public for full IPv6 adoption?

I mean even ISPs with IPv6 support don't care about the IPv6 experience of their customers. AT&T, for example, doesn't give more than a /64 address space to home users, which only supports one subnet. If you have, say, a guest network and a trusted network, you can't have separate inbound routing/firewall rules as both would have the same prefix.

So, I disagree that convincing network operators is the right way to go about it. We need to convince the public about the benefits of IPv6.

And the prefix I get is dynamic. It changes each time the router power cycles or has a brownout or if the upstream network restarts for whatever reason (which is something I saw happening with regularlity on a different ISP about 1am to 2am, presumably them performing maintenance). So that means my firewall rules have to be constantly monitored and changed if they're any more complicated then reject all incoming connections. Only way I can see that working right now is to write a daemon that can hook into the PD process for that.

Plus how do I get my servers that are supposed to be internet facing to update their IPv6 prefix every time it changes? Does that mean that I have to put in additional code in every server to update their IPv6 addresses every single time the prefix is changed?

Oh and I can request a /54 no problem for now. There's no guarantee for instance if ISP decides to restrict residential users to only a /64, and require a business account to request more subnets. How do I plan a set of internet accessible networks that have to be segregated from each other if I have no idea if tomorrow I'm going to lose those subnets?

The only solution of right now is to use ULA and NAT6. Which is just IPv4's problem all over again except worse.

So yeah it is 'easy' if all your need is just only /64 and are using the ISP's router to setup a single network that you don't care about. But it spirals very quickly into madness when you try to step just a little beyond a simple setup.

They need to change to static assignments for users and be done with it.

Releasing them could be the best thing for IPv6 to ever happen.

Because the IPv4 NAT technology exists.

Imagine if billions of printers, weather stations, baby monitors, toothbrushes and thermostats suddenly obtain publicly routeable address...

I know you can do address harvesting like it was done with pool.ntp.org by shodan but if you don't use any public services your IoT devices are basically protected by the 128bit address space. So you need a address harvesting possibility, and people are watching for this as seen in the shodan case, and an exploitable issue at the same time. Not impossible and you should use a firewall but orders of magnitude less scary than a public routable IPv4 address.

Next most likely is they are re-classed for private usage.

If they are re-assigned for use on the internet they will be assigned to the RIRs and distributed under their policies. No no way AWS are gonna be able to hoover them up like they can when acquiring space from existing holders.

Did the author need to crank out an "article" before the weekend?

This has been talked about for decades. It's not going to happen. The entire range is unusable at the networking core level, even if you magically had an OS that accepted it.

You can't tweak IPv4 any more. Accept the fact that while IPv6 may seem scary to some, it's the way we _must_ move.

Networking is not scary, learn it.

IPv6 availability is far from universal. I have 8 fiber ISPs to choose from. Zero of them offer IPv6.

That said I don’t feel there is any meaningful technical barrier to using 240/4.

My gigabit fiber provider only supports IPv4. Granted, they're just a VNO, using PPPoE on top of Eircom's network. Eir supports IPv6 if you subscribe to them directly, but their customer service is nonexistent and you'll be waiting over a year just for them to hook you up. For now I stay with the VNO because they have excellent customer service, except for not having an answer for me every time I ask them when they'll support v6.

Back in 2006 I gave a presentation on IPv4 end-of-life, when it was then predicted IPv6 would be entirely necessary by 2020 (i.e. that IPv4 would die out by then). This explainer/demo, almost two decades ago, got me a job offer... and yet two decades later I still don't use IPv6, myself!

Our dorm did this, with competitions to see "who could upload the most torrent traffic" [i2hub fiber between universities was just becoming popular]. Eventually the MAC address would be blacklisted, and all you'd need to do is replace the NIC and you'd immediately be "back in business."

>I got to play around a lot with of tech stuff that would have otherwise been out of reach

Memories, and it goes by so quickly (my ranting is from two decades ago). Then life gets serious =P

240/4 is already useful in sdns, vpns, and networks like AWS as a hop along the way. Merely moving it on the IETF/IANA ledger from reserved to unicast would recognize reality since 2008. It is hilarious how hard that has been.

Universal connectivity need not be a goal - can you imagine a portion of the internet completely immune from 30+ years of windows borne worms and viruses? :)

240/4 support in modern windows is a patch tuesday away which I would hope happen after it is moved from one side of the ledger to the other, officially. It (and 0/8) saves nanoseconds.

In doing these patches we noticed that NO IoT OS actually did the 240/4 or 0/8 check, and in deleting the checks for it in Linux, etc, 5 and 16 years ago, the internet did not melt down.

I see a lot of resentment from the router community that bemoans the extra work it will take to block these addresses, when if they don´t bother, nothing will change. Deleting code and acls for it, will actually speed things up.

The flack I took for the 0/8 patches from thousands of people and the 3 weeks it took to patch that out of everything were outweighed in terms of saving nanoseconds on every packet the first weekend that kernel deployed. 5+ years ago in the case of 0/8. Enforcing a stupid policy for decades for no reason seems silly. 0/8 should have been reclaimed in 1986.

As for what doesn´t work, who cares? Enough networks do already to make the 240/4 space usable. However AWS and google and perhaps others squatting on it!? and turning it into RFC1918 space, was certainly not my intent - I had thought that these addresses should be added to the global internet, for all mankind. Jon Postel would be spinning in his grave if he saw this abuse of this space.

I had delusions of setting up 255/8 (the most junky space available, much like 2.4ghz was for wifi) as a test, as a place to innovate, as a place to perhaps perfect udp-lite natting, and other protocols, within the open source community.

Lastly, everybody misses the most important draft of all, finally retiring the .0 broadcast idea (with no users since 1986) which will free up oodles of real world IPv4 address space. Most of that work is already done, it would take very little to finish it. Why is it so hard to get people to pay attention to that? https://www.ietf.org/id/draft-schoen-intarea-unicast-lowest-...

IPv6 also has a stupid idea about the zeroth address, only implemented in a few places that needs to be depreciated, which would shrink a lot of routing tables.

As regards to the zeroth address on multipoint L2 networks would it really help that much? I’m not sure many people are really gonna see massive improvement squeezing one more host onto subnets. Maybe at the smaller end of things, /30, /29, /28 etc.

Orgs are finding they can stretch v4 quite a lot, with load-balancers, proxies, NATs etc. The bigger headache in my experience is acquiring enough routable ranges to assign 1 for each site. A couple of extra hosts at each seems less critical.

If you have to exchange old equipment anyway, it’s better to use the new equipment to simply switch to IPv6.

1. With horrible consequences, admittedly.