IPv6 is (was?) supposed to be the next version of how the internet works under-the-hood.

We simply ran out of space on the old IPv4 system. However, IPv6's adoption has largely been a failure, even among technical circles.

The technology is actually good, but even after all these years, adoption has still not happened across the internet.

I'm not entirely sure why this is, but there is a surprising learning curve to use IPv6. It's rather similar to IPv4 but still seems shrouded in mystery and incantations.

TODOs

As it seems with IPv6 in general, there's a lot of "todo" floating around. This doc has them too, I'll update this as a living document as I can.

I've been looking more deeply into IPv6 for my work and professional development, but for me the deep intricacies of IPv6 are not necessary until the major backbone infrastructure of the UK internet, such as ISP's and the majority of major websites start using it.

And, as such the below may be not completely accurate! Please do correct me (see below) if you find any issues or can provide some more clarity.

IPv6 in the UK

In the UK, IPv6 is not the common standard. No mobile ISPs officially support it, but they will silently sometimes provide IPv6 only addresses to phones sporadically.

Github does not support IPv6 (last time I checked) and Docker does not support it by default internally for container networking. The chances are that the majority of your internet connections and web services don't support it, or have quietly broken implementations, leading to many "test in production" type scenarios.

This is not the case for everywhere in the world though, especially in developing countries and areas with rapid growth for online devices.

Perhaps it's because we've already got a lot of IPv4 addresses in the UK, so it's not been such a major need for the UK?

IPv4 to IPv6 Crash Course

IPv4 Basics

I'll assume you're used to IPv4, and roughly how it works on internal networks and on the internet.

127.0.0.1 is this computer, or loopback address often nammed "localhost".

192.168.1.1 is likely your home router address, which controls access to the internet for all your devices on Wifi and Ethernet.

192.168.1.42 (or what ever other number than "42") could be your devices internal IP address, or another device on the internal network.

Your router likely manages local device IP's using DHCP and also advertises itself as the DNS resolver, which it sends upstream to your ISP's DNS resolver.

It also handles port forwarding through NAT, and routing across your network.

IPv4 Port Forwarding

You may also be familiar with forwarding ports on IPv4.

e.g. a web service on your local computer could be at 127.0.0.1:8080, and only accessible from that local computer, or maybe you've forwarded a port on your router to allow a particular service on a particular computer 192.168.1.43:22 to be reached from the internet via a public IPv4 address.

Unless... you're behind a CGNAT (shared IPv4 address) which will prevent port forwarding from a public IP.

Forwarding port is often known as NAT (or Network Access Translation) or your router's firewall. In the IPv4 world, nothing (usually) can get though to your local network computers unless you tell your router to forward a particular port from your public IP address to a particular port on a particular internal IP address.

Unless.. you have Universal Plug and Play (UPnP) or have services that use trickery and incantations to attempt "NAT traversal".

The routers NAT, routing and firewall are frequently treated and seen as the same thing on small IPv4 networks.

IPv6 Assignment and "Port Forwarding"

The key thing to note with IPv6 is that we no longer need a NAT, but this is actually separate from a routers firewall and routing - which we still need.

IPv6 addresses are essentially IPv4 addresses with more digits (numbers and letters), i.e. they still follow a similar format.

If your router and ISP are set up well, your router will likely be assigned a public IPv6 address just like a public IPv4 address, but it also comes with "the rights" to a bunch more than just that one IPv6 public address. Denoted by a "/54" (or smaller) at the end of the IPv6 address settings in your routers.

This allows your router to assign a "public" IPv6 address to all your devices, just like your ISP assigned the router an IPv6 address.

It's like having a routers "public" IP address but for each of your internal devices. No more port forwarding required, as you don't use your routers IP with a predefined port, just the long-lived IP assigned to your device directly.

You may be thinking this sounds less secure, as wasn't the whole point of NAT and port forwarding to control access of all internal network devices? Well technical no, that's the job of the routers' firewall and routing tables which is still used in an IPv6 environment.

A lot of people online seem to incorrectly assume that NAT/firewall/routing are the same thing, due to their use in the small networking IPv4 world.

e.g. Although all your internal devices now have their own public IPv6 address, to actually send data you need to "allow" or set up a route on the routers' firewall to allow traffic on that IPv6 address and port though the router to the destination - but technically it's not forwarding traffic from one IP (the public) to another (internal) any more.

IPv6 Usage Basics

You may be used to entering in an IPv4 address directly into a web browser like "https://1.1.1.1/", thus bypassing the DNS system and going directly to that service on the internet (if the server allows direct non-domain IP-only name web access).

With IPv6 though, you'll need to "escape" the IPv6 address with square brackets for it to work. e.g. "http://[2606:4700:4700::1111]/" (this IPv6 link does not actually work as Cloudflare don't market their IPv6 address for the website content like they do with the IPv4).

TODO: get better IPv6 website example!

IPv6 has a bunch of extra technology under-the-hood that makes the internet better, but here are a few other "gotchas" that may be helpful to know about.

TODO: Explain these better solutions!

Empty parts of an IPv6 address, like a segment between the colons like 2606:4700:4700:0000:1111 can be short-hand written with nothing between the colons, like this 2606:4700:4700::1111].

You'll often see this for referring to the "root" of your network which is usually your router, and DNS server. Although this is not actually a requirement. e.g. Device IP 2a0b:c230:35:204c::7a6 -> Likely router IP 2a0b:c230:35:204c::1.

Several IPv6 addresses are actually assigned to your device, one normal public IP which you'll likely use and come across in the context of migrating or accommodating IPv6 on a IPv4 base network, but they also provide a "link-local" addresses... This essentially allows a network without a router (I think?) and is an address that refers to the direct connection/how the network is wired. I've not found a use for it just yet.

TODO: Explain and clarify the IPv6 prefixes and what addresses are usually assigned.

IPv6 is actually such a large space that all of IPv4 addresses can fit inside it. You'd be right to think that if you're on an IPv4, network you cannot talk to a device with an IPv6 address (without some sort of terminating proxy) but IPv6 actually has a copy of all IPv4 addresses inside it under a special IPv6 prefix.

If the upstream network is set up well, it can allow you to talk to an IPv4 devices using the IPv4's address inside the IPv6 space. Called NAT64.

IPv6 from your ISP

If you're lucky enough to have an ISP that "supports" IPv6, such as HyperOptic in London, don't expect it to work well or reliably.

Their IPv6 DNS resolver would often not work causing connection issues when browsing using their stock/default router, and the Routers Web UI did not support IPv6 configuration, so you could not change the IPv6 DNS IP either!

To get mine working I need to clone the default routers MAC address, and configure some mystical incantation on my own router... and then... hope.

Sometimes the ISP decides I've met the requirements and sometimes after a week or two of IPv4 only, I'll be granted an IPv6 address space without warning or notice. I've only seen it being taken away during a reboot, but never during in active connection.

There are several ways of distributing IPv6 unlike IPv4, which has has the most common DHCP or static methods. You have to know the right config for your specific setup.

A lot of UK ISP's support staff will not support or even acknowledge the existence of IPv6 on their network, even if it is supported. Even more fun, a lot of router software does not treat IPv6 well, or as a first class service, it's often a janky add-on that often lacks features needed to make it work in some instances.

Even Ubiquity Unifi (the expensive "prosumer" range of networking equipment) does not support IPv6 perfectly on Unifi Express or Unifi Gateway. It's often treated as a second class citizen in the UI when it comes to reporting and features like VPN servers or clients etc.

Hosting on IPv6

DNS... As you know, when you set an IPv4 address on a domain name via its name server records you set an "A" record.

When you set an IPv6 address you use an "AAAA" record. They can be the same as the IPv4 server or a different server.

Some hosting providers even provide a terminating proxy for common traffic like HTTPS to allow older IPv4 networks to connect to new and cheaper IPv6 only servers. But this is a proxy rather a real direct network connection.

You can sometimes use a VPN service provider like Mullvad or CDN's like Cloudflare to "fake" having an IPv6 connection if you need to confirm that a remote connection is online via IPv6.

Docker does not support IPv6 internally by default - in the past this seemed to convince me that it was impossible to host content online on IPv6 via docker, but that's not the case now.

The INTERNAL Docker network will use IPv4, but the external connections into Docker can be IPv6 just like IPv4 (assuming the server supports it). The one catch is that your containers can't reach out to IPv6 networks from inside the container.

So far, I've not managed to get IPv6 working reliability inside Docker networks on Debian 12 using Debian's packaged Docker Engine.

TODO: Find a solution for this.

Self-hosting under IPv4 CGNAT

A lot of home or even business ISP's will provide a shared IPv4 address to servers or residential connections called CGNAT (Carrier Grade Network Access Translation) which essentially disables port forwarding, they often charge extra for a dedicated IPv4 address which you could port-forward.

However, IPv6 could be the solution! Even if you have a shared IPv4 address it's unlikely that you'll have a shared IPv6 address, and so should be able to open ports as needed for your IPv6 only devices (as long as your client are not UK mobile devices as none no UK telecom providers consistently support it!).

Feedback

If you have some more common misconceptions to add here or have a correction please do reach out by email, and I'll update this post.