home |
electronics |
toolbox |
science club |
tuxtalk |
photos |
e-cards |
online-shop
Why is IPv6 a failure and how to disable it
Proponents of IPv6 argue that it has advantages over IPv4 and IPv6 is inevitable because
there is no other option. The reality shows however that IPv4 is as strong as ever. Next year it's 25 years since the introduction
of IPv6 and yes, IPv6 is happening but is there any benefit for you running IPv6 as client side endpoint on the internet? No!
IPv6 is a protocol that is incompatible with IPv4 in the sense that there is no seamless transition from one protocol to the other.
It's very much akin to Intel's strategy of replacing their successful x86 line of processors with an incompatible RISK processor architecture called Itanium. Yes, it was supposed to be better but nobody bought it. Instead everybody went with the backward compatible AMD 64 bit architecture
and that is what you get today when you buy an Intel processor. Why am I mentioning this? Because history has shown over
and over again that there is no way of replacing a successful technology with one that is incompatible while offering only marginal benefits
(VHS vs Betamax, Porsche 911 and replacement models, ...).
Market forces will always win. Ideologies or technical considerations are irrelevant in those cases.
Am I an opponent of IPv6? No, I think it is good to learn about it and there are a lot of companies that need expertise in this
area. To know about this protocol is a very good thing from an educational and employment perspective. Does that mean
that IPv6 will replace IPv4? No, IPv4 will stay forever until the entire internet is replaced by a completely different technology. IP has its limits when it comes to communication over very long distances. E.g between Mars and Earth. One could envision a technology that enables interplanetary communication and it might replace IP. Something like this could easily happen.
We will replace IP one day.
Why was IPv6 created?
IPv6 was created in 1994 at the start of the world wide web boom. At that time each domain hosted on a web server needed
it's own IP address and it looked like IP addresses would run out soon.
Today many web sites (domains) can be hosted
on a single server using only one IP address. NAT (network address translation) had problems in early days and
it was not always working for all protocols. NAT allows many client side users to just use one public IP address. Today
NAT is ubiquitous and it works very well. Every router in every home uses it. All mobile networks (mobile data) around the world use NAT because mobile network operators assign private addresses to your phone. The only exception are some large mobile network providers in the US.
They don't really need to use public IP addresses but they do because they have those large subnets of IPv4 addresses anyway. They just use it for something even if it is not needed just to hold the address space and claim that it is used.
There are as well a lot of large companies which provide internet access to their employees only via a proxy server.
In other words none of those computers can connect directly to the internet yet they use publicly allocated addresses
in their internal networks because they have them.
Almost all IPv4 addresses are now allocated but a big portion of those are not really used or not used in a good way. Those IPv4 addresses could be freed up if there was a real need to use them.
In other words there is an artificial shortage of IPv4 addresses. It exists on paper but at the moment it does not exist in reality. Therefore
nobody is in a hurry to go to IPv6. IP addresses used to cost nothing and we can expect that they will soon go up in value. When those IP addresses have a value higher than the cost of changing a companies IP addressing scheme then we will see companies feeing up space and selling it.
How is the transition supposed to work?
IPv6 and IPv4 are incompatible. Therefore one has to have a phase where computers can use both protocols during
a transition phase.
Two mechanisms are available for this:
- dual stack: your computer runs both IPv6 and IPv4. Originally it used to work such that IPv6 request were sent out
if DNS showed that the destination server supported IPv6. The problem was that many servers had IPv6 DNS entries but
there was no service on IPv6. Using IPv6 at that time was a terrible experience. Google came then to the rescue
and implemented the happy eyeball protocol. To communicate, messages are always sent on both IPv4 and IPv6. The answer
that returns first wins and that protocol is then used for subsequent communication to the same destination.
- IPv6 only and a NAT64 gateway: computers have only a IPv6 address and a special gateway it used to access IPv4 networks.
In any of the solutions more IPv4 addresses are needed to facilitate the transition phase.
Note that there is no deadline or even a reason to start the transition phase. It's all up to what you believe or not believe.
Note as well that there are some applications such as Microsoft Skype that started only mid 2017 to support IPv6 even though Microsoft windows does support IPv6. In other words if you wanted to run Skype before 2017 then you had to use dual stack and IPv6 only with NAT64 was not an option.
Dual stack and when to disable it
Dual stack creates more network traffic and uses more CPU cycles. Some people argue as well that it is insecure because it
creates a bigger attack surface when you run both protocols. In most cases dual stack achieves the same thing as an IPv4 only computer. It's just additional complexity for nothing. How do you know it's for nothing? You can check if your
internet service provider gave your router an IPv6 or an IPv4 address. If it has only an IPv4 address then
all the dual stack complexity inside your computer is for nothing. You can simply disable IPv6 and use only IPv4.
How to disable IPv6 on Linux?
First you should check if your Linux computer runs IPv6. You can do this with the command ifconfig:
guido@mypc:~$ ifconfig wls1
wls1 Link encap:Ethernet HWaddr 00:22:fa:d0:17:80
inet addr:10.0.0.51 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::171a:d3cb:c6c4:39ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67 errors:0 dropped:0 overruns:0 frame:0
TX packets:148 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13405 (13.4 KB) TX bytes:21960 (21.9 KB)
Note the IPv6 address in the above printout.
There are multiple ways to disable IPv6 on Linux. It is possible to disable it on a per network interface basis (using sysctl) but
that is really not cutting it since there is still IPv6 code running. You can completely disable in 3 ways:
- Compile the linux kernel without support for IPv6.
- Write a one to the file /proc/sys/net/ipv6/conf/all/disable_ipv6
- Set ipv6.disable=1 on the kernel command line when booting from Grub
I will explain the two later options:
root@mypc:~# echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
root@mypc:~# ifconfig wls1
wls1 Link encap:Ethernet HWaddr 00:22:fa:d0:17:80
inet addr:10.0.0.51 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:285 errors:0 dropped:0 overruns:0 frame:0
TX packets:331 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37544 (37.5 KB) TX bytes:42038 (42.0 KB)
You can put this "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6" into a start-up script such as
/etc/rc.local.
A better option is in my opinion to edit the grub config. Here is the procedure for ubuntu.
guido@mypc:~$ sudo vi /etc/default/grub
Find the line that contain "GRUB_CMDLINE_LINUX_DEFAULT":
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
Add "ipv6.disable=1" to the boot option, then save your grub file:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
Finally, update grub:
guido@mypc:~$ sudo update-grub
Reboot and check that IPv6 is disabled. Print as well the kernel command line:
guido@mypc:~$ more /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.4.0-21-generic root=UUID=9e802c3b-0080-4f9a-9a71-93bed6e547fc ro ipv6.disable=1
Linux sshd X11 forwarding fails when ipv6 is disabled
sshd has a configuration option called AddressFamily (in /etc/ssh/sshd_config) and many linux distributions set it by default
to "AddressFamily any". If you disable ipv6 and leave "AddressFamily any" then sshd will still try to work with ipv6 addresses and that causes X11 forwarding (ssh -X ..., remote start of graphical applications) to fail. You get this error:
Apr 2 12:53:14 lenie systemd-logind[1430]: New session 201 of user guido.
Apr 2 12:53:14 lenie sshd[372]: error: Failed to allocate internet-domain X11 display socket.
Note that ssh logins as such do still work despite the error. Just the X11 forwarding fails because sshd does not create a listen socket at 127.0.0.1:60XX (XX is the X11DisplayOffset value from /etc/ssh/sshd_config).
The fix is to set "AddressFamily inet" (inet instead of any) in /etc/ssh/sshd_config.
When will the internet be only IPv6?
Here is a graph showing the expected time line. It's now over 15 years old.
Time plan to go from IPv4 to IPv6.
As you can see we should be mostly running IPv6 by now. Will we ever reach the IPv6 era? Probably not.
I believe in IPv6 why should I not try to use it?
By all means, use it, explore it and play with it. I am just suggesting that if you are not into IPv6 then
you can simply disable it and save resources.
IPv4 will be there forever and it will always work. NAT is already so omnipresent that any
application will always work over NAT. Some people dislike NAT but NAT is the reality. Especially the rise of
mobile data has given NAT a big boost (as well as IPv6) but IPv6 still remains a marginalized solution.
© 2004-2024 Guido Socher