Hi I’m trying to understand the technical hurdles that are preventing the IPv6 rollout. I read some of the discussions here and many of the terms/concepts went right over my head.

Is there a YouTube video, a podcast, or even an article that can teach me what’s going on? Something that’s technical but not deeply technical.

Some of my questions:

1. Why doesn’t all dsl/ont modems support ipv6? Why isn’t that a firmware thing? Even so, why would this be a blocker? If your device doesn’t support it, then you won’t get it.
2. If the ip block allocation is done from IANA, then why aren’t they automatically assigning ipv6 addresses to all ASNs?
3. Since traffic is usually flowing through IXs, isn’t there an economic incentive for them to support v6? I assume that they’re all v6.
4. Do ISPs run equipments that are too old that they don’t actually support v6 on a hardware level?
5. What configurations do ISPs need to change to get it ready? What issues could the rollout cause?

So I'm trying to see if it's possible for me to slowly switch from a Dual-stack to a IPv6-mostly environment.

I've already setup a NAT64 gateway locally and one IPv6-only VLAN for now. For DNS I use my own Unbound server locally and for the IPv6-only VLAN I'm using Google DNS64. Everything works as expected for the IPv6-only VLAN.

I'm now thinking about switching on DNS64 on my local Unbound for my entire network which would mean that all dual-stack clients would mostly use IPv6 exclusively (either native IPv6 or NAT64).

But what will happen to my IPv4-only clients/devices when I turn on DNS64 for everything? If they receive a synthesised AAAA record they won't know what to do with it. Would these clients just fail?

Not sure if this is the right place to ask, however search results lead to this sub, so I'll try.

At Hetzner, which filters packets by MAC address, I have a server with a /64 range.
I read https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve/de?title=Proxmox_VE#routed-setup because that's what Hetzner's support told me to do.

So I have reverted from the bridges mode to have a single NIC (p5p1 (or enp5s0 or eth0)) and a vmbr0 iface.

I also have a dnsmasq server running, with the following config:

port=0
bogus-priv
interface=vmbr0
bind-dynamic
expand-hosts
domain=s0.dysv.de
dhcp-range=2a01:4f8:xxx:xxxx::10, 2a01:4f8:xxx:xxxx::ffff, 64, 24h
enable-ra
dhcp-option=option6:dns-server,[2a01:4f8:0:a0a1::add:1010],[2a01:4f8:0:a102::add:9999],[2a01:4f8:0:a111::add:9898]
#dhcp-option:option6:
dhcp-authoritative

I'd like to hand out a default gateway of 2a01:4f8:xxx:xxxx::4, which is my IP on vmbr0, to VMs.

All VMs need to be routes via ::4

https://preview.redd.it/3zfzejq4n2he1.jpg?width=1300&format=pjpg&auto=webp&s=12b2f9e6332a294fae9a0743102391fd460465da

https://preview.redd.it/4vbn9ie5n2he1.jpg?width=1300&format=pjpg&auto=webp&s=69b9088bed33aa3e21e50e8165d7a2b9cd0a4149

https://preview.redd.it/k8gxufx6n2he1.jpg?width=1300&format=pjpg&auto=webp&s=f4da8c1154a9aa6c9c10c44745543418bb463b42

I just setup my router, which uses PPPoE to get IPv4 and IPv6 from the provider. The WAN IPv6 starts with fe80::d921.

On the LAN side, I have configured SLAAC, and my devices are getting IPv6 starting with 2405:9800 and mask of /64.

Surprisingly, my Plex clients on the internet can connect to the Plex server in the LAN using IPv6. I did not setup any port forwarding.

1. Does this mean the 2405:9800 range is a publicly routable subnet?
2. If so, how does my router know that it needs to allocate this range to my LAN devices? Did it get this information via PPPoE?
3. If not, how is traffic entering my LAN to this private subnet?

I am a network engineer (Mostly Service Provider backbone MPLS), and have very little knowledge of IPv6.

PS: People answered and I realised that the LAN IPv6 subnet is actually composed of publicly routable IPs, via prefix delegation.

With an IP lookup or reverse IP lookup won’t anybody be able to find anyone if your ipv6 is revealed?

So i turned on my pc today and noticed that steam discord and any program i tried to open would be in a state of on and off from my internet connection and after trying a few ways to fix this found out that disavling IPV6 fixes this issue, has anyone else had this happen to them if yes how did you fix it because i would rather no have this setting disabled for my pc

My ISP (Delta Fiber Nederland) reverse resolves IPv6 address to a hostname. And that hostnames resolves to the IPv6 address.

So I guess my ISP use some standard (?) 2-way function / hash to calculate this? If so: which standard function?

sander@zwarte:~$ host 2001:4c3c:4915:7200:3f1e::1111 1.1.1.1.0.0.0.0.0.0.0.0.e.1.f.3.0.0.2.7.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-160pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host host-160pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl. 
host-160pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl
 has IPv6 address 2001:4c3c:4915:7200:3f1e::1111





sander@zwarte:~$ host 2001:4c3c:4915:7200:3f1e::1112 2.1.1.1.0.0.0.0.0.0.0.0.e.1.f.3.0.0.2.7.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-660pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host host-660pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl. 
host-660pivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl
 has IPv6 address 2001:4c3c:4915:7200:3f1e::1112



sander@zwarte:~$ host 2001:4c3c:4915:7200:3f1e::aaaa a.a.a.a.0.0.0.0.0.0.0.0.e.1.f.3.0.0.2.7.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-uewxivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host host-uewxivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl. 
host-uewxivbiuyckac00l.pd.tuk-w1d1-a.v6.dfn.nl
 has IPv6 address 2001:4c3c:4915:7200:3f1e::aaaa



sander@zwarte:~$ host 2001:4c3c:4915:7200::aaaa a.a.a.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.7.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-h3g2nr2h3543mc00l.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host 2001:4c3c:4915::1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-5t4n9z9lrp2lhwifl.pd.tuk-w1d1-a.v6.dfn.nl. 



sander@zwarte:~$ host 2001:4c3c:4915::2 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-zt4n9z9lrp2lhwifl.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host 2001:4c3c:4915::3 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.1.9.4.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-7t4n9z9lrp2lhwifl.pd.tuk-w1d1-a.v6.dfn.nl.



sander@zwarte:~$ host 2001:4c3c:1::1 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-0zg15rr91ec0t1p2l6i.as15435-a.v6.dfn.nl.



sander@zwarte:~$ host 2001:4c3c:1::2 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.c.3.c.4.1.0.0.2.ip6.arpa domain name pointer host-rzg15rr91ec0t1p2l6i.as15435-a.v6.dfn.nl.

So in my router displayed ipv6 WAN address as wxyz:wxyz:wxyz:wxyz:wxyz:wxyz:wxyz:wxyz/64

But it also displayed DHCPv6 PD to be wxyz:wxyz:wxyz:abcd::/64, my devices' ipv6 address also starts with wxyz:wxyz:wxyz:abcd:...omitted....

Shouldn't the first 64 bit of the address be the same?

We have a kind-of-ancient Brocade (now Extreme) VDX 8770-8 L3 managed switch for our campus networking at its core with NOS 6.0 (kinda old) running on it. We have enabled IPv6 with RA on each of its VE and have DHCPv6 server running in our network. The DHCP server is configured to distribute IP address and DNS information.

However, its 2025, and Android still doesn't use DHCPv6 and relies solely on SLAAC and RA to get all its IPv6 information. (Not to mention it also doesn't like anything where prefix is not /64)

The problem I am facing is that the NOS doesn't support adding RDNSS information in the RA, and hence the Android devices get IPv6 from SLAAC but are relying on IPv4 (dual-stack) DNS to receive its AAAA record.

Do we have a workaround to somehow get RDNSS information to the clients by means of some kind of 'proxy' RA, where a more advanced RA daemon with RDNSS capability can send RA packets instead of the Ve interface address on the switch?

I'm a small office do-it-all IT dude. I've been managing an IPv4 network with UniFi gear for years, but with remote work it's come to pass due to Circumstances™ that we actually (finally) need to set up IPv6. Sadly I'm a complete IPv6 ignoramus and am having trouble grasping the basic concepts. I hope someone can lend a little assistance.

We have a corporate fibre internet connection, and our ISP gave us a static /48 subnet. I set that in our WAN settings like this:

The WAN side

I'm a bit stumped when it comes time to divvy the subnet up into VLANs and to assign client addresses. With IPv4, we have a single static IPv4 address for our router (connected to the ISP's router/gateway box). There's a basic NAT with a 10.x.x.x/16 internal network, where we deal out addresses with DHCP. Repeat that for each of our four VLANs.

Here's what I'm faced with:

The LAN side for the Default network

Questions (sorry, there's a bunch...)

• What do I actually put in the IPv6 address field? Assume that the WAN side IPv6 address of our router is 2001:b33f:f33d::2, and the ISP router is 2001:b33f:f33d::1.
• Why is it "Gateway IP/Subnet"? I mean, what's it gonna be..?
• The netmask choices are between 64 and 127. I guess the default of 64 is fine here? Plenty of /64 subnets in a /48, if that's what that means here.
• Does each client receive a single IP from the subnet, or a subnet it can use to assign its own address as well as e.g. addresses for virtual machines or Docker containers with a bridged network config? (Edit: thinking about it, bridged clients are probably treated as full separate clients by the router, so scratch that part.)
• Is there anything in particular I need to consider when choosing the address space of the other VLANs?

Thanks in advance.

So a couple of weeks ago I had a frustrating conversation with a msp about mobile being unreliable for accessing the vpn. I said maybe using ipv6 would help. I got told how that was old tech and no one used it or wanted it. Later that day I wanted to test it, and to my surprise found my phone was not getting/using ipv6.

So, on a bit of a lark, I decided to call tmobile (usa) and complain. After about an hour an a half of getting transferred around I actually got the support folks to put in a ticket for the network folks. This all started at 10pm, and by the time I called it a night at 3am, I refreshed my test page, and to my surprised had ipv6. So I added at least one more device to ipv6. Now I wish I had thought to have some others test their connections and see if they turned it on for the local node or just my device.

Anyway, I thought I would share as I never expected complaining about ipv6 would actually work.

Seeking Feedback from IPv6 Experts! As part of my research at the @Georgia Institute of Technology on enhancing the secure adoption of IPv6, I'm developing a comprehensive policy framework to help organizations overcome the unique cybersecurity challenges posed by IPv6. While IPv6 promises scalability but its complexities especially with tunneling methods and Neighbor Discovery Protocol (NDP) create new attack vectors that require a specialized strategy. What I'm Working On:·  A policy framework to secure IPv6 deployments·   Best practices for mitigating IPv6-specific vulnerabilities·   Incident response strategies tailored to IPv6-related risks·   Real-world case studies of IPv6 misconfigurations or attacks (e.g., DDoS using IPv6) I’d love to hear from IPv6 professionals:·   What are the most pressing IPv6 security concerns you've encountered?·   Are there any best practices or tools you recommend for securely adopting IPv6?·   Have you experienced any IPv6-related incidents, and what lessons did you learn? Your insights would be incredibly valuable as I work to create a framework that organizations can implement to ensure secure IPv6 adoption. Looking forward to your feedback and suggestions!

Someone else can do the honours in 2026.

So just for fun I went into network settings in android, went to my cellular APN config and enabled IPv6.. and it worked! I have IPv6 on my cellular internet and indeed its P2P, so I can access port services on my android and vice versa!

For info, the cellular provider is ukrainian Lifecell

Hi, I want to use a Raspberry Pi for a project and I want to ba able to reach it from anywhere using ipv6. There are some usb devices that take a SIM card and can get you on the internet, but are there any providers that I could do this with that would give me a globally routable ipv6 address?

I tried hot-spotting, usb tethering, and ethernet tethering my at&t smartphone, but the attached device does not receive an ipv6 address in any of those cases.

So, since my phone upgraded to Android 15 some weeks ago, I've had no V6 connectivity in the home (via wifi). Other devices are fine with a mix of DHCPv6 and slaac (windows, macos, apple tablet, Samsung android phones, Linux). No matter what I do, my phone won't route out. Changed radio settings on my APs, changed RAs (OPNSense), even moved to a different /64 iny PD.

It must be getting the RAs since it's determining slaac address space correctly, but I can't figure out what the F android 15 on pixel does that is apparently different from every other platform.

Your thoughts are appreciated.

Are there any alternatives to waybackmachine.org that support IPv6?

It seems like they are on the Wall of Shame as well.

Yeah, that's a mess of a title...

So I'm trying to piece together my options. I have recently gotten onto a IPv6 supporting ISP (finally), and have been considering how to enable it on my network.

In short:
What software can I use that will update relevant prefixes in it's configuration (DHCP, DNS and Firewall) when the ISP changes my prefix, and will happily respond to DHCP requests via a DHCP relay (including allowing me to specify what subnet belongs with what relay)?

The detailed version
My current layout:

NTU > Firewall & DHCP/DNS server > Core Switch > several VLANs.

The connection between the Firewall and Core Switch is a transit VLAN. All inter-VLAN routing occurs on the core switch (a ICX 7250) so I can have wirespeed 10Gb between some of my hosts.

The Firewall is a VM on a little Xeon 1U server in my rack. I don't really want to have to buy an additional router to sit between the NTU and it (or the Core Switch).

My ISP will give me a /56 prefix for my IPv6 devices once I set my firewall to ask for it. But in deciding how to set it up, I have gotten stuck dealing with the following factors:

1. If I change ISPs down the track, the prefix changes. (this is plausible as both fibre networks here are wholesaler owned and resold by multiple ISPs, so changing for "new customer" deals is on the cards)

2. The Firewall does not have local interfaces in each VLAN for responding to DHCP or RA requests.

While stuck in IPv4-land, I've just used the Core Switch's IP-Helper function to relay DHCP requests from each VLAN to the Firewall for assignments and keeping the local DNS entries up to date. Obviously it has not mattered much if my public IPv4 address is changed by the ISP, a single dynamic DNS update solves providing direction to the couple home-hosted services I run, and has no impact at all on the internal network.

I've been looking on my days off at different software to handle this but can't seem to come to a resolution on a single suite that will support my network quite right, so I'm wondering what everyone else uses to run similar networks?

What I've looked at so far (and the issues I've faced):

- PFsense/OPNsense: problem is their DHCP configuration doesn't support subnets via relay (they need a interface directly in each subnet)

- Vyos: supports IPv4 subnets via relay, but for IPv6 there is no way to assign a particular subnet to a particular relay. Also requires hardcoding the ISP delegated prefix in the config, so you have to manually change that if you change ISP (or the ISP changes the delegated prefix for any reason)

- openWRT: seems to support this all (maybe) but I can't figure it out for the life of me. Their documentation leaves a bit to be desired. I haven't worked out if it expects the prefix to be hardcoded in the config or not. Updating it in a VM is a significant pain compared to literally any other options.

- Kea on a plain Debian system: allows assigning IPv4 and v6 subnets based on the relay ID a request comes from, yay! But requires the prefix to be hard coded in a couple places in the config. all th scripting solutions I've found involve deleting and re-creating the subnet definitions when the delegated prefix changes, which feels very hacky and tedious.

I do have 3 services I host from home currently port-mapped out to the world. It would be nice to have them available via IPv6 but for that I need dynamically updating firewall rules to deal with prefix changes, and I haven't gotten far enough into any of the above to see if they support that, though I have seen a few scripts for updating nftables on network changes for this sort of thing on Debian.

I will have ULA addresses internally as well, so I'm not worried about losing local connectivity between things, but I would be very nice to not have to do anything other than renew a DHCP lease on the Firewall when switching ISPs, and really a must to not lose connectivity to hosted services if I end up on a ISP that cycles me through IPv6 prefixes in the future.

Sooooo... any suggestions are super appreciated!

RESOLVED: I did not setup the tunnel as 6in4 (set it up as 6to4) that fixed it.

I have tried all the things I can find. I have setup my Asus (merlin) router. I have created a tunnel with https://tunnelbroker.net/ but I still show

https://preview.redd.it/yczpedagicfe1.png?width=395&format=png&auto=webp&s=839e97083da6c498609020485579e30c36892df6

Would anyone be able to help me troubleshoot?

So I head that ISPs usually allocate 64/ IP block per customer. That means, I could access 18,446,744,073,709,551,616 individual hosts of my network, if I allow ports, access on router?

What IP6 prefixes ISPs usually allocate? Do they allow ports?

Regarding ISPs allowing/blocking ports, it would make more sense if they don't, since additional firewalling requires more computational power, which is very costly on gigabit speeds

i can't live off CGNAT for gaming, any ipv6 only servers games available? and yes i had to uninstall almost every online live service game that i had, the only who lived was the "Pirat... Borrowed" ones.

So... it is very fortunate that the stars aligned, and I got IPv6 access from home again last month: I was able to use that to help troubleshoot and establish IPv6 on my work's datacenter rack. Which became useful, because apparently my datacenter provider sold a bunch of IPv4 blocks & didn't notify folks until after they realized their mistake. They had to scramble to re-provision folks with new blocks. Fortunately, I had set aside permissions to allow IPv6 connections from my home subnet, and was able to re-program the datacenter router with the new IPv4 allocation. It's gonna take me a few days to make sure all my users are set to use the new VPN address I had to setup (Netmaker WireGuard configs go by IP, not hostname, currently), and I have to finaggle some datacenter stuff still.

Damn right I'll be putting in an SLA credit request after this fiasco.

This is regarding my home WLAN. The router is getting an IPv6 address from the ISP. However computers are not getting global IPv6 addresses.

From the router WLAN status:-

ifconfig output from Linux terminal:-

    wlxxxx: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.1.xx  netmask 255.255.255.0  broadcast 192.168.1.255
            inet6 fe80::xxxx:xxxx:xxxx:xxxx  prefixlen 64  scopeid 0x20<link>
            inet6 fd48:xxxx:xxxx:xxxx:xxxx:xxxx:xxx:xxxx  prefixlen 64  scopeid 0x0<global>
            ether b8:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)

As you can see, prefix delegation does not seem to be happening. The computer is not assigned any address starting with 2 or 3. Only fe80 with is local and fd48 which I am sure is not global, but not clear what category.

The current DHCPv6 setting in the router is:-

DHCPv6 Mode: _Auto Mode_	
IPv6 Address Suffix Pool: ::1 - ::ffff
IPv6 DNS Mode: 	Auto

Apart from the auto mode, there is a Manual > Prefix mode too. Please find default below:-

DHCPv6 Mode: Manual
Address Mode:	Prefix Mode
IPv6 Address Pool: (Blank by default, what shold be provided here?)
Prefix length: 64
Preferred Time: 120 secs
Valid Time: 120 secs
IPv6 DNS Mode: 	Auto

In addition to this there is a Manual > Pool mode as well.

Could you please help what needs to be done so that the computer gets a global address through prefix delegation from the router? Would switching to prefix mode do it, or is it something else?

Right now it seems like ATT Fiber only provides a /64. Has anyone been able to get a larger prefix delegation from them? Or is there anywhere I could complain to them about it?

Does enabling ipv6 on your home router reduce dropouts?

Up until about a week ago I was experiencing dropouts, about three or so a day and mostly when watching streaming TV.

Then I enabled ipv6 on my Asus router and (fingers crossed) I haven't experienced a single dropout all week.

Is there a logical explanation for this or is it purely a coincidence?

Hi everyone,

I'm trying to make my Terminal Server Gateway, which only has an IPv4 address, accessible via IPv6. I have a somewhat complex network setup and could use some expert advice.

Here's the situation:

• I have a Terminal Server Gateway that only has an IPv4 address.
• I have a Debian 12 VPS with both public IPv4 and IPv6 addresses.
• The Terminal Server Gateway is behind a firewall (Watchguard), which handles NAT for it. The firewall itself only has a public IPv4 address.

My goal is to use the Debian server as a relay to enable IPv6 connections to reach the IPv4-only Terminal Server Gateway. The desired traffic flow is:

1. A client connects via IPv6 to my Debian server.
2. The Debian server forwards the traffic through an IPv4-based VPN tunnel to the Watchguard firewall.
3. The Watchguard firewall performs NAT and forwards the traffic to the Terminal Server Gateway.
4. The response follows the same path back to the client.

My main challenge is handling the IPv6 to IPv4 translation/forwarding on the Debian server, especially in conjunction with the existing VPN tunnel. I believe I need to use some form of NAT64 or similar, possibly with nftables, but I'm unsure about the correct configuration for this scenario.

Any help or advice would be greatly appreciated. Thanks in advance!Exposing IPv4-only Terminal Server Gateway via IPv6 using Debian 12 as a Relay (VPN, NAT)

Does anybody know which residential ISPs run IPv6 in Southern California (Inland Empire specifically)? I have Frontier and they don't even know what IPv6 is (I've called and asked many times over the years). My other option I'm aware of is Spectrum, but I don't know if they run v6 in this region.

It's finally happening! Microsoft enabled IPv6 on more than 40 thousand .se domains for incoming mail last day! https://ipv4.fail/ ( or https://ipv4.rip if you have IPv6 ) .se TLD has increased its IPv6 MX from 18% to 25% since November 2024 😀