The time has come: we must enable IPv6 entirely

There aren’t enough IPv4-addresses to accomplish that on the longer term. Already people are being put behind Carrier Grade NAT, sharing scarce IPv4 addresses with an entire street or district. Try to imagine what happens if many IoT-devices attempt to synchronise at the top of every hour from an ISP that deploys CGNAT (mine does). They resolve pool.ntp.org and the ISP’s resolver hands all of them the same IPv4 addresses (and never any IPv6). That is a lot of rate limiting kicking in on those poor NTP-servers (who only see one single CGNAT source address sending a lot of NTP requests). Not very productive at all, right? Now try to imagine that this scenario is likely to be a reality already today and it’s not going to get less in the future. Quit the opposite.

3 Likes

You’re right about the fact that it’s not the place to discuss about IPV6 vs IPV4 but the point was about having 1 IPV6 address per house and people do what they want on their internal network.

1 Like

Marco you are missing the point.

If big tech like e.g. Microsoft, IBM and MIT wouldn’t be so greedy for address-ranges we wouldn’t have this problem and IPv4 has plenty space left. It’s just a few sites that own 2000000000 addresses, that is the real problem.

Goodluck with your IPv6, I won’t touch it anymore and stick with IPv4.

This was never about trying to convince you (or anyone) to appreciate and use IPv6 (although now you are missing out on https://42.dnslabs.nl/). It’s about adding more IPv6 DNS-records (AAAA records) to pool.ntp.org. And more IPv6-capable servers too, if at all possible. Simply to serve an ever increasing amount of IPv6-capable clients properly, rather than via any CGNAT addresses or anything similarly sub-optimal.

3 Likes

You wrote at the top: The time has come: we must enable IPv6 entirely

At the same time your name pops up at the kpn forum where you are pushing IPv6 in 2017.
There also nobody cares about IPv6.

You seem to be the only one :slight_smile:

300Gbps in Amsterdam on IPv6.

33% of Google users use IPv6.
https://www.google.com/intl/en/ipv6/statistics.html

I’ll let the numbers speak for themselves

If I get this right, this odd DNS setup to serve only AAAA records on one of the authoritative servers is yet another way to load balance traffic.

Otherwise, if all servers would also serve AAAA, it could potentially overload v6 severs while v4 servers would be just fine, given there are more IPv4 NTP servers than IPv6 servers.

That is indeed an odd use of DNS, but the pool is not a typical zone; so it makes sense in terms of using it to load balance, albeit it’s odd for DNS folks.

Does that make sense?

The numbers are speaking because a lot of devices on IoT are using IPV6 and we just don’t care about those devices, like my mobile phone that use IPV6 address when connected on LTE network. I just want connectivity, that’s all. Same for my VPS that use IPV6 too, it works, good ! I suppose that cases like that are the way to go. It’s just too complex if somebody is hosting an internal NTP server for the pool because IPV6 and NAT seems a PITA (for the moment).

Enough talk about that guys, I think there are enough arguments from each side. The project need good IPV6 servers and IPV4 servers. Time will write the rest of history…

1 Like

What about Android users? So you’re saying you don’t care about them when they’re on LTE?
I think this is rather unfair to them.
([0--3].android.pool.ntp.org)

Maybe it’s a given for you and other folks, but again, is this designed for loading balance v4/v6 traffic? (see my previous comment)

For the record: I am not yet advocating full support for v6 given that the v4 and v6 resources are heterogeneous. I’m just trying to understand first the design choices.

1 Like

I said device, not user. And I’m talking about my situation. If my mobile phone has an IPV6 when connected to my mobile data network, why i would care about the type of ip addressing, I’m not remotely connecting to that device anyway. So my mobile phone has an IPV6 address, connecting to the pool with IPV6 and get time from a server talking IPV6 too ? Good job ! We are saving some IPV4 adresses. No problem here no ? Why arguing on that, everything is fine.

My internal network is IPV4 and I just can’t easily get time from the pool with IPV6 (bad exemple here as my ISP not giving me an IPV6 address anyway). So no problem here too … IPV6 is bad for internal network or NAT. And no I don’t see any case where my internal NAS will be IPV6 because I don’t need that. My ISP has to give me an IPV6 address and I will NAT to it.

Topic : We must enable IPv6… do it. IPV4 must stay too (for the moment) that’s all.

@Bas your ignorance about IPv6 is not an excuse for us not to use-it. You can have your own opinions but the reality is that you are wayyy off of what the actual usage and use-case of IPv6 is. So please don’t continue with you anti-v6 bullshit and v4 ignorance on this thread and lets debate about the original question.

Personally I’m all for it. As for really good load-related question, we could “canary-release” the AAAA record starting with one continent (or country) first, and see how it goes ?

6 Likes

If we do not add IPv6 addresses to the names other than 2.pool.ntp.org, the world will circumvent us. For example, on CentOS 8, in the file /etc/chrony.conf contains the following default entry:
pool 2.centos.pool.ntp.org iburst
(There isn’t 0, 1, 3.centos.pool.ntp.org entry there.)
The number 2 is not accidental, for the time being only that has IPv6 addresses.

If we add to 3.pool.ntp.org IPv6 addresses, the usage of the IPv6 NTP servers will not double. The modern client systems configured like CentOS 8 will not increase their access over IPv6, since they are already fully doing it.

5 Likes

Sorry for my ignorance with the DNS / NTP / pool backend setup but the network guy in me try to understand.

2.pool.ntp.org” is answering some AAAA records that are load-balancers, servers, something!. The fact that [0,1,3].pool.ntp.org is not doing the same is a question of performance to avoid an overload of the same bunch of “equipment” ? Is there an overload caused by the fact those servers answers IPV4 and IPV6 ?

One more observation: documentation suggests to use pool.ntp.org preferably. However, there is never an AAAA-record handed out in that case. So once we are happy and confident with AAAA’s on 3.pool.ntp.org (and maybe at some point 0 and 1 as well), the next step would be to look at pool.ntp.org.

3 Likes

Marco, don’t you get it? Nobody uses IPv6 on purpose, all systems are reachable via both.
As such IPv6 and IPv4 are the same and this will not change.
There is also no need to change as almost everybody uses NAT/PAT for their private network.
The problem of exhausting IP’s has long been solved.
As more and more companies release reserved IP4-ranges, the need for IPv6 will become absolete.

World IPv6 Day was announced on January 12, 2011, we are 10 years further, it has not been adopted.
Ergo it will never be adopted and probably replaced in the near future.

If the majority of people reject something, you can push all you like, it will not be the dominant system.

Look at VHS, Betamax and V2000… :slight_smile:

I recently added a new server to the US Pool with support for ipv4 and ipv6. Even setting netspeed at most, I get on average only 250pps of NTP ipv6 traffic, while ipv4 traffic is around 6000 pps.
I would be happy to see more efforts to add AAAA records to pool domains.

2 Likes

Pretty much the same here… almost nothing on IPV6 side and it’s supposed to be the way to go.

Are they?

You probably know just as well as I do, that running two separate servers in a homework that should both be reachable on port 80 from the outside isn’t a trivial thing to do with NAT-ed IPv4. You have probably also seen the many topics here of people finding it hard to run a pool-server behind NAT.
Why? Because NAT is a hack. A workaround, invented to combat the shortage of IPv4 on the short term, while a new addressing scheme was being developed. Yes, it does the trick - to some extend - but it still is a hack. And with ‘Carrier Grade NAT’, it’s becoming an even dirtier hack too.

Experts (like Vint Cerf himself, but many others as well) have acknowledged this already a long time ago and this led to the development of a new scheme; IPv6.

Making the switch from IPv4 to IPv6 hasn’t been easy. Partly because of the succes of NAT that reduced the urgency for change, partly because they didn’t make it backward compatible and partly because of people like you, who resist change.

But although progress is perhaps slow, it is steady.

Please inform yourself and look at the many independent statistics that where presented to you in this thread:

https://www.google.com/intl/en/ipv6/statistics.html
https://stats.labs.apnic.net/ipv6/

But also:
https://www.facebook.com/ipv6/
https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/state-of-the-internet-ipv6-adoption-visualization.jsp
etc.

I assume you are also aware that many of the populair sites on the internet are available over IPv6. Like LinkedIn, Facebook, Google, Netflix and quite a few others. Even this forum is reachable over IPv6.

Simply because you want IPv6 to be a failure, doesn’t mean it is.

2 Likes

Well, this is exactly my point!

If the DNS of the NTP-pool hardly hands out any AAAA-records, how are you supposed to receive any clients via IPv6?

3 Likes

I just don’t know what to say, somebody has to say something about IPV6 because the pool is saying " ok folks, let’s join your IPV6 server to the pool ", but nobody is polling it.

I don’t get the point to only have 2.pool.ntp.org with AAAA records. A lot of systems devices are not supporting 4 ntp servers or people are just using " pool.ntp.org " or " [country-code].pool.ntp.org " but no AAAA records are being answered for any of those 2 entries…

We need an update related to that news dated from 2013 :
https://news.ntppool.org/2013/06/ipv6-monitoring-problems-for-german-servers/

[…] Also this is the answer to “why don’t we have IPv6 servers by default on all the pool zones” yet. As you might know only “2.pool.ntp.org” (and 2.debian.pool.ntp.org, etc) returns AAAA records currently. […]

So, nothing since 2013 ? No AAAA records because of a monitoring problem that happened in 2013 ?

1 Like