HN Distilled

Essential insights from Hacker News discussions

Using the Internet without IPv4 connectivity

Original Article

Hacker News Discussion

Here's a summary of the themes from the Hacker News discussion:

Simplicity of SSH SOCKS Proxies for Temporary Needs

A significant portion of the discussion revolves around the ease and effectiveness of using SSH's SOCKS proxy capabilities (ssh -D) as a solution for various networking scenarios, particularly when compared to more complex methods. Several users shared this advice, highlighting its versatility.

  • "If anyone else runs into this, it's very easy to set up an ssh proxy: ssh -D 8080 user@hostname" - thexa4
  • "I was just about to offer the same advice. It's a far simpler solution to a temporary problem - and equally, a permanent tool for the times when you want to proxy." - daneel_w
  • "Don't forget that this function needs 'AllowTcpForwarding' to be enabled in your sshd_config." - daneel_w
  • "This simple solution versus the article reminds me of McIlroy and Knuth: ..." - czbd
  • "So, those mythical IPv6-only internet users actually exist :) That's some great network engineering." - czbd
  • "I once needed something like that for the perhaps more common inverse purpose, to work on something IPv6 from within my happy IPv4-only connection. A more limited, but quicker solution given full control of a server - I set up a SOCKS5 proxy, using: ssh -D 1080 -N myserver and set my browser to use it." - czbd

IPv6 Transition and Troubleshooting Difficulties

A major theme is the complexity and frustration associated with IPv6 deployment and troubleshooting. Users described IPv6 issues as being harder to diagnose and reproduce than IPv4 problems, often leading to partial outages or "almost working" scenarios. This difficulty is attributed to the various transition mechanisms, fallback code, and inconsistent ISP implementations.

  • "We find at our ISP that if we break something with IPv4 we experience a very different type of support issue to if we break IPv6. Breaking v4 results in, broadly, a pretty hard 'down' state. While folks are unhappy, it is at least simple. Breaking v6 results in weird, and a partial down, which manifests for the users as partial outages, slow starts due to fall back, etc. Especially if their gateways believe there is v6 when there isn’t." - simonjgreen
  • "Mirrors my experience. IPv6 issues are frustratingly hard to triage and reproduce, lots of 'works on my machine' etc." - danappelxx
  • "I think it's because of all of those transition mechanisms and fallback code added over the years. IPv6 fails the same way IPv4 does, but because of the terrible bullshit ISPs do to IPv6 connections, you end up with tons of software triggering obscure timeouts and fallback mechanisms that lead to a system of almost working networking code." - jeroenhd
  • "If the absence of IPv6 would've been treated the same way absence of IPv4 is, troubleshooting would've become a lot clearer. In fact, it probably would've been easier because ISPs can't just ignore and disable ICMP on IPv6 so you can actually get a hunch where in the network the problem is rather than seeing traffic vanish into the void." - jeroenhd
  • "I'm in the same situation myself. It's quite frustrating, since 2 weeks I have been told that 'the ticket is open and the technicians will take a look soon'. Not sure if stuff like this has a low priority since IPv6 works and it's not considered a total outtage?" - hashworks

Persistent Reliance on and Issues with IPv4

Despite ongoing IPv6 adoption, many critical services and applications still heavily rely on IPv4 or have incomplete IPv6 support, acting as blockers for a full transition. This includes major platforms like GitHub and Steam, as well as various CDNs and email servers. Some users expressed frustration with these companies for hindering progress.

  • "The POSIX bug tracker is not accessible over IPv6, either, because their AWS setup does not support it. The website administrators refused to fix this[1]." - mananaysiempre
  • "GitHub doesn't support IPv6 yet[1]. Ridiculous but true." - xvilka
  • "Blockers for switching off IPv4: ... github.com: zero ipv6 last time I did check. This is microsoft, do not expect anything good, actually expect the worst, for instance they broke recently noscript/basic (x)html for the issues." - sylware
  • "steam? games? Did not check lately. I think many CDNs/game servers or good chunks of them are still IPv4 only." - sylware
  • "many email servers: additionnally many blocks self-hosted email servers (often due to the usage of clumsy and inappropriate block lists from spamhaus, a shaddy company from Switzerland and Andore), with a DNS (SPF) or ip literals (even if it is much stronger than SPF)." - sylware
  • "I can confirm that Steam requires IPv4. Also some games that require authentication to play do too." - hashworks
  • "I think microsoft(github.com)/steam are the main dominant corpos dragging the world backward, well from an IPv6 point of view. I though steam had now IPv6 addresses." - sylware
  • "Don't forget IPv4 is favoring hardcore centralized online services." - sylware

Apple's IPv6-First Policy as a Positive Driver

Apple's requirement for all App Store apps to work on IPv6-only networks was highlighted as a significant positive force in promoting IPv6 compatibility. This long-standing rule is seen as beneficial for users, even if it can be a surprising hurdle for developers initially.

  • "One thing I appreciate about Apple’s App Store rules is that they require all apps to work on IPv6-only networks. They’ve had that rule in place for many years. It’s a little surprising as a developer the first time you run into it, but I’m glad it’s there as a user." - JimDabell

Workarounds and Solutions for IPv6 Connectivity Issues

Users discussed various technical workarounds and configurations to overcome IPv6 connectivity problems. This included setting up dual-stack on routers, using DNS proxies to inject AAAA records, and configuring specific client settings for IPv6-only environments.

  • "Since I wanted to fix this for my entire home network I also had to do this on my router - in those cases it's quite beneficial to have a non-standard device like an Ubiquiti EdgeRouter, not sure how I would have set up all the Wireguard routing and nat rules on something like a FritzBox." - hashworks
  • "Fritzbox actually has some very nice GUI steps for configuring a VPN connection, intended for Fritzbox to Fritzbox connections but any compatible VPN will do. It also allows setting up static IPv4/IPv6 routes (Home Network>Network>Network Settings>Additional settings>IPv4 routes/IPv6 routes)." - jeroenhd
  • "I have created a DNS proxy for this problem, it will add the correct AAAA records on such domains." - miyuru
  • "I've found that using my v4 only network from my ISP and macOS can do v6 only without requiring a DNS server like you have been doing. I don't remember the details now..." - somidscr21
  • "I'm operating a few IPv6-only VPNs at work, for access to internal infrastructure. The biggest problem so far is that Windows and macOS clients need a v6 DNS server." - avhception