Some thoughts on IPv6.
That is pretty stupid and clueless.
I understand IPv6 just fine and have set it up from scratch many times in large networks.
So I can very confidently say that it really sucks. It was designed in the 1990s before we understood any of the problems we’d be facing in the 2020s. And it shows. It’s creaky and ill-suited to its actual use. It has security assumptions that aged poorly (IPSec everywhere? Sure, Jan.) and features that will never be used. It’s mostly cruft and useless crap with some ok functionality if you’re using dial-up.
First, its human-unfriendly addressing makes diagnostics, documentation, and training way harder. No fucking one alive can remember or understand just by looking at it what 2001:0db8:85a3::8a2e:0370:7334 means or does. (For my non-techies, that is an IPv6 address, like 192.168.1.1 in IPv4).
Additionally, no matter what you’ve read, NAT actually is a great security feature and IPv6 only begrudgingly supporting this is clownish and harmful.
The crack I made about dial-up earlier was actually leading to something. IPv6 was designed long before cloud-native networking became a thing. That means it was created when it was implicitly assumed that all hosts had one interface and one static address. These days, containers, VMs and ephemeral workloads are dominant. IPs change all the time, get re-assigned and altered, sometimes every few seconds. IPv6’s assumption of a static architecture makes it poorly-suited to dynamic cloud environments.
Also, for we admins, things like stateless address auto-configuration (SLAAC) and router advertisements give us less control. We actually need this control and visibility for security and observability. Allowing IPv6 to do its black-box magic is not any advantage for us. It is in fact actively harmful and makes networks much harder to secure and administer.
IPv6 also assumes end-to-end connectivity is a good thing — that everything should have a public IP address and be on the public internet 24/7 (related to my point about NAT above). Bro, I don’t want my washing machine or toaster on the internet. Trust.
Subnetting in IPv6 is also absolute crap. “Just use a /64 everywhere!” Why, god, why? This just adds complexity, not reduces it. Insanely dipshitty.
And don’t get me started on the fucking idiotic link-local address. For those not in the know, in IPv6 every interface gets assigned a link-local address to talk to its neighbors. This is bad! It’s not routable, is a security hole, it causes problems in logging and diagnostics and with multi-hop while being confusing and inobvious to most network admins.
Of course, IPv6 also replaced ARP with NDP. This inefficient-as-all-hell turd of a protocol has more useless steps, a larger (and difficult-to-audit) attack surface, is far, far more fragile and requires complex (and also fragile) firewalling. The clowns replaced a dumb but reliable protocol (ARP) with an insecure, “smart” but fragile one. Great job.
It also has crap DNS integration. The designers back in the 1990s assumed we’d use an IP address for everything. Hostnames and DNS were an afterthought. Meanwhile, DNS is used for absolutely everything these days.
IPv6 also makes network planning far harder. Global prefix delegation, renumbering, and prefix lifetimes are a goddamn nightmare. Get it right the first time or you are screwed (ask me how I know).
And, related to a point above, IPv6 was designed for well-structured pre-built networks with planned addressing, stable routers, and consistent ownership. That means it really does not work well with mesh networks, ad-hoc clusters, cloud VMs that spin up/down in seconds, serverless functions…I could go on.
IPv6 is like giving a skateboard to a donkey. Sure, theoretically it might be able to get wherever it’s going faster. But what the hell is a donkey going to do with a skateboard in reality?
(Source: I am an active CCNP, have worked in tech for 20+ years, and have designed hundreds of IPv4 and IPv6 networks from the ground up and then built them out myself, often purchasing all the required hardware as well.)