Comment by einpoklum
5 days ago
> In the enterprises I've worked in the past decade with IPv6 running
What about those without IPv6 running?
Anyway, in the enterprises I've worked in the past decade - of course, another anecdote - not once has anyone ever specified an IPv6 address of anything. Inside the organization or outside of it.
why would an enterprise turn to IPv6?
everything fit's nicely in the 10.0.0.0/8 range
in my many decades of enterprise infrastructure, no-one has ever mentioned IP6 either.
why would they, whats the business case?
The problem with private address ranges is that everyone thinks they're available. In a large enough enterprise you're bound to have conflicts. They usually pop up at the most inconvenient time and suddenly you're cosplaying ARIN in your IT department.
> everything fit's nicely in the 10.0.0.0/8 range
Except during a merger/acquisition and both companies have 10.0.0.0/24 in their OSPF or IS-IS topology.
> everything fit's nicely in the 10.0.0.0/8 range
Except for when it doesn't.
If you just use that space as a flat range, it is almost certainly more than enough. But if you split it up in multiple levels of subnets, you can run into difficulties balancing having enough subnets and having enough space in each subnet.
240/4 is private and more than sufficient.
2 replies →
We burned thru pretty much all of our public /8, RFC1918, and have begun digging into RFC6589 (a /10 I didn’t even know existed prior to job). Still shocks me. Hardly an expert in the space, but I think the issue comes from subnetting to distribute ranges to teams that need a consistent IP address space for some project or another. Lots of inefficiency & hoarding over time. We’ve had legitimate outages and impending platform death staved off by last minute horse-trading & spooky technical work due to such things. IPV6 has always been a distant aspiration.
Grow large enough and you hit the limit pretty fast. NAT complicates things.
The best one is async routing. You have a NAT, they have a NAT, you VPN together and think you have different IP address ranges, but unknown to the operator there's a little internal network with an overlap at the end of some slow line that is now getting flooded with internal traffic that's trying to go to a completely different network.
I've worked for companies with over 50,000 employees and they didn't seem to need it. Now, sure, there are larger companies, or ones that employ huge farms of machines, but those are the exception rather than the rule.
you haven't had to set up intercompany vpns I see
Indeed I have not. But I suspect most people, and most companies, have not either.
I don't claim IPv6 isn't used anywhere, or even that it's not used a lot.
4 replies →
Unless you get to big. Or you merge with another company and have to combine your internal networks and oops, all the subnets are overlapping. Or you need to serve mobile clients who get better connectivity over v6.
if both you and companies you have site to site vpn with have IPv6 there is no IP conflict or NAT to worry about.... and that's about end of the advantages
one poorly made decision and oops you're out of 10/8 addresses
if you've never run in to this, then sorry, you've not been in an enterprise, you're in a mom 'n pop shop cosplaying as enterprise.
> not once has anyone ever specified an IPv6 address of anything. Inside the organization or outside of it.
If you deploy IPv6 correctly, you shouldn't have to disclose IPv6 addresses to users inside or out -- DNS keeps the address literals abstract, hidden from users.
I am on my company's VPN right now and I get a 0/10 at test-ipv6.com