Comment by stackskipton
3 days ago
It's much more difficult to block.
A lot of anti censorship organizations have trouble getting more IPv4 /24 for cost reasons or moving it around to different AS since they would go offline.
With IPv6, you can get IPv6 /40 from ARIN/RIPE no problem. You slice that up into /48 and just start bouncing it all over the place. When one /48 goes down, you move everything to another /48, switch providers if required and continue.
EDIT: They also tend to get multiple blocks as well for when ISP figures out to root /40.
> It's much more difficult to block.
No it isn't. Nobody is blocking ranges as they roll in, they're blocking whole ASNs at once. That's just as trivial with v6 as v4, actually v6 can be simpler because ISPs tend to have fewer large blocks in v6land.
There are plenty of providers that when you BYOIP, they will broadcast out of their ASN, I know Azure does, Google appears to, no clue on AWS. Plenty of colo providers including $LastCompanyProvider will fold your IP block under their ASN as well. That's how it worked at last job.
Sure, Iran government may just decide to block that specific ASN but if it's they want to remain somewhat on the internet, they are stuck with "Smack entire broad ASNs and lose large chucks of internet" or "Block specific IP spaces."
You can get a large block, split it up and announce it from different places but that doesn't stop someone blocking your larger allocation.
Getting multiple blocks is harder - the RIRs will want justification for this, and would rather give you a single large block than lots of fragmented ones.