Monostack — Links

Resources we can weave into our IPv6/Monostack narrative. The focus is on showing growing adoption in the wilder world.

Talks

UK IPv6 Council

• Jen Linkova (Google) presents big-G's large scale IPv6-mostly depoyment. They've outgrown IPv4 private address space due to their sheer size!

  Mission (Im)Possible: Turning IPv4 Off in an Enterprise Network
  (2023), (2024, at RIPE), Slides (pdf).

• David Stockdale (Imperial College London) says "77% of devices no longer using IPv4". University has 31k people, 85k devices.

  IPv6-mostly at Imperial (2024)

• Tommy Jensen (Microsoft) says on Windows CLAT for wired networks:
  "It's coming, but I don't have a timeline".
  

  IPv6 in Windows Then and Now (2024)

  Update: CLAT is in now in private preview. See TODO — The Windows Elephant in the Room.

• Graeme Bragg (University of Southampton): Consumer facing Matter (IoT) devices are starting to be labeled "IPv6 Network required". Customers may pressure ISPs into caring about broken IPv6.

  Matter and IPv6 (2023)

UKNOF talks

• Zsolt Horvath (Microsoft) shows MS using IPv6-only with NAT64+DNS64 for their Enterprise VPNs because they've exhausted IPv4 private address space.

  IPv6-only Remote Access VPN - a road less travelled (2019)

• 1) IPv4 addrs. represent 15% of per-subscriber cost for ISPs and prices are going up. 2) Smart TVs are a problem (10y 'ish product life)
  Affiliation Warning: this is a network appliance vendor talking and selling CG-NAT tech. Simon Jackson (A10 Networks).

  IPv4 Back to the Future: “Where we’re going, we don’t need IPv4!” (2022)

FOSDEM

• Ondřej looks at the current state of Linux in monostack networks and introduces a neat new IPVLAN based approach to CLAT in

  Improving IPv6-only experience on Linux (2024)

RIPE

• Jen introduces IPv6-mostly and looks at remaining problems in large enterprise networks in

  IPv6-Mostly Network Deployment and Operations Considerations (2024)

DENOG

• Christian dives deep into the technical tradeoffs of choosing between Dualstack IP-over-Ethernet (IPoE) and the more traditional unified PPP-over-Ethernet (PPPoE) network architectures.

  Our key takeaway: Dualstack IPoE is hard^TM, Monostack IPv6 would solve many of the problems raised. Industry does this, see "DS-Lite".

  PPPoE vs IPoE: A Practical Guide for ISPs (2025)

NANOG

• James is making testing clients in different IPv6-only environments easier for anyone that can fill out a form and plug in a wireless router with his OpenWrt based

  IPv6 Test Pod Project (2024), code repo.

NLUUG

• Nicole gives a gentile introduction to IPv6 and touches on several important topics:

  Mandates in Germany (and the Czech republic). In DE every RFP needs to show solution works in IPv6-only now. ULA address selection changes in IETF. Netflix DCs are IPv6-only.

  IPv6: The Internet's Best Kept Secret (2025)

SC "Supercomputing"

• Robinson et al. eeeerr.. Kate, Jason and Tom give a detailed report on an IPv6-only deployment at the SC23 conference in

  Designing, Constructing, and Operating an IPv6 Network (2024) —
  A case study in implementing the IPv6 protocol on a heterogenous network.

EuroBSDcon

• Florian presents work on modernising OpenBSD's IPv6 support, including IPv6-mostly/464xlat using pf's af-to feature.

  Florian's approach is to (ab)use their pf firewall to do CLAT with a daemon (gelatod) handling dynamic pf rule setup
  Audience comment: MacOS supposedly keeps tempaddrs around when an connection is using it (seems unlikeley due to GC problem).

  OpenBSD vs. IPv6 (2024), Slides.

Podcasts

• IPv6 Buzz 110: The Peculiar Power Of DHCPv6 Option 108 (2022)
  FIXME: Summarize it (patches).

Tutorials

• Apalrd gives a nice, acessible video introducing the NAT64 and IPv6-mostly space.

  However beware: we don't recommend Tayga for actual deployment due to lackluster performance and correctness problems around IP fragmentation but it's fine for a Lab.

  apalrd's adventures: Going IPv6-Mostly with Tayga NAT64 on OPNsense (2024)

• Pim (IPng.ch) does an in-depth technical review of deploying Jool in their european ring network. Other topics covered: OSPF, BGP, DNS64 with Unbound.

  IPng - Case Study: NAT64 (2024)

Code

• Tore's clatd scripts (torreanderson, GitHub) for deplying Tayga as a CLAT on Linux.

• Ondřej's IPVLAN based CLAT PoC (oskar456, GitHub, 2023-2024)

• Michal's wrapSix (semirocket.science), a multi-threaded userspace NAT64 implementation.
  Unappreciated in it's time (2010), Michal's style would suggest the download site was probably monostack even in those dark ages :D
  However: it's still alive, just needs some love and packaging.

• Maciej's (Google, AOSP) CLAT based on tc, eBPF and shell script voodoo:
  AOSP Patch (2024), eBPF source and Presentation (2020).

  Mentioned in NetworkManager CLAT discussion (#1435) and PR !2107.

• Toke's nat64-(e)bpf
  Just a PoC doesn't handle ICMP errors, IPv4 options or IPv6 extension headers properly.

  Mary reworked it for use in NetworkManager.

• Johannes' siit-bpf
  TCP, UDP works. ICMP error translation is a problem as in Toke's version.

Design Docs

• Dave's OG NAT64 all in kernel mode gist (danderson 2019, GitHub) sparked this whole pure-SIIT device driver thing <3

Future work

• Geoff from APNIC Labs ran DNS experiments showing there's a lot of work left to get to a Monostack capable DNS
  Is the DNS ready for IPv6? (2024, DNS OARC) (slides)

• Name and shame, but please be gentle: https://whynoipv6.com
  Remember: Companies are made of squishy people too.

A further two decades

Geoff estimates by rule of thumb (aka. linear projection) that "The IPv6 Transition" is going to take another two decades assuming that "tomorrow is going to be a lot like today". Let's see if we can't invalidate that assumption :-).

Published in Geoff's ISP Column and on APNIC Labs. See Figure 2 – IPv6 Adoption – Projection. There's also a RIPE Talk.

Geoff's basic thesis is that the internet moved from address- to name-based architecture. From IP to DNS. Money moved up the stack, i.e. from ISPs to Tech giants. Meaning IPv6 doesn't matter.

He clearly doesn't get his hands dirty enough to feel the legacy pain.

IPv6 is madatory

The internet community considers "IPv6 Support Required for All IP-Capable Nodes". Specified as Best Current Practice, RFC 6540 (2012).

Goverment IPv6 Mandates

Goverment IPv6 mandates have a bad reputation in networking circles because people keep getting burned by them.

In the early 2000s there was intense global goverment enthusiasm for IPv6 deployment with spectacularly unrealistic timelines. See eg. Laura's Protocol Politics for a history lesson in scientific detail.

Believe it or not IPv6 was once the the tech buzzword everyone wanted to be associated with.

Enthusiasm unfortunately evaporated with only goverment brand toilet paper to show for it as market forces ended up favoring retrofitting legacy IP by using Network Address Translation (NAT) as a short-term fix to overcome IPv4 exhaustion.

More recently the 2020 US Federal IPv6-Only Mandate failed to pan out in time because:

Technical debt and legacy systems slowed progress from the start. Budget pressures pushed IPv6 behind more immediate priorities. A persistent expertise gap left agencies unable to build confidence or momentum. Vendor inconsistencies compounded delays, while cultural resistance reinforced the instinct to postpone change. Finally, the absence of strong accountability mechanisms allowed deadlines to slip without consequence.

50-50?

IPv6 deployment growing slowly but steadily globally.

Exact numbers depend on who you ask. That is what they can see and how they decide to measure: percent of traffic/domains/prefixes/IPs, capable vs. preferred endpoints and so on.

Some reasonable starting points:

• Google: Traffic, aggregate history: https://www.google.com/intl/en/ipv6/statistics.html
• Facebook: Traffic, per-country history: https://www.facebook.com/ipv6/?tab=ipv6_total_adoption
• APNIC: Endpoints, ad-based measurment: https://stats.labs.apnic.net/ipv6
• ISOC: Top 1000 Domains: https://pulse.internetsociety.org/en/technologies/
• dwing: Top One Million Domains: https://www.employees.org/~dwing/aaaa-stats/

Remaining Hard™ Problems

• TCP connect failure rates on sites that do have AAAA records are high at ~5%: https://www.employees.org/~dwing/aaaa-stats/ (check "large run"s).

  Potential Fix: DeLegacy RPZ.

Ends-to-ends E2E, not E2EE

See End-to-end.

• Keeping websites up (for repeat visitors) even under adverse conditions and without CDN Monsters-in-the-middle:
  resilient.is, MCH 2022 talk.

IPv6 Security & Privacy

Informational RFC 4864 (2007) debunks a slew of IPv6 security/privacy misconceptions including that Stateful NAT is in any way necessary or desirable.

RFC 7721 (2016) takes a deeper and more contemporary look at privacy, tracking and scanning concerns of IPv6 addressing approaches. Since tracking has become a more important concern since the widespread adoption of smartphones the standardisation work of the 2000s was lacking in this area.

See also Address Privacy.

Interesting IPv6 communities

• #ipv6:ungleich.ch (Matrix room)

• #ipv6 on Libera.chat (IRC, unrelated)

• https://ipv6hackers.org Mailinglist and conference community.