The arrogance of Silicon Valley is astounding: or the death of 6to4

For many people across the world, and I suspect the majority the deathmarch rollout of IPv6 has been about as obtainable today as it was in the early 00’s. Absolutely no traction from ISP’s. Where I live in Hong Kong, none of the residential or even commercial connections I have access to have native v6. Instead there was this fantastic option of tunneling IPv6 into IPv4, using a technology called 6to4 which gave everyone with a registered IPv4 address suddenly had 65535 networks to build out their own massive IPv6 deployment.

Simply put 6to4 put the individual onto the map for a NAT’less IPv6 world. 6to4 allowed two IPv6 hosts to talk to each other through the IPv6 Internet backbone, with zero changes on the Internet required. It just worked.

And of course Silicon Valley knows best, and decided that this network democratization must be stopped. Power to the People is the anthesis of the megacorps.

Google DNS Primary: 2001:4860:4860::8888
Google DNS Secondary: 2001:4860:4860::8844
Cloudflare DNS Primary: 2606:4700:4700::1111
Cloudflare DNS Secondary: 2606:4700:4700::1001
Quad9 DNS Primary: 2620:fe::fe
Quad9 DNS Secondary: 2620:fe::fe:9

This is a list of some popular ‘common’ IPv6 DNS servers. Windows 10/11 (probably 8/8.1 but who uses that?!) are not only IPv6 capable but actually IPv6 native, with a preference for the IPv6 DNS servers.

TP-Link Wireless N Router WR840N choices

I have this low end TP-Link Wireless N Router WR840N router, as where I live the maximum speed is 30Mbit/10Mbit DSL. There was no point in buying anything crazy expensive. My ISP has zero IPv6 deployment. The only way I can participate is buying a tunnel, or using 6to4. So I’d been using 6to4 for a while, and things have been great. But the last while it’s been super downhill. Sadly the firmware doesn’t give an option to force IPv6 DNS, but it automatically chooses Google.

C:\Users\neozeed>ping 2001:4860:4860::8888

Pinging 2001:4860:4860::8888 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2001:4860:4860::8888:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

And sure enough I’m getting massive timeouts, and the web had basically become utterly unusable. Fantastic.

I’d even gone through the steps of creating a local DNS server and having it VPN to the United States thinking that’d help me, as the DNS errors felt like the encroaching Great Firewall of China. However the source of all my problems just turned out to be out of touch Silicon Valley arrogance.

rfc7526 (ietf.org) Deprecating the Anycast Prefix for 6to4 Relay Routers

This is where they chose to kill over IPv6 for the masses, because local firewalls work as expected.

Authors' Addresses

   Ole Troan
   Cisco
   Oslo
   Norway

   EMail: [email protected]

Yeah what a surprise. And of course Google cut off IPv6. These tech giant oligarchs are not your friends.

The good news is that the other ISP’s Cloudflare & Cloud9 still honor 6to4.

Configuring IPv6 DNS on Windows 11

Windows 11 supports DNS over HTTPS, so you just need to enable it. I’m hardwired so under the settings -> network then -> Ethernet for me, maybe Wi-Fi for you?

Then just hit Edit over the DNS server assignment:

Then go ahead and pick a NON GOOGLE DNS service, and select DNS over HTTPS for the ‘ultra secure’ wave of the future.

And now your DNS will work. YAY.

C:\Users\jason>nslookup
Default Server:  one.one.one.one
Address:  2606:4700:4700::1111

> google.com
Server:  one.one.one.one
Address:  2606:4700:4700::1111

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4001:800::200e
          172.217.174.174

Of course you won’t be able to connect to anything from Google over IPv6, but that is the price you pay for not living in the precious Silicon Valley tech bubble.

Personally I think it’s a good thing when elitists lock themselves away from the world, and decrease their relevancy to everyone.

Obviously the end game won’t be some magical rollout of IPv6 over Asia, rather it’ll be the end of IPv6. As always the problems stemmed from the backbone, even the 512MB limit of the cisco 7200 was overcome, but NAT got around the limitations of the fixed and exhausted IPv4 network. Too bad they had to kill it, but of course it’s just because random people could just host stuff on their own network, and well network democratization isn’t what cisco et all is all about.

10 thoughts on “The arrogance of Silicon Valley is astounding: or the death of 6to4

  1. I thought IPv6 was relatively far in Asia due to a lack of IPv4 space there? I’ve had IPv6 from my ISPs since 2003, https://ipv6.google.com/ loads for me. I think in Europe most home ISPs are offering it now. Possibly there will be IPv6-only sites on purpose in certain regions as it would keep traffic out from countries from which traffic is not expected anyhow.

    Corporate networks are still a joke unfortunately. I haven’t seen any with IPv6 yet.

    • Microsoft’s corporate network is IPv6 only, as is Facebook’s – both have published papers about their migrations 10 or so years ago and the benefits it brought them. Most other companies that deploy it wouldn’t write about it publicly.

  2. I’m not normally inclined to defend Silicon Valley, but is that the issue here? Surely Cisco’s interest is to sell as much equipment as possible, and the way to do that is to churn protocols as much as possible. It has no interest in people using IPv4 forever.

    Unfortunately for me, I’d like NT 4 clients to be able to talk to my server, which implies IPv4 reachability. Having done that, the benefits of IPv6 are questionable, since it still needs a public IPv4 address, so the question for me is whether to manage one interface or two.

  3. IPv6 is quite widely used in asia, there are a handful of countries (hong kong, laos, cambodia, bangladesh, pakistan, kyrgyzstan) with poor IPv6 deployment but the rest all have at least one national provider who offers native IPv6.
    In India, all the major telcos offer IPv6 by default as do most of the fixed line providers and if you run a dual stack website the majority of visitors from India (nearly 80%) will be using IPv6 to access it, similarly in Malaysia, Thailand and Vietnam. In Singapore 3 of the main telcos offer IPv6 by default while the fourth will provide it if you explicitly request it.
    China are planning on deprecating IPv4 by 2030, and the government is heavily pushing IPv6 there.

    6to4 was found to be unreliable and slow, and with most countries having at least one provider offering native IPv6 there is no need to use 6to4. Plus users behind CGNAT cannot use 6to4, which is a LOT of users these days.

  4. Are you able to use 6-in-4 tunnels? Hurricane Electric still operate a tunnel broker service and a free DNS service with accessible ipv4 and ipv6 services. I realise that you need a fairly stable ipv4 address for this to work though.
    I miss SixXs with their AICCU that would tunnel ipv6 nicely over UDP.

    Although they are progressively rolling out ipv6 in the UK I still haven’t seen as much progress as I was hoping for (or the Cisco certifications would have me believe) from when I was self-training 11 years ago!

  5. What others have said: HE has offered free v6 tunneling to the public and has for years. Heck, if you have an allocation from your local RIR, they’ll even let you talk BGP to them over the tunnel, too. No charge. Can also confirm first-hand that Google is v6-reachable over their network. If your WR840N can’t be a terminus for an HE tunnel, then see if it’s possible to flash OpenWRT or similar on it. If not, might I suggest getting a MikroTik router: you can replace your 802.11n single-band device with one of similar specs (RB951Ui) for around ~$50USD.

    There is no SV conspiracy (at least against v6, anyway!; heh), 6to4 anycast was always going to be a short-term, stop-gap solution, and v6 isn’t going anywhere. There are many major networks that are v6-only, and use 464XLAT or similar to make the v4 internet accessible to their subscribers. T-Mobile US comes to mind. Yes, the rollout and transition has sucked (and continues to suck) and has been very long and drawn-out, but it was always going to suck and be very long and drawn-out…part of that is the fault of the standards bodies for not necessarily addressing all of the v6 analogues for established (and heavily-relied-upon) v4 components right out of the gate, and the other part is the fault of the equipment vendors for not implementing support for those components quickly once they finally did become available. And part is just the existing inertia behind v4, and the fact that it takes a long and very conscious/concerted effort to make a change this dramatic to a critical piece of infrastructure that virtually everybody now relies on daily…a ship like the internet is now at a size and scale where it can’t turn on a dime any longer. Those days are long gone.

    • My point being is that I shouldn’t have to use a 3rd party broker I should be free to form peer to peer v6 over the v4 network at will without any strangle point.

      The conspiracy is simple enough, people don’t want a ubiquitous network experience over the legacy v4 network. 6to4 solved the issue of what happens when your ISP doesn’t care, like they don’t care in Hong Kong.

      It speaks to the arrogance of SV with no regard to the rest of the world, and how they always want to tunnel everyone’s traffic through their site to then deem that Im not worthy and cut me off. 6to4 bypassed this nonsense and allowed anyone with access to a v4 address to supersede it all.

      It’s as embarrassing as Linux groups on FaceBook.

Leave a Reply