Powering a Fairer Internet with IPv6 –  Wido den Hollander, CTO of Your.Online

In this episode, we chat with hosting industry veteran Wido den Hollander about the vital role of IPv6, an addressing scheme for the internet that, despite being in existence since the 1990s, is still being rolled out. Den Hollander discusses the challenges of fully integrating IPv6 and also the opportunity it presents to the internet community for improving security and enabling faster and easier deployment of new services. The conversation also covers the technical hurdles and the need for increased awareness and education about IPv6. Tune in for an engaging discussion on the future of internet connectivity and its global implications.

Listen here:

Watch here:

Read the transcript:

[00:00:00] Wido den Hollander: One thing I wanted to say is that you’ll be using the V6 more than you think. Hmm. And if you have a MacBook at home, um, uh, and have another Mac, they will be communicating over link local IP V6 automatically. If you have an electric vehicle, if you plug it into a fast charging system, the car will communicate over IP using IPV6 link local with the fast charger to do communication and then actually initiate the charging process.

[00:00:26] Wido den Hollander: Wow. 

[00:00:27] Ken Simpson: Maybe, you know, we need, uh, an IPV6 day when everybody enables V6 on their guest network. 

[00:00:34] Wido den Hollander: Maybe that’s a thing. Need, yeah, V6 is completely ready in the backbone front to back. It’s all done. I, I spoke with an engineer, but he said for me it’s just flipping a switch and it’s turned on. He said, but there idea that there’s a business reason why we’re not turning it on, because the back office and the billing system doesn’t support it yet, and there’s no priority to implement.

[00:00:53] Wido den Hollander: Right. Networking wise, he said I can turn it on tomorrow. 

[00:00:57] Ken Simpson: Today we explore a topic that powers the plumbing of the internet itself, IPV6, and to guide us on this journey, we have a passionate expert and advocate for IPV6, veto den Hollander. As Chief Technical Officer of a major web hosting provider, veto lives and breathes networks, he has been focused on transitioning fully to IPV6 for over 15 years.

[00:01:23] Ken Simpson: But why? In our discussion, Vito breaks down both the technical and ethical drivers behind moving the internet to this new addressing scheme. Vito makes a compelling case that the transition to IPV6 is long overdue Vito’s passion for routing, combined with his clear sighted vision for a better internet with IPV6.

[00:01:44] Ken Simpson: It’s frankly inspiring. The future may already be here hidden just beneath the surface. So let’s gain insight from a leader at the vanguard of IPV6 adoption to understand how this next generation protocol that’s actually been around for years promises to shape our digital lives. The journey to an upgraded internet starts now.

[00:02:06] Ken Simpson: I hope you enjoy this conversation with Vito Dan Hollander.

[00:02:23] Ken Simpson: Yeah. So I’m really excited to have you on the podcast, uh, with me today, Vito. Uh, and uh, today we’re gonna spend a lot of time talking about IPV6, which is a passion of yours. Um, so I. First of all, maybe you could spend just a moment introducing yourself, uh, and how you got here. Like what do you do in the world, uh, and why are you so interested?

[00:02:50] Wido den Hollander: Therefore, in IPV6. Yeah, so I, although I’m wearing a suit today, I, I always call myself a nerd in a suit, and that’s, uh, it all started 20 years ago, or more than 20 years ago. I started tinkering computers and I found the internet a very interesting place. So back in the days in 2002, 2003, there was a DSL coming available at my house and I, I told my mother and my parents are divorced.

[00:03:11] Wido den Hollander: So I told my mother, I said, mom, I want to get a DSL, but it was a hundred gilder, which was the currency we were using back in the days, then a month, which is a lot of money. And, uh, she said, well, if you wanna have internet, you’ll go work for it. So I started working at the local supermarket to actually to afford an internet connection, and that’s where I actually started to go on towards the internet.

[00:03:30] Wido den Hollander: It all started, of course, with the modem. Dialing in was way too slow. I wanted to have fast internet, so I was a cool kid on the block having 80 SLI think it was a half megabit downstream or something, and 128 kilowatt upstream. That’s what it all started with more than 20 years ago. Um, discovering the internet.

[00:03:44] Wido den Hollander: And, um, ever since I found it a very intriguing and interesting place on how you could suddenly communicate with everybody around the world. So for me it was mainly about communication, being able to talk to people from all around the planet, and I was just super interested in how it worked. I wanted to build my own servers and how I started hosting my own website on that, A DSL connection, which was 128 kilowatt upstream, which is super slow, but it worked.

[00:04:08] Wido den Hollander: So, um, and from there, I. Um, I accidentally run into starting my own hosting company, or you start building websites and people wanna hosting and you say, I can do it myself. So you have your first server, then you search for a data center and, uh, which is completely new stuff for you. So you’re building your first server, actually, you have your father buying a server for you on his company because you need to have somebody, uh, buying the equipment.

[00:04:35] Wido den Hollander: And that’s where it all started. It started to grow and then suddenly you have a thousand customers and it keeps growing and growing and growing. And, um, nowadays I’m, I’m CTO of, of your online. We host a couple of million websites, uh, with various European companies, which we have. But for me, the journey started more than 20 years ago.

[00:04:54] Wido den Hollander: Being a techie, knowing everything about Linux routing, um, at IP addressing, and mainly IPV6, that’s, uh, my passion.

[00:05:01] Ken Simpson: Yeah. I feel like, you know, having talked to a lot of, I. Hosting company owners over the last 20 years, uh, that many people kind of got into the field accidentally. They just, you know, they were the tech person.

[00:05:17] Ken Simpson: They started hosting some websites for friends, and then the next thing you know, there’s a, you know, they got a data center and everything’s kind of growing like crazy. Uh, what a story. So you really got started working at a supermarket in order to pay for an A DSL connection at your mom’s house so that you could get on the internet and communicate with people.

[00:05:37] Wido den Hollander: Yeah, that was, uh, that was my main driver. Yeah. So that’s where it all started.

[00:05:40] Ken Simpson: Yeah. And, and so, um, why the passion for IPV6? Uh, because you have, uh, been talking about IPV6 for quite a while now. Uh, you have a website where you speak about your passion for IPV6. You’re very active in pushing IPV6 in your own hosting company.

[00:06:02] Ken Simpson: Um. Uh, uh, we, I think the, our audience will know sort of generally what IPV6 is, but my, my feeling is that IPV6 has been this great technology that’s been around for a really long time, and yet, uh, to the extent that it has caught on, it’s not something that people talk about or are aware of a great deal.

[00:06:24] Ken Simpson: Uh, it’s kind of behind the scenes, you know. Why are you so interested in it? 

[00:06:29] Wido den Hollander: If, if you go back to the original ID of the internet between universities, it was that computers could communicate with other computers. So they needed an IP address to communicate. And if you go back, I, when I was studying at university, my, if I would go on the wifi, I would get a public IBV4 address and also a P six address back in the days running the university.

[00:06:50] Wido den Hollander: So I, of course, there was a firewall in between, but my, my computer had a direct connection to the internet that could communicate. And, um, as I started co-locating my first server in, uh. In, in a data center. I said, can I get some more V4 addresses? Because for SSL, back in the days without SNI, you needed more addresses.

[00:07:09] Wido den Hollander: And I’m talking about SSL, not TLS, you know, back SS l And they told me, oh yeah, those are, those are scarce and you cannot go get all of addresses. You need to have a really good reason for using these. I’m like, what? Why are we talking about, it’s, it’s an address. So I started to get confronted with the shortage already back in 2005, that it was, it was a problem getting more addresses if as you wanted.

[00:07:32] Wido den Hollander: And then I found this thing IBV6, and I don’t know exactly what it was, but I have a, let’s say, uh, a passion for routing in general, and I dislike network translation or net. I, I, I don’t people saying I have my private network and there’s the internet. Well, for me, working in the hosting industry, I.

[00:07:53] Wido den Hollander: Everything is in the internet. I don’t consider something where it’s like private network or going on the internet. Every server is [00:08:00] part of the internet being able to communicate and it’s, it, it just feels like a hack using that. It’s actually a hack for address shortage, but somehow this got into the minds of another people and I just never liked it.

[00:08:13] Ken Simpson:Huh. So you, uh, mentioned, uh, network address translation. Right. And, and for those people who are not super familiar with Nat, um, it’s basically a hack where you have a private IP network inside of your organization or your home, uh, with addresses that are kind of un roundtable on the internet, and then your firewall or your router.

[00:08:36] Ken Simpson: Uh, it uses, it remaps the, uh, ports, uh, on TCP and UDP connections in order to communicate with the outside world and then select the correct private network address to talk to. Uh, and it’s all very seamless now, but yeah, it’s something that we all take so much for granted. Uh, IPV6 obviously really changes that, right?

[00:09:00] Ken Simpson: Because there are so many ips available that you could give each device in your house a billion IP addresses if you wanted to, and we would never run out. Um, uh, so, okay. So interesting. So you’re, one of your, uh, points of interest in IPV6 was it was a way of getting rid of this kind of gross hack.

[00:09:20] Wido den Hollander: Yeah, it, it was, yeah, it was. So I, um, I think back in 2008, I already started completing at my ISP that I wanted to get I PV6 at. Oh, well, it was impossible. They, they were working on it. They would come later. Actually it came five years later. So I’d used the tunnel to my house to get the IPV6. And in the data center, I was by then already being able to route IPV6.

[00:09:41] Wido den Hollander: So on the office, on my house, I had I, BV6. So if I would’ve my laptop at home, right back in the day, I still had a, a workstation at, at the office. I could just SSH to my laptop, which was at home and, and access data. If it was online on the wifis at it, it’s at easy as that. And with that, you need to forward ports to the, the e er router.

[00:10:02] Wido den Hollander: In my case, I just, that the firewall open to allow port 22, uh, and I could reach my laptop, which I think is just super awesome. 

[00:10:10] Ken Simpson: Yeah. Without any kind of port manipulation. Um, yeah, see, I, I think I’m a little older than you, uh, and. Uh, I come from a time, uh, when, uh, you know, in the 1990s, V4 was all you had.

[00:10:25] Ken Simpson: Like there was a, there wasn’t V6 on the horizon. And, and we all got very used to SSH tunneling into machines behind firewalls and stuff. And I, uh, it has never occurred to me that I could just get into one of my machines at home directly using its IP address. Like that is, it almost feels like that would be dangerous.

[00:10:44] Ken Simpson: You know, I kind of like value the Yeah. You know. 

[00:10:46] Wido den Hollander: True, true. And there’s a difference here because net has the side effect of being some sort of firewall, but every router you have at a home is, it’s, it’s not, it’s a router and a firewall in, in, in one. [00:11:00] And this is, I think, misunderstood by a lot of people that are routing is not the same as firewalling.

[00:11:05] Wido den Hollander: So if you look at data center grade routers, they can only route packets. They cannot firewall. Yeah. Because they, they are meant for high capacity, high performance, or low latency for routing packets. That’s all they do. But the CP or the consumer, um, uh, devices, they, um, can also do firewalling and non V6, they can just say no inbound connections, period.

[00:11:28] Wido den Hollander: Right. And that’s what they do by default. That’s what the RFCs and the recommendations say. Huh? That a end user’s firewall. On its, uh, router should just block all incoming connections. The same happens to your Windows laptop or your Mac laptop. It, it just blocks any incoming connections on the firewall on the host.

[00:11:46] Ken Simpson: I must say I, uh, I have a little bit of recent experience with IPV6 at home. Um, our network provider has been doing IPV6 for a few years, uh, and at home I have a pf sense, uh, router pf yeah, I guess it’s a pf sense router slash firewall. Um, and they make it very easy to enable IPV6. In pf sense.

[00:12:14] Ken Simpson: It just kind of starts working and, uh, and so sure enough, I look at my devices and they’re issued a real IPV6 routable address. On the internet. Yeah. Yeah. There, you know, it was like, oh, well this is interesting. 

[00:12:28] Wido den Hollander: Yeah. So if, if the firewall by default blocks any incoming packets, you cannot breach them.

[00:12:33] Wido den Hollander: But if you would say, I do allow Port 22 from this source, or from any source towards this address, or, or addresses you could SSH to your devices in your network. Huh. And then suddenly if you have, you, you mentioned before we started recording, you have a gigabit connection at home. You could run your own servers at home.

[00:12:50] Wido den Hollander: If you have a synchronous gigabit connection, you could just have a 19 inch direct with servers IBV6 addresses and you’re good to go. Of course, the redundancy is less than being in a [00:13:00] data center, but. It is part of the internet, 

[00:13:04] Ken Simpson: I suppose. I, I suppose it’s easy to lose sight of that fact. You know, you, you don’t think of a home network as somewhere where you’d wanna serve something, but, you know, home connections are pretty good now, uh, in comparison to how they were, uh, 10 to 20 years ago.

[00:13:19] Ken Simpson: You mentioned you only had 128 kilobits of upstream on your A DSL line. I bet that’s not the case, right? You know, anymore. No, no. 

[00:13:27] Wido den Hollander: Far from that. So, yeah, I’ll, I’ll get fiber at my home in the next quarter, so then I’ll have a gigabit synchronous here and yeah, that I could theoretically run service at home and, and do some hosting on, on them.

[00:13:38] Wido den Hollander: And it could be all kinds of appliances running on a V6 address. So I, I think we, we need this freedom where it’s no longer required to just have V4 on, on the 

[00:13:49] Ken Simpson: internet. So IPV6 is kind of like a, an issue of freedom, uh, for you, what motivates that? So it 

[00:13:57] Wido den Hollander: is, um, going back to when it, it started with the internet.

[00:14:01] Wido den Hollander: It’s a way to communicate with, with the world. And if you look at the western world and then maybe North America, so the United States and Europe, we were pretty, uh, early with the internet. So we got allocated a lot of before addresses. But if you are going to continents, like Africa or South America, or going to Asia and looking at the population, you know, in, in, in India, which is over a billion people, uh, and, and, and the same of course goes for China.

[00:14:29] Wido den Hollander: Um, they don’t have the amount of addresses per person as we have. So we had this luxury of having enough V4 addresses. As I said, my university was able to give me a V4 address on my laptop, on the wifi. But now if you wanna start a company, even in the United States or in in Europe, you wanna start a hosting company and you want to compete.

[00:14:49] Wido den Hollander: You need V4 addresses. Hmm. And this is maybe even one of the, I, I, I would, I, I don’t have proof for this, nor I think this is a conspiracy, but there is a competition problem here. If you wanna start competition with a cloud provider or hosting provider, you have a problem. You need to have V4 addresses.

[00:15:07] Wido den Hollander: So that’s an investment you need to make. But what are you investing in? I, it’s not tangible. It’s not a real, yeah, it’s an asset of course, on your asset list of your, of your company. But it’s, why should you pay for addresses on the internet? It’s. And yeah, then going to a continent, Africa, where we are expecting the population to be growing much faster.

[00:15:27] Wido den Hollander: While in the United States and Europe, we actually have a declining population. Uh, it’s, it’s, it’s, it’s sounds pretty weird, right? That we have, uh, all these V4 AEs and we’re not fo, we’re not even there yet, but getting the whole population globally connected on the internet, there are so many people who are not aligned yet.

[00:15:44] Wido den Hollander: Um, and I think a lot of people forget this, that the internet is bigger than the small bubble they’re using. 

[00:15:52] Ken Simpson: So it’s, it’s almost like a IP V6 enables there to be a, a, a fair or internet, a more equitable internet that’s accessible to the people who are just getting online now, uh, in, in parts of the world that we’re not so fortunate, um, economically to, uh, be among the lucky ones who got IPV4 addresses.

[00:16:14] Wido den Hollander:. It, it, yeah Yeah. That’s the case. That’s the case, right? I recently was talking with somebody who wanted to, uh, start some hosting with this business, but the first thing he needed to do was buy IPV4 addresses for 40,000 euros. So that’s about $40,000, right? That’s an investment he needed to make for what he could also spend that on equipment and actually do something with the equipment, right?

[00:16:38] Ken Simpson: So that’s, um, it, it doesn’t sound really fair. I remember when, um, mail channels bought a slash 20, uh, it was a long time ago, maybe 2014. Uh, and that block of addresses cost us about $25,000, uh, for 4,000 addresses, right? So it was a cost of six bucks or something per address. Nowadays the price is a lot higher for IPV4.

[00:17:06] Ken Simpson: Uh, I, I’m not, I don’t, I’d actually don’t know what it is, but I know the last time I looked it was, it was $30 or something 

[00:17:12] Wido den Hollander: per ip. I, I was actually checking two weeks ago. It, it’s hovering between 30 or even $40 per address. 

[00:17:19] Ken Simpson: Right. I mean, so that might end up being the best investment we ever made, you know, if we could only sell those addresses one day.

[00:17:27] Wido den Hollander: Yeah. But then we get to the capitalism on this world, and I don’t wanna make this a conversation about capitalism, but there we go again about the inequality on the internet where, so if you have money, you can run a company, you even have an asset, which makes you more money. So people just sit on the addresses hoping that they, uh, become more valuable, and then they sell them to a startup company, which probably needs that money to pay salary or just invest in the company.

[00:17:52] Ken Simpson: Yeah, I mean, uh, one of the things that happened in the IP address world recently is Amazon Web Services changed their pricing [00:18:00] model. Uh, and if you want a public IP V4 address, you now have to pay a, a fee every month to use that address. It used to be that, uh, so-called Elastic ips, you would pay a fee if you didn’t use it, if it was just sitting idle.

[00:18:14] Ken Simpson: But, uh, the, nobody thought about the cost of IPS on A AWS, but now they’re actually charging, I think it’s about $3 per month billed hourly. Um, and that’s, that’s real money. Uh, but Amazon and, you know, and Amazon’s defense, they said, well, you know, ips are running out. We, we have to pay an increasing amount of money to acquire IPV4 addresses, and we want to kind of, you know, uh, communicate to people using our services that.

[00:18:42] Ken Simpson: This is, uh, an expensive asset and maybe they should be thinking about alternatives. One of which of course is IPV6. Yeah. And 

[00:18:48] Wido den Hollander: Azure is doing the same nowadays. And this price will probably keep going up in the coming years that V4 addresses on cloud environments or at other providers become, uh, more expensive.

[00:18:58] Wido den Hollander: And it’s, um, I think it’s a good thing. It, it should erase the awareness. So this then also start reaching the CEO and CFO of companies that these addresses actually becoming, um, it’s becoming a cost. Right. 

[00:19:11] Ken Simpson: Um, yeah. So, uh, let’s, let’s get into a discussion of, uh, of the, you know, the tech, some of the technical factors involved in IPV6.

[00:19:21] Ken Simpson: Um, so, you know, you mentioned that network address translation is, is something that just doesn’t feel quite right to you. Uh, you know, can you. Elaborate on why you think, uh, Nat is detrimental for the internet. Uh, why getting away from Nat and having all machines be, uh, directly addressable would be a great improvement over what we have today.

[00:19:46] Wido den Hollander: So we can do peer-to-peer connections. Again, I think that that’s something we’re lacking at the moment. So I mentioned of course, running servers at home. That’s something, but what’s the difference between a laptop and a 19 inch device Somewhere in a data center, they’re both computers with a CPU be a bit of memory and they need to communicate.

[00:20:03] Wido den Hollander: And now, um, peer-to-peer connections allow for video connections. So video calling, um, directly between devices, instead of routing it via a server, the server adds a, a delay, it adds a privacy issue where data then suddenly goes via service, which is not needed. And having the ability to create peer-to-peer connections brings the internet back on how it was designed.

[00:20:23] Wido den Hollander: We’re getting a more centralized place. Our internet’s becoming more centralized where we have, everybody’s using CloudFlare and Google’s DNS without thinking about it. We, we have this great system called DNS where you can have different kinds of DNS servers. It’s, it’s beautiful, but we’re all using the centralized and CloudFlare, although they are building great technology, having all the websites being routed through CloudFlare, is that something we want?

[00:20:46] Wido den Hollander: And this is not. About a peer-to-peer. But the, the, the idea behind it, being able to communicate peer-to-peer. If I wanna contact my, uh, my oven in my kitchen, I can remotely turn on my oven, but that actually [00:21:00] goes via a server of the company on, on cloud software. So I often connects to the cloud, and then my app connects to, to the cloud.

[00:21:06] Wido den Hollander: Again, why should my app on my phone not be able to connect to MyPhone directly and just say, turn it on. There’s a firewall in the middle, there’s authentication, all these kinds of things. Um, uh, we’re, we’re hacking around that, uh, that’s what they’re all doing, but we should be able to connect to those, those devices directly.

[00:21:27] Ken Simpson: I see. So there’s actually, it, it would sort of greatly simplify. The deployment of, uh, services that have to connect with devices within, you know, private networks, formerly private networks. Uh, and you give the example of, uh, a video calling, uh, improved privacy because the packets don’t have to pinging off of a server that’s, you know, redirecting them.

[00:21:50] Ken Simpson: I mean, even if, uh, even if a connection, uh, between the devices is end to end encrypted, there’s still, uh, a server in the middle that [00:22:00] knows that there is a connection, right? Yeah. And, and you know, in, in some instances just the existence of a communication channel between two people can be enough to be a threat to their privacy.

[00:22:11] Ken Simpson: Uh, if you’re a journalist working in, uh, a part of the world where you know you’re being monitored and might be threatened, uh, you don’t want to tip off the local government that you’re having a call. With, uh, a source, for example. You know, all they have to do, they don’t have to know what you’re talking about, but the, the mere existence, if they can track those packets, is, is enough to cause problems.

[00:22:32] Ken Simpson: So IPV6 could alleviate that sort of problem. 

[00:22:35] Wido den Hollander: Indeed, indeed. And also routing can do its thing. Again, just route packets via the shortest route between two devices somewhere on the internet. And that’s, that’s the beauty. So if I, let’s say I wanna, um, right now communicate with, uh, my neighbor who might have the same ISP, this traffic, if I’m using some file sharing service, goes to a server, someone on the internet, and that goes back again, why should that traffic leave the network of my ISP because it’s my neighbor’s house.

[00:23:04] Wido den Hollander: So the traffic should be able to go between our houses directly on, within the network of the ISP. Never go outside that network. And these are the things people are not thinking about. There’s a server somewhere in the middle, uh, doing stuff and if that’s turned off or, or somebody stiffing there, it’s just.

[00:23:21] Wido den Hollander: I don’t think that’s needed, and that’s why I, I have a dislike against net. Um, but we have a generation, we screw up with net not knowing anything else than net thinking that outside the net though, there’s the dangerous internet though. The dark internet starting where everything, uh, bad happens. Well, I can tell you, I’ve been running web servers on internet for 20 years with public IBV4 addresses.

[00:23:45] Wido den Hollander: It’s not that scary. 

[00:23:46] Ken Simpson: Yeah, I, so you, you, you know, one thing that comes to mind is I think people consider that Nat provides a layer of security by hiding devices behind, uh, a, you know, within a private network that’s not addressable from the internet. Uh, what do you think about that? Is it is that, uh, if we move to IPV6, uh, is that really going to erode a level of security that we have because, uh, of the obscurity created by Nat.

[00:24:16] Wido den Hollander: Yeah, so the obscurity of your home connection still has a V4 address, so that is traceable back to your house. You cannot know if it was your laptop or your phone going outside, but it’s still you, your home with VV6, your laptop, your mobile phone, anything you use, we’ll get a V6 address. So technically it is traceable back, but only, only you know which address belongs to your phone.

[00:24:39] Wido den Hollander: But also, V6 has something called privacy extension. So the subnet, so the prefix will stay the same, but the devices will generate a new address every period, which is a few hours. So the suffix of the address will change, so you’re not able to track, uh, the device. My phone will have an address now, and in a few hours it’ll have a different address.

[00:24:59] Wido den Hollander: The prefix, which is identifiable back to my house, that is, uh, that stays the same, but the software exchanges, I don’t know what the address of my phone is, nor my laptop and no. Wow, how fast. So privacy wise, um, I actually think it’s a good thing because from my house, I can now start tracking which devices are sending traffic to the internet and I get it back.

[00:25:20] Wido den Hollander: But on the internet, nobody knows if it’s a phone or laptop. Nobody. 

[00:25:25] Ken Simpson: So why do you know, it seems like a lot of people who should know about this stuff don’t know about it. Why do you think, uh, so many, you know, network engineers, uh, who work on the plumbing of the internet are just naive about, uh, features like, uh, the privacy feature of IPV6 

[00:25:48] Wido den Hollander: If you look at the, the network engineers running the core internet, so the BGP routers, they know how V6 works. They set up V6 um, sessions all the day, BGP sessions. You see all the traffic flowing it. [00:26:00] But I think it really comes down to education. If you look at any education on universities, on, on, or maybe on on high schools where they start something with it, they started learning 10.000 as an address.

[00:26:13] Wido den Hollander: And I say, we should turn this around. We should just start education with V6 only. That’s how you start educating people. This is the internet, this is how it works. 

[00:26:22] Ken Simpson: I’ll be honest with you, um, I studied networking, uh, computer networking probably in 1997, uh, in university and definitely IPV4 was the most that we, uh, you know, learned about at that time, obviously.

[00:26:39] Ken Simpson: Um, still to this day, the funny letters and. This, you know, colon separating, uh, the digits in a IPV6 address confused me, and I don’t really understand how it all works to me. It’s, I I haven’t taken the time to learn how IPV6 really actually works. I know that there’s some really clever stuff going on.[00:27:00] 

[00:27:00] Ken Simpson: Uh, but, uh, I, I think the issue you’re talking about is a real one. Like how do you reeducate a whole generation of people who have learned about networking to understand IPV6 and what makes it cool and how we can use it. It’s like this tool that’s sitting there, it’s, as you said, the, the core network engineers, they know what’s going on.

[00:27:19] Ken Simpson: They use IPV6 all day long, but that hasn’t flowed out to the edges to people who are less specialized. 

[00:27:25] Wido den Hollander: Yeah, that’s, that’s where it’s lacking. And the, the fundamental part is that people are not being taught routing anymore. So they’re being taught how address translation works. So you have your private network, then your router has a public address, you do translation, and that’s it.

[00:27:39] Wido den Hollander: But if you really learn again, how routing works, how the internet was designed, because that’s how V6 works. It works on a routing basis, not on an address translation basis. Education is all about address translation. It’s no longer about routing. Uh, and I think there, there, it’s lacking. 

[00:27:57] Ken Simpson: Interesting. Yeah. I, I, I sort of am, I’m having these dimm flashbacks of computer networking class, uh, in the nineties and I’m remembering, you know, border gateway protocol and, uh, and even earlier iterations of how routers are meant to discover the correct path, uh, you know, pruning the trees of on a graph and stuff like.

[00:28:20] Ken Simpson: Uh, I think you’re, you’re right. And most people think of Nat and then they think of this magic in the middle that just makes the packets go to the right place, right? Yeah. But we’re not, as you said, we’re not teaching about all of that magic, which is really important. 

[00:28:36] Wido den Hollander: It, it is the magic of routing. And, and so people think about their home router, which does a bit of translation or somewhere in a data center.

[00:28:43] Wido den Hollander: They’ll put a router in the middle, which then does the network translation, all these servers in the back. It might be a low balance rate, which acaps incoming port 80 and 4, 4 3, and then low balances using adverse translation over a bunch of web servers in the back. And, um, surprise, you can do the same with the V6, have a low balancer balancing over V6 addresses with just routing.

[00:29:04] Wido den Hollander: Um, but it’s still, it’s, it’s, it’s forgotten by, by a lot of people that this is a possibility, huh? Yeah. So I think it’s a fundamental educational problem and the, um. A resistance I see against V6 is what I say is that people want change as long as nothing changes. Yeah. So there, there’s this feeling for them that they, they, I think in the back of their mind, they wanna implement V6, but they just simply don’t know how to implement V6.

[00:29:32] Wido den Hollander: So then they’ll dislike it and coupled with arguments saying why it’s not possible, while it is, is possible, they, but they would like to do so. However, it’s a funda, not, not even fundamentally, but it, it’s a different way of looking 

[00:29:45] Ken Simpson: at a network. So carrier grade network address translation or cg, uh, NAT CG NAT, um, that’s a stopgap measure that they, that the industry has come up with, uh, to delay the deployment of IPV6, uh, for as long as possible.

[00:30:03] Ken Simpson: Um, can you talk a little bit about CG nat, um, some of the problems, uh, that it causes for the internet and, and what you think should be done 

[00:30:12] Wido den Hollander: with it? Yeah. I think it should die tomorrow. That’s, that’s my, my honest answer. So sorry for using that word, but it, it’s, it’s horrible. No, but the, uh, it is, is it’s a plaster measure again, you know, putting a bandaid over something, uh, because you don’t wanna feel fix.

[00:30:27] Wido den Hollander: The real problem CG N has, um, a drawback is that, uh, a couple of thousands of users or hundreds of users could be sharing the same public V4 address. Looking at me from a hosting industry, we have firewalls, uh, uh, inspecting log files or web servers. If you are really abusing a web server, the IP address V4 or the V6, um, subnet goes into a firewall to reject you for a certain period.

[00:30:52] Wido den Hollander: Now, if you start doing this with CG Net, you could be potentially blocking thousands of users from your service. Uh, because they are all sharing the same address, but the problem also becomes, is that the address is no longer traceable back to the end user, so it’s no longer being able to trace back to a mobile phone on 5G or to a home connection.

[00:31:15] Wido den Hollander: There will be people saying, ah, this is great. Even more privacy. I cannot be tracked, but be realistic in this world. We also need to have law enforcement being able to do their work and finding the bad guys. So a couple of banks here in the Netherlands, they implemented V6 on their, uh, uh, website and on their banking and on their API for the, for the mobile apps.

[00:31:34] Wido den Hollander: Because of this reason, because of four and 5G, uh, there’s V6 available for the mobile phones here, and on the majority of the internet connections, there’s V6 now. So you see ISPs using a CG net on, um, fiber or, uh, cable connections at home for V4, but then using V6 as well, the majority of the traffic will be V6.

[00:31:53] Wido den Hollander: So if you’re doing something with the bank, and this would be, you know, a normal criminal, not knowing what he’s doing, um, his V6 address is recorded in the logs at the bank, and they can identify that back via E-S-P-I-S-V to either a specific consumer or a home connection. And yes, I’m all for privacy.

[00:32:11] Wido den Hollander: We should protect privacy of people, but there should also be a traceability if somebody’s doing something wrong. Uh, and that’s what CG net is hiding. And I, I think that’s just going the wrong way. And we also see the European, um, uh, Europol saying that, uh, they want legislation that CG net, um, is actually forbidden.

[00:32:29] Wido den Hollander: And I need to verify this, but I think in, in Italy, it’s actually forbidden to implement CG net because of this traceability, which is lost with CG net. 

[00:32:39] Ken Simpson: Well, uh, you know, that would be a very powerful regulatory move. Uh, I would think. And considering that all of the consumer devices support V6, I mean, well, maybe there’s the odd toaster that doesn’t support it, but I, I mean, it’s pretty universally supported.

[00:32:56] Ken Simpson: Uh, it seems like a reasonable move that government could make to, to make IPV6 more widely adopted. And, and has that always been the problem with V6? It’s this, it’s this sort of technology that we know we need. Uh, we know we’re eventually going to run out of IPV4 addresses, um, but there has been a lot of, or, or not a lot of incentive to get ahead of the curve and implement.

[00:33:22] Ken Simpson: Uh, and so you have carriers like, uh, using CG a for example, because it kind of delays the inevitable. 

[00:33:29] Wido den Hollander: Yeah, and that’s, I I cannot speak for them. What’s the reason behind it? Um, but I know that on, there’s a major telecom company in the Netherlands. Um, I’m, I’m not gonna mention them by name, but, um, V6 is completely ready in the backbone front to back.

[00:33:43] Wido den Hollander: It’s all done. I, I spoke with an engineer, but he said for me it’s just flipping a switch and it’s turned on. He said, but the idea that there’s a business reason why we’re not turning it on, because the back office and the billing system doesn’t support it yet, and there’s no priority to implement it.

[00:33:57] Wido den Hollander: Right. Networking wise, he said, I can turn it on tomorrow. 

[00:34:00] Ken Simpson: Yeah. Yeah. And that whatever you hear of a situation like that, there, there could be a role of regulators to kind of nudge the industry forward, right? Because it, what a regulator can do, uh, is to, uh, raise the bar for everyone at the same time in a very fair way, right?

[00:34:17] Ken Simpson: You can level the playing field. Uh, and, and so each provider has to do it. They’ll prioritize it, right? If, if they have to do it, they’ll do it. If they know that everybody else has to do it as well. Yeah. Otherwise, it’s unfair. Yeah. We, we have the same problem in the anti-spam space, right? Where, you know, until government comes in and introduces legislation, forcing email senders to behave in a different way, it’s just kind of race to the bottom.

[00:34:41] Ken Simpson: Where email senders are, uh, using the dirtiest tactics that they can, that they can get away with. Uh, and as an email receiver trying to filter spam and phishing. If you don’t have that support from Reg Regulators, it makes your job a lot harder. Uh, but with a bit of regulation, like the Canadian anti-spam legislation or the anti-spam legislation that’s been implemented in various European countries and the European Union, it started to make things a lot easier.

[00:35:07] Ken Simpson: It’s made it easier to filter the good guys from the bad, uh, by forcing everyone to have, uh, a, uh, a higher standard. Yeah. 

[00:35:16] Wido den Hollander: And, and also with competition, I, we were talking about a hosting company. So since we’re talking about I ISPs now starting a new ISP, so the, um, that’s prob, that’s problematic. You need V4 s again, you can get V6, so you’re, you, you’re s can get V6 addresses, but you will need to implement CG net.

[00:35:34] Wido den Hollander: However, CG net is also expensive on an ISP part because the routers you need are gonna be pretty expensive to do this translation. Um, so yeah, com competition is needed and, um, therefore we also should be able to use, um, you get addresses very easily and, and, and just be present on the internet. 

[00:35:54] Ken Simpson: So again, that comes back to the concept of fairness and equity, uh, in terms of enabling startup companies to compete, uh, to provide hosting or, uh, you know, or to be an ISP.

[00:36:12] Wido den Hollander: It’s got such high startup costs, specifically because of IPV4. Yeah, and if you actually look at the IPP six Google stats and the stats from Akamai. There are many countries I can mention, France, uh, Germany, um, United States, India, and, um, probably Belgium. I, I know they, I have more than 50 and some, even more than 70% of traffic hitting the Google or Akamai servers is V6 from those users.

[00:36:34] Wido den Hollander: And what I also noticed is if when we enable IPV6 on a website, on our hosting company, because the server will have V6, you’ll see that the majority of traffic coming to the website will be V6. So there’s this idea of people saying, yeah, P six is not being used. That said, well turn it on. If you look at the big players on the internet, we, we mentioned CloudFlare.

[00:36:55] Wido den Hollander: If you look at Google, including YouTube, Netflix, um, meta, all their services, um, Microsoft, um, um, the, the, the Outlook suite and teams and such. It is all using V6. Actually, earlier today, it’s afternoon, the end of afternoon for me here I was on a teams call and I opened my, my open connections on web Mac checking and you know, my teams call was going via V6 because I had V6.

[00:37:17] Wido den Hollander: Huh? Nobody knows, right? But you’ll see that the majority of traffic going to those big services is V6 from certain countries by just enabling V6. And in India it’s even going much further. There’s legislation now saying that ISPs need to have IBV6 implemented in 2024. And I would not be surprised that we will see the first IBV6 only services targeted toward Indian uh, uh, users.

[00:37:51] Ken Simpson: Because why still implement V4 if it’s targeted towards an Indian Audi, uh, audience where V6 is mandatory kind of makes you wonder at what if there will be a point in time when a major block of Western countries, uh. Such as the EU will mandate IPV6 on networks. Maybe that’s around the corner.

[00:38:06] Wido den Hollander: Uh, look at the US 2024, I think. 2025. The US government in 2023, I think IPV6 is mandatory for any new purchases in 2024. You need to have V6 enabled in all the government networks. And by 2025, they’re gonna be turning up before in certain networks at the US government. Um, I would need to look up the document, but there’s this, this roadmap within the US government and even so websites of the White House.

[00:38:34] Wido den Hollander: Now, the old archives, those are V6 only available. If you wanna look at the old website, I think it’s from Bill Clinton. It’s a V6 only website. 

[00:38:41] Ken Simpson: Wow, this is amazing. It’s, it’s almost like if you were a laggard with IPV6, you could be left out in the cold soon by these changes, and that’s a good thing.

[00:38:51] Wido den Hollander: I, back in 2008, I, I started using a V6 first mentality. We’ve been running our SQL databases for V on V6 only for years. Why only our web servers are talking to the SQL server. So why would that SQL Server need it publicly for address, right. Not needed. So it has a V6 only address. Many of our internal services are running V6 only.

[00:39:16] Wido den Hollander: We are managing most of our routers and switches via V6 addresses, their management addresses simply a V6 address. Why do we need V4 on these systems? And my strategy behind this was always, I wanna make sure that we have the knowledge within the company that we are ready for it. So whenever this moment comes, and I hope this moment would come sooner, but it’s okay.

[00:39:36] Wido den Hollander: It will come. I’m certain of that, we’re ready for it. And then the competition is lagging behind, dragging their feet and, and trying to figure out how they’re gonna implement this because they’re, they’re suddenly overwhelmed by, uh, this requirement of legislation coming in. And I wanna be able to beat that point.

[00:39:51] Wido den Hollander: And I think we’re already at that moment. So for me, you can turn out V4 tomorrow. Huh? 

[00:39:57] Ken Simpson: So, how, uh, you know, how does an IPV6 first design, uh, affect legacy systems that are, are still reliant on ipV4? Like what happens? I. When we switch off IPV4 or we mandate IPV6, how do you, uh, manage compatibility between the two addressing schemes when IPV6 is really the dominant scheme?

[00:40:19] Wido den Hollander: Yeah, so the thing is the two protocols cannot talk to each other. And, and the question you’re asking has a DA few different angles from which you can look at it. I’m looking at from a data center perspective, because at home, uh, at home it might be different, but data centers, any routers switch you’ve bought in the last 10 years supports V6.

[00:40:37] Wido den Hollander: Any of them, they, they do support it. Operating systems, windows, Linux, BSD, all V6 support it. In a data center. It’s not that difficult to run on a V6, uh, an deployment. You just need to configure it. The interesting part is, if you look at some of the Facebook engineers, which wrote, have told Facebook books, these documents are from a long time ago.

[00:40:56] Wido den Hollander: They, uh, they said, we’re gonna go in with a V6, uh, [00:41:00] first mentality. And they are only running V4 on the edges, on our low balancers. The internal network is V6 only because they even said that internally, the RFC 1918 address space, which is a 10.0, is not sufficient for the amount of servers we’re gonna be having, so we need to use V6.

[00:41:19] Ken Simpson: So they might have more than sort of 17 million ips addressable inside their network. Yeah. 

[00:41:26] Wido den Hollander: Yeah. That’s crazy. Switches, routers, small servers, all kinds of stuff. Yeah. But the interesting part, which I learned from their documents more than 10 years ago, or about that time, is that V6 allows you to do very cool things.

[00:41:42] Wido den Hollander: So you take this big subnet and you say, this subnet is allocated to that data center A, and I’ll take a different subnet data center B. So based on the address, just seeing the IP address, you can know, ah, this, this device is in my data center at that location. Now you can take the same subnet and then [00:42:00] go into a smaller sub and say, okay, this subnet is allocated to devices within this room in the data center.

[00:42:05] Wido den Hollander: And then you can say, I’ll take a smaller subnet, which is then usually a 64 called V6. I’ll allocate that to devices in this rack. So if you give me an address, I can then figure out, oh, these devices in data center A, in that, in that room and that rack. I know for sure because that’s how my network was set up.

[00:42:23] Wido den Hollander: So you use it as an identifier as well to actually find your devices. The internet doesn’t know of course, what your allocation scheme is, but if you keep it internal for yourself finding a device, you know for sure that that address is actually located in that rack in your data center, huh? 

[00:42:40] Ken Simpson: Yeah. You know, when we were, uh, talking about IPV6 implementation at mail channels.

[00:42:46] Ken Simpson: One of the challenges that we have, uh, well, I would say probably the main challenge that we have is that we send email for tens of millions of distinct senders. And a sender could be a particular WordPress site, it could be, uh, a web mail account, it could be someone’s system log generator. Uh, so millions of different entities.

[00:43:09] Ken Simpson: Uh, when we send mail, we analyze the message headers to try to determine who the sender is, uh, and we generate a, uh, we generate an identity that tracks them. When we were talking about IPV6, we realized, you know, we can actually take the last few bits of our IPV6 source addresses when we send mail, and we could.

[00:43:31] Ken Simpson: Essentially generate a, uh, hash of the sender ID and encode it into those bits so that when receivers receive the mail, they’re actually getting traffic from a unique IP address for each individual sending entity that we’re sending mail for. And that would give the receivers a way of establishing reputation for each of those senders at the IP level, which would be something really quite new and powerful that has not been available previously, uh, in, in the world of email or SMTP.

[00:44:02] Wido den Hollander: Yeah, and I’ll give you another example, which is kind of similar, like this is right now we’re used to giving a web server a single IBV4 address, and then your DNS should point to that address. But what if you would route a complete. IPV6 subnet slash 64, which sounds wasteful, but again, we have an enormous amount of these subnets.

[00:44:21] Wido den Hollander: We’re never gonna run out. Uh, we’re, we’re literally never gonna run out. Anybody can ask me in 50 years, we will not run out of addresses. That’s period. You can route this whole subnet a 64, which is, um, more than the whole internet currently has. You can route it to one server. Now, if you make your DNS server smart, you can say that I’ll give an answer to every query with a unique address.

[00:44:45] Wido den Hollander: So none of the queries you, you, you send out, or the answers you send out to a query will have the same address. This way, if you get a DDoS attack, somebody said, I know the, I know the address of this web server. I’ll start a DDoS at this web server. Then you can simply block your firewall somewhere upstream, any incoming packets towards that address, because it was one user DDoSing that address.

[00:45:08] Wido den Hollander: Right, because they resolve that. Now these are the possibilities nobody’s thinking about, but you could just hand out a random address all the time to any anybody querying your DNS server. The problem is, none of the DNS servers out there currently support this. They want to give you an IT address, but if you would be able to put a subnet in the content of a record and it would just generate a random address in that subnet, this is a very simple patch for any of the modern DNS servers out there.

[00:45:34] Wido den Hollander: They could do this probably a day of work. Uh, we could, we could open these possibilities, huh? 

[00:45:40] Ken Simpson: I mean, that sounds like something that a major DNS provider should start doing. Like I should put you in touch with Cloudflare’s CTO, who we had on the podcast in the summer. Uh, you know, they’ve got the resources to build that kind of technology, and they’re already in the anti-DDoS and anti-bot space in a huge way.

[00:45:59] Ken Simpson: It sounds like Vsix could be very useful. 

[00:46:01] Wido den Hollander: And if you do this on your DNS server, if you keep track of in your logging who queries or what answer you gave, so then if a DDoS starts towards a specific address, you also know when the DDoS server resolved that address and use that address in this DDoS attack.

[00:46:17] Wido den Hollander: So the, the, and then we go back again. Traceability. Yeah, you can say privacy on the internet, but this is just, you know, being a safer, better internet for all of us. Um, being able to communicate and doing stuff like this, talking with each other, that’s, you know, that’s where it was designed for, right? Not, uh, the dark stuff.

[00:46:32] Ken Simpson: I mean, I suppose though, in the same way the attackers can easily get blocks of IPV6 addresses. Um, and so in a way, uh, because IPV6 addresses are plentiful. Uh, the bad guys can hide behind vast numbers of IPV6 addresses and IPV6 subnets, right? Is that not a behind subnets? 

[00:46:55] Wido den Hollander: Yeah. Yeah, yeah, that’s true.

[00:46:56] Wido den Hollander: But usually you will get a, a subnet, like a 48 [00:47:00] allocated. Well, in a 48 you can, that’s 60 4K of 64 subnets. So what you see now that blocking policies usually go up to 64 or 48, such blocking a whole sub instead of blocking a single address. Because a single address is, you can rotate within a millisecond to a different address.

[00:47:17] Ken Simpson: Yeah. So now speaking of just an area that I’m familiar with in the email world, um, nobody blocks individual IPV6 addresses. It’s always at the, at the large, you know, the subnet level like you mentioned. Um, but one of the sort of downsides in the email world, uh, of IPV6 is the fact that it’s, it’s free to get IPV6 address space.

[00:47:41] Ken Simpson: Uh, whereas IPV4 is actually cost real money. Um, and so the strategy of blocking based on IP address space, that that somewhat works in the V4 world completely doesn’t work in V6. Uh, all you can really do is to build up a positive reputation for V6 address space that, you know, is pretty trustworthy and sense, good stuff.

[00:48:02] Ken Simpson: But, uh, blocking V6 addresses or subnets that are bad isn’t that effective. So that’s not really been an area of, of tremendous focus in the email world just because of this dynamic that the addresses just don’t cost anything. Yeah, I do understand 

[00:48:18] Wido den Hollander: what you’re saying. So double change the way you, you do reputation on IP addresses, so it will work differently for V6 and V4, but if you look from a technical perspective, V6 is just V4 with a larger address space.

[00:48:31] Wido den Hollander: Yeah. And I know you mentioned earlier that all the letters and the numbers in there, it doesn’t make sense to you yet, but if you look at it, it’s just a larger address. That’s it. It is not, it’s nothing different than that. It just opens so many possibilities. Right. One thing I wanted to say is that you’ll be using the V6 more than you think.

[00:48:52] Wido den Hollander: Hmm. And if you have a MacBook at home, um, uh, and have another Mac, they will be communicating over link local IB V6 automatically. If you, if you take two iPhones and you’re using drop between them, they are establishing a direct wifi connection and they’ll be using IPV6 link local to exchange information.

[00:49:11] Wido den Hollander: If you have an electric vehicle, if you plug it into a fast charging system, the car will communicate over IP using IPV6, link local with the fast charger to do communication and then actually initiate the charging process. 

[00:49:25] Ken Simpson: Wow. So they, there are applications for IPV6 that are just emerging because of its capabilities, uh, from scratch.

[00:49:34] Ken Simpson: I mean, so when your car talks to the car charging system. I presume that’s not giving it a gateway to the internet. That’s just literally, you know, using the protocol in a, in a closed off network. In 

[00:49:45] Wido den Hollander: a closed off scenario. Yeah. However, the ID within the, it’s called a combined charging system. It allows also to give a public address to the car, even though all the cars have wifi nowadays.

[00:49:55] Wido den Hollander: But your home charger would also be able to communicate with your car, give the car [00:50:00] a fixed internet connection, where it can then download updates or stuff and communicate back without the need for wifi. So the, the charging cable itself also becomes a data cable for the car. 

[00:50:10] Wido den Hollander: Okay. That’s insane. V6 is being used more than people think.

[00:50:12] Wido den Hollander: And one more example is that the new standard code, uh, I think matter or threat for, um, um, whole, um, lights that’s gonna be using V6 only. 

[00:50:21] Ken Simpson: Right. Every light bulb where I live, um, it’s a small community, uh, and the internet comes, o has to come over and undersea cable. Uh. And several years ago, there wasn’t an undersea cable for the internet.

[00:50:39] Ken Simpson: There was microwave, and it was, the entire village was serviced by a 670 megabit per second wireless link. That’s it. And so in the evenings, the internet would become useless because everybody was watching Netflix. Uh, so we, we started a group, uh, of residents who began working on trying to find somebody who could bring an undersea cable across.

[00:51:05] Ken Simpson: And one of the things we did is talk to the power company because they already have an undersea cable to bring electricity over, um, in the ocean. Uh, and turns out that they were laying a new undersea cable to provide more electricity, more redundancy for the electric system. And when they run an undersea electric cable, they always put fiber optic into the same package as the power cables because it’s made of glass and it doesn’t conduct electricity.

[00:51:35] Ken Simpson: So they can safely send data across to the, uh, other side, which they then connect to the electrical network to collect data on, you know, from, uh, you know, information about people’s bills and whatnot. And also to control equipment securely. And so we actually had a conversation with them about, well, could you run internet through your fiber?

[00:51:55] Ken Simpson: And, you know, we’ll tap off and, and run our community, uh, on, on this internet. And, and unfortunately we couldn’t get it, uh, sorted out before, uh, the power company had to lay their cable. Um, but I, I thought that was very interesting. A very interesting little, um, insight into how networking is, is literally everywhere.

[00:52:15] Ken Simpson: You know, it’s in your car charger, it’s in the undersea cable. Uh, and, and so we, we’ve got a real need to have an addressing scheme that allows us to connect all these devices because the internet is literally at everything now. It, it 

[00:52:29] Wido den Hollander: is at everything. And we should not be always having these big ISP should be able to have a local ISP servicing a small town somewhere, which then simply gets a V6 block, is able to address all the homes in, in that small village and have internet.

[00:52:42] Wido den Hollander: There it is. Should not always be somebody from the large telecom companies, a single fiber cable, setting up BGP. And why not? You’re done. You’re an ISP now. 

[00:52:52] Ken Simpson: I mean, believe me, uh, you know, we tried, uh, we really tried to get the local, uh, the town council to support, uh, raising some capital to lay our own cable in the ocean because, uh, we would then have ridiculous amounts of bandwidth available forever for the town.

[00:53:12] Ken Simpson: Um, uh, but it was a little bit too science fiction, a little bit too futuristic. So ultimately what happened is, is one of the, the two major ISPs just did it. Um, and they charged so much money for an internet connection, but I. Everybody is happy to at least have the internet. So we, we didn’t get that wish, sadly.

[00:53:33] Wido den Hollander: No. Well, maybe, maybe in the future. Maybe in the future. Maybe in the future. Yeah. And then there’s, uh, then one of the things also wanted to mention with V6 is that I can, I can talk about this for hours you probably already understood, is that I, I, I have a, because we were talking about energy. I have a raspberry pie at home, which, um, monitors my smart meter where my electricity goes through and it has a been six address and not on my mobile phone.

[00:53:54] Wido den Hollander: I can simply go to a webpage and I can see the actual users currently of my, uh, my house, a kilowatt hours, kilowatts going through, et cetera, et cetera. Because it has a public address. So just open port 4, 4 3 on the firewall for it. And that’s it. My sonology NA has a V6 address. It’s open to the internet and I can just access my NAS if I need to.

[00:54:14] Wido den Hollander: It is, um, it is fairly simple. 

[00:54:17] Ken Simpson: You didn’t have to set up a port forward for it through your net., 

[00:54:21] Wido den Hollander: No, no no, no. Port forward. No. 

[00:54:23] Ken Simpson: So what, what happens when. A, a country reaches the tipping point with IPV6. What hap what happens when a country reaches, you know, more than 50% of its traffic going over IPV6?

[00:54:37] Wido den Hollander: Yeah. I, I don’t think a lot happens yet, because only the network operators will notice, and I think that’s a good thing. End users should not be aware of V6 or V4. It should just be internet, which they’re using. Right. Uh, but I think it, as it shows up at all kinds of dashboards of, of engineers, it also reached the management board somewhere at some point knowing that the majority of traffic actually flows over V6.

[00:55:03] Wido den Hollander: And I know that my home connection does more V6 traffic than V4, not me being aV6 user. But, uh, I have a wife and I have two kids which are using YouTube, Netflix, and all these services, which are V6 enabled. Right? 

[00:55:17] Ken Simpson: Hmm. I mean, I, I, I can tell you one of the things that I look forward to in an IPV6 only world.

[00:55:24] Ken Simpson: Uh, is that it will alleviate some pressure on my, uh, network gateway, uh, because actually managing Nat for sometimes thousands of, uh, stateful sessions can start to bog down these little routers. Uh, and, uh, I’ve had circumstances where someone in the house is using a ton of sessions, uh, probably for gaming, uh, and, uh, and it bogs down the router and I have to basically flush the state table in order to, you know, free up capacity.

[00:55:58] Ken Simpson: I mean, that’s kind of like a crazy thing that we just take for granted that’s happening in the background to make ipv, uh, ipV4 work that would just disappear in an IPV6 world. So, I 

[00:56:09] Wido den Hollander: sometimes argue that the internet is already broken and we need to fix it, but we’re using so many bandaids everywhere to, to, to keep it running while it’s simply not needed.

[00:56:19] Wido den Hollander: And, um. So, but for me, it really boils down to education, making sure that people are educated and they make, uh, we can talk on the same level. And as I said, people want change as long as nothing changes. And that’s also for network engineers. I think that deep down, some of them are afraid because they lack the knowledge, um, and they are hesitant to say, I don’t know how to do this, please help me.

[00:56:45] Ken Simpson: So speaking of the transition to V6, uh, obviously large organizations, uh, enterprises, universities, um, and municipalities, uh, they, uh, we, we need to move them into the IPV6 world, but they’re often reluctant to do so perhaps because their, their teams are not well educated. But where, how do you prioritize V6 in a, in a kind of manageable way?

[00:57:09] Ken Simpson: If you were talking to a large enterprise, what would you recommend they start with first in their transition to V6? 

[00:57:16] Wido den Hollander: Let’s say you have an office of a large enterprise. Start with your guest wifi. That’s the less impactful. So start with the guest wifi and then maybe the wifi where your employees are on.

[00:57:26] Wido den Hollander: Uh, but if you also have some DNS servers running author DNS servers, get them V6 connected or even your recursive DNS servers, or they can start going towards the internet over V6. Once that done, maybe your mill servers, if you have some mail servers running, simply get your, uh, inbound MX and V6 enabled.

[00:57:44] Wido den Hollander: So Google and Microsoft can deliver or any other V6 enabled mail server can deliver email to you, uh, via V6. Slowly build it out. But, um, yeah, don’t make it a one-time project. Make it embedded into your company. Implementing V6 is not something you do, and then you’re done because the same goes with V4.

[00:58:03] Wido den Hollander: You need to do it and then you’re not done with it. But it also make a plan of how you can actually disable V4 for certain services. Let’s say all your desktops. And your laptops have V6 and you have this file server in your, uh, your corporate office. Why does it need V4 if all the devices are V6 enabled?

[00:58:22] Wido den Hollander: Turn V4 off. See what happens at home here. I, I have an, uh, a wifi, have a different vlan, which is a V6 only vlan. Sometimes I switch my phone to this, uh, to this wifi SSID, which is V6 early, and I can reach my email. I can still use WhatsApp Telegram, I can use what Netflix, I can watch YouTube.

[00:58:41] Wido den Hollander: But some stuff actually breaks of course, but it’s still a bad thing. But to me it’s always a test to see what keeps working. 

[00:58:48] Ken Simpson: Interesting. Yeah. A little bit, yeah, kinda a little bit like the touring test for ai. Uh, you know, hey, have a have a V6 only wifi network that you switch to once in a while to see if we’re there yet.

[00:58:59] Ken Simpson: And no, we’re not, but maybe we’re getting closer. Um, yeah, so it’s what are some real world examples of where IPV6 is already really thriving you? You mentioned some already in our discussion, but, uh. You know, give us some examples of, of where V6 is is already finding very practical uses. Yeah, so we 

[00:59:20] Wido den Hollander: have some background applications for V6, um, but the main driver right now, I think it’s in the content delivery networks.

[00:59:26] Wido den Hollander: As I mentioned, CloudFlare, all the big CDNs, all the stuff have V6 enabled and they see a lot of V6 traffic coming towards them. Um, on 4G 5G is doing really well. It is maybe lacking on the home subscribers where it is lacking. And then it’s, uh, corporate stuff running in offices in data centers, which have been built 10 years ago, but on the new modern internet to V6 is thriving and a lot of users are using it.

[00:59:53] Ken Simpson: Wow. And, and earlier you mentioned, you know, voice applications, like the privacy advantages of using V6, for example, so that you can talk directly, you know, from my house to your house over a direct IPV6 connection instead of having to pinging off of. Uh, an intermediary server because, because of Nat is is voice or video?

[01:00:18] Wido den Hollander: Uh, a, a, a major area for IPV6 already. Uh, I know WhatsApp and FaceTime, they try to use peer-to-peer connections if possible. So if you have a V6 address on your WhatsApp, on your FaceTime video or audio calling, it will use a peer-to-peer connection. 

[01:00:28] Ken Simpson: Huh. And so then you get lower latency as an immediate benefit from that?

[01:00:34] Wido den Hollander: Yeah. As well as privacy. I, I never did a benchmark V between V4 and V6, but yeah, in theory you should get a lower latency and better quality of, of the call.

[01:00:41] Ken Simpson: So vi, you know, visualize an intranet where I, I mean, imagining we could turn off IPV4 tomorrow across the entire internet. Obviously a lot of stuff would break, but you know what, what are some major things that would disappear, uh, overnight, uh, from our data centers, our homes, you know, how would things change if we switched off IPV4 tomorrow?

[01:01:06] Wido den Hollander: If we will be able to turn it off, I think nothing will really change for the end user. That’s the whole beauty of it. Nothing should change for the end user. You should be able to open your app or whatever app, but it should just work. The major thing is that every device now gets a address. It opens peer to peer between devices and we can actually get smaller competition coming onto the internet and coming up with applications which are currently not possible because they are limited by the amount of addresses they can get, they can get.

[01:01:36] Ken Simpson: So gimme an example of an application like that that, uh, is really reliant on IPV4 addresses. And so if we got rid of VV4, this is an application that could suddenly appear if you suddenly, if you wanna run web servers right now, you need V4 addresses. If you were run a mail servers or DNS servers, you need V4 addresses on those.

[01:01:54] Wido den Hollander: But let’s, yeah, if you wanna start something where you wanna have an app and an API, it needs to have a V6 address, um, or V4 address at the moment. Some servers somewhere. And also not being required to go into a big ISP and requesting more V4 space, being able to start your startup in the basement of your office with a gigabit fiber connection, trying to see if your startup is viable, yes or no, without the need to invest in an expensive data center or cloud provider right away.

[01:02:24] Ken Simpson: So maybe it’s, uh, yeah, it’s actually kind of a way of, uh, decentralizing the internet. Um, uh, yeah, we don’t think about serving anything from our homes, but the reality is developers use services like N Rock, uh, to serve applications off of their laptop, uh, when they’re doing testing, when they’re testing their applications under development.

[01:02:46] Ken Simpson: And then, you know, and if you’re not familiar, um. Eng gr establishes a tunnel from your laptop up to their cloud service, and then they provide a public IP address, uh, that anyone can access, and it, and it sort of gets tunneled back to your laptop. But of course, Eng gr uh, is a venture capital funded company.

[01:03:04] Ken Simpson: Uh, they’ve purchased a lot of IP addresses to enable that. Uh, in a V6 world, you would literally just put your laptop on the internet. And you’d make sure that your firewall permits the traffic and then you’re, you’re good to go. You don’t need Eng Rock anymore. That’s it. So true. Yeah. 

[01:03:18] Wido den Hollander: Yeah. That’s it.

[01:03:20] Wido den Hollander: And if I have my, I have the Synology NASA at home and is it, um, I’m running a small website on there for some internal stuff, and a friend of mine needed to exit it. I could just, I just send him a link with a host name and it pointed to my Nest, and he could just visit the website, which is on my Nest peer-to-peer connections.

[01:03:36] Wido den Hollander: And if I would put a Synology Nest somewhere in somebody’s else’s home as a backup of my nest, they could just sync directly without the need of a cloud service in the middle, being able, uh, being there for as a translation. So yeah, Eng Rock not needed. Just use your web, your laptop as a web server, or use some old computer components to build a web server.

[01:03:56] Wido den Hollander: No need for cloud servers if just a V6 at home where you can run a web server as the internet was intended. 

[01:04:03] Ken Simpson: Now, now not everybody is going to be running a web server at home, but nonetheless, uh, you know, for for consumers it sounds like there, there will be some sort of secret or hidden advantages to moving to IPV6 in terms of privacy latency, uh, perhaps reduced costs, uh, because, you know, there’s, you know, people could stop sort of paying rent for their IPV4 addresses, which would make services cheaper.

[01:04:29] Ken Simpson: Uh, I have to think that there, there must be some I PV4, uh, land Barrens that are just making billions renting IPV4 addresses or selling V4 addresses it, you know, it would be an un it would be, uh, certainly a good thing to get rid of those. Players from, from the scene, it would make things cheaper.

[01:04:48] Ken Simpson: Yeah. 

[01:04:48] Wido den Hollander: I recently was in the process of a acquisition and there was a lot of V4 space, um, with this company and, and we actually had discussion about the evaluation, uh, the valuation of this company because they said, yeah, we have so much V4 space. And I said, yeah, that’s true, but you are using only 10% or 20% of it, but the addresses you’re using are spread out over all the blocks.

[01:05:13] Wido den Hollander: I cannot sell any of the blocks. Right. So for me it’s a worthless asset because I need to start a migration process of renumbering all your servers, then free up those blocks and then be able to sell them. It’s, it’s, you haven’t done it. I asked the seller, I said, you haven’t done it so you think it’s not work, but now you’re asking me to pay up a lot of money.

[01:05:33] Wido den Hollander: We’re we were talking about millions here, so many address they had. Yeah. You’re asking me to pay millions for these addresses. Well, there are, there, there’s no value for me. I just need to run services. That’s what I need to do. And so we got into what I thought was a pretty fruitless discussion, talking about the value of something which you cannot touch, not even touch.

[01:05:53] Wido den Hollander: Uh, it, it sounds pointless to me, 

[01:05:55] Ken Simpson: a cautionary tale for, uh, hosting company entrepreneurs looking to sell. Yeah. Yes. Get your ips organized ahead of time. Yeah. Uh, so, you know, the internet is dominated by large players, uh, Google, Amazon, uh, meta, Netflix. Uh, you know, you’ve mentioned earlier in our conversation that, that these companies are adopting V6, uh, to a, a great degree within their infrastructure and also to communicate with, uh, their customers.

[01:06:29] Ken Simpson: You know, do you think that the adoption of V6 by these large internet companies is serving as a catalyst that will help smaller players adopt ip, IP V6? Like what role can companies like CloudFlare and Google. Play in pushing V6 adoption. 

[01:06:46] Wido den Hollander: I think CloudFlare is doing a great job. All their service are V6 enabled.

[01:06:49] Wido den Hollander: Whenever you’re using CloudFlare, you see that the website is V6 enabled. So that, that’s a great thing. Um, same goes of course for the services Google is providing. If you look from a cloud perspective, the big clouds are lacking a bit. Um, at AWS it sometimes is still an opt-in, so you need to set a checkbox.

[01:07:06] Wido den Hollander: And when you create a psychological barrier that you need to set a checkbox and enable V6, then some user will like, okay, I’ll, I’ll just not enable this because I don’t know what’s gonna happen here. Yeah, 

[01:07:16] Ken Simpson: I don’t know if I’m gonna break something. Yeah, 

[01:07:18] Wido den Hollander: it might break, so let’s not enable it. And the longer you wait with setting that checkbox, then, then it’s, it’s a change.

[01:07:25] Wido den Hollander: So it needs to go through the whole change process within companies, while it should have been enabled by default. Uh, and so that would be my message to people. Just enable V6 as soon as possible. Don’t delay it, and don’t make a bigger story out of it than it 

[01:07:40] Ken Simpson: actually is. Yeah. Again, over in the email world, there’s kind of an analogy, um, uh, in, in terms of email authentication.

[01:07:49] Ken Simpson: So we have these great standards. Uh, one of the standards is called DMAC. It allows domain name owners to, uh, tell the internet how they want email receivers to deal with failures of domain authentication checks. Uh, and, uh, uh, unfortunately, you know, for a really long time, uh, domain owners have not had to be super clean about their implementation of domain authentication because receivers were somewhat tolerant of okay, you know, a record being broken or missing or whatever.

[01:08:23] Ken Simpson: Uh, but recently Google got together with, uh, with Yahoo, um, and they told everyone in the industry, you know, as of 2024. We’re going to be enforcing, uh, D-M-A-R-C in a very hardcore way. If you don’t have it, if you’re not using it properly, your mail will get rejected. And so that lit a fire under everybody to suddenly transition over if they hadn’t done so.

[01:08:48] Ken Simpson: It gave the people working in the email delivery part of any company, uh, a reason to tell their management, I need some budget for this, or we’re not gonna be able to deliver mail. Right? So overnight they really changed things. They, they made things better for everyone. Uh, and I wonder if, if these big companies could make similar steps towards pushing I PV6, almost like a kind of pseudo government saying, you’re not gonna be able to talk to Meta without V6 after such and such a date, for example.

[01:09:18] Ken Simpson: Not that they’d ever necessarily take that, you know, but that, that’s an example of what could happen. 

[01:09:23] Wido den Hollander: Well, Google did in the search engine saying that if you have SSL enabled on your website, you’ll be ranked higher. Well, if Google would say, if Google would say, if you have V6 on your website, it will be ranked higher.

[01:09:40] Ken Simpson: Well, a lot of web hosting companies will get calls the next day from their client saying, I need V6. But, but how close do you think we are to Google saying if you have IPV6 only, then your site will be ranked even higher in the search case? 

[01:09:51] Wido den Hollander: No, I don’t think, I don’t think we’re there yet, that that’s just gonna be a long, long period.

[01:09:55] Wido den Hollander: But, um, I, I would like to see these kinds of things happening or, or meta or Google saying Our API will be V6 only by January 1st, 2025. If you wanna talk to our APIs, it’s gonna be a a V6 only API. Those kinds of things are things which are possible that there are some benefits is where with V4, you can scan the old internet as it’s, it’s 4 billion addresses within an hour now, or even less, right?

[01:10:21] Wido den Hollander: With V6, it’s simply not feasible and there’s so many addresses, right? You could never scan them at all.

[01:10:27] Ken Simpson: No, never. And there’s an l and there’s an aspect of random address generation in the V6 standard, right? So, yeah. You know, they’re just, they pop up all over the place. There’s no concentrations of V6 addresses in, in the, uh, in the address space.

[01:10:43] Wido den Hollander: Yeah. So I think in the background, we can do a lot of things, or Google might say that if you, your, your emails being delivered to us via V6, we’ll treat it better than over V4. And I’m just mentioning all kinds of stuff which, which they could potentially do to make things, uh, different. Uh, but I think with our search engine, they have quite a lot of influence.

[01:11:03] Ken Simpson: Well, uh, listen, I, I’m sure we could talk for hours, uh, about IPV6. Uh, you’re, you’re one of the, the world’s, uh, foremost, uh, proponents of V6 and certainly an expert in this field. Um, uh, but we are, are coming to the end of the time that we have available. Um, it has been a real pleasure, uh, speaking with you, Vito.

[01:11:25] Ken Simpson: Do you wanna leave us with the one thought about IPV6? Something you’d really like everyone to take away from our conversation? You know, one thing that they can do to push this technology forward in their organization, with their government in their home. Just talk 

[01:11:41] Wido den Hollander: about it. Make it, make it a topic.

[01:11:43] Wido den Hollander: Make it a topic. Keep talking about it. It’s, it’s a layer eight issue. So it’s a human issue, it’s not a technology issue. Hmm. And don’t be afraid. And if you need some help, actually reach out and say, I need some help with this. I don’t know where to start. Reach out instead of doing nothing. [01:12:00] So the small, the small things you can do on a guest wifi, starting slowly, but just do it.

[01:12:05] Wido den Hollander: Enable the checkbox at your AWS global accelerator saying, I wanna enable V6 on, on my global accelerator. Or, and if you see a website without V6, just email them saying, Hey, can you enable V6? But I sometimes I, I get replies saying, oh, sorry, we forgot we enabled it. It’s just that easy, huh?

[01:12:26] Ken Simpson: Yeah. Maybe for, uh, for 2023, you know, we need, uh, an IPV6 day when everybody enables V6 on their guest network. 

[01:12:36] Wido den Hollander: Maybe. Maybe, maybe that’s a, that’s, that’s a, that’s a thing. Indeed. Yeah. There was of course the world IPV6 day in 20 20 12, more than 10 years ago. Um, as I said earlier, I think it should have gone faster.

[01:12:48] Wido den Hollander: It hasn’t, but, uh, we’re, we’re going there. IPP six is not going away. Never. Right. 

[01:12:54] Ken Simpson: It’s been a pleasure, Vito, uh, thank you so much for your time. Uh, it’s been great having you on our podcast, and I look forward to seeing where IPV6 takes us in the next year or two. 

[01:13:04] Wido den Hollander: Yeah, Ken, thank you, uh, also for hosting me and having me on the show.

[01:13:08] Wido den Hollander: Um, a great thing, and indeed, we can talk about it for hours, so maybe in a later time again. 

[01:13:12] Ken Simpson: Absolutely. Absolutely. Take care. Okay, take care.