This site uses cookies for analytics. By continuing to browse this site, you agree to use this.  Learn more

The ungleich IPv6 log

2 years of IPv6 @ungleich

Posted on Feb. 10, 2019

The infrastructure around Data Center Light developed since 2017 and we want to share with you our experiences about running an IPv6 first infrastructure.

The early days in 2017

Data Center Light goes live with our first beta customers. At this time we have a lot of discussions inside ungleich: do we focus on IPv4, IPv6, dual-stack? Arguments range from "nobody uses IPv6", "Dual-stack is what we need", "Dual-stack is too complicated" to "let's go IPv6 only".

Some of our employees used to be IPv6 enthusiasts in 2002, but stopped using IPv6, because there was virtually no content available in IPv6 networks. Having IPv6 experience, we reviewed the situation and found that while still not being dominant, IPv6 has become an essential part of networks.

Before deciding on the exact path to take we became an LIR and RIPE so that we could start our project with an IPv6 /29 and an IPv4 /22 network.

Beta phase 2017: IPv6 only + NAT64 + NAT46

Having the beauty of getting the first beta customers in 2017, we decided it is about time to go IPv6 only. IPv6 for servers, routers and even all virtual machines (VMs). The routers had a static NAT46 mapping so that every VM effectively was reachable by both IPv4 and IPv6. However, customers were only seeing IPv6 on the system. For the outgoing connections, we used DNS64+NAT64

The beauty of this approach is that the whole network, besides the routers, is IPv6 only. No IPv4 thinking, just IPv6. However then we began to encounter "weird" software like cpanel, which had hardcoded IPv4 addresses. As the requests do not use DNS, no DNS64 would apply and the software would basically get a "network unreachable" error. While most software works like charm in IPv6 only environments, some parts of nodejs do not, because nodejs had various problems with IPv6. This was actually one of the reasons why we migrated away from Rocketchat to Mattermost.nat-penguin-square.jpg

2017-02: Introducing OpenVPN

To actually access our servers in IPv4 only networks, we started to use OpenVPN for our employees. Soon after we were used to having an OpenVPN client running on the road, we agreed that routing IPv6 networks to our staff home would also be cool. So we started routing /64 networks to every staff member. Soon after customers wanted to use Samba over the Internet to access their data. As SMB (the protocol Samba uses) is not encrypted, we also began to offer IPv6 VPNs to our customers. Our OpenVPN setup is based on tun devices, so OpenVPN can manage IP address allocation. The biggest drawback here is that OpenVPN until today, does not support IPv6 only tun mode.

2017-04: Introducing Dual Stack for VMs

After some discussions with our first beta users, we had to introduce dual-stack VMs to our infrastructure. Mainly because of issues with cpanel, mosh (no IPv6 support in Debian stable at this time) and nodejs. Our engineers would have preferred to stay IPv6 only ("nice and clean"), however, at ungleich our job is to enable customers and sometimes this is not the cleanest possible solution. Real life hits you hard sometimes, I guess you know this feeling?

dual-penguin-long.jpg

2017-04 ... 2018-05: Something happened!

We are pretty sure something IPv6 related happened during this time at ungleich, but we don't recall what anymore.

2018-05 Introducing IPv6 only VMs

About 1.5 years after we started Data Center Light, the initial problems with mosh and nodejs have been solved. IPv6 supporting versions are now easily accessible. Time for us to re-evaluate our hosting platform. Changing existing customers is a no-go, we follow the never break a user approach (read Linus' (in-)famous post about it).

Thus instead of changing existing users, we create a new product named IPv6OnlyHosting.com that offers the same VMs, but without IPv4 for a reduced price. Why is the price reduced? Because for us IPv4 is a cost factor, whereas IPv6 is fun to run. We benefit from every user on our infrastructure that uses IPv6 only so the user should benefit from it, too.

ipv6_header_with_sign.png

 

2018-06: IPv6 sticks with us

A four letter friend of us sent us some "No IPv4" stickers around 2018-04 (and they are still sticking to our office door). While we loved it, we think a better message is that we are in favor of IPv6 and not that we are against IPv4. So the "I love IPv6" sticker was born, just in time for the summer edition of Hack4Glarus.

2018-08 Introducing the IPv6 penguins

Our CEO has this crazy idea that ungleich is userfriendly.org, just the real-life version of it. So he and our chief designer, Sanghee, decided that it was time to introduce the IPv6 penguin comics, a friendly tribe who lives through similar experiences as we do at ungleich. 

penguin-comics-2.jpg

2018-12: The cutest ever IPv6 merchandise: The IPv6 penguin T-Shirt

Shortly after the IPv6 penguins went live, we got the first requests to create a T-Shirt featuring them. Just in time for the winter edition of Hack4Glarus, our designer created a comfy, cute and adorable IPv6 penguin T-Shirt. Since then not only our staff, but also friends, customers, and other IPv6 fans are seen in it.

penguin-tshirt-roli.jpg

2018-12: Introducing IPv6 VPN based on Wireguard

Our original OpenVPN based IPv6 still exists and is still running on the original servers since we introduced the VPN. New customer requests made us consider moving the service to a new endpoint, to adjust for changes in our network. So we checked again and OpenVPN still does not support IPv6 only tunnels. Such a shame! And even worse, our engineers are now having real trouble to think in IPv4 ("What is the right network size? Ah? No /64? Err.. gosh. Do I have do add masquerade? Which of the overused RFC1918 range do I assign?"), we wanted to offer new customers a pure IPv6 VPN. No IPv4 legacy included.

Luckily we found that wireguard is not only much easier to setup than OpenVPN, but also supports IPv6 only networks! So our new IPv6 wireguard VPN offer was born. And the first VPN routes directly to Spain! Fun fact: Google decided that because of the traffic pattern that our whole 2a0a:e5c0::/29 is located in Spain, instead of Switzerland and google.com would present the Spanish version to everyone. Luckily, google fixed this within a few days.

We also would like to thank the reddit user pdp10, who pointed out that our original OpenVPN setup + routing a /64 per user is not really sustainable. It was his input that made us use /48 networks per user the default for the new VPN offer.

2019-01: Opening the IPv6 real-time chat

We did not find a good site on the Internet where people are discussing in real time about their IPv6 experiences. So we opened up our chat for IPv6 discussions.

2019-02: The end of the IPv4 Internet / Launch of no-ipv4-here

We believe that IPv6 only services will be a major driver for IPv6 adoption. To allow anyone to focus on this job, we created "The end of the IPv4 Internet", so you don't have to care about IPv4 traffic handling anymore. Oh, the service is obviously Open Source so that you can copy & clone it, if you like.

ipv6onlyhosting-ungleich-deadend.jpg

2019-02: Collecting IPv6 Only Services

So our theory is: the end of the IPv4 Internet should allow everyone to focus more on creating IPv6 only services. Obviously there are not that many yet, so we try to revive 1998 yahoo-style-website listing (was a cool thing at that time). If you run a public IPv6 only service, ping us and we will send you free I love IPv6 stickers!

2019-02: IPv6.work goes BETA

We are always looking for good people to join our team. And we are always disappointed by the usability of freelancer platforms. And also often about the technical capabilities of freelancers. So we decided it is time to launch an IPv6 only freelancer platform and we named it IPv6.work. It is an early beta AND it is fully Open Source...

city-clouds-coin-operated-binoculars-94651.jpg

2019-02: Publishing the first version of our IPv6 log

This week we were discussing on which IPv6 project to launch next and where to improve what. And then this situation came up that somebody[tm] in our team asked "What have we actually done with IPv6 already?", which made us realize that we don't have an IPv6 log. Now we do and we intend to update this blog with the news over time. Did you actually realize that it is our 2 year birthday this year? 

More of it

If you want to share your own IPv6 story or if you have questions about our stories, let us know. We are always curious to hear different IPv6 experiences. And you are clearly invited to join the IPv6 chat. We love this IPv6 journey and we hope you enjoyed reading our IPv6 log.

penguin-chat-banner.jpg