IPv6 only hosting(4 min read)

We ran out of IPv4 addresses a few years ago, and the cost has been steadily increasing, now over USD 25.00 per IPv4 address.

Meanwhile we are increasingly using technologies such as containerised deployments and mass deployment of Internet of Things (IoT) devices, seeing an increase in demand for addresses.

About 30% of the Internet now happily talks IPv6, with several countries having more than 50% IPv6, and for a server hosting environment there are many benefits to going IPv6 only.

IPv6 only hosting is available from several providers such as Mythic Beasts.

Benefits of IPv6 only

Some benefits of using IPv6 over IPv4 are:

  • Better performance – no need for Network Address Translation (NAT) or other forms of encapsulation.
  • Avoid address clashes across virtual machine and container hierarchies – with IPv4 you can have container private address networks, inside virtual machine private address networks, behind carrier grade NAT – that is NAT within NAT within NAT, with potential problems with clashing address ranges.
  • Easier site-to-site routing – with IPv4 site-to-site routing between private address networks requires VPNs, and again has potential problems with clashing address ranges. IPv6 can use direct connections with global addresses, secured by TLS and firewalls, or Unique Local Address (ULA) ranges can be connected without worry about clashing.

Those benefits of IPv6 also apply with dual-stack deployments, provided you are using the IPv6 parts, but you may end up doing both, e.g. a dual stack virtual machine network may have both the simplicity of flat IPv6 global addresses and the complexity of IPv4 still needing NAT within NAT.

With dual-stack you also need to configure everything, e.g. routes, firewalls, etc, to support both protocols.

Running an IPv6 only server network, compared to dual-stack, makes management a lot easier as it means:

  • Only one set of routes to configure.
  • Only one firewall configuration to worry about.
  • Only one set of configuration files for machines.
  • Avoid the complexity of IPv4 NAT.
  • Save the cost of purchasing expensive IPv4 addresses.

Communicating with IPv4

However IPv6 only does have a (solvable) issue of how to communicate with the other 70% of the Internet that is IPv4 only.

Incoming IPv4 proxy

For incoming traffic, you need to use an IPv4 reverse-proxy. Incoming TLS traffic (and all traffic should use TLS), including HTTPS, can use Server Name Identification (SNI) for forwarding to the correct IPv6 destination. The proxy can also forward HTTP by Host header, for bootstrapping Lets Encrypt or similar.

This can be provided by your IPv6 only hosting provider, as a shared service, or it can be combined with a Content Distribution Network (CDN) like Cloudflare IPv6 or potentially others such as Akamai (an article from May 2020 says Akamai has IPv6 available as a technical preview).

This can also be done relatively simply, e.g. even on a home network, by using a component such as Caddy (https://caddyserver.com/) – you only need to set up a single dual-stack server (forward your router IPv4 port 80 & 443 to it) and it can reverse proxy multiple addresses (and with built in support for HTTPS).

Outgoing DNS64 + NAT64

For outgoing traffic, e.g. if your server needs to call into an IPv4 only service, then a combination of DNS64 and NAT64, to automatically generate IPv6 addresses for IPv4 only hosts, which then route via NAT64 to proxy requests to the IPv4 server.

Again, this is something that an IPv6 only hosting service will usually provide, however it is also not to hard to set up NAT64 for a home network.

Service providers

There are now quite a number of service providers that will offer IPv6 as an add on to an existing service, i.e. dual stack.

For IPv6 only hosting Mythic Beasts (https://www.mythic-beasts.com/) has some great video presentations on their experience setting up IPv6 only hosting from a few years ago, which I strongly suggest you watch. I am currently moving some hosting from dual-stack with Interserver across to Mythic Beasts IPv6 only.

Another provider, Ungleich (https://ungleich.ch/), in Switzerland, owns ipv6onlyhosting.com, and went from early experiments in IPv6 only (which was not ready at the time) to dual stack, and now back to offering an IPv6 only option, although slightly more expensive than Mythic Beasts. They also run an IPv6.chat forum and provide advice on IPv6 rollout to open source projects.

There is also http://i-83.net/, run by QuadHost,which has a range of very low cost, small spec, geo-distributed options.

Even some of the larger hosting services such as AWS and Azure will support IPv6 for some services, although you need to manually configure Azure for IPv6.

IPv6 is the way forward

Cheap computers, such as the Pi Zero, are cheaper than trying to buy an IPv4 address (as pointed out by Mythic Beasts) – it is a bit silly costing $5 for a computer but then $25 for an IPv4 address.

The only real way forward, especially in domains such as IoT and containerisation, is IPv6. For server hosting it actually makes sense to go full IPv6 only, for easier administration and management.

Leave a Reply

Your email address will not be published. Required fields are marked *