IPv6 only networking not viable in 2018 banner

IPv6 only networking not viable in 2018

Quick rant about the roadblocks that IPv6 only networking has caused:

Gist of it:

  • launchpad.net is ipv4, so adding Ubuntu apps via apt-add-repository or by an apt list (that reference launchpad.net) will fail. This severely hinders acquiring software that isn’t distributed by Ubuntu.
  • keyserver.ubuntu.com is ipv4 so one can’t use the default method for trusting package keys (something that shouldn’t be taken lightly)
  • thus everything ubuntu documents about packaging software is not possible via ipv6
  • github.com is ipv4 so one needs to either employ a proxy, nat, or manual transfer files

It can be quite crippling to not have access to these resources.

The full story:

I was checking out Vultr for a VPS. They offer a $2.50 a month package – the catch is that it is IPv6 only (inbound and outbound traffic must use IPv6 addresses). I figured this was no big deal. IPv6 has been in draft standard since 1998, and while it only became an internet standard in 2017, people have had 20 years to prepare. It’s not like you even have to abandon IPv4, one can serve a site with IPv6 and IPv4 side by side.

I got a kick out of IPv6 Excuse Bingo, and figured I should give IPv6 only a shot.

I wanted to setup algo, a personal VPN, and since I was just playing around, I wanted to keep costs down (hence the $2.50 a month package).

Following algo’s Ubuntu 18.04 server guide, I hit a snap on the first line:

apt-add-repository ppa:ansible/ansible

The line would error with

Cannot add PPA: 'ppa:~ansible/ubuntu/ansible'.
ERROR: '~ansible' user or team does not exist.

Searching online for this error would reveal questions only related to setting up an apt proxy. This and many other rabbit holes kept me scratching my head. It turns out, this is the error message that is given to users by apt-add-repository when it can’t access either 91.189.89.22 or 91.189.89.23 (bug report). With IPv6 only networking, it is not possible without some intermediate translation to access those addresses.

I soldiered on, maybe I could circumvent this issue.

I go to manually add the ansible apt key

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BB9C367

With the lovely error:

gpg: keyserver receive failed: No keyserver available

A bug: keyserver.ubuntu.com has no IPv6 connectivity. The recommended workaround is to switch out the host and execute:

apt-key adv --keyserver pool.sks-keyservers.net --recv-keys 7BB9C367

I’m not familiar with sks-keyservers.net and retrieving keys from a domain I’m not familiar with sets off major red flags. Still, I continue and get ansible installed.

Next issue:

git clone https://github.com/trailofbits/algo

Github doesn’t support IPv6, so I downloaded the repo on another box and transferred accordingly.

I started running algo and then I noticed that it executed the following lines to set up Wireguard (obvious in hindsight):

add-apt-repository ppa:wireguard/wireguard
apt-get update
apt-get install wireguard

These commands fail as add-apt-repository needs to contact an IPv4 address.

And it presented a high enough barrier that I quit (as add-apt-repository won’t work with IPv6). I realized that if I’m having this much trouble setting up the box, I’d have even more trouble when routing traffic through it as a VPN. There were some things I did try or could try to try and soften the problem:

  • Use NAT64, but that would require me to setup another box.
  • Use an apt proxy, but that would also require another box
  • Try appending sixxs.org to domain name for IPv4 exclusive addresses, but sixxs has been sunset.

The solution is simple: upgrade to IPv4. Yes it’ll cost more, but $5 vs $2.50 isn’t something that should cause major headaches.

I can only hope that IPv6 becomes more popular soon.

Comments

If you'd like to leave a comment, please email hi@nickb.dev

2018-08-27 - Abraham Y. Chen

The IPv4 shortage issue may have been resolved. So, you may be able avoid this IPv6 twists in the future. We came upon a scheme that will expand each public IPv4 address by 256M (Million) fold without affecting the current Internet. We have submitted a proposal called EzIP (phonetic for Easy IPv4) to IETF:

https://tools.ietf.org/html/draft-chen-ati-adaptive-ipv4-address-space-03

Essentially, EzIP can establish a sub-Internet capable of serving an area with up to 256M IoTs from just one IPv4 address. This is bigger than the largest city (Tokyo metro) and 75% of the countries. The current Internet becomes the backbone / infrastructure / skeleton for interconnecting these sub-Internets, but only for traffic among them, very similar as the electric grid supporting islands of renewable energy generated by individual homes and businesses. Consequently, there will be a lot of spare IPv4 addresses, now.

Thoughts and comments will be much appreciated.

2019-02-03 - Anonymous

I just followed the same path, and got stuck at the same point. Adding the repository works, but then it can’t fetch from http://ppa.launchpad.net/bitcoin/.... Could not resolve ‘ppa.launchpad.net’

It’s 2019 now…. But it’s good that you are providing the solution: upgrade to ipv4 - I’ll do that for now.