You are here: Home > Publications > RIPE Labs > Torbjorn Eklov > 10 Years of IPv6 Stakeout!

10 Years of IPv6 Stakeout!

Torbjorn Eklov — 13 Nov 2018
In October 2008 I registered kommunermedipv6.se. My main motivation was to encourage the municipalities in Sweden to enable IPv6 and to publicly show once it's done. Now, ten years later, I think my idea was a big mistake....

In October 2008 I created a website that shows the municipalities in Sweden that have deployed IPv6. To achieve that, I have been measuring every municipality's domain, totalling 290 domains. The idea was to encourage other municipalities to also enable IPv6 and "turn green" on the map on that website. I am usually an optimist and I was really hoping this would have a positive effect. However, I am afraid I was wrong.

In Sweden, the Chief Information Officers (CIOs) of the municipalities gather during a number of conferences per year. This is always a good opportunity to compare deployments with each other and to show that one's own municipality is doing better than others. In 2008 that was a good idea, and they used the https://kommunermedipv6.se/ website to prove their success. But in the background, maybe the internal network was not IPv6-enabled at all. IPv6 was sometimes only deployed on the DNS, MX and Web servers, but then the work stopped.

There is only a very small number of municipalities that had enabled IPv6 internally. I only have data from early 2012 until today, but in 2012 there were three (!) municipalities with IPv6 enabled and today there are 30, out of 290 municipalities in Sweden.

On the maps below you can see those municipalities that had enabled IPv6 in 2012 (Figure 1a) and those that have it enabled today (Figure 1b).

  • Red: None of www, MX and DNS has functional IPv6
  • Orange: one or more of www, MX and DNS is working
  • Green: all of www, MX and DNS has functional IPv6
Municipalities that had IPv6 enabled in 2012 Municipalities that have IPv6 enabled today

 Figure 1a (left): Municipalities that had IPv6 enabled in 2012 and Figure 1b (right): Municipalities that have IPv6 enabled today.

You will notice some clear progress. The number of municipalities with all three services running on IPv6 has increased slightly. Also, most of the municipalities that offered none of these services over IPv6 in 2012 are now yellow, indicating they've worked on some services (if not all).

Let's split these apart and see which of the services have actually been lit up. In the following, if the municipality has no colouring then the service is not available over IPv6; if the municipality is coloured yellow, then it does offer that service over IPv6.

First, WWW (port 80):

2012 2018

 Figure 2a: Municipalities that had IPv6 enabled on their web servers in 2012 and Figure 2b (right): Municipalities that have IPv6 enabled on their web servers today

So, while web services have clearly expanded on IPv6, they're not ubiquitous.

Next, DNS:

2012 2018

Figure 3a: Municipalities that had IPv6 enabled on their DNS servers in 2012 and Figure 3b (right): Municipalities that have IPv6 enabled on their DNS servers today


We see DNS was in a much better place than web services in 2012, and it's clear in 2018 that the rollout has been strong.

Finally, MX

2012 2018

Figure 4a: Municipalities that had IPv6 enabled on their mail servers in 2012 and Figure 4b (right): Municipalities that have IPv6 enabled on their mail servers today


This has shown some growth but, compared to the other two, is obviously not progressing as quickly.

Commentary

So are Sweden’s municipalities really so slow in activating IPv6? For some years now, we also monitor Iceland, Norway, Denmark and Finland. And Sweden actually shows better results than any of these countries.

But IPv4 was depleted many years ago. Private address space as defined in RFC1918 is also not a good option. If a municipality communicates over a VPN or via IPSEC they always need to install a series of network address translators (NATs):  “NAT44 <- IPSEC-> NAT44”.  So why don’t they switch to IPv6 instead which would make things much easier to maintain?

Here are some reasons that I think are causing this problem:

  1. We don’t want to change anything that has worked for many years. Changes are scary.
  2. The consultants hired might not give good advice on how to transition smoothly to IPv6.
  3. People are afraid of possible implications IPv6 might have for the internal network. Sometimes IPv6 doesn’t “fit into the order book” of the consultants hired.
  4. We don't often see a requirement to support IPv6 in a Swedish procurement document.
  5. We have some problem with delivery of IPv6 to enterprises and municipalities in Sweden. If you really want to have IPv6, you can get it. You just have to talk to your ISP and they can deliver it to you. If they can’t, change ISP!

So why are Sweden's municipalities so much better then the other countries on my maps? When I started with my IPv6 measuring the Internet Foundation in Sweden and the Swedish Post and Telecom Authority had already organised IPv6 seminars for some years, and after each such seminar I could see some improvement on my maps. But almost every success today is because they change service provider or the actual service provider for www, DNS and mail activate IPv6. The activation of IPv6 internally is almost always depending on internal knowledge or interested consultants. In some rare cases, the ISP can't deliver IPv6 but there are today few.

My advice to every organisation, municipality or consultant today is to start learning about and activating IPv6. Not next year but today!

Last but not least, we must applaud the municipality of Ovanåker! They were the first green municipality and they have had IPv6 activated everywhere for almost ten years now! For many years, they were the "IPv6 sheriffs" who had to contact other Swedish municipalities and authorities that had or still have broken IPv6. 

 Figure 4: The municipality of Ovanåker is running IPv6 for ten years now

0 Comments

Add comment

You can add a comment by filling out the form below. Comments are moderated so they won't appear immediately. If you have a RIPE NCC Access account, we would like you to log in.