A lot of sites out there are still not supporting IPv6 because ... you'll never guess, but dealing with DDoS on IPv6 where your attackers can rotate through addresses quickly is not easy. Amazon Cloudfront and Cloudflare have recently failed to block simple IPv6 attacks for us lately which would not have happened if we only ran IPv4
This is interesting. If you only had IPv4, you’d block a ddos by filtering ip ranges. If some of those ranges were CGNat, you’d be cutting access to possibly millions of innocent addresses or even entire countries.
As IPv4 addresses become more scarce and more people get on IPv6, so more people end up behind IPv4 gateways to reach your IPv4 only service, the greater the chance that they’d be cut off for someone else’s bad behavior.
> cutting access to possibly millions of innocent addresses or even entire countries.
It seems to me, that everybody fine with this, and they don’t care. Even without DDoS. Using VPN or just using Apple’s relay can cut you from large parts of the internet.
> A lot of sites out there are still not supporting IPv6 because ... you'll never guess, but dealing with DDoS on IPv6 where your attackers can rotate through addresses quickly is not easy.
So now everyone should acquire as many IPv6 addresses as possible so they can spread their services over many /64s so if their server gets compromised and put on a blacklist somewhere they can just burn that /64 and move on to another?
