I got into some interesting discussions about IPv6 on Twitter. Then someone asked if Android is getting DHCPv6 support in version 11 of the OS.

When IPv6 was developed, initially with RFC 2460, there was this idea that:

Forget all you've learned about IPv4, and design IPv6 from the ground up

This sounds good in theory but ignores completely the lessons we’ve learned from IPv4. Not to mention, there is no such thing as greenfield. Almost all networks, are existing ones, you don’t get to start all over again. There was this very shiny view of end to end connectivity, /64 everywhere and only SLAAC allowed. I get all of that, it’s like saying “I wish there were no wars”, but unfortunately, people are stupid, so there will be wars. There’s this naivety, similar to a teenager that is growing up. You want to change the world, then you realize the world is run by money, mega corps, and dirty politicians.

This whole mess led to the holy wars of SLAAC + RDNSS vs DHCPv6. Please note that SLAAC didn’t even initially have the option of setting a DNS server. Basically, that meant you only had a partial implementation. It’s pretty useful to have a DNS server… Initially, Microsoft operating systems did support SLAAC but not RDNSS, Android did not want to support DHCPv6. That meant that you couldn’t support these two operating systems on the same subnet.

Much to my surprise, Android still has a broken IPv6 implementation in 2020. By design. They are not going to fix it. There are a couple of valid arguments from Google and Lorenzo Colitti, but they are pretty weak. The irony of it all though is that people are asking for it but Google is not willing to implement it, because they think they know better than their users. They will happily spy on you, serve you ads, and sell your data, but allowing you to run DHCPv6 would be doing you a disservice.

There’s no doubt that SLAAC works, and that it can work in fairly large environments, still, DHCPv6 is in my mind the better option. The fallacy here is that many IPv6 evangelists take this ivory tower view of ignoring business requirements. There are business requirements, and compliance requirements, where you need to track what host had what IP at what time. Also, enterprises do stupid things. That’s just a fact. Google is not the one that should decide what you get to do.

You could, of course, run both SLAAC and DHCPv6 simultaneously, but why? If you read the Google thread above, you will see that many people have wasted a lot of time, and have very valid business reasons, for why they want DHCPv6 implemented. Here are a few:

  • Ability to assign suffix such as megacorp.com
  • Register hosts in DNS
  • Keep track of what host had what IP at a certain time
  • Image deployment via PXE (think DHCP options)
  • Other DHCP options used for example for WLC
  • Ability to easily swap DNS server in entire network (think Umbrella deployment)
  • Dot1X deployment where you want RADIUS server to see DHCP request
  • Need to support IP phones

I’m sure there are some workarounds for some of the use cases but my point is: Enterprises need DHCPv6, Google, or anyone else for that matter, should not dictate what options you have at your hand. So, sadly, even in 2020, Android still has a broken IPv6 implementation.

It’s 2020 And Android’s IPv6 Is Still Broken
Tagged on:                 

4 thoughts on “It’s 2020 And Android’s IPv6 Is Still Broken

  • Pingback:Android’s IPv6 Is Still Broken – Hacker News Robot

  • May 26, 2020 at 3:35 pm
    Permalink

    dhcpv6 also allows you to validate source addresses

    Reply
  • December 29, 2021 at 12:58 pm
    Permalink

    I was all for ip6 myself until one day behind my router I found my phones/tablets/tvs ..etc ip6 addresses were passed to the world and hence right past my firewalls into my network . Since by default, in my experience, isp’s are not enabling ip6 nat & firewalling by default like they do with ip4 with their gateways. I see ip6 as a huge breaching protocol to every device/network on the net for the casual small network . Lets face it as soon as you connect a device to the web it is profiled assigned a unique identifier or serial, if it doesn’t give it up voluntarily ( android ), and then the whole world knows who/what/where that device belongs to . It just seems like another targeting mechanism to me in the current environment and just another huge breach of privacy at least at this point in time .

    I totally agree with you of Google having way to much say in internet policy. considering their whole business model is pretty much based on data piracy and controlling internet commerce.

    PS: needless to say all ip6 has been disabled on my modest little network. (security) (need), I don’t have billions of devices and only one point of access.

    Reply
    • May 20, 2022 at 10:34 pm
      Permalink

      IPV6 gets rid of NAT, but not from firewall rules. Even if your IP is visible to the world, it doesn’t mean your firewall will let the world be welcome.

      My shitty ISP only provides IPv4 through NAT, if wasn’t for IPv¨I wouldn’t have a VPN to my apartment. And my firewall doesn’t allow my LAN to be reached from the world.

      Reply

Leave a Reply

Your email address will not be published.