I got into some interesting discussions about IPv6 on Twitter. Then someone asked if Android is getting DHCPv6 support in version 11 of the OS.

When IPv6 was developed, initially with RFC 2460, there was this idea that:

Forget all you've learned about IPv4, and design IPv6 from the ground up

This sounds good in theory but ignores completely the lessons we’ve learned from IPv4. Not to mention, there is no such thing as greenfield. Almost all networks, are existing ones, you don’t get to start all over again. There was this very shiny view of end to end connectivity, /64 everywhere and only SLAAC allowed. I get all of that, it’s like saying “I wish there were no wars”, but unfortunately, people are stupid, so there will be wars. There’s this naivety, similar to a teenager that is growing up. You want to change the world, then you realize the world is run by money, mega corps, and dirty politicians.

This whole mess led to the holy wars of SLAAC + RDNSS vs DHCPv6. Please note that SLAAC didn’t even initially have the option of setting a DNS server. Basically, that meant you only had a partial implementation. It’s pretty useful to have a DNS server… Initially, Microsoft operating systems did support SLAAC but not RDNSS, Android did not want to support DHCPv6. That meant that you couldn’t support these two operating systems on the same subnet.

Much to my surprise, Android still has a broken IPv6 implementation in 2020. By design. They are not going to fix it. There are a couple of valid arguments from Google and Lorenzo Colitti, but they are pretty weak. The irony of it all though is that people are asking for it but Google is not willing to implement it, because they think they know better than their users. They will happily spy on you, serve you ads, and sell your data, but allowing you to run DHCPv6 would be doing you a disservice.

There’s no doubt that SLAAC works, and that it can work in fairly large environments, still, DHCPv6 is in my mind the better option. The fallacy here is that many IPv6 evangelists take this ivory tower view of ignoring business requirements. There are business requirements, and compliance requirements, where you need to track what host had what IP at what time. Also, enterprises do stupid things. That’s just a fact. Google is not the one that should decide what you get to do.

You could, of course, run both SLAAC and DHCPv6 simultaneously, but why? If you read the Google thread above, you will see that many people have wasted a lot of time, and have very valid business reasons, for why they want DHCPv6 implemented. Here are a few:

  • Ability to assign suffix such as megacorp.com
  • Register hosts in DNS
  • Keep track of what host had what IP at a certain time
  • Image deployment via PXE (think DHCP options)
  • Other DHCP options used for example for WLC
  • Ability to easily swap DNS server in entire network (think Umbrella deployment)
  • Dot1X deployment where you want RADIUS server to see DHCP request
  • Need to support IP phones

I’m sure there are some workarounds for some of the use cases but my point is: Enterprises need DHCPv6, Google, or anyone else for that matter, should not dictate what options you have at your hand. So, sadly, even in 2020, Android still has a broken IPv6 implementation.

It’s 2020 And Android’s IPv6 Is Still Broken
Tagged on:                 

7 thoughts on “It’s 2020 And Android’s IPv6 Is Still Broken

  • Pingback:Android’s IPv6 Is Still Broken – Hacker News Robot

  • May 26, 2020 at 3:35 pm
    Permalink

    dhcpv6 also allows you to validate source addresses

    Reply
  • December 29, 2021 at 12:58 pm
    Permalink

    I was all for ip6 myself until one day behind my router I found my phones/tablets/tvs ..etc ip6 addresses were passed to the world and hence right past my firewalls into my network . Since by default, in my experience, isp’s are not enabling ip6 nat & firewalling by default like they do with ip4 with their gateways. I see ip6 as a huge breaching protocol to every device/network on the net for the casual small network . Lets face it as soon as you connect a device to the web it is profiled assigned a unique identifier or serial, if it doesn’t give it up voluntarily ( android ), and then the whole world knows who/what/where that device belongs to . It just seems like another targeting mechanism to me in the current environment and just another huge breach of privacy at least at this point in time .

    I totally agree with you of Google having way to much say in internet policy. considering their whole business model is pretty much based on data piracy and controlling internet commerce.

    PS: needless to say all ip6 has been disabled on my modest little network. (security) (need), I don’t have billions of devices and only one point of access.

    Reply
    • May 20, 2022 at 10:34 pm
      Permalink

      IPV6 gets rid of NAT, but not from firewall rules. Even if your IP is visible to the world, it doesn’t mean your firewall will let the world be welcome.

      My shitty ISP only provides IPv4 through NAT, if wasn’t for IPv¨I wouldn’t have a VPN to my apartment. And my firewall doesn’t allow my LAN to be reached from the world.

      Reply
      • September 24, 2023 at 5:03 am
        Permalink

        Personally I stand with Google on this. DHCP should not be used for IPv6 if at all possible. Their rationale makes sense. SLAAC is the way IPv6 networks should be setup. Largely the reason they do this is to ensure the use of a /64 and that’s the right approach. IPv4 setups are not relevant to IPv6 setups, a lot of people coming from IPv4 have this view but ultimately it’s because they don’t understand IPv6, it’s wildly different and trying to shoehorn IPv4 ideals into IPv6 just makes a mess. There are ways to track SLAAC addresses if you must, DHCP is not required for that to work.

        Reply
  • April 17, 2023 at 6:36 pm
    Permalink

    Thanks for your post – you just saved me from wasting more time on the steaming pile of… than I had done today… Had the thought, I am to dumb to config the network correct…

    Reply
  • October 23, 2023 at 11:54 am
    Permalink

    You are absolutely correct about android breaking IPv6. Not only are google’s coercive policies are onerous to network admins, it is holding back IPv6 deployment.

    In addition to the other problems you mentioned, SLAAC breaks sub-netting.

    ISPs and Hosts will hand out 2^64 IPv6 addresses per subscriber, which is a huge. With DHCP one can subnet to their heart’s desire. But because of the stupidity of SLAAC, it’s not enough for even just two subnets. You’d need 2^65 or more, but good luck getting that. It’s often desirable for administrators to employ subnets. But when google policies prohibit that, well frankly it keeps us from investing in IPv6 and sticking with IPv4 networks, as flawed as they are. Google need to fix their mistake because they’re holding everyone else back. I’m not anti-IPv6, but google needs to do a better job supporting the very people who must implement the IPv6 transition. The fact they’re not doing this is inexcusable and Lorenzo Colitti deserves to be fired for holding the transition back for over a decade with his misguided attempt to dictate his own policies over others’ networks rather than allowing admins to do our jobs within our own networks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *