Why IPv6 Migration Is Critical and How to Overcome Real‑World Challenges

Cloud providers are beginning to charge for each IPv4 address per hour (e.g., AWS $0.005, GCP $0.004, Azure and Hetzner €0.001), signaling the end of free IPv4 usage and creating financial pressure to adopt IPv6.

The author, reflecting on a high‑school introduction to IPv6, notes the lack of market demand for IPv6 skills and the missed opportunity for early adoption.

Is It Time to Switch to IPv6?

IPv6 offers a vastly larger address space, faster processing (no checksum), better routing, built‑in QoS fields, automatic addressing, and native IPsec support. Most importantly, IPv6 addresses are free while IPv4 addresses incur costs.

Setting Up an IPv6‑Only Server

A Debian machine was configured to use IPv6 only, receiving a /64 prefix. Although the address space seems large, it is practical for large deployments because the /64 is the minimal prefix size.

Important tip: Do not over‑optimize address utilization; IPv6 does not require the same careful planning as IPv4.

Common Issues Encountered

Problem 1 – SSH access: The ISP did not support IPv6, so an IPv4 address was added temporarily and cloudflared was configured with -edge-ip-version 6 to enable IPv6 tunneling.

Problem 2 – GitHub access: GitHub did not resolve over IPv6, so a TransIP GitHub proxy was used. Python 3 on Debian also showed IPv6 incompatibility.

Problem 3 – Datadog installation: The Datadog install script failed due to unreachable IPv4 endpoints, despite S3 supporting IPv6.

curl -v https://s3.amazonaws.com/dd-agent/scripts/install_script_agent7.sh

Network unreachable errors indicated missing IPv4 connectivity.

NAT64 as a Bridge

To access IPv4 resources from IPv6, the author used the public NAT64 service nat64.net , which resolved most issues quickly.

Other public NAT64 tools were evaluated; many were defunct, but Kasper Dupont’s service remained active and reliable.

Insights from Kasper Dupont

Kasper maintains a personal NAT64 service on multiple virtual machines (e.g., Hetzner €4.51/month). The service automatically updates DNS64 records based on gateway health checks, minimizing downtime. The daemon is written in user‑mode Linux and may be ported to a kernel module.

Docker and IPv6

To pull Docker images over IPv6, the registry prefix registry.ipv6.docker.com/library/ is required. Docker warns that this setup is not production‑ready.

The server was switched from Caddy to Nginx behind Cloudflare, with a long‑lived Cloudflare‑issued certificate loaded into Nginx.

Unresolved Challenges

Containers still cannot communicate with IPv4 resources despite DNS64 working; NAT64 conversion fails. SMTP services with AAAA records are scarce, and common providers like Mailgun and SES do not support IPv6.

Broader Perspective

The author argues that many network designs (VPCs, NAT gateways, private subnets) are legacy solutions driven by IPv4 scarcity rather than technical necessity, and that a shift to IPv6 could simplify infrastructure and improve security.