Somewhere Within Boredom

coding 11 min read

You can read this on your phone, probably

By withinboredom

nginx-ingress got cancelled. IPv4 addresses cost actual money. I did the math, and now I'm about to do something either really smart or really stupid: delete all the A records and never look back.

nginx-ingress is Dead and I’m Having a Crisis

Okay, so nginx-ingress got cancelled. Just… cancelled. Like your favorite TV show that ended on a cliffhanger. And before you @me with “just use [insert ingress controller here],” I’ve looked. They either:

  • Require an enterprise license (lol no)
  • Have weird limitations that break my use case
  • Are so overengineered I’d need a PhD to configure them
  • Are literally just nginx-ingress with a different name and the same problems

Fine. Screw it. I’ll just use Caddy + LoadBalancer services and call it a day. Simple, clean, works great.

Except now each service needs its own IP address. And I’m running this on bare metal, not some cushy cloud where you can click “add IP” and pretend money isn’t real.

I Pay €30/Month for five Usable IP Addresses (Five. FIVE.)

Let me tell you about my IPv4 situation and why it makes me want to flip a table.

I have a /29 subnet. That’s eight addresses total. Sounds okay, right? WRONG. Because of how subnets work, only five of those are actually usable (network address, broadcast address, and gateway eat the rest).

€30/month. For five addresses.

That’s €6 per address per month. €72/year per address. If I need 10 services, I’m looking at another /29, so that’s €60/month total. For ten IP addresses.

Meanwhile, my IPv6 subnets cost less than €10/month. And by “subnets” I mean multiple /64s. Each /64 has 18,446,744,073,709,551,616 addresses. That’s 18 quintillion addresses. For under ten euros.

Let me do the math for you:

  • IPv4: €6/month per address
  • IPv6: €0.0000000000000000005/month per address (I probably have the decimal point wrong, there’s too many zeros)

This is vile. This is paying for airport water bottle levels of vile.

So Obviously I’m Going IPv6-Only, Right? …Right?

At this point, I just look at these numbers and go “yeah, IPv6-only, done, next problem.”

But then my brain kicked in with the fun question: if I delete all my A records and go IPv6-only, who can actually reach my blog?

Because here’s the thing—IPv6 has been “the future” since like 1998. That’s 27 years of being the future. At some point you’d think the future would become the present, but here we are, still having this conversation.

So before I commit to what might be either genius or blog suicide, let’s look at who actually has IPv6 in 2025.

The Research: I Went Down a Rabbit Hole So You Don’t Have To

Half the Internet Already Has IPv6 (No, Seriously)

According to Google’s stats, global IPv6 adoption is sitting at 45–49% depending on what day of the week it is.

Wait, what? Day of the week matters?

Yep. It’s higher on weekends (~49%) when people are on their phones and home networks. It drops during the week when everyone’s at work on corporate networks that are still living in 2003.

So right now, in 2025, roughly half the internet already speaks IPv6. Half! And that number keeps climbing.

Some Countries Are Living in the Future Already

The adoption rates vary wildly by country, and some of these numbers are wild:

The Winners (>70% adoption):

  • France: 78%—Apparently they’re as good at IPv6 as they’re at revolution … oh wait.
  • Germany: 76% - German engineering strikes again
  • India: 72-78% - crushing it

Pretty Damn Good (50–70%):

  • United States: 53%—just crossed 50% in February 2025, fashionably late as usual
  • Japan: 55%—jumped from 49% recently
  • Malaysia: 59%

Getting There (40–50%):

  • Thailand, Mongolia, Portugal, Finland, Nicaragua, Canada, UAE, UK, Estonia - all above 40%

Still Living in the Past:

  • Russia and Australia: over 30% (come on guys)
  • China: less than 5% (oof)
  • Sudan and Turkmenistan: less than 1% (okay that’s fair, they have other problems)

Your Phone is Already on IPv6 (Yes, Yours)

Here’s where things get real: mobile carriers went ALL IN on IPv6.

Why? Because NAT is a pain at scale, and when you have millions of devices, IPv6 just makes operational sense. The numbers are absolutely wild:

U.S. Mobile Carriers:

  • T-Mobile: Over 90% IPv6 traffic
  • Verizon: 82.63%
  • AT&T: 70-73%
  • All U.S. carriers combined: ~87% IPv6

European Carriers:

  • Deutsche Telekom (Germany): Had IPv6 on mobile since 2015 - they were early
  • Vodafone Germany: 55%+ and rising, mobile IPv6 since 2019
  • Vodafone UK: Hit 76% on fixed broadband, aiming for 100%
  • French operators: Most major carriers at 60%+ deployment
  • Norwegian ALTIBOX: Doubled deployment in one year

Asia:

  • Reliance Jio (India): 93%—literally topping global charts

If you’re reading this on your phone right now, there’s like a 90% chance you’re on IPv6 and didn’t even know it.

The “future protocol” is already the default on mobile. It isn’t coming. It’s here. It’s just your corporate network stuck in 2003.

Home ISPs: It’s Complicated

Residential ISPs are… all over the place:

  • Major ISPs in France, Germany, US? Yeah, they have IPv6. It’s automatic. You probably have it and don’t even know.
  • Smaller regional ISPs? Hit or miss. Mostly miss.
  • Most ISPs aren’t bothering to transition existing customers unless they complain

The good news: if you’re with a major ISP in a developed country, you probably have IPv6. The bad news: you probably don’t know whether you have it or not.

Corporate Networks: Living in 2003 and Loving It

This is the elephant in the room. Corporate networks are dragging their feet hard on IPv6. The weekend vs weekday traffic patterns don’t lie—IPv6 usage jumps on weekends when people aren’t stuck on corporate networks.

Why are enterprises so slow? Let me translate the corporate excuses:

  • “Legacy infrastructure” = “We have technical debt and don’t want to deal with it”
  • “If it ain’t broke, don’t fix it” = “Our IT team is already overwhelmed”
  • “Security concerns” = “We heard scary things from a vendor in 2008”
  • “NAT is our security boundary” = “We have no idea how security works”

Let’s Talk About the NAT-as-Security Myth (Because It’s Nonsense)

Oh man, here we go. This is my favorite enterprise IT myth, right up there with “we need to disable USB ports for security."

When IT says “disable USB”, they usually mean blocking data transfer to USB drives. The problem? It doesn’t stop data exfiltration. Determined users (or attackers) can:

  • Email files to themselves
  • Upload to cloud storage (Dropbox, Google Drive, personal OneDrive)
  • Use their phone
  • Take screenshots and photos with their phone
  • Print documents and walk out with them
  • Use network file shares
  • Use Bluetooth

Meanwhile, legitimate users can’t use their external drive for legitimate work, can’t plug in their presentation clicker for meetings, and get frustrated with policies that don’t address the threat model.

If you’re worried about data exfiltration, you need DLP (Data Loss Prevention), proper access controls, and monitoring. Not USB restrictions that block convenience while leaving a dozen other exfiltration vectors wide open.

NAT is not a firewall. NAT has never been a firewall. NAT will never be a firewall.

NAT exists because we ran out of IPv4 addresses. That’s it. That’s the whole story. The fact that it incidentally makes inbound connections harder is a side effect, not a feature. It’s like saying your car is more secure because the door handle is broken.

Here’s what NAT actually does for security: obscurity. And security through obscurity isn’t security; it’s just hoping attackers are lazy.

You know what provides actual security? Firewalls. And guess what? IPv6 has those! In fact, IPv6 firewalls are often easier to configure because you aren’t dealing with NAT traversal nonsense.

With IPv6, you get:

  • Stateful firewalls (just like IPv4)
  • Proper end-to-end connectivity (so things like WebRTC actually work)
  • No need for UPnP or port forwarding hacks (which often create more security holes than they solve)
  • Actual cryptographic security is built into the protocol (IPsec is mandatory in IPv6)

“But with IPv6, everything has a public IP!” Yes. And you firewall it. You know, like you’re supposed to.

If your security model depends on NAT, your security model is broken. Full stop. NAT isn’t protecting you. Your firewall is. And if you don’t have a proper firewall, NAT isn’t going to save you.

Anyway, back to why corporate networks suck.

So What Happens If I Actually Do This?

Let me be real with you: I just did it. No dual-stack. No IPv4 fallback. No “just in case” A records. Just pure, unadulterated IPv6.

Which means I need to answer the question: who am I shutting out?

Who Actually Reads This Blog?

This is a technical blog. My audience is:

  • Developers
  • DevOps engineers
  • System administrators
  • Technology enthusiasts who enjoy reading about someone else’s infrastructure disasters

These are people who:

  1. Are probably on modern infrastructure (or at least aware it exists)
  2. Use their phones a lot (90% IPv6, remember?)
  3. Could enable IPv6 if they wanted to
  4. Might actually think “this blog is IPv6-only” is cool
  5. Could subscribe to this epic blog

Am I writing for corporate IT departments browsing during work hours on their IPv4-only network? Nope.

Am I writing for developers at home on their fibre connections, probably on their phones while taking a shit? Yeah, probably.

The Technical Reality of Going IPv6-Only

Let’s talk about what actually happens when you flip the switch.

DNS: Literally Delete Your A Records

This is hilariously simple:

  1. Publish AAAA records (IPv6 DNS records)
  2. Don’t publish A records (IPv4 DNS records)
  3. There’s no step 3

That’s it. If a client has IPv6, they get the AAAA record and connect. If they don’t have IPv6, DNS returns nothing, and they get a “site can’t be reached” error.

It’s the most elegant “fuck you” to legacy infrastructure I’ve ever seen.

“Just Use Cloudflare as a Proxy!”

Yeah, a lot of people will tell me to use Cloudflare or some other CDN to bridge IPv4 and IPv6. They accept both protocols and proxy to your IPv6-only backend.

Hell. No.

I hate Cloudflare. I hate the idea of putting another company’s infrastructure between me and my readers. I hate that half the internet runs through their servers. I hate their captcha. I hate that they’re a single point of failure for huge chunks of the internet.

And more importantly:

  1. It defeats the entire fucking point of this experiment
  2. I’m trying to reduce complexity, not add another layer
  3. Even “free” tiers have limitations and gotchas
  4. Why would I solve an infrastructure problem by adding more infrastructure?

If I wanted dual-stack, I’d just pay the €30/month for my /29 and move on with my life. The whole point is to see what happens when you actually commit to IPv6-only.

The Cool Part: You’re Directly Connected to a Pod

Here’s what makes this actually awesome: with IPv6 and no NAT, you’re directly connected to the pod running this blog in my Kubernetes cluster.

No load balancer does address translation. No reverse proxy hiding things. No CDN in the middle. Just your browser talking directly to a container running Hugo, over IPv6, with proper end-to-end connectivity.

This is how the internet was supposed to work.

The Arguments Against (And Why I Don’t Care)

Let me address the obvious objections.

“You’ll Lose Half Your Traffic!”

Yeah, maybe. But let’s think about this:

  1. My audience is technical people, not random internet users
  2. 90% of mobile users have IPv6 (and everyone’s on mobile now)
  3. Technical people are more likely to have IPv6 than average
  4. Every year this number gets better, not worse

This is a bet on the future. And honestly? If I lose traffic because people’s ISPs are stuck in 2003, that’s on their ISP, not on me.

Also, what’s my alternative? Pay €60/month for the privilege of supporting legacy infrastructure? Nah.

“Corporate Users Won’t Be Able to Access It!”

Good.

Okay, that sounds harsh. But seriously:

  1. You probably shouldn’t be reading my blog at work anyway
  2. You have a phone (which is on IPv6)
  3. You have a home internet connection (increasingly IPv6)
  4. Maybe learning that your corporate network doesn’t have IPv6 is valuable information

If your corporate IT department hasn’t deployed IPv6 in 2025, that’s a them problem. I’m not going to pay €60/month to work around their technical debt.

And honestly? Maybe IPv6-only sites need to exist to create pressure. If people start hitting sites they can’t access, maybe they’ll finally ask their IT department “why don’t I have IPv6 yet?”

Someone has to be the asshole who pushes things forward. Might as well be me.

“It’s Not Practical!”

“You can’t do this for a bank or e-commerce site, people depend on those!”

They absolutely should.

People need to step up. We’ve had 27 years to migrate to IPv6. TWENTY-SEVEN YEARS. If your bank can’t figure out IPv6 by now, that’s a failure of education, not an excuse to keep babying legacy systems.

But okay, fine, I’m not a bank. I’m just some person with a blog. So the trade-offs are even clearer:

  • Cost: €0 vs €60/month (€720/year!)
  • Simplicity: One protocol vs dual-stack hell
  • Principle: Not subsidizing ISP laziness
  • Entertainment value: This is going to be hilarious

It’s my blog, my money, and my decision to make. And I’m making it.

What If I’m Completely Wrong?

What if IPv6 adoption stalls at 50%? What if enterprises never migrate? What if this is a terrible idea?

Then I’ll have:

  • A blog that half the internet can’t read
  • €360/year in savings (not nothing!)
  • An interesting “I told you so” story
  • Easy rollback (just add A records and buy more IPs)

Worst case: I save money and have a good story. Best case: I’m part of the vanguard pushing IPv6 forward and have actual data to share.

Either way, it’s more interesting than paying €60/month to maintain the status quo.

Stay in the loop

New essays, never spam.

Get fresh posts, experiments, and updates straight from the workbench. One click to unsubscribe whenever you like.