An MMDB-compatible IP Geolocation database with ASN, country, and continent data. Free to use. No license keys required. Updated every day.

This document specifies a network-layer protocol, IPv7, that extends
the Internet Protocol model with an identity-carrying address form
and an origin-validation mechanism intended to mitigate abuse of
residential proxy infrastructure. IPv7 replaces purely numerical
source addressing with a hierarchical identity string and a Variable-
Length Identity Block (VLIB) that carries an Ephemeral Identity Token
(EIT), provider and tenant identifiers, role/policy signalling, and
an Origin Signature verifiable by the originating provider. The
protocol enables routers to apply policy and reputation signals at
the network layer while limiting disclosure of a subscriber's long-
term identity to intermediate systems. This document addresses
growing security challenges in Internet-connected devices (IoT),
including smart TVs, appliances, and other residential endpoints that
are vulnerable to residential proxy exploitation and botnet
infection.

An IPv6 can de divided into 3 pieces:

• 48 or more bits of network identifier (also known as the subscriber prefix)
• 16 or fewer bits of subnet identifier
• 64 bits of interface identifier

The RFC mentioned can be obsolete, but are kept up to date at
Using MAC adresses was flawed, and location data was too. The randomization defined in RFC 30411 was then refined in RFC 7217. Here comes the SLAAC protocol.

Steps:

1. Calculating a link-local address
2. Link-local Duplicate Address Detection (DAD)
3. Locating a router (by sending a Router Advertisement (RA) message)
4. Calculating a routable address

DHCPv6 (RFC 3315) solves also the domain name association with IPv6 while distributing additional information.

There is an address renegotiation to preserve privacy.

Slaac is vulnerable to RA spoofing, and DNS spoofing. The proposed solution is to use IPsec, but it's complicated to deploy. SEcure Neighbor Discovery introduced a dedicated cryptographic authentication protocol for network discovery.

Another potential issue is that a network device can respond with Neighbor Advertisement packets for every Neighbor Discovery it sees. This will effectively block any device from completing Duplicate Address Detection, hence blocking SLAAC from completing. Preventing this attack is a current research topic 1, 2, 3

En décembre 1995, IPv6 a été défini par un RFC. Cela fait donc 30 ans.

L'Arcep crée donc cette année une Task-Force avec Internet Society France pour favoriser l'accélération de la transition vers IPv6.

L'AfriNIC est le dernier registre internet régional à avoir des blocs d'adresses IPv4 à distribuer.

Un site IPv6 seulement n'est pas accessible aux utilisateurs avec une adresse IPv4, et réciproquement.

Bien que ce ne soit pas encore le cas en France, en Inde, des sites web indiens importants ne sont actuellement plus accessibles qu’en IPv6 et la Chine a planifié l’arrêt complet d’IPv4 en 2030. En République tchèque, le gouvernement a annoncé la fin des services officiels accessibles en IPv4 à partir du 6 juin 2032.

Une carte des taux d'utilisation d'IPv6

Le chat room accessible uniquement selon l'IP.

Côté technique, le site utilise des Server-Sent Events and a REST API.

via https://korben.info/ipchat-chat-ip-collegues.html

TL;DR avoid truncation and use IPCrypt https://ipcrypt-std.github.io/

About certificates for IP adresses and how they can bypass the domain names. Thus lowering the barrier to entry to publish things on the web!

Source: https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/

IPv6 needs to be better deployed and supported everywhere.

1) You don't "upgrade" to IPv6, you offer it inline with IPv4. It has never been a forklift replacement (there is another rule about this).

2) I have worked for numerous ISPs over the years, big and small. Way more than three I can tell you, and the small ones are almost always the ones pushing IPv6 hardest, because CGNAT is fucking expensive. The big ISPs are the ones who are ignoring it. I've only worked for one small ISP that was opposed to it, and their attitude changed when they ran out of IPv4 space, and saw their choices. CGNAT or buy more space on the open market.

[...]

Cela dépend des découpages fait arbitrairement:

les routeurs annoncent à leurs pairs les préfixes d'adresses IP qu'ils savent joindre. Ces pairs retransmettent ensuite à leurs propres pairs une partie des annonces reçues, selon leur politique.

Il y a beaucoup plus de routes IPv4 qu'IPv6 en raison du découpage de plus en plus fin des préfixes pour gérer la pénurie d'adresse. Au passage, si vous êtes soucieux de l'empreinte environnementale du numérique, notez qu'IPv6 impose donc une charge moins forte aux routeurs, et devrait donc logiquement être déployé partout.

C'est instructif.

Essentially [Carrier-Grade Network Address Translations] allow the ISP to assign a single IPv4 address to multiple customers.

[A CGNAT] creates challenges trying to remotely access resources on my home network externally

You can usually tell if you're behind a CGNAT if your IP address is in a private IPv4 address range. [] ... Another method is running traceroute with your public facing IP address. [...] If there's more than one hop, then you're likely behind a CGNAT.

If you're unfortunate enough to be behind a CGNAT, you can sometimes request a static IP from your ISP (usually at a cost). However, there are options to access resources on your home network, such as using a Cloudflare Tunnel.

🧌

quand un programme reçoit une adresse IPv4 il n’a aucun moyen de savoir si cette adresse IP était mappée sur une IPv6 ou si c’est une véritable adresse IPv4, donc si un attaquant envoie une requête avec une adresse IPv6 ::ffff:127.0.0.1 par exemple, cela pourrait être interprété comme l’adresse IPv4 de loopback 127.0.0.1 et donc permettre à l’attaquant d’accéder à certains logiciels qui donneraient certaines permissions dans leur ACL à l’adresse IP 127.0.0.1 .