I'm not sure I agree with Geoff's concern on fragmentation of the IPv4 internet due to growth and lack of v6 migration. I absolutely agree the increased cost of maintaining ever more complex and larger scaled NATs is going to continue to drive IPv6 migration but that these are possible is exactly why fragmentation won't happen in my mind.
The cost of fragmentation (due to growth, not other factors like national politics) is far greater than the cost of running even multiple levels of NAT (e.g. CG-NAT) and, apart from already being done in many places today, this scales to nearly the same level as IPv6. Yes, IPv6 has 128 bit addresses but over half of this address space will be "wasted" for ease of use like /64s and/or ease of allocation like allocating enormous blocks that will be sparsely filled with /64s for decades to come. Meanwhile GC-NAT allows nearly 100% utilization of any public IPs via dynamic assignment. Suddenly adding nearly 32 bits (there will be inefficiencies so it won't be the theoretical 32) of address pool on top of the nearly 32 bits address pool isn't all that far from the "128" bits of IPv6. It is however god awful complicated, slower/more latent due to needing to go to NAT points, and needs more centralized care and feeding to keep running, but not really at risk of being to limiting to drive a fragmented internet in anyone's lifetime due to "running out of NAT" or such.
Hopefully however these pressures from the burden of NATs and the ability to do more than just client+server model on TCP/UDP like the article points out and continues driving IPv6 to the point NAT64 becomes cheaper/easier to run and use than dual stack with v4 NAT.
Obligatory off topic plug (sorry dang) about this tech hacker site still being v4 only.
Note although half the bits in IPv6 are wasted under current schemes, almost 7/8 of the IPv6 space is unused, precisely so that if we screw up the public allocation we have many more chances to start over.
And there is no fundamental technical limitation on subnets smaller than /64, either. Should 45 bits not be enough (and it won't be, not forever!) we could start using DHCPv6 on smaller subnets, instead of using SLAAC.
There is a lot of assumptions that are broken if you try to allocate something smaller than /64. It would be like trying to re-assign the multicast address space for unicast.
But running out of space on IPv6 is seriously not a concern. Even a "paltry" 64 bits of address space is an absurdly large number of addresses. Humans need to have colonized the entire galaxy before it becomes an issue.
The way I see it, IPv6 is somebody else’s problem.
You can’t make money with IPv6 and nobody wants it. From a customer support perspective, IPv6 is just another problem nobody needs.
We, and all the other ISPs in our market, have enough IPv4 for the foreseeable future.
NAT works where you need to conserve addresses space and those consumers that need a static IPv4 can get it, and what’s better, will pay for it.
IPv6 support on consumer devices is a dumpster fire. No way I am touching that in production.
So, no, I have no plans to deploy IPv6 to customers. I will reconsider when there’s money in it, but preferably not before various vendors have gotten their IPv6 shit together.
In other words, we the current ISPs in the market are good. Sucks to be a new ISP though.
> IPv6 support on consumer devices is a dumpster fire. No way I am touching that in production.
Is it still? I know this was true for a while, but things seem to have been ironed out. I only occasionally have IPv6 (my ISP is doing something weird), but when I do it all seems to work fine.
Good IPv6 host support has been a thing in almost all consumer OSes for over 10 years now. All currently supported versions of Windows, MacOS, Android[1][2] and iOS support IPv6 natively.
And, as I keep reminding HN, Windows freaking XP supported IPv6 (albeit not as a transport for DNS queries).
The problem is simply that some people don’t want to spend a couple weekends to learn a new technology (one that is old enough to purchase alcohol in all 50 states—-this is not like chasing the latest web framework).
[1] There have been various blog posts about how android is “broken by design” because it expects to configure host IP via SLAAC and receive DNS servers via RA, instead of DHCPv6. This is utter nonsense.
[2] Android did, until about 5 years ago, not like to use DNS servers with ULA prefixes (the IPv6 equivalent of IPv4 private network ranges). That’s unfortunate, but hardly a “dumpster fire”.
As far as we can tell from aggregate statistics, consumer devices have been leading IPv6 adoption, not lagging it.
Charts of IPv6 usage such as Google's tend to still show a strong "bathtub curve" with a very noticeable decline during 9-5 work hours making a pretty clear case that corporate/enterprise devices are the ones (greatly) lagging behind.
Consumer devices most directly feel the effects of NAT/CGNAT and feel much more pressured to route around that IPv4 "damage" with IPv6. Some consumer networks, especially mobile carriers in every part of the world, have moved to IPv6-predominant (if not "IPv6-only"; depending on how you feel about IPv6 to IPv4 gateways). The "Happy Eyeballs" algorithm has been in play on most Consumer OSes for several years now and consumer devices generally strongly prefer IPv6 services over IPv4 when given a dual-stack choice.
Consumer device support is not a major problem, it is ISPs that are the major roadblock. Corporate oriented devices are also a slow to adopt however, which is one reason ISPs have not made the switch.
I don't know the state of IPv6 on consumer devices, but I can imagine from an ISP point of view it's a massive support burden.
IPv6 excels on smartphone handsets since the telecom company has full control of your network/IP stack. Simple to support and manage.
However consider a home network situation, you have the consumer router, and attached to it is a bunch of devices, some which have iffy support for IPv6. They all speak IPv4 well. From an ISP perspective supporting IPv4 only makes sense because it still works and you can count on downstream devices in a home network to support it. With the impending depletion of public IPv4 addresses, ISPs can rely on CGNAT. Less burden.
My sample size of two DSL modems that my ISP supports says yes. The old one would reboot if it received a fragmented IPv6 packet. The newer one is better, it doesn't crash, it just delays more or less all packets for a second if IPv6 was in use.
Wireless router support for IPv6 is iffy too, from what I've heard.
I wasn’t making a blanket statement about static IPv4 availability, rather it was an observation from our own market.
That being said, most carriers or major ISPs aren’t actually that hard up for IPv4 space.
By no means will static IPv4s be available on all plans, but merely changing AP or plan type will commonly result in the ability to purchase a static IPv4.
It’s mostly about lubricating with money to find a solution rather than an all out lack of IPv4.
> As an ISP customer, you're the last one I would choose. I highly value ipv6 connectivity in my choice of ISP. I think I'm not alone.
When considering broadband connectivity, the major considerations for the vast majority of consumers, when signing their initial agreement, in order: price, speed, reliability.
Heck, I run BGP from my home, and even I didn't consider IPv6. But then I also have my own /22 of IPv4 (and a /32 of IPv6), so that's probably why.
That’s fine, each to their own. You might not be alone, but you should take into account that you are an atypical customer.
Different customers value different things. In the list of things people value in their broadband, IPv6 doesn’t even register for for the majority. There are markets where you cannot even give away IPv6 connectivity.
Of those showing an interest in IPv6, many just want a static IP. If you give them one then you have solved their problems and are never heard from again.
If you really, really want IPv6 then you can usually get it in most markets. You might have to upgrade to business service or switch to an operator providing service over legacy copper facilities. That is, however, a bridge too far for almost everybody.
As an aside, you don’t indicate that you would pay a premium for IPv6 service. That’s not very enticing from a business perspective. If there was real demand for IPv6 or it could be provided for a premium that would change.
It’s a classical chicken and egg situation. No services require IPv6, so there is no demand for IPv6 and thus no IPv6 offerings either.
I’d be interested to hear why you highly value IPv6 connectivity, especially if you had a static IPv4 allocation.
It is the classic example of FYGM. I'm old enough to remember when being a "good netizen" would have meant that medium-sized organizations would be pushing for the new standards and practices that would allow newcomer organizations, maybe even orgs that didn't yet exist, to join and participate on the network.
Now we've wound up where IPv4 addresses are like houses: everyone who already has one is quite content with the situation (and even sees them as "investments" to be traded and hoarded and leveraged) while newcomers are absolutely hosed. And doing the right thing of expanding the pool of availability, whether by allowing more housing to be built or by migrating to IPv6, is met with cries of "there's no money in it for me so I'm not interested."
And lest anyone thing this is petulant whining on the part of a sysadmin from a new network, where I work has several legacy IPv4 assignments and we own four or five low-digit ASNs. We are set for life for IPv4, yet we've picked up our IPv6 allocations from ARIN and have actively updated our internal network such that all applications can work in a v6-only environment and we've even donated some of our address space to new organizations in our field (medicine) who needed it to get started. That is how the Internet is supposed to work, through cooperation.
I'm not sure that is true. It is true that you don't get aliased by the NAT, but one of the features of IPv6 is that you don't have to stick to a single address. Your system can choose different source addresses for every connection if it wants to. You will of course still be on the same /64, but that is the same amount of tracking as IPv4/NAT provides.
I set up a non-public-facing IPv6-only web server last night, so the issues are fresh in my mind! I'm fortunate enough to have an IPv6-capable home connection, and the hosting provider I use (Scaleway) charges extra for assigning IPv4 addresses to machines, so I thought I'd see how easy it would be to save a bit of money and make this machine IPv6-only. I've IP-filtered the host to only my home and my other servers, so having IPv4 support should be a waste.
The machine is now running fine, but I had a few roadblocks setting it up:
• My provisioning scripts download a release of 'dry'[0] from GitHub, which does not support IPv6. I ended up assigning my new machine a temporary IPv4 address and removing it later.
• The scripts also import a key from 'keyserver.ubuntu.com'[1], which, again, does not support IPv6. Attempting to connect just timed out, and if I hadn't just solved the other issue, I would have assumed the host was down.
• There seems to be a bug in Scaleway's cloud firewall (the things it calls Security Groups), where you cannot allow inbound ICMPv6, only standard ICMP (for IPv4). This meant my pings never responded and I thought the machine wasn't up when it was up.
Basically, what I want you to take away from this post is that if you disable IPv6, it's still the case that during maintenance, things are going to break, often mysteriously and with bad error messages, but outside of maintenance, things will likely run smoothly. My machine runs Sentry, and after the problems I had setting it up, I didn't dare run the Sentry './install.sh' script with IPv4 disabled as I didn't trust it to handle that case correctly — and even if the script reported no errors, I wouldn't have trusted there to actually be no errors. Since then, though, it's been running fine, so having an IPv6-only server is certainly possible, even if you have to give in and assign it an IPv4 address at the start, then take it away again later.
Yes, I run a site with 4 IPv6 only VPS servers with around 9M requests per month with the help of cloudflare.
In the past, setting up the server was hard(npm, composer, docker) but it has become less of a problem now.
GitHub is the major pain point even now. Even though I use bitbucket for scm which supports IPv6, surprising number of developer tools is centralized on GitHub.
My private Wireguard network is IPv6 only. SSH on all my remote servers listens on a random statically configured IPv6 address dedicated only for ssh. Since every server has an entire /64 prefix, a random internet scanner is never going to find it (Of course I still secure ssh properly since a man in the middle still sees what IPs I'm connecting to). Some cloud server providers started offering IPv6 only servers at a cheaper price to save money on unnecessary IPv4 addresses, so there's also a financial incentive to move non-public things to IPv6 only.
All of the laptops/computers in my house have IPv6-only web servers with LetsEncrypt certificates. (These computers all share a single IPv4 address.)
To get IPv6 on all computers I just installed radvd on the router. On the router I also set up a VPN to give the IPv6 addresses over IPv4 even when they're not local.
My first home server was IPv6-only, straight off of my ADSL router with a public static IPv6 address and domain dedicated to entirely to a Raspberry Pi. It worked perfectly on mobile and at home. What a pain in the ass when I discovered my university didn't support IPv6 in any capacity. Their ASN has v6 blocks but no v6 routes on campus.
I have a small ceph cluster over ipv6 and also a small OpenStack cluster with the daemons and web interface all running over V6 only. My network is dual stack since not all external networks are V6 compliant, and since I cannot seem to get cephadm's built in NFS service working over V6, so some of my local fileshares need v4.
Original implementation of DirectAccess (Always-On, transparent VPN) in Windows Vista required working IPv6 connection, this was extended with HTTPS-over-v4 backup tunnel support later on when MS found out how hard it was to get consumer v6 in 2007. Inside of DirectAccess, connectivity is pure v6 still.
In fact, since NT6, Windows is IPv6-first system in many aspects, and Microsoft made news last year when they complained that they couldn't disable v4 on guest wifi at many offices due to non-Microsoft visiting workers having issues connecting to their VPNs due to software that didn't work with NAT64/DNS64.
You might be able to access it if you have an Apple device and Private Relay enabled. I only have IPv4 at home and was surprised to see an IPv6 address when I typed in "what is my ip" into Google. For the most part, Private Relay works pretty good.
Maybe the solution for more IPv6 adoption is for tech giants like Apple, Google, Microsoft to make proxies like Private Relay ubiquitous on every device/browser.
If I were a dictator I would just put a deadline on it. January 1 2027: IPv4 forwarding is turned off on all core routers.
You can still use IPv4 internally if you have legacy devices, but anything on the Internet has to use IPv6. You have about 5 years to get it done. There are lots of solutions for specific use cases including stuff like ::ffff:1.2.3.4 and IPv4/IPv6 NAT devices. Most of which won't be as necessary as people think because IPv6 support is already widespread everywhere except ISPs.
Funnily enough, the first attempt at such legislation back when there was much less commercial use of internet kinda failed due to vendor pressure and allowances for continued use of IPv4 (this was specific to DoD/Government networks, and was supposed to migrate to OSI and its up-to 20 bytes addresses)
The fundamental problem of v6 is that it is not a simple extension of v4 in a practical manners. Too many add-on concerns like security. Should have fit it on v4 as well.
This is a common misconception. Apart from the kind of NATs we have now, there is no way that IPv4 could have been expanded. A lot of routing hardware was ASIC based (I'm sure plenty still is), so packet headers were fixed and couldn't be changed without changing all the routers. Just like they had to be changed with IPv6. Any server would need to understand the old system and the new system simultaneously to be able to be backwards compatible - just like with dual stack now. Big parts of the internet wouldn't be reachable until the host, the server, and every router and middle box along the path had been upgraded. Just like with IPv6.
So you'd have all the same problems, just in a slightly different way...
> his is a common misconception. Apart from the kind of NATs we have now, there is no way that IPv4 could have been expanded.
The misconception is that IPv4 could have been expanded in a compatible way. That's not GP's point though as I read it. They could have made an incompatible IPv5 which was exactly like IPv4, except with additional address bits.
Then the operational side would be similar, and you wouldn't have to learn everything over again.
Also, this ignores the fact that IP address scanning is tremendously harder on IPv6 than it is on IPv4. That's a significant security improvement right off the bat.
All of the dozens of Internet bots that try to portscan my router every day would cease to be an issue if I could turn off my IPv4 address.
Readit News
The cost of fragmentation (due to growth, not other factors like national politics) is far greater than the cost of running even multiple levels of NAT (e.g. CG-NAT) and, apart from already being done in many places today, this scales to nearly the same level as IPv6. Yes, IPv6 has 128 bit addresses but over half of this address space will be "wasted" for ease of use like /64s and/or ease of allocation like allocating enormous blocks that will be sparsely filled with /64s for decades to come. Meanwhile GC-NAT allows nearly 100% utilization of any public IPs via dynamic assignment. Suddenly adding nearly 32 bits (there will be inefficiencies so it won't be the theoretical 32) of address pool on top of the nearly 32 bits address pool isn't all that far from the "128" bits of IPv6. It is however god awful complicated, slower/more latent due to needing to go to NAT points, and needs more centralized care and feeding to keep running, but not really at risk of being to limiting to drive a fragmented internet in anyone's lifetime due to "running out of NAT" or such.
Hopefully however these pressures from the burden of NATs and the ability to do more than just client+server model on TCP/UDP like the article points out and continues driving IPv6 to the point NAT64 becomes cheaper/easier to run and use than dual stack with v4 NAT.
Obligatory off topic plug (sorry dang) about this tech hacker site still being v4 only.
And there is no fundamental technical limitation on subnets smaller than /64, either. Should 45 bits not be enough (and it won't be, not forever!) we could start using DHCPv6 on smaller subnets, instead of using SLAAC.
But running out of space on IPv6 is seriously not a concern. Even a "paltry" 64 bits of address space is an absurdly large number of addresses. Humans need to have colonized the entire galaxy before it becomes an issue.
You can’t make money with IPv6 and nobody wants it. From a customer support perspective, IPv6 is just another problem nobody needs.
We, and all the other ISPs in our market, have enough IPv4 for the foreseeable future.
NAT works where you need to conserve addresses space and those consumers that need a static IPv4 can get it, and what’s better, will pay for it.
IPv6 support on consumer devices is a dumpster fire. No way I am touching that in production.
So, no, I have no plans to deploy IPv6 to customers. I will reconsider when there’s money in it, but preferably not before various vendors have gotten their IPv6 shit together.
In other words, we the current ISPs in the market are good. Sucks to be a new ISP though.
Is it still? I know this was true for a while, but things seem to have been ironed out. I only occasionally have IPv6 (my ISP is doing something weird), but when I do it all seems to work fine.
Good IPv6 host support has been a thing in almost all consumer OSes for over 10 years now. All currently supported versions of Windows, MacOS, Android[1][2] and iOS support IPv6 natively.
And, as I keep reminding HN, Windows freaking XP supported IPv6 (albeit not as a transport for DNS queries).
The problem is simply that some people don’t want to spend a couple weekends to learn a new technology (one that is old enough to purchase alcohol in all 50 states—-this is not like chasing the latest web framework).
[1] There have been various blog posts about how android is “broken by design” because it expects to configure host IP via SLAAC and receive DNS servers via RA, instead of DHCPv6. This is utter nonsense.
[2] Android did, until about 5 years ago, not like to use DNS servers with ULA prefixes (the IPv6 equivalent of IPv4 private network ranges). That’s unfortunate, but hardly a “dumpster fire”.
Charts of IPv6 usage such as Google's tend to still show a strong "bathtub curve" with a very noticeable decline during 9-5 work hours making a pretty clear case that corporate/enterprise devices are the ones (greatly) lagging behind.
Consumer devices most directly feel the effects of NAT/CGNAT and feel much more pressured to route around that IPv4 "damage" with IPv6. Some consumer networks, especially mobile carriers in every part of the world, have moved to IPv6-predominant (if not "IPv6-only"; depending on how you feel about IPv6 to IPv4 gateways). The "Happy Eyeballs" algorithm has been in play on most Consumer OSes for several years now and consumer devices generally strongly prefer IPv6 services over IPv4 when given a dual-stack choice.
IPv6 excels on smartphone handsets since the telecom company has full control of your network/IP stack. Simple to support and manage.
However consider a home network situation, you have the consumer router, and attached to it is a bunch of devices, some which have iffy support for IPv6. They all speak IPv4 well. From an ISP perspective supporting IPv4 only makes sense because it still works and you can count on downstream devices in a home network to support it. With the impending depletion of public IPv4 addresses, ISPs can rely on CGNAT. Less burden.
Wireless router support for IPv6 is iffy too, from what I've heard.
My guess is that it is still a tiny minority of non-computer devices that will use ipv6 on the LAN side of a router.
Not necessarily. Some ISPs and majority of cell providers in Europe only give you CGN IPv4. No IPv6, no static option.
That being said, most carriers or major ISPs aren’t actually that hard up for IPv4 space.
By no means will static IPv4s be available on all plans, but merely changing AP or plan type will commonly result in the ability to purchase a static IPv4.
It’s mostly about lubricating with money to find a solution rather than an all out lack of IPv4.
When considering broadband connectivity, the major considerations for the vast majority of consumers, when signing their initial agreement, in order: price, speed, reliability.
Heck, I run BGP from my home, and even I didn't consider IPv6. But then I also have my own /22 of IPv4 (and a /32 of IPv6), so that's probably why.
Different customers value different things. In the list of things people value in their broadband, IPv6 doesn’t even register for for the majority. There are markets where you cannot even give away IPv6 connectivity.
Of those showing an interest in IPv6, many just want a static IP. If you give them one then you have solved their problems and are never heard from again.
If you really, really want IPv6 then you can usually get it in most markets. You might have to upgrade to business service or switch to an operator providing service over legacy copper facilities. That is, however, a bridge too far for almost everybody.
As an aside, you don’t indicate that you would pay a premium for IPv6 service. That’s not very enticing from a business perspective. If there was real demand for IPv6 or it could be provided for a premium that would change.
It’s a classical chicken and egg situation. No services require IPv6, so there is no demand for IPv6 and thus no IPv6 offerings either.
I’d be interested to hear why you highly value IPv6 connectivity, especially if you had a static IPv4 allocation.
It's more newly formed companies that are hit by this, since they have none and have to buy them at ever increasing prices.
Now we've wound up where IPv4 addresses are like houses: everyone who already has one is quite content with the situation (and even sees them as "investments" to be traded and hoarded and leveraged) while newcomers are absolutely hosed. And doing the right thing of expanding the pool of availability, whether by allowing more housing to be built or by migrating to IPv6, is met with cries of "there's no money in it for me so I'm not interested."
And lest anyone thing this is petulant whining on the part of a sysadmin from a new network, where I work has several legacy IPv4 assignments and we own four or five low-digit ASNs. We are set for life for IPv4, yet we've picked up our IPv6 allocations from ARIN and have actively updated our internal network such that all applications can work in a v6-only environment and we've even donated some of our address space to new organizations in our field (medicine) who needed it to get started. That is how the Internet is supposed to work, through cooperation.
Yours might but mine ran out years ago.
No public cloud provider is able to provide a dedicated IPv4 address per endpoint, making cloud networking absurdly complex unnecessarily.
Entire continents are under provisioned and will never get more allocation to meet future demand.
Out of interest, why didn’t you re-up when you still could?
You could still get some two years ago.
Stop right there.
The machine is now running fine, but I had a few roadblocks setting it up:
• My provisioning scripts download a release of 'dry'[0] from GitHub, which does not support IPv6. I ended up assigning my new machine a temporary IPv4 address and removing it later.
• The scripts also import a key from 'keyserver.ubuntu.com'[1], which, again, does not support IPv6. Attempting to connect just timed out, and if I hadn't just solved the other issue, I would have assumed the host was down.
• There seems to be a bug in Scaleway's cloud firewall (the things it calls Security Groups), where you cannot allow inbound ICMPv6, only standard ICMP (for IPv4). This meant my pings never responded and I thought the machine wasn't up when it was up.
Basically, what I want you to take away from this post is that if you disable IPv6, it's still the case that during maintenance, things are going to break, often mysteriously and with bad error messages, but outside of maintenance, things will likely run smoothly. My machine runs Sentry, and after the problems I had setting it up, I didn't dare run the Sentry './install.sh' script with IPv4 disabled as I didn't trust it to handle that case correctly — and even if the script reported no errors, I wouldn't have trusted there to actually be no errors. Since then, though, it's been running fine, so having an IPv6-only server is certainly possible, even if you have to give in and assign it an IPv4 address at the start, then take it away again later.
[0]: https://github.com/moncho/dry [1]: https://keyserver.ubuntu.com/
In the past, setting up the server was hard(npm, composer, docker) but it has become less of a problem now.
GitHub is the major pain point even now. Even though I use bitbucket for scm which supports IPv6, surprising number of developer tools is centralized on GitHub.
To get IPv6 on all computers I just installed radvd on the router. On the router I also set up a VPN to give the IPv6 addresses over IPv4 even when they're not local.
It's great.
Original implementation of DirectAccess (Always-On, transparent VPN) in Windows Vista required working IPv6 connection, this was extended with HTTPS-over-v4 backup tunnel support later on when MS found out how hard it was to get consumer v6 in 2007. Inside of DirectAccess, connectivity is pure v6 still.
In fact, since NT6, Windows is IPv6-first system in many aspects, and Microsoft made news last year when they complained that they couldn't disable v4 on guest wifi at many offices due to non-Microsoft visiting workers having issues connecting to their VPNs due to software that didn't work with NAT64/DNS64.
Maybe the solution for more IPv6 adoption is for tech giants like Apple, Google, Microsoft to make proxies like Private Relay ubiquitous on every device/browser.
https://www.tunnelbroker.net/
It worked perfect for that in almost every situation since my cell carrier supported v6 so any time I'm not home I could still access it.
edit: luddite not meant in a derogatory sense. We need luddites!
> At least 80% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2025
https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-0...
Like, the US Govt has been 'going to move to ipv6' real soon now since I was a baby engineer.
You can still use IPv4 internally if you have legacy devices, but anything on the Internet has to use IPv6. You have about 5 years to get it done. There are lots of solutions for specific use cases including stuff like ::ffff:1.2.3.4 and IPv4/IPv6 NAT devices. Most of which won't be as necessary as people think because IPv6 support is already widespread everywhere except ISPs.
No need to worry about silly things like the popularity of such a move, the cost involved and the mountain of e-waste produced.
Good luck.
So you'd have all the same problems, just in a slightly different way...
The misconception is that IPv4 could have been expanded in a compatible way. That's not GP's point though as I read it. They could have made an incompatible IPv5 which was exactly like IPv4, except with additional address bits.
Then the operational side would be similar, and you wouldn't have to learn everything over again.
Instead they changed just about everything.
Here's a guide on secure router configs and an overview of some threats that are new in ipv6.
All of the dozens of Internet bots that try to portscan my router every day would cease to be an issue if I could turn off my IPv4 address.