Photo of Mount Damavand with right side missing.

Understanding the Sudden Drop in IPv6 Adoption in Iran

Picture of Aftab Siddiqui
Senior Manager, Internet Technology - Asia-Pacific, Internet Society
Twitter logo
LinkedIn logo
Facebook logo
May 28, 2024

Last week, Cloudflare Radar reported that nearly all of Iran’s IPv6 address space vanished from the global routing table, dropping the country’s IPv6 adoption rate from 15—20% to 2%.

Iran’s Internet has been in flux for some time, with most activity centering on its censorship efforts. Unsure if this was a result of these activities, either intentionally or mistakenly, we decided to investigate.

Why IPv6 adoption matters

Every second on the Internet, more than 100K Google searches are conducted, 50K YouTube videos are viewed, and 3.8M emails are sent! It’s a testament to the foundation and architecture of the Internet and the Web that these activities can happen easily and without fault.

One critical aspect of this architecture is Internet Protocol (IP) addresses, unique identifiers that allow computers and other connected devices to recognize and communicate with one another. The original version of IP (IPv4) only had four billion addresses, so a new version was developed (IPv6) that has 340 trillion, trillion, trillion addresses, enough to connect all the future things.

Internet Society Pulse presents measurements of IPv6 adoption to raise awareness of the uptake of IPv6 globally and in different countries and networks. IPv6 adoption provides insight into the future sustainability and resilience of the Internet. Currently, the global adoption of IPv6 is 38%, with India leading the way at 72%!

Times series line graph showing the global IPv6 adoption rates as measured by APNIC, Facebook, and Google.
Figure 1 — Global IPv6 adoption. Source: Pulse.

Like the graph above, the adoption rates for most countries have been constant, up and to the right, with some significant increases along the way, thanks to large operators in countries making IPv6 active on their networks. Sometimes, though, we witness substantial drops, like those in Iran, which consistently capture our attention and get us thinking, why?

Before we Jump to Conclusions

First, let’s go back a few days and check where things were before the issue.

Time series graph showing the number of IPv6 routes originated from Iranian network dropping from 300 to less than 25 on 19 May.
Figure 2 — Graph showing the number of IPv6 prefixes in Iran from 5 May to 25 May 2024. Source: RIPEstat

According to RIPEstat, before the incident, around 300 IPv6 routes originated from networks with country code IR (IRAN). 

Based on Routeview MRT dumps from 19 May 2024 at 8:00 UTC,  293 unique IPv6 routes originated from 123 networks (Autonomous System Numbers, ASNs) based in Iran.

If we build a relationship between these networks, we see that some of the networks are more dominant in providing transit services over IPv6 to these networks.

ASNCompany nameNumber of transit connections it provides over IPv6
Table 1 — Top five transit networks in Iran.

This lack of diversity is captured in Iran’s Pulse Internet Resiliency Index profile (Figure 3), where ‘Uprestream redundancy’ is at 7%.

Screenshot of Iran's Pulse Internet Resilience Index profile showing the scores for 28 different resilience metrics
Figure 3 — Iran’s Pulse Internet Resilience Index profile. Source: Pulse.

When most routes disappeared on 19 May, the routes listed in Table 1 remained in the global routing table. The situation remained this way for almost 48 hours before more routes returned.

ASNPrefixAS Description (TeamCymru)
67362001:14e8:1::/48IRANET-IPM Institute for Research in Fundamental Sciences IPM, IR
6736 2001:14e8::/32IRANET-IPM Institute for Research in Fundamental Sciences IPM, IR
67362001:678:b0::/46IRANET-IPM Institute for Research in Fundamental Sciences IPM, IR
392002001:678:b0::/48IRNICANYCAST-AS, IR
35285 2001:678:b1::/48IRNIC-AS, IR
604232a04:2f00:d::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:e::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:ff01::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:ff02::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:ff06::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:ff08::/48DERAK-CLOUD-PJSC, IR
604232a04:2f00:ff09::/48DERAK-CLOUD-PJSC, IR
581922a05:2580::/30DDOS-PROTECTION-GAJNET, IR
2016912a05:cd00::/32WEIDE, IR
2054152a0a:3c44::/32HOSSEINASHRAFSEMNANI, IR
216110 2a0e:97c1:8a27::/48SOREN, IR
2151542a0f:85c1:3b1::/48FARDINNETWORK, IR
2122482a10:ccc1:108::/48AB, IR
2004362a10:ccc1:109::/48TEHRANGAMING-COM, IR
581922a13:5e40::/29DDOS-PROTECTION-GAJNET, IR
581922a13:6340::/29DDOS-PROTECTION-GAJNET, IR
581922a13:6fc0::/29DDOS-PROTECTION-GAJNET, IR
Table 2 — A list of IPv6 routes originating from Iran remained in the global routing table following the drop.

Note that none of the top five connectivity ASNs from Table 1 are listed, which means those with higher connections disappeared, and the ones above were never impacted.

Why were these not stopped? 

The answer is not entirely clear. However, according to Hurricane Electric’s Domain Name System (DNS) report for .ir country code top-level domain (ccTLD), the name server (NS) of is on one of these networks.

Screenshot of a table showing if the IPv4 and IPv6 addresses associated with are reachable.
Figure 4 —  The IPv4 (A) and IPv6 (AAAA) addresses for nameservers. Source: Hurrican Electric.

These DNS servers are still resolving their correct AAAA (IPv6) entries:

% dig +short aaaa


% dig +short aaaa


% dig +short aaaa


It is clear that these routes were allowed to ensure that the .ir DNS server works properly.

According to Tranco’s top 1 million domains (websites) list, approximately 16,000 domains belong to the .ir ccTLD. WHOIS lookup results indicate that none of these domains have AAAA records, meaning they are not associated with IPv6 addresses. This contrasts the Hurrican Electric Domain Name System (DNS) report, which shows more than 38,000 AAAA entries but only covers some of the country’s most visited websites.

Screenshot of a Hurrican Electric report for .ir TLD showing 38,327 AAAA records.
Figure 5 — Report showing the number and status of IPv4 (A) and IPv6 (AAAA) addresses associated with .ir ccTLD. Source: Hurrican Electric.

Figure 6 shows Iran’s top five networks (ASes) based on Internet traffic.

Screenshot of Cloudflare Radar widget showing the top five ASes in Iran
Figure 6 —Top five networks (Autonomous Systems, ASes) in Iran based on traffic. Source: Cloudflare Radar.

If we look at the IPv6 measurement done by APNIC Labs (Figure 7), most samples are from AS197207.

Screenshot of APNIC Labs top three IPv6 capable networks in Iran. AS197207 has 32.73% capability
Figure 7 — Iranian networks with the highest IPv6 adoption. Source: APNIC Labs.

AS197207 announced 21 IPv6 routes until around 19 May 15:30 UTC, when they all stopped and remained missing from the global routing table for more than 48 hours. The drop in IPv6 traffic from this network is very visible via both APNIC Labs (Figure 8) and Cloudflare Radar (Figure 9) measurements.

Time series graph showing drop in IPv6 capability for AS197207
Figure 8 — APNIC Labs IPv6 Measurement for AS197207. Source APNIC Labs.
Time series graph showing the drop in IPv6 traffic in AS197207
Figure 9 — Cloudflare Radar Traffic graph for AS197207. Source: Cloudflare Radar.

It’s also interesting that AS197207 has only one upstream provider for IPv6 traffic — AS49666 (Telecommunication Infrastructure Company). Just before it stopped advertising its IPv6 routes, AS49666 started prepending its own AS multiple times for AS197207 announcements, as shown in Figure 10, which shows route dumps from route views.

Screenshot of route dump from route views showing AS49666 prepending its own AS multiple times for AS197207 announcements.
Figure 10 — Route dump from route views showing AS49666 prepending its own AS multiple times for AS197207 announcements.

There’s nothing suspicious about this, and AS49666 used to do it with many other downstream networks as well, as visible from the route-view dumps below from 18 May 2024 (Figure 11).

Screenshot of route dump from route views showing AS49666 prepending its own AS multiple times for AS41689, AS12880, and AS205647 announcements.
Figure 11 — Route dump from route views showing AS49666 prepending its own AS multiple times for AS41689, AS12880, and AS205647 announcements.

Since seemingly recovering from its IPv6 outage, AS49666 hasn’t done any prepend to any of its downstream customers. This could be a benign change in operational practice.

Even though AS197207 has resumed advertising all the IPv6 routes it was announcing before 19 May, other networks have not yet restored their IPv6 routes. Additionally, traffic patterns reported by Cloudflare Radar indicate that AS197207 still prefers IPv4 over IPv6, with 100% of traffic favoring IPv4. The total count of IPv6 routes originating from Iran is three times lower than before 19 May. Currently, only 78 IPv6 routes are visible in the global routing table.

The Answer is Still Unclear

It remains to be seen why IPv6 routes were abruptly withdrawn from most networks in the country, leaving only a few selected routes untouched. After a few days, some of these routes reappeared, but not all. 

Speculation about potential censorship arises, but there is no apparent correlation with Open Observatory of Network Interference (OONI) data. Although the country’s IPv6 adoption rate is low, it has doubled in the last two months.

Time series graph showing the uptake of IPv6 in Iran from 2% capability at the start of 2024 to 16% in May.
Figure 12 — IPv6 adoption in Iran. Source: APNIC Labs.

This rapid increase might have triggered issues related to censorship or content filtering, practices that have been aggressively implemented in Iran in the past. However, this remains speculative without concrete information.

Read: Iran is Losing More than USD $1M GDP Daily from Blocking Internet and VPN Services

It’s important to note that IPv6, in the absence of sufficient IPv4 address space, is fundamental for the growth of the Internet globally. Restricting the growth of any protocol, including IPv6, ultimately hinders the expansion and development of the Internet in the country. 

If you have more insights or details, please share them with us [email protected]