New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IPv6
I am currently working to bring IPv6 support to some of the utilities we use at X4B with the aim to introduce IPv6 support into the service (where possible).
Who here is even interested in IPv6? Who is already using it?
I appreciate your input in the attached poll.
Do you use IPv6
- Do You use IPv6?93 votes
- Yes, In Production53.76%
- Yes, but not in production (testing / personal / hobby site)23.66%
- No, but I do fiddle with it12.90%
- No, and I don't want to9.68%
Comments
I use IPv6 whenever possible. IPv4 is good to failback on, but it's so slow on my home network (50Mbps over IPv4 vs. 130Mbps over IPv6).
Sorry, had to re-do the poll. I messed it.
I was a big IPv6 proponent, but sadly the Internet is not IPv6 ready and implementing in production is asking for additional trouble.
That's my experience at least.
Everything should be dual-stacked now. Relying only on IPv6 is silly, just as relying on IPv4 only is.
IPv6 is great for IMO a small website, you can easily go through Cloudflare and use the IPv6 to IPv4 feature.
Thus saving $$ due to no IPv4 costs, this is why I love LES..
I am of a similar opinion, however rarely does it work that way in reality. Quite often Dual-Stack clients will prefer one or the other regardless of the current state of the resource.
Thank you everyone for your input so far
Absolutely. But you make it available over both and let the client decide. I think in an internet environment where in regions like Europe where IP addresses are in very short supply, it is going to start becoming imperative that you site is available via IPv6.
Personally, my ISP's resolvers will supply IPv6 addresses first in order to increase the amount of IPv6 traffic. Until the volume of IPv6 traffic increases, not many ISP's will want to put it onto their networks.
@SplitIce
As my last messages to you, I am ALL FOR ipv6 ddos protection!
I don't use it because my home connection + 3G connection + BoltVM VPS don't have it and often IPv6 features don't work (Tor relay, rDNS, glue record, DNS,...).
These should all work with IPv6??
Tor still doesn't work with IPv6 only, does it? The others... it depends on the provider. ;D
Bridges should work but relays etc can't be advertised on just IPv6, looks like they are working on it though (hopefully)....
https://trac.torproject.org/projects/tor/ticket/6027
https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6
Edit: also "ClientUseIPv6 1" in client config works!
Soo.... you don't use IPv6 at all, because something doesn't work with IPv6 only? Do you imagine there's going to be a switch from IPv4 to IPv6, when we turn off one and turn on another? Nope, for the next
hundred of yearsthey're going to be used in parallel, so you might as well start enabling IPv6 for things that do support it.I'm surprised that my previous provider UPC.nl which is globally pretty big didn't offer any ipv6 support. my new provider concepts.nl does support ipv6 but it looks like ipv6 is not fully supported yet in the netherlands by all major internet service providers. I doubt this story will be much different in other countrys so you might aswel just stick with ipv4 for now unless you could bring us ipv6 support without breaking the bank @Splitice
@Mark_R Dont need to worry about us. When it comes time we have some options available. Gotta slog through some some obstacles first, but its better to start now than to have a massive investment later (or get left behind).
Our hopes is to be able to support IPv6 only VPS's in the likes (i.e 4-to-6) initially, then move onto full support (got lots of filter testing to do, and not a lot of our existing attack testing tools that even support IPv6).
@SplitIce do attacks on ipv6 exist? What are they like, are they big??
@linuxthefish Honestly, I don't know the answer to that myself (since we don't offer it). We did offer unprotected IPv6 services at one stage, and never saw any attacks. I would have to do some research on the matter.
I would be surprised if it hadn't been used, or at-least attempted to be used. It could be easily be a blind spot, and with less mitigation options (hardware, software or service) available - its not that easy to solve ($$$).
There is no real reason why attacks on IPv6 wouldn't exist, IPv6 saturation is just as problematic as with IPv4. Hence its as effective as a means of achieving ones malicious goals. I would hazard the only thing that would be preventing it currently is the lack of available attack scripts (skids don't write their own) and this might be down to lack of knowledge at this level (scripts written by slightly smarter skids).
IPv6 is also less popular, which makes it less of a target. I would also hazard that number of insecure services prone to AMP attacks (i.e NTP) are less on IPv6. As IPv6 is newer there would be:
a) A lower number of non-updated / abandoned / non-maintained insecure services running as updates are required to add the IPv6 stack
b) Those doing IPv6 are of a higher percentile, more likely to be diligent with updates etc.
c) Less of these services
d) Many people using tunnelled IPv6 which is rate limited (not as good for attacks)
This could impact the ability to launch attacks at the same size as seen on IPv4. But only really currently, as popularity increases so will the value in it as an attack target.
Personally I see a big risk when Dual Stack becomes more common (i.e a transition period) . IPv6 attacks can be used to take sites primarily hosted on IPv4 offline (i.e site with IPv4 mitigation, but no IPv6 mitigation). Certainly something we will be considering.
@linuxthefish I asked someone who has IPv6 on their network, and does have IRC servers and the likes which attract attacks. He has seen IPv6 attacks, only a few in many many years.
On IPv6 only systems I have seen be attacked is IRC servers.
OVH also filters v6, JFYI.
A bit late, but I wanted to thank everyone for their participation. This data is currently being put to use