Comment by ignoramous

15 hours ago

Some food for thought:

  If GitHub flipped a switch and enabled IPv6 it would instantly break many of their customers who have configured IP based access controls [1]. If the customer's network supports IPv6, the traffic would switch, and if they haven't added their IPv6 addresses to the policy ... boom everything breaks.

  This is a tricky problem; providers don't have an easy way to correlate addresses or update policies pro-actively. And customers hate it when things suddenly break no matter how well you go about it.

https://news.ycombinator.com/item?id=47790889

6 comments

ignoramous

Reply
nine_k  13 hours ago

I don't get it.

For every customer which has access controls configured based on IPv4 (sounds crazy enough already), GitHub would configure a trivial DENY ALL policy for IPv6. Problem solved.

  • bvanheu  13 hours ago

    that's the scenario they want to prevent. they can't force the client to use ipv4, if they connect via ipv6, they will be served an accss denied.

    • nine_k  12 hours ago

      Yes, exactly as they would now, when the access over IPv6 is entirely unavailable.

      With that, the customers who don't use filtering by IPv4 would be able to use IPv6. Those who do use access control by IPv4 ranges would have time to sort out their IPv6 setup, without having anything broken at the moment when IPv6 is enabled.

      3 replies →