|
I have been working with Docker lately, and as cool as the container technology is, it was originally built without consideration for IPv6, and then IPv6 was bolted on later. Making supporting IPv6 full of expensive work-a-rounds.
But that got me thinking what makes a good IPv6 implementation? Of course this is my opinion, and you are free to toss in other criteria, so think of this as a thought starter.
With 25% of the internet carried over IPv6 as of this writing, if you are developing a product which has a lifetime of 5 to 10 years, and you aren't giving thought as to how you will support IPv6, then your product will:
All of that costs money.
There are broad areas where IPv6 should work well.
As much as I like the simplicity of SLAAC (Stateless Address Auto Config), there are certainly use cases where DHCPv6 is a better choice. A good implementation should:
IPv6 is not IPv4 with colons. There are somethings which are different for good reason.
Basic protection from network misconfiguration, or out right attacks makes the IPv6 device better prepared for production use.
systemd
, the Linux kernel defaulted to 16. This seemed like a good compromise. Back in systemd
v232, it was possible to exhaust memory on an IPv6 host by feeding it Random RA addresses, creating a denial of service. FreeBSD v11.5 has a similar problem, where the system will add over 3000 IPv6 addresses, and the system will slow to a crawl.systemd
has become widespread, there are many IPv6 systemd bugs, which weren't there in the pre-systemd kernel days. IPv6 is a different stack, be sure to test it.I am sure I missing a few, but this is a start. When developing a product, the business case for supporting IPv6 well, is that it will save you money in the long run, by not having to go back and try to bolt IPv6 on, or rewrite your network stack later.
P.S I wouldn't recommend putting Docker into production because of the severe IPv6 limitations.
Yachts colliding: Creative Commons/ Mark Pilbeam
22 Nov 2018