RIPE our of IPv4

• Previous message (by thread): RIPE our of IPv4
• Next message (by thread): RIPE our of IPv4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On 27 Nov 2019, at 10:58, Sabri Berisha <sabri at cluecentral.net> wrote:
> 
> ----- On Nov 26, 2019, at 7:59 AM, Willy Manga mangawilly at gmail.com wrote:
> 
> Hi,
> 
>> I would have said the very very minimum could be to invest in a
>> dual-stack 'proxy' for public-facing services; internal or external
>> solution, you have the choice.
>> 
>> And why even do that ? Because the other side is not only on IPv4.
> 
> Using a dual-stack proxy is not always an option. Source IP information may be needed on the app level for risk analysis, OFAC compliance, and copyright purposes. For example, Paypal will definitely use IP address information in its fraud risk analysis.

And existing proxies don’t already pass through the connecting IP address?  There are even header fields that are dedicated for this purpose [1].

Most web sites could be dual stacked today with zero issues.  Web site analytic tools already deal with IPv6 and have for years.

> That said, there are of course ways to do that while using a proxy. However, that will now require some for of development. Dev time better used to properly implement v6.

And the difference in time between reading the address from X-Forwarded-For: vs directly is negligible. 

> Unfortunately, I've been part of way to many discussions where the only thing a beancounter wants to know is: what is the short term effect of not doing it?
> 
> Short term exec bonuses, short term decisions.
> 
> Thanks,
> 
> Sabri


[1] https://en.wikipedia.org/wiki/X-Forwarded-For
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

• Previous message (by thread): RIPE our of IPv4
• Next message (by thread): RIPE our of IPv4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]