9

Do web developers need to be concerned by the end of IPv4? Or is this strictly a hosting level concern?

What can the average PHP/JavaScript/Ajax etc. developer do to mitigate the impact of the changeover?

Discuss!

(if this has come up before I apologies, but my search revealed nothing)

Zan Lynx
  • 53,022
  • 10
  • 79
  • 131
YsoL8
  • 2,186
  • 5
  • 29
  • 47

4 Answers4

8

On the serverside, make sure you're not making assumptions about the format of the remote IP address - hacks like packing the IP address of a poster in a single 32-bit database field are a bad idea. If you are using subnet masks for bans or something, that will need changes as well.

bdonlan
  • 224,562
  • 31
  • 268
  • 324
1

Anywhere you handle IP addresses needs to be audited to check if it is IPv6 clean. Simple webapps may not bother storing any IP addresses but many will for the purposes of abuse tracking/control. IPv6 addresses are larger than ipv4 ones and the textual representations use different symbols.

Under some circumstances IPv4 connections can be handled on an IPv6 socket. In this case you may see "IPv4 mapped addresses" which you may need to convert back to normal IPv4 addresses before storing/comparing them (a lower level process like the webserver may or may not handle this conversion for you).

Dealing with abusers may require some consideration. Banning single addresses is likely futile. For effective banning you will want the ability to ban based on various different prefix lengths. You may also want the ability to map an abusers usage patterns to blocks. Similar problems apply to limits placed on the number of connections per user.

As the IPv4 crunch bites deeper we are likely to see more use of reverse proxy setups to share a limited pool of public IPv4 addresses among v6-only origin servers. Making your software ready for working with reverse proxys is therefore a wise move. This typically means having a list of trusted reverse proxies from which you will accept x-forwarded-for headers.

plugwash
  • 9,724
  • 2
  • 38
  • 51
1

Also, when validating fields for IP addresses, don’t forget to take both formats (152.115.4.70 and 2001:db8:1f70::999:de8:7648:6e8) into account.

Arseny
  • 5,159
  • 4
  • 21
  • 24
  • 2
    There are actually a number of possible IPv6 formats, of which you've shown (the most common) one... just makes it that much more complicated. – Joe Jan 29 '11 at 12:52
  • You’re right. In validation, you should take all the possible options into account. However, I hope, there already are ready-for-use validators for various programming languages. – Arseny Jan 29 '11 at 12:56
0

I doubt that IPv4 will ever end, actually. Just my opinion. Netorking apps will have to be written to be IPv4/6 compatible. Some APIs make this exceptionally easy.

user207421
  • 305,947
  • 44
  • 307
  • 483