There are many reasons why an organization would want to make their web site reachable over IPv6 transport. One reason is that due to IPv4 address exhaustion and more carriers deploying Carrier Grade NAT (CGN) and Large Scale NAT (LSN), your web site may perform better with IPv6. A second reason, related to IPv4 address exhaustion, is that someday soon there may be IPv6-only end-users that may have difficulty reaching a legacy IPv4-only site. A third reason is that, in some cases, IPv6 Internet connectivity can actually be faster than the IPv4 variety and this could be another strong motivation for enabling IPv6. Regardless of the exact reason, the choice to make your web site accessible by the “whole Internet” using either IPv4 or IPv6 is a solid technical risk-mitigation strategy.
If you have your own on-premises data center and are hosting your web site locally, then there are many steps required to IPv6-enable your site. Following are some of the typical steps required to make your self-hosted web site natively reachable to the Internet using IPv6.
Call your ISP and request adding IPv6 to your upstream link(s)
Get your IPv6 address allocation (from your RIR or from your ISP)
Advertise that IPv6 address block to your upstream ISP(s), and verify Internet reachability
Configure IPv6 addressing to and through your firewall, adding the minimum permit policies
Configure IPv6 addressing on your web server and testing Internet reachability
Add IPv6 address(s) to your authoritative DNS server(s) for your web site, and test as necessary
These steps may be similar if you are hosting your public web site at a colocation facility on your own servers. But what would you do if your marketing department has put your company’s web site on an IPv4-only hosting provider?
If you are using a cloud service provider or a hosting provider to service your web site, then you are reliant on that service provider for IPv6-enabling your site. In the best case, you can contact your IPv6-capable cloud provider, like AWS, to request assistance enabling IPv6. In the worst case, you may be in the difficult situation of having to change service providers to one that offers IPv6 Internet connectivity along with IPv6 web server application support.
Content Delivery Networks and IPv6
If your organization’s own data center or cloud service provider does not yet support IPv6 connectivity for your web site, then one technique you can employ to gain IPv6 support is to use a Content Delivery Network (CDN). Content Delivery Networks (CDNs) leverage their globally distributed network footprint to cache static and streaming content provided by their customers to end-users worldwide. CDNs help accelerate the delivery of the online content to the end-users providing a better experience by facilitating a high-performance and high-redundancy service.
The CDN will cache the content of your web site and then deliver it to your clients over both IPv4 and IPv6. Your web site that is on the back-end of the CDN provider’s proxy function can remain IPv4 for service of the content, but to the Internet-based user, the site would appear as if it were IPv6-reachable. This is a technique that many U.S. federal organizations used to help them meet the September 30, 2012 IPv6 Internet-edge deployment mandate.
CDN companies have been quick to realize the benefits of using IPv6 to facilitate connecting their customer’s content to clients. Therefore, most of the larger CDN providers made early progress on their IPv6 offerings and now many offer IPv6 connectivity for their customer’s content. In some cases, configuration of the IPv6 functionality is a simple check-box on a web form that the content owner submits when establishing CDN service.
Akamai has supported IPv6 for many years now and is one of the world’s largest CDN providers. Akamai offers CDN services, but also added web security and DDoS mitigation services. Akamai has created an IPv6 Adoption Visualization site that shows which countries are using more IPv6.
Note: There can be many more IPv6-enabled CDNs. This was a list of the larger CDNs offering IPv6 connectivity to their customers that my personal research revealed.
CloudFlare IPv6 Enabled CDN Service
One notable CDN that has been a strong proponent of IPv6 is Cloudflare. Cloudflare has been on the forefront of IPv6 adoption and several years ago started automatically enabling IPv6 for their customer’s content. By making IPv6 the default setting, this helped their customers unknowingly implement it and it seamlessly worked. Because most web browsers on computers and mobile devices use the Happy Eyeballs algorithm (RFC 6555), they connect using the best performing IP protocol version. This occurs transparently to the user and they have happy eyeballs because they have better end-user experience. CloudFlare made IPv6 the default and required you to manually disable IPv6 and have an IPv4-only web service. During that change you would have seen the following error message when deviating from the defaults:
Dani Grant, product strategy team memeber from Cloudflare, will be presenting “IPv6 - A View From The Edge” at the 2017 North American IPv6 Summit at LinkedIn’s headquarters in Sunnyvale, CA on April 25-26.
Remember, for every web page loaded over IPv6, that is one less web page loaded over IPv4. There is evidence that the tipping point of more connections using IPv6 compared to those using IPv4 is nearing. IPv6 usage is accelerating and starting to slow the growth of IPv4 usage.
CDNs provide many valuable features to their customers. In addition to caching and broadening the reach of your web site content, they can also provide DDoS mitigation services, Web Application Firewall (WAF) capabilities (among other features). You may choose a CDN provider to help you secure and improve the performance of your web site. But using a CDN would also be an easy way to provide an IPv6-face to that same web site. Furthermore, not all the CDN’s service may support IPv6. For example, maybe their CDN services support IPv6, but their DDoS mitigation services operate only with IPv4.
Using a CDN to provide an IPv6 face on an IPv4-only site may not be the idealized end-to-end native IPv6 connectivity we are ultimately seeking to achieve. However, using a CDN to at least provide some IPv6 connectivity to your web site is a start and a step in the right direction.