Add column for IPv6 support?

[jgrahamc]

There's a general push to move to IPv6 and this is going to have performance consequences for TLS (and non-TLS) connections. In particular, Apple has announced a deliberate delay in waiting for IPv6 responses of 25ms (https://www.ietf.org/mail-archive/web/v6ops/current/msg22455.html) after receipt of an IPv4 address. This means that dual stack (or IPv6 only) web sites are likely to load faster than IPv4 only.

- Query the DNS resolver for A and AAAA.
   If the DNS records are not in the cache, the requests are sent back to back on the wire, AAAA first.
- If the first reply we get is AAAA, we send out the v6 SYN immediately
- If the first reply we get is A and we're expecting a AAAA, we start a 25ms timer
   - If the timer fires, we send out the v4 SYN
   - If we get the AAAA during that 25ms window, we move on to address selection

[igrigorik]

I think we should do this. Assuming that we do, my proposal would be:

• alert: no IPv6 support
• warn: IPv6 support available but off by default
• ok: IPv6 is on by default

Does that sound reasonable?

[jgrahamc]

Yes. That sounds like a good idea.

[ZigZagIL]

I'm not sure "on by default" is necessarily better here, it can cause some issues for origin servers (think XFF, SIEM, ACLs, etc.). The bigger point will be to provide the ability for all users/customers by default (a simple config with no extra $, opening tickets or professional services). just my 2c.

[jgrahamc]

I agree that IPv6 can cause problems and some Cloudflare customers decide to disable IPv6. This seems to mainly be because of IPv6 in X-Forwarded-For suddenly being IPv6 can cause problems (e.g. some abuse system that expected IPv4).

However, I think the push on a site like this one should be to be lead and so default on should be the expectation. Otherwise, people will spend years not dealing with the change.

And IPv4 is deprectaed: https://tools.ietf.org/html/draft-howard-sunset4-v4historic-00 It's time to move on.