As we know, IPv6 module is installed and enabled by default in our CentOS server. But I have never use it and many articles tell us to disabled IPv6 feature for performance or security reason. So what kind of situations should I enable IPv6 with my server located in Internet?
Asked
Active
Viewed 1,428 times
1 Answers
6
Short answer: IPv6 should be enabled on all servers.
Longer answer: Three out of five RIRs are so short on IPv4 addresses that rationing is a reality. And another RIR will run out early next year leaving Africa as the only region in the world without a shortage of IPv4 addresses.
Major content providers deployed dual stack in 2012. And in doing so they eliminated one of the only valid arguments for others to stay IPv4-only.
In short, if you did not think about enabling IPv6 along with all the other providers back in 2012, then you are behind schedule.
At that time I would consider being hosted in an IPv4 only data center to be a valid reason not to enable IPv6 just yet. But at that time, it would be reasonable to demand IPv6 support from your hosting provider. There is enough competition that everybody should be able to find a provider with IPv6 support.
For connections to your home or to an office, the situation is a bit different. Being tied to a specific location limits competition. And the limited competition means in many regions you simply cannot switch to a competing provider.
There is a minority of users with better IPv6 connectivity than IPv4 connectivity. You will support those better by hosting your server on dual stack than IPv4 only. Plus ISPs are using your lack of IPv6 support as an excuse for not deploying IPv6 to their customers. Those two for me are sufficient reason to recommend deploying IPv6 ASAP.
Years ago clients with broken IPv6 connectivity was a concern that lead to content providers being reluctant to deploy IPv6. That is mostly a solved problem, but there is still a few things you can do yourself to ensure users of your dual stack server will experience as reliable a connection as possible:
- Tweak your MSS settings. On IPv6 the recommended setting would be 1220. But most systems would default to 1440. It is not that there is anything wrong with using 1440, but other people have deployed broken networks, that may cause an otherwise correct MSS setting of 1440 to not work.
- Deploy 6to4 and Teredo relays. If your server has a public IPv4 address, you can deploy your own. And if you don't, you'll be relying on unreliable public relays to communicate with any users using either of those protocols.
- Monitor your server. A surprising large number of sites have an IPv6 address that doesn't respond. On one occasion I pointed out such a problem to a specific provider. Their reaction was: 1. Say it was intentional. 2. Claim there network had full IPv6 support working perfectly flawless. 3. Stop announcing their IPv6 prefix through BGP. 4. Kept the AAAA record in DNS. 5. Left the system in that state for years. You should not fall into the same trap. If your IPv6 address should ever stop responding, you want to know before your customers.
kasperd
- 31,086