On Fri, 2009-02-13 at 12:04 +1300, Perry Lorier wrote:
Subtleties of behaviour also have effects. An example of one that bit me, is that the Undernet IRC server considers 1 IPv4 address equivalent to 1 IPv6 /64 for rate limiting purposes. While this kind of heuristic works OK with the same values for private and public servers both on NATed LANs and the intartubes for IPv4, for IPv6 everyone on your LAN connecting to your private IRC server will have an IPv6 in the same /64 and rate limiting will kick in unless you completely change the rate limiting values. So that is an example of an application which *needs* to know the type of address in order to be able to make the correct decision.
Speaking as the person who actually designed that system for Undernet, that behavior was intentional. :)
Sure, which shows how the heuristics used for IPv4 *could* *not* be directly mapped to equally apt heuristics for IPv6, doesn't it? Our server worked fine for years without tuning, right up until the first restart after we added an AAAA record for it. My point is that while it might be a laudable goal to have software that is IPv6/IPv4 agnostic there are still going to be plenty of gotchas out there waiting for people, because the network will behave differently - outside of the fact that the actual addresses happen to be different data types. Many pieces of software, not just IRC servers, imply meaning into a single IPv4 ip address, or a /24, and it is quite likely that those meanings won't have easy equivalents in an IPv6 addressable. Cheers, Andrew. ------------------------------------------------------------------------ andrew (AT) morphoss (DOT) com +64(272)DEBIAN Though a superhero, Bruce Schneier disdains the use of a mask or secret identity as 'security through obscurity'. ------------------------------------------------------------------------