Re: RIPE our of IPv4

[Mark Andrews <marka () isc org>]

> On 27 Nov 2019, at 10:58, Sabri Berisha <sabri () cluecentral net> wrote:
>
> ----- On Nov 26, 2019, at 7:59 AM, Willy Manga mangawilly () gmail com wrote:
>
> Hi,
>
> > I would have said the very very minimum could be to invest in a
> > dual-stack 'proxy' for public-facing services; internal or external
> > solution, you have the choice.
> >
> > And why even do that ? Because the other side is not only on IPv4.
>
> Using a dual-stack proxy is not always an option. Source IP information may be needed on the app level for risk 
> analysis, OFAC compliance, and copyright purposes. For example, Paypal will definitely use IP address information in 
> its fraud risk analysis.

And existing proxies don’t already pass through the connecting IP address?  There are even header fields that are 
dedicated for this purpose [1].

Most web sites could be dual stacked today with zero issues.  Web site analytic tools already deal with IPv6 and have 
for years.

> That said, there are of course ways to do that while using a proxy. However, that will now require some for of 
> development. Dev time better used to properly implement v6.

And the difference in time between reading the address from X-Forwarded-For: vs directly is negligible. 

> Unfortunately, I've been part of way to many discussions where the only thing a beancounter wants to know is: what is 
> the short term effect of not doing it?
>
> Short term exec bonuses, short term decisions.
>
> Thanks,
>
> Sabri


[1] https://en.wikipedia.org/wiki/X-Forwarded-For
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka () isc org