End to end ipv6 support considerations

Right now exit setup and ipv4 rules assume a NAT. This is a good response to the scarcity of v4 address space and the fact that few if any exit providers have the ip hoard to afford handing out ipv4 addresses to every customer by default.

But v6 is a little different, there is plenty of address space and natting on v6 is generally frowned upon for that reason. We have good reason for telling users that they can’t run a homeserver off of a v4 address by default but not such reason exits for v6. Of course the issue is being assigned a globally routable v6 block in the first place as an exit. You either need to make a deal with a hosting provider or become your own ASN and register with the local internet numbers authority.

The problem with the latter is that you need at be multihomed (aka actually need global routing control over your ranges) before you will be assigned an ASN and as far as I’m aware you can’t request your own ipv6 block without an ASN. This of course does not preclude buying such a thing from your hosting provider.

Regardless even the difficulty of interacting with your provider to get a v6 block is far and above what’s currently required to setup a v4 exit. Which is essentially a server a script and about 10 minutes.

The question becomes how we want to design the defaults of the exit software to accommodate smaller exit providers versus larger ones. I suppose we could just make it all configurable. Regardless it’s going to be a good bit of development work to make possible.

As I understand it, using ipv6 for public IPs is going to be similar to ipv4 but without the NAT. And ultimately that’s going to be about the same as running a regular VPN. Is it really harder to get ipv6 addresses?

As far as the “ease of setting up exit” question, that can be a low priority. If people are having a hard time setting up exits, they need to get in Riot and ask about it, since they will have a great deal of discretion over the tech, and will be responsible for running the exit which is a high bandwidth internet service, so they should know how to do it right.

Getting ipv6 addresses is easier than getting just about any other ip address. But having at least 1 ipv4 address is essentially a prerequisite to running any serious server. So they get handed out by default. I suppose most hosting providers serious about ipv6 support hand out a decently sized block to every host too, I could look into what it takes to support that.