>One characteristic of v4 is it's somewhat reasonable to do a straight forward block on a range of addresses to shut down access. This is still somewhat possible with v6, but harder as there's simply a much larger portion of ip addresses that can be all over the place. It's theoretically a lot easier for anyone that wants to bypass a simple filter to grab a new public IP address.
no its not, its easier to block IPv6 ranges than IPv4 ones.
if someone want be block my ISP, they only need a single /32 rule with v6.
Evenn though its onelayer down - the same tactics that were used to suspend/takeover domains would still apply , at the end of the day one still has to get the IPv4/IPv6 address from someone(who can be coerced).
When Trump pressures RIPE NCC or APNIC to deregister an IP address block, that's the end of the internet as we know it, and the return to national networks with very limited interconnection. Even Russia still has address registrations despite being sanctioned.
Alternatively they pressure USA ISPs to block the addresses. That's already regularly done but it probably won't be enough to satisfy the extortion industrial complex which is out for blood.
A quick look at the last few administrations is all anyone needs to see how this one interprets the powers and duties that come with the office.
One of my favorite phrases coined during the last Trump administration was something like, "not just wrong, but wrong beyond normal parameters." It basically meant exactly what we are discussing here; namely, being an outlier of some sort.
I specifically mentioned foreign policy. There, I don't remember a single US government that was not a net negative for the rest of the world (Israel excluded).
>ALL your services accessible through the tunnel are "down" for your users
Not all.
I operate site with IPv6 only origins behind cloudflare.
During the outage I manged to login to the dashboard after some time and remove cloudflare for nearly 2 hours, and traffic level stayed close to 50% during the IPv6 only period.
Nobody complained: those who did not have working IPv6 probably blamed it on cloudflare.
> traffic level stayed close to 50% during the IPv6 only period.
> Nobody complained: those who did not have working IPv6 probably blamed it on cloudflare.
You described a situation where the outage resulted in 50% of your customers were unable to reach you and you were unable to do anything about it. I don’t think this story is a win for IPv6, regardless of whether your customers blame CloudFlare or not.
Would hand been 100% if his site supported ipv4 natively instead of relying on CloudFlare to do the translation.
The story here is not “ipv6 made my site resilient to CloudFlare outage”. It’s “50% of my customers can’t reach my site even when I turn off CloudFlare”.
I have seen similar bugs in cloudflare API recently as well.
There is an endpoint for a feature that is available only to enterprise users, but the check for whether the user is on an enterprise plan is done at the last step.
I recently ran into an issue with the Cloudflare API feature that if you want to roll back requires contacting the support team because there's no way to roll it back with the API or GUI. Even when the exact issue was pointed out, it took multiple days to change the setting and to my knowledge there's still no API fix available.
I work remotely 100% too. I don't go to any office. That doesn't change the fact that most remote people are just using AI and bullshitting. Yes they are bullshitters. Don't need to be super soft about it, it is not like an LGBTQ+ subject. Many remote workers are shitty. There, I said it again. Most remote workers are shitty.
I'm not sure which endpoint gp meant, but as I understood it, as an example, imagine a three-way handshake that's only available to enterprise users. Instead of failing a regular user on the first step, they allow steps one and two, but then do the check on step three and fail there.
The API endpoint I am talking about needs a external verification. they allow to do the external verification before checking if the user is on the enterprise plan or not.
The feature is only available to enterprise plans, it should not even allow external verification.
https://news.ycombinator.com/item?id=46191194
reply