IPv6 to IPv4 redirection from MirrorBrain

classic Classic list List threaded Threaded
2 messages Options
William Gathoye William Gathoye
Reply | Threaded
Open this post in threaded view
|

IPv6 to IPv4 redirection from MirrorBrain

Hello Guilhem,

I have received a pretty interesting question from an user on the
LibreOfficeFR Twitter account[1].


Considering the following use case:

An IPv6-only client connecting to the LibreOffice website in order to
download LibreOffice.


Do we risk the following potential issue with our MirrorBrain instance ?

The IPv6-only client potentially being redirected to an IPv4 only mirror

or is MirrorBrain smart enough to redirect connections established from
an IPv6 src address *ONLY* to IPv6 capable mirror servers ?

Wondering if I'm clear :)


Thanks in advance for your answer :)

Regards,

[1] https://twitter.com/lafibreinfo/status/1162022454736359424

--
William Gathoye
<[hidden email]>



--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy
Guilhem Moulin Guilhem Moulin
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 to IPv4 redirection from MirrorBrain

Hi wget,

On Thu, 15 Aug 2019 at 17:45:09 +0200, William Gathoye wrote:
> or is MirrorBrain smart enough to redirect connections established from
> an IPv6 src address *ONLY* to IPv6 capable mirror servers ?

The server can't know whether v6-connected peer is dual-stack or not.
Right now it assumes it is, so might indeed redirect to a v4-only mirror.

MirrorBrain has a bug report about that (with some code)
https://github.com/poeml/mirrorbrain/issues/161 about this, but there is
little upstream development AFAICT.  I'm still looking at mirrorbits for
a candidate replacement.

Right now 66 of our 116 enabled mirrors have at least one AAAA record,
and the distribution varies between 40 and 60% between regions, so it
should be doable to exclude v4-only mirrors for v6-connected peers.
It's not always been the case.

However, my gut feeling is that most v6-connected peers are dual-stack,
and so far no one has reported this as a real issue.  Personally I think
it's more useful to do that for TLS connections (redirecting TLS-connected
client to https:// mirrors).  That's upstream issue #143 :-)  There are
still quite a few countries without any TLS-capable mirror though.

Cheers,
--
Guilhem.

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy