search

binwiederhier / ntfy

Send push notifications to your phone or desktop using PUT/POST
https://ntfy.sh
Apache License 2.0
17.21k stars 662 forks source link

IPv6 on the official ntfy.sh server #519

Open bernhardschmidt opened 1 year ago

bernhardschmidt commented 1 year ago

I would highly appreciate it if you would enable IPv6 connectivity on the official ntfy.sh service. Right now it seems to be hosted on DigitalOcean. Enabling IPv6 there should be pretty straight forward.

https://docs.digitalocean.com/products/networking/ipv6/

binwiederhier commented 1 year ago

There are multiple reasons I haven't done that yet:

  1. I know nothing about IPv6
  2. There are assumptions in the server about IPv4 addresses (for rate limiting mostly)
  3. Rate limiting is 100% based around IPv4 addresses right now. Given that IPv6 addresses are cheap I think I'd be opening myself up to some bad times.

So while intriguing, I would not hold my breadth right now. I'm always happy to accept code contributions or discuss it further though.

gsauthof commented 1 year ago

When enabling IPv6, you could rate limit IPv6 addresses using only their /48 prefix, as this the smallest prefix usually assigned to an entity. So this should be pretty conservative approach, for a start.

However, most entities surely just get /56 or even /64 prefixes, so a less overly cautious approach would be to rate-limit those.

Or use a tiered approach were you have an IPv4-like rate limit for /64 prefixes and higher limits for /56 and then an even higher one for /48.

Background: With IPv6, the address is 128 bit wide, and the idea is that a network gets at least a /64 prefix delegated. If a provider hands out a /48 prefix that means that the customer may create up to 2**16 networks under that prefix, i.e. he/she is able to sub-delegate longer prefixes in his/her own infrastructure quite flexible.

binwiederhier commented 1 year ago

Using a large-enough prefix sounds like a reasonable compromise. It's still not high on my list, though; so much other stuff to do :-D

arjan-s commented 10 months ago

I think there may be more to do than just enabling IPv6 on the main server. My personal server has both IPv4 and IPv6, my home has both too, but my mobile provider only has IPv4. I've noticed that the ntfy Android client regularly loses connection to my dual-stack ntfy instance and takes a very long time to reconnect, which causes my notifications to arrive very late and in batches. My second ntfy instance only has an IPv4 DNS record and I have none of the problems there.

binwiederhier commented 3 weeks ago

This is a great article that describes the reasons for why ntfy.sh does not support IPv6 yet: https://adam-p.ca/blog/2022/02/ipv6-rate-limiting/

RokeJulianLockhart commented 2 weeks ago

https://github.com/binwiederhier/ntfy/issues/519#issuecomment-2156231591

@bernhardschmidt, considering the PRs mentioned at https://github.com/adam-p/adam-p.github.com/blob/f8a8c1ee8e42e568dccdf57165373cad45db314a/content/blog/2022-02-20-ipv6-rate-limiting.md#user-content-fn-2-4d1d3136096ba6b2ebad92ddc2261cb2:~:text=I%20submitted%20PRs%20to%20tollbooth%20and%20httprate - https://github.com/go-chi/httprate/pull/10#issue-1145095727 and https://github.com/didip/tollbooth/pull/98#issue-1145095717 - have both been merged, how much of it applies? Although everything stated is correct, it appears somewhat outdated.