Session IP address pinning for dual-stack IPv6
Buildkite introduced session IP address pinning as an additional security measure to ensure authorized sessions can only originate from the IP address that initially created the session. However, challenges arise with dual-stack IPv6 connections due to the complexities of IPv6 addressing and frequent changes in IP addresses. To enhance user experience for these users, Buildkite is considering improvements such as pinning both an IPv4 and IPv6 address or pinning an IPv6 /64 subnet instead of a specific /128 address. These enhancements aim to provide a more seamless and secure experience for users with dual-stack IPv6 connections, addressing the challenges posed by the Happy Eyeballs algorithm and dynamic nature of IPv6 addressing.
Company
Buildkite
Date published
Oct. 12, 2023
Author(s)
Steve Hoeksema
Word count
1099
Language
English
Hacker News points
2