Abusing IPv6 tunnels and CloudFlare for a static IP address

Published by on Permalink

Many years ago, when I used to host my website at home, I had an issue of my IP address being dynamic. My website would go offline for hours (or even days…) until I noticed and could change the DNS records. I “solved” this in a slightly crazy way that I recently thought might be quite relevant in the future; using CloudFlare — or some other cloud provider — to provide IPv4 connectivity.

My ISP at the time only gave me a dynamic IPv4 address which would frequently change, so wasn’t suitable for hosting at home. It would be fine for a few weeks, then would need DNS changes to come back up. Being an IPv6 fan, I also had a SixXS tunnel on my network which had a static IPv6 subnet. Given it was static, it got me thinking if I could somehow use that to my advantage.

Since the IPv6 subnet was static, if only visitors could just access the website over IPv6, it would be far more reliable, at least in terms of the address always being correct. SixXS seemed to rarely cause me issues, so I decided to delete my A record off CloudFlare and added an AAAA record to my server to have them reverse proxy exclusively via the SixXS tunnel, rather than directly via my ISP. Given this was “on” CloudFlare’s network and not bypassing, they would actually serve up an A record (to CloudFlare’s network) in addition to an AAAA record! You always get dual-stacked connectivity.

My network, as far as CloudFlare could see, was purely IPv6, but as far as I could see, was purely IPv4:

Visitor ~~> CloudFlare PoP ==> SixXS --> My House

[--> IPv4], [==> IPv6], and [~~> Dual Stacked]

How did this work?

When my internet connection dropped, my ISP would assign me a new IPv4 address, then my router would re-establish the SixXS tunnel, activating the static IPv6 subnet, which CloudFlare was already using. Despite my IP address changing, the whole thing could come back up without any configuration or manual work!

Would you believe me if I told you it was pretty fast too? CloudFlare cached a lot of static assets and the SixXS tunnel added very little latency. Given all the servers and PoPs were close to each other, performance wasn’t far off what a direct connection would have been. I was happy to trade a tiny bit of performance for a more reliable setup that was self-healing to my IP address changing.

These days I’m boring and just host my website on Linode, but I hope to host from home again, when I’m in a position to -- right now just isn’t good for me.

So, I said this may be a useful trick in the future, right? With IPv4 exhaustion happening and the world dragging its feet to adopt it, I’m wondering if we’ll start seeing more IPv6 only hosting providers. Consider a new provider needs to buy a large number of addresses, it’s difficult enough right now, and might be genuinely impossible one day.

I am considering buying some IP addresses to experiment with Anycast, and it’s looking like I will have to just settle for an IPv6 only network as the cost of IPv4 is so high these days. If this sounds interesting, I’ll eventually write more about what I’m working on when I have some actual progress.

For the time being, hopefully, CloudFlare can provide legacy access for those, ~80% of the world, still using a soon to be declared deprecated protocol.