IPv6

From OpenStreetMap Wiki
Jump to navigation Jump to search

Status of IPv6 support in OpenStreetMap

Some important OpenStreetMap servers do not run over IPv6, and are not reachable directly by IPv6-only clients (which must then use third-party proxies or establish IPv6-to-IPv4 tunnels, whose web sessions are frequently very limited in terms of privacy, response time, duration, volume, bandwidth, reliability and quality of service). This is now becoming a problem for many users, notably those connected on mobile networks.

There is an openstreetmap tile server for the Netherlands running over IPv6, and another one in France with worldwide coverage (including for HOT projects).

Accessibility of important OpenStreetMap servers over IPv6:

Hostname AAAA DNS record IPv6 web server IPv6 DNS server As of date Note
openstreetmap.org yes yes yes 2017-11-26
www.openstreetmap.org yes yes yes 2017-11-26
osm.org yes yes yes 2017-11-26 Short alias of openstreetmap.org
api.openstreetmap.org yes yes yes 2017-11-26 Main API for data submission (for editors) and queries
dns.openstreetmap.org yes yes yes 2017-11-26
lists.openstreetmap.org yes yes yes 2017-11-26 Mailing lists online subscription and archives
{a,b,c}.tile.openstreetmap.org yes yes ? 2020-01-23 Default layer on main site, CDN; blocked by Issue #7
forum.openstreetmap.org no ? ? 2017-11-26 Used by main site
piwik.openstreetmap.org no ? ? 2017-11-26 Used by main site
blog.openstreetmap.org no ? ? 2017-11-26
munin.openstreetmap.org no ? ? 2017-11-26
wiki.openstreetmap.org yes yes yes 2019-02-13 This site
wiki.osmfoundation.org no ? ? 2017-11-26
stateofthemap.org no ? ? 2017-11-26 State of the Map (SotM) international conference
Additional layers
{a,b,c}.tile.openstreetmap.fr yes yes yes 2022-03-21 Humanitarian OSM Team, and some other layers (worldwide coverage)
tile.openstreetmap.nl yes yes yes 2018-04-04 Benelux (Netherlands, Belgium and Luxembourg) coverage
{a,b,c}.tile.thunderforest.com no ? ? 2017-11-26 Cycle maps, Public transport layers
{a,b,c,d}.tile.openstreetmap.de yes yes yes 2019-09-04 German Style layers
Other OSM-related services
overpass-turbo.eu yes yes yes 2019-02-13 Overpass Turbo, depending on overpass-api.de (by default)
overpass-api.de yes yes yes 2017-11-26 used by e.g. overpass-turbo.eu
overpass.openstreetmap.fr yes yes yes 2017-11-26 used by e.g. overpass-turbo.eu
overpass.openstreetmap.ru no ? ? 2017-11-26 used by e.g. overpass-turbo.eu
osmose.openstreetmap.fr yes yes yes 2019-02-13 Osmose quality assurance tool

This information can be tested on http://ipv6-test.com/validate.php.

Some websites are not accessible over IPv6 from all locations. Notably, www.openstreetmap.org is not reachable from Hurricane Electric IPv6 network (as can be checked using their looking glass).

Implementation scenario

SixXS is no longer in service. In 2009, it was tested that an AYIYA tunnel from SixXS worked from UCL; this basically says that we were able to make a tunnel from UCL to a nearby tic server in London. The setup time for that was the time to apply at SixXS and the time to request a tunnel. From that point on a subnet can be requested that is (on layer 2) distributing IPv6 using radvd automatically. No setup required, only a IPv6 module loaded in the respectable kernel.

Most likely because we have static ip adresses, we don't want to tunnel over AYIYA out, but directly get a static IPv4 link, without heartbeat. We did not test that yet, but if tested and it works within UCL it would be the best method.

Security

Obviously IPv6 makes machines directly accessible like global IPs do. By putting a firewall on top of the router that is distributing the IPv6 adresses, we basically protect us against people trying to reach the machines by v6. Setting up again a port based match is transparent to IPv4 and IPv6; so theoretically if every system has a firewall now, it would already be protected.

See also