WordPress.org

Making WordPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 months ago

#3090 closed enhancement (maybelater)

WordPress.org API not accessible over IPv6

Reported by: deaky Owned by:
Milestone: Priority: normal
Component: API Keywords:
Cc:

Description (last modified by dd32)

We run multiple WordPress instances on hosts which are IPv6 only. These websites are used internally where we recently transitioned to IPv6 completely and disabled IPv4 for simplicity.
Unfortunately your API at api.wordpress.org does not seem to support IPv6. At least it doesn't have any AAAA records set. Therefore we are not able to use WordPress features like auto updates or plugin installation which connect to your API.
You’d make maintaining our WP instances a lot easier if you added support for IPv6 to your API.

Change History (8)

#1 @SergeyBiryukov
4 years ago

  • Description modified (diff)
  • Summary changed from Wordpress.org API not accessible over IPv6 to WordPress.org API not accessible over IPv6

#2 follow-up: @dd32
4 years ago

  • Resolution set to maybelater
  • Status changed from new to closed

The WordPress.org Systems team is aware of the want for IPv6, unfortunately at present it's not supported by our upstream providers. When IPv6 is available in our hosting environment, it'll be enabled for all WordPress.org services.

If you wish to run in an IPv6-only world, I'd suggest you investigate enabling a DNS64/NAT64 service for your network to allow transparent forwarding to IPv4-only resources.

I'm marking this as maybelater purely based on that it'll happen, but having a ticket open isn't going to nudge us towards it.

#3 in reply to: ↑ 2 ; follow-up: @Paul Guijt
4 years ago

OK, I regretfully respect that. But could you please take care that a ticket is opened to have Wordpress communicate with Wordpress.org and Wordpress.com (and any other site that is only IPv4) through IPv4 only?

Replying to dd32:

The WordPress.org Systems team is aware of the want for IPv6, unfortunately at present it's not supported by our upstream providers. When IPv6 is available in our hosting environment, it'll be enabled for all WordPress.org services.

If you wish to run in an IPv6-only world, I'd suggest you investigate enabling a DNS64/NAT64 service for your network to allow transparent forwarding to IPv4-only resources.

I'm marking this as maybelater purely based on that it'll happen, but having a ticket open isn't going to nudge us towards it.

#4 in reply to: ↑ 3 @dd32
4 years ago

  • Description modified (diff)

Replying to Paul Guijt:

OK, I regretfully respect that. But could you please take care that a ticket is opened to have WordPress communicate with Wordpress.org and Wordpress.com (and any other site that is only IPv4) through IPv4 only?

This is a server configuration issue on the hosts end. As only IPv4 DNS records are returned, it's up to the hosts PHP configuration being configured correctly to connect over IPv4. If an IPv4 gateway isn't available and only IPv6 is enabled, then it would be expected that the HTTP requests would fail quite fast due to the underlying network not supporting it.

WordPress.org's API will be available over IPv6 some day when our hosting infrastructure supports it, so we're not going to lock it down to only occurring over IPv4.

There have been some bugs in PHP's CURL implementation in the past which causes IPv4 connections to fail on IPv6-only hosts even when a IPv4 gateway is present which can't be worked around reliably from within WordPress.

#5 follow-up: @deaky
11 months ago

Is there any news here? The API is still only accessible through legacy networks. I have to say it's really frustrating to have to setup and maintain NAT64+DNS64 just for systems that run WordPress.

I suggest to reopen this ticket as this is clearly not resolved.

#6 in reply to: ↑ 5 @dd32
11 months ago

Replying to deaky:

Is there any news here?

No, the network infrastructure we're running still doesn't have any IPv6 addresses allocated, it's not as simple as requesting/assigning them as we have complex load balancing and DDOS implications to take into consideration. It's not as high priority right now due to the majority of connections having either dual-stack or NAT gateways for the other half of the internet that has no native IPv6 routes.

I'm curious what environments you're running WordPress under that only have IPv6 connectivity though, as most instances of IPv6-only servers I've come across still have outbound IPv4 connectivity via a NAT interface.

The other option is to use WordPress's built in proxy support, which would replace having to handle a NAT64 instance with a potentially simpler non-caching proxy.

I'm going to continue to leave this ticket closed, as there's no action the meta team can do here ourselves, this is up to the systems team to enable when they feel comfortable doing so. I do know it's on a long term roadmap though.

#7 @ocean90
4 months ago

#5785 was marked as a duplicate.

#8 @ott
4 months ago

api.wordpress.org does not have an AAAA RR in the DNS. Therefore, it is not reachable over IPv6. This is a problem for hosts that are IPv6-only. As a result, the admin dashboard contains multiple errors message and (automatic) updates seem to be broken. This decreases the confidence in WordPress and can lead to security problems.

IPv6-only hosts are becoming more important as IPv4 address depletion continues and the cost of IPv4 addresses increases. Example of scenarios where IPv6-only hosts are deployed today are public web hosting, in particular with load balancers or other address translators that connect IPv6-only networks to the IPv4 Internet, and internal networks that already IPv6-only. IPv6-only networks lower the operational costs and complexity for networks that do not need IPv4 and some larger organizations have even run out of RFC 1918 address space.

It's a larger topic but I hope this explanation suffices to justify the need for IPv6 connectivity for api.wordpress.org. If the justification does not suffice, please contact me via email and I can mention concrete example of IPv6-only networks and use-cases in private correspondence. The topic has also been discussed in public conferences and it is possible to find recordings of presentations that discuss this topic in far more detail and also mention concrete use-cases and deployments.

Last edited 4 months ago by ott (previous) (diff)
Note: See TracTickets for help on using tickets.