policy is an "IPv6-first" organization. This means that IPv6 support is highly prioritized over IPv4, and it is perfectly acceptable for IPv6 to be totally native while IPv4 is an afterthought that requires a million tunnel brokers. There are some exceptions, most notably frequently-visited public facing websites, but otherwise, we don't care too much about IPv4.

In practice, this means that some of our points of presence are IPv6-only, with IPv4 provided in one of the following ways:

  • The service provider's native IPv4 connectivity
  • A tunnel from apps-vm6, where my entire /24 is located
  • Cloudflare (such as the Gitlab server)