Do I need to worry about IPV6 addresses when developing web applications?

Question

I am developing a website by using ASP.NET. I want to implement login authentication for my users. I want to implement password authentication delay if user enters wrong password frequently.

So I have field to store IPV4 address to identify the user's IP. Currently I am using unsigned int field to store the IPV4 addresses.

So my question for you is What about the IPV6 addresses? Do I need to worry about IPV6 addresses? Currently I have no data field to store IPV6 addresses.

Do I need to modify my web application to identify the IPV4 and IPV6 addresses?

Is IPV6 is practically using?

Answer 1

Yes you need to be able to handle IPv6 addresses. More and more ISPs are already offering IPv6 connectivity (30% of Belgium is on IPv6, certain mobile providers in the us are > 50% IPv6 etc). That your users will be able to connect over IPv6 is almost a certainty for any website you build today.

How to store the addresses is a different question. Some databases (like e.g. PostgreSQL) have special field types for storing IPv4/v6 addresses. If possible use those. Storing them as an integer isn't very practical unless you have native support for 128 bit integers. Storing them as text is possible. IPv6 addresses should be written following the rules of RFC 5952. Most library functions giving a text representation of an IPv6 address should output following these rules so you shouldn't need to implement anything yourself.

Also remember that with IPv6 a user has many many IPv6 addresses available. With IPv4 they usually use NAT and a whole network will appear as a single address. With IPv6 every device has one or more global addresses. A single LAN is usually a /64 (first 64 bits stay the same, last 64 bits can be used by devices) so you might want to take that into account when determining your rate limiting.