[135547] in North American Network Operators' Group
Re: Ipv6 for the content provider
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Jan 26 13:55:51 2011
Date: Wed, 26 Jan 2011 10:55:26 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <4D406670.8040202@knownelement.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Wed, Jan 26, 2011 at 10:22:40AM -0800, Charles N Wy=
ble wrote:
> For the most part, I'm a data center/application administrator/content
> provider kind of guy. As such, I want to provide all my web content over
> ipv6, and support ipv6 SMTP. What are folks doing in this regard?
>=20
> Do I just need to assign ip addresses to my servers, add AAAA records to
> my DNS server and that's it? I'm running PowerDNS for DNS, Apache for
> WWW. Postfix for SMTP.
The layer 3 part for you is really simple. Here's a deployment model we
use a number of places. I'm going to assume you have a /48, from ARIN
or your upstream.
Lay out your networks as:
AAAA:BBBB:CCCC:<vlan>::/64
The AAAA:BBBB:CCCC::/48 was given to you by ARIN/your upstream.
For VLAN I recommend being human friendly and making vlan 10 be
AAAA:BBBB:CCCC:0010::/64, even though that's technically 16 in Hex.
The vlan's consume 4096 of your 65536 subnets, so you still have
many more to play with. Want to know what address to configure,
well, you can guess if you know the vlan number.
We then also do the same thing with the address, if it's a static
server. Say the server was 10.2.50.210. We re-use the 210 part,
and get AAAA:BBBB:CCCC:0010::210, assuming it is on VLAN 10.
So you assign addresses to your boxes, decide if you want static
default routes or want to allow them to learn a default via RA, and
well, you're basically done for Layer 3.
Application level support on Linux/FreeBSD/NetBSD is 98% and rising
every day. Apache, BIND, Postfix, they all work great. The "problem"
is you may need config adjustment. Your Apache ListenOn's will
need IPv6 added, your Postfix "local nets" ACL will need your IPv6
addresses added, and so on.
And that is the crux of the migration issue. Updating all the
configuration in all the apps to both do the right thing and be
secure in IPv6. That is where all of your work will be, particualrly
if you have custom systems to manage IP's or configs.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
iQIVAwUBTUBuHrN3O8aJIdTMAQIjnRAAsVMzSzffWfnSRvXKloqmyLhFICTzjWJR
GLlkFBJ50IO2fv7btqEBnl585PjzJtVnO7HqR/fc9QJSnHrnWRe5WDl5ek66XpIa
S3EHRYVySstr6TECRbHscIzBN2/2GkwKp3UZf27K8Ilqci9sh41HW/N+086cbrvF
8xUksbZkcPdW5igO8vHjcIeZsNnFJUuVcRPUXnW4vUtwwr3JKoq+vOiV+t4eVVqN
UTSjFEtzpulprY5hhrW1j9Q2rLgc4UUJRvLn0rwnYWDTxHP8NO75v59ls+oHC4b1
37GSxep0hEvZMxYSus24wkwWM9Eqbmy9dpX0uZDW9k2Cq+OKyBcljDpGnOO7ppSv
b7Xpm+xjmcr2GUA2QTLfcOXjz/Phy+hVvm1vhncnEVZ73JLKOTF1w8Xc74X/MbeV
DuWVz5ds9nw6elFxP6PpMQv8/TdLpuVyXAkx8YDdDwJ9wdKcvqG1P5IMmWaBQ4q+
3YinRlB7l4HOtF01BLtulTwxWXA6xvAr/CpSLKr9VgWg7ynj4QLlJKO9LukENEeh
Xo/9q2HvD5Uw6F2Bv3H13sQQEE7fpsaVLzWxZv6Cl7GZboarnX9DC1mXp4Qc2NNT
dkR6eJ1w6ZFvxIgYex4QdXEuX5VSJrpKiAWMtf/IAJcV6cqsplYgyIf+KGIQc9Ft
qOws8Ruhp+g=
=hZ8C
-----END PGP SIGNATURE-----
--Kj7319i9nmIyA2yE--
