[135552] in North American Network Operators' Group
RE: Ipv6 for the content provider
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Jan 26 14:22:08 2011
Date: Wed, 26 Jan 2011 11:18:50 -0800
In-Reply-To: <20110126185526.GA79278@ussenterprise.ufp.org>
From: "George Bonser" <gbonser@seven.com>
To: "Leo Bicknell" <bicknell@ufp.org>,
<nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
> Application level support on Linux/FreeBSD/NetBSD is 98% and rising
> every day. Apache, BIND, Postfix, they all work great. The "problem"
> is you may need config adjustment. Your Apache ListenOn's will need
> IPv6 added, your Postfix "local nets" ACL will need your IPv6
addresses
> added, and so on.
>=20
> And that is the crux of the migration issue. Updating all the
> configuration in all the apps to both do the right thing and be secure
> in IPv6. That is where all of your work will be, particualrly if you
> have custom systems to manage IP's or configs.
>=20
> --
> Leo Bicknell - bicknell@ufp.org - CCIE 3440
> PGP keys at http://www.ufp.org/~bicknell/
We're still having some problems with linux and java. For example, a v6
socket is supposed to support either protocol. But for some reason, and
I don't know if this is just one particular kernel, if communications is
attempted under some circumstances with a v4 address on a dual-stacked
host, the packets go out on the wire with v6 mapped v4 addresses
(::ffff:x.x.x.x) which isn't supposed to happen. So everything isn't
quite there yet for dual-stacking all applications. The "safest"
approach on paper is v6 native using NAT64/DNS64 but getting the NAT64
piece in place at production quality and scale is a problem at this
point.
