[135560] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Ipv6 for the content provider

daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jan 26 15:45:53 2011

From: Owen DeLong <owen@delong.com>
In-Reply-To: <alpine.OSX.2.00.1101260905210.211@cust11794.lava.net>
Date: Wed, 26 Jan 2011 12:39:16 -0800
To: Antonio Querubin <tony@lava.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On Jan 26, 2011, at 11:17 AM, Antonio Querubin wrote:

> On Wed, 26 Jan 2011, Charles N Wyble wrote:
>=20
>> Do I just need to assign ip addresses to my servers, add AAAA records =
to
>> my DNS server and that's it? I'm running PowerDNS for DNS, Apache for
>> WWW. Postfix for SMTP.
>=20
> Best to remove IP version dependencies in your configs.
>=20
> If you are using name-based virtual hosting in Apache, convert:
>=20
>  Listen a.b.c.d:80         ->  Listen 80
>  <Virtualhost a.b.c.d:80>  ->  <Virtualhost *:80>
>=20
That only works if you have only one address on the machine and.

If you have addresses that aren't intended for name-based-site-A but
do terminate SSL connections to sites B, C, and D, then you probably
don't want to use * for site A.

> Use hard-coded IP addresses only where required for stuff like =
SSL-enabled webhosts.
>=20
Depends on the complexity of your environment. In a more complex =
configuration
you can actually save yourself a lot of trouble and confusion later by =
using a
construct like this:

Listen 192.159.10.7:80
Listen [2620:0:930::dead:beef:cafe]:80
Listen [2620:0:930::400:7]:80
<VirtualHost 192.159.10.7:80 [2620:0:930::400:7]:80 =
[2620:0:930::dead:beef:cafe]
:80>
	ServerName www.delong.com
...


YMMV, but, that's working reliably in my environment for:

[root@owen conf]# host www.delong.com
www.delong.com has address 192.159.10.7
www.delong.com has IPv6 address 2620:0:930::400:7

(The dead:beef:cafe address isn't currently in the AAAAs that are =
publicly visible because
it's used for testing specialized testing from different DNS views.)

The machine in question has a number of IPv4 and IPv6 addresses many
of which terminate HTTP/HTTPs connections, some of which do not.

Owen
home help back first fref pref prev next nref lref last post