[99324] in North American Network Operators' Group
Re: Apple Airport Extreme IPv6 problems?
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Mon Sep 17 19:46:49 2007
Date: Tue, 18 Sep 2007 00:45:51 +0100
From: Jeroen Massar <jeroen@unfix.org>
To: Valdis.Kletnieks@vt.edu
CC: John Curran <jcurran@mail.com>, Martin Hannigan <hannigan@gmail.com>,
nanog@merit.edu
In-Reply-To: <21080.1190065410@turing-police.cc.vt.edu>
Errors-To: owner-nanog@merit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5951DE8C73159C70ADF59016
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Valdis.Kletnieks@vt.edu wrote:
> On Mon, 17 Sep 2007 17:15:38 EDT, John Curran said:
>=20
>> In addition, if the AAAA record is added for the node, instead of
>> service as recommended, all the services of the node should be IPv6=
-
>> enabled prior to adding the resource record. "
>>
>> Not a problem for names which are single services (www.foo.com),
>> but caution is required when the name has multiple services running.
>=20
> My favorite shoot-self-in-foot on that topic - I stuck a quad-A in for =
a host
> that *was* IPv6-enabled on the production service, but it didn't have (=
at the
> time) an IPv6-ready ssh daemon. Hilarity ensued when using an IPv6-ena=
bled
> ssh client - you'd get back an RST packet real fast and it was Game Ove=
r.
>=20
> So remember - there's probably more services you need to worry about. ;=
)
Indeed, which is why a good policy to have for 'servers' is to have:
- a hostname, generally I bind these to the EUI-64 address
- a servicename, eg 'www' or 'imap', which are bound to ::80 and ::993
Then when the box dies or you want to move the service to another box,
you just move the alias, or actually just kill the quagga on the box and
let another instance handle it ;) Still the maintainance of the box can
be done by directly accessing it. Of course one should simply have that
all integrated into the service deployment system and not care about the
boxes themselves, you just want <n> of them to provide service X and <m>
of them to handle service Z, or to use as many of them so that service Y
is running topnotch with capacity to spare. All depends on your size of
course ;)
Greets,
Jeroen
--------------enig5951DE8C73159C70ADF59016
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iHUEARECADUFAkbvEa8uFIAAAAAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy
b2VuQHVuZml4Lm9yZwAKCRApqihSMz58Izp/AJ0YieqskTIDekgOwZsJRI3aChlj
JQCfVgvjj6PxBmHDPx3TjKie1knhNgs=
=Q10I
-----END PGP SIGNATURE-----
--------------enig5951DE8C73159C70ADF59016--
