Ipv6 for the content provider
bicknell at ufp.org
Wed Jan 26 12:55:26 CST 2011
In a message written on Wed, Jan 26, 2011 at 10:22:40AM -0800, Charles N Wyble wrote:
> For the most part, I'm a data center/application administrator/content
> provider kind of guy. As such, I want to provide all my web content over
> ipv6, and support ipv6 SMTP. What are folks doing in this regard?
> Do I just need to assign ip addresses to my servers, add AAAA records to
> my DNS server and that's it? I'm running PowerDNS for DNS, Apache for
> WWW. Postfix for SMTP.
The layer 3 part for you is really simple. Here's a deployment model we
use a number of places. I'm going to assume you have a /48, from ARIN
or your upstream.
Lay out your networks as:
The AAAA:BBBB:CCCC::/48 was given to you by ARIN/your upstream.
For VLAN I recommend being human friendly and making vlan 10 be
AAAA:BBBB:CCCC:0010::/64, even though that's technically 16 in Hex.
The vlan's consume 4096 of your 65536 subnets, so you still have
many more to play with. Want to know what address to configure,
well, you can guess if you know the vlan number.
We then also do the same thing with the address, if it's a static
server. Say the server was 10.2.50.210. We re-use the 210 part,
and get AAAA:BBBB:CCCC:0010::210, assuming it is on VLAN 10.
So you assign addresses to your boxes, decide if you want static
default routes or want to allow them to learn a default via RA, and
well, you're basically done for Layer 3.
Application level support on Linux/FreeBSD/NetBSD is 98% and rising
every day. Apache, BIND, Postfix, they all work great. The "problem"
is you may need config adjustment. Your Apache ListenOn's will
need IPv6 added, your Postfix "local nets" ACL will need your IPv6
addresses added, and so on.
And that is the crux of the migration issue. Updating all the
configuration in all the apps to both do the right thing and be
secure in IPv6. That is where all of your work will be, particualrly
if you have custom systems to manage IP's or configs.
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 826 bytes
Desc: not available
More information about the NANOG