Ipv6 for the content provider

George Bonser gbonser at seven.com
Wed Jan 26 13:18:50 CST 2011


> 
> Application level support on Linux/FreeBSD/NetBSD is 98% and rising
> every day.  Apache, BIND, Postfix, they all work great.  The "problem"
> is you may need config adjustment.  Your Apache ListenOn's will need
> IPv6 added, your Postfix "local nets" ACL will need your IPv6
addresses
> added, and so on.
> 
> And that is the crux of the migration issue.  Updating all the
> configuration in all the apps to both do the right thing and be secure
> in IPv6.  That is where all of your work will be, particualrly if you
> have custom systems to manage IP's or configs.
> 
> --
>        Leo Bicknell - bicknell at ufp.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/

We're still having some problems with linux and java.  For example, a v6
socket is supposed to support either protocol. But for some reason, and
I don't know if this is just one particular kernel, if communications is
attempted under some circumstances with a v4 address on a dual-stacked
host, the packets go out on the wire with v6 mapped v4 addresses
(::ffff:x.x.x.x) which isn't supposed to happen.  So everything isn't
quite there yet for dual-stacking all applications.  The "safest"
approach on paper is v6 native using NAT64/DNS64 but getting the NAT64
piece in place at production quality and scale is a problem at this
point.






More information about the NANOG mailing list