[aklug] Re: IPv6 benefits me...

>
> And this means that the IPv6 connection would be pretty much superfluous,
> correct?

Technically speaking, you are correct. I am using the IPv6 connectivity to
learn more about IPv6, to make sure I am able to enable my services in a
dual IPv6/IPv4 environment, and to ensure that all software I write is
IPv6/IPv4 capable.

I am anticipating that IPv6 will eventually be rolled out and I want to be
ahead of the game in terms of experience. I have also found it useful
allowing my Linode servers direct access to my internal servers hanging off
of the DSL (LDAP replication, Bind master/slave, rsync, trusted/untrusted
hosts, etc).

As for sharing public services on statics, I use the individual server's
IPv6 address and then my shared IPv4 IP address for each web host. The
firewall then forwards 80/443 on the public IPv4 address to a reverse proxy
which then directs the traffic to the correct Linux container (LXC)
(ironically on IPv6). Incoming IPv6 connections hit the individual LXC
directly.

The big things I have gained from this experience is:

   - Being comfortable with IPv6 address notations and IPv6 addresses in
   URLS.
   - Better understanding of link local addresses vs the routable IP
   addresses.
   - Learned a few of the gotchas of dual stack services (Apache, Lighttpd,
   Sendmail, Bind, IPtables, LXC, etc).
   - Learning some of the gotchas of dual stack programming (my latest
   learning pains is SCNetworkReachability on iOS:
   http://stackoverflow.com/questions/10965251).

I am by no means an expert now, but I would feel comfortable walking into
an environment running either dual IPv6/Ipv4 or IPv6 only servers. I am
still weak with IPv6 on routers/switches (but I've always been an <aol>me
too</aol> router jockey, I'm not even sure I can breakout of a ping on
Cisco without power cycling).

On the educational note, Hurricane Electric offers certification tests. Now
I wouldn't hire someone simply upon the certification, however I found it
useful as an IPv6 Primer. The only downside of the certification is that
it requires that you have a server accessible from IPv6 (this includes your
DNS glue records and name servers).

Now that everything is setup, I do not notice a difference unless I am
looking at my logs or I browse to an IPv6 capable site which returns my
IPv6 address.

--David M. Syzdek

On Mon, Jun 11, 2012 at 12:39 PM, Christopher Howard <
christopher.howard@frigidcode.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/06/2012 02:29 PM, David M. Syzdek wrote:
> > Christopher,
> >
> > Even though ACS and GCI do not currently offer IPv6, you can still
> > enable public IPv6 access on your network using a tunnel broker
> > such as Hurricane Electric or SixXS. I am currently using Hurricane
> > Electric on an ACS DSL and am using the assigned /64 to provide
> > IPv6 addresses to all of my workstations and servers. I've had it
> > configured for a while now and both my Linux and OS X boxes are
> > able to seamless switch between IPv4 and IPv6 depending upon the
> > website.
> >
> > Here are the providers I use to enable IPv6:
> >
> > * Hurricane Electric Tunnel Brokering Service (IPv6 addresses for
> > home network) o SixXS - I used their brokering service a few years
> > back, however Hurricane Electric seemed easier to set-up and was
> > less militant about forcing IPv6 use. * GKG Domain Registrar
> > (allows IPv6 & IPv4 glue records on the same name server host
> > record) o GoDaddy - Also has IPv6 Glue records, but I am boycotting
> > due to political reasons o Namescheap - allow either IPv6 or IPv4
> > records on individual glue records (so had to use hostname names
> > like ns41.bindlebinaries.com <http://ns41.bindlebinaries.com>,
> > ns42.bindlebinaries.com <http://ns42.bindlebinaries.com>,
> > ns61.bindlebinaries.com <http://ns61.bindlebinaries.com>, and
> > ns62.bindlebinaries to define two glue records for IPv4 and IPv6. *
> > Linode (provides IPv6 and IPv4 addresses for Linux VPS services
> > (and Slackware Images))
> >
> > It took a little trial and error to figure things out and some time
> > to read through documentation, however I am greatly looking forward
> > to the day when I can turn off IPv4. Having a large supply of
> > routable IP addresses is outstanding when turning up many LXC
> > containers for testing various services.
> >
> > Even though remote tunnel brokers work well enough, they do bog
> > down a little when passing lots of traffic. It would be nice if
> > ACS and GCI would either offer native IPv6 or provide local tunnel
> > brokers for better performance.
> >
> > --David M. Syzdek
> >
>
> So, trying to make sure I understand how things work: Currently my
> desktop computers and servers are behind a standard ACS DSL
> configuration with NAT, using port-forwarding to expose some of the
> servers through the single IP address belong to the router.
>
> Through a tunnel broker, I could give all my machines access to the
> IPv6 network, and all the servers could have static IPv6 addresses.
> However, those addresses would only be accessible to those who had
> also hooked up to the IPv6 network, which presumably excludes a lot of
> people who, like myself, have an ISP that does not provide IPv6
> service or have not yet gone to the trouble of tunnelling into it. So,
> in order to keep my servers "public", I would still have to keep them
> connected to the IPv4 network. And this means that the IPv6 connection
> would be pretty much superfluous, correct?
>
> - --
> frigidcode.com
> indicium.us
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJP1ldmAAoJEI2DxlFxTtgd9KgH/1dsieXi8dVBRpdwed+MhXpt
> JiJvRu6DXdgwqI+X6eBMyZlhPooxRuhoH5IgenIQ+NSHFMk/o9u/MYMCnOg9L4ta
> pQOeA96EoI15qLzdBzA4R9mgvTHPYlcS+Xhtw+vRLMrC1qLgxoceNW9Uv8bPXJ0x
> lc6PbDQ9DG2qoAMV1EhRXe+ffldL830Bf/NlH7iH2REyHfVtA7ICBPf1IZfSd10N
> l0fNlC/Yli9r9Kj4SGz+Nqi1qaUv9AA5Ys2anuPpnpc/NrP20uXopivMW5uqqpqe
> I9xmXu08EBNzGsUM5twbi7yGx9F9TjVffYz1YI2ofYODRWHP3NUBNyOx8UlGXoc=
> =iZ3D
> -----END PGP SIGNATURE-----
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 11 13:52:53 2012