On Jan 26, 2011, at 11:18 AM, George Bonser wrote:
Application level support on Linux/FreeBSD/NetBSD is 98% and rising every day. Apache, BIND, Postfix, they all work great. The "problem" is you may need config adjustment. Your Apache ListenOn's will need IPv6 added, your Postfix "local nets" ACL will need your IPv6
addresses
added, and so on.
And that is the crux of the migration issue. Updating all the configuration in all the apps to both do the right thing and be secure in IPv6. That is where all of your work will be, particualrly if you have custom systems to manage IP's or configs.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
We're still having some problems with linux and java. For example, a v6 socket is supposed to support either protocol. But for some reason, and I don't know if this is just one particular kernel, if communications is attempted under some circumstances with a v4 address on a dual-stacked host, the packets go out on the wire with v6 mapped v4 addresses (::ffff:x.x.x.x) which isn't supposed to happen. So everything isn't quite there yet for dual-stacking all applications. The "safest" approach on paper is v6 native using NAT64/DNS64 but getting the NAT64 piece in place at production quality and scale is a problem at this point.
That's definitely a bug. Mapped addresses should never hit the wire. Dual stack is quite a bit safer than NAT64/DNS64. The bug you describe should be fairly trivial to get fixed if someone can isolate which product actually has the bug. Have you tried the current kernel under the existing other components? If swapping the kernel doesn't fix it (I think the mapped address on the wire bugs in the Linux kernel were removed fairly early in the 2.6 chain IIRC), then it's probably Java. Owen