In a message written on Wed, Jan 26, 2011 at 10:22:40AM -0800, Charles N Wyble wrote:
For the most part, I'm a data center/application administrator/content provider kind of guy. As such, I want to provide all my web content over ipv6, and support ipv6 SMTP. What are folks doing in this regard?
Do I just need to assign ip addresses to my servers, add AAAA records to my DNS server and that's it? I'm running PowerDNS for DNS, Apache for WWW. Postfix for SMTP.
The layer 3 part for you is really simple. Here's a deployment model we use a number of places. I'm going to assume you have a /48, from ARIN or your upstream. Lay out your networks as: AAAA:BBBB:CCCC:<vlan>::/64 The AAAA:BBBB:CCCC::/48 was given to you by ARIN/your upstream. For VLAN I recommend being human friendly and making vlan 10 be AAAA:BBBB:CCCC:0010::/64, even though that's technically 16 in Hex. The vlan's consume 4096 of your 65536 subnets, so you still have many more to play with. Want to know what address to configure, well, you can guess if you know the vlan number. We then also do the same thing with the address, if it's a static server. Say the server was 10.2.50.210. We re-use the 210 part, and get AAAA:BBBB:CCCC:0010::210, assuming it is on VLAN 10. So you assign addresses to your boxes, decide if you want static default routes or want to allow them to learn a default via RA, and well, you're basically done for Layer 3. Application level support on Linux/FreeBSD/NetBSD is 98% and rising every day. Apache, BIND, Postfix, they all work great. The "problem" is you may need config adjustment. Your Apache ListenOn's will need IPv6 added, your Postfix "local nets" ACL will need your IPv6 addresses added, and so on. And that is the crux of the migration issue. Updating all the configuration in all the apps to both do the right thing and be secure in IPv6. That is where all of your work will be, particualrly if you have custom systems to manage IP's or configs. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/