IPv6 for Fedora services?
sts at ono.at
Thu Aug 27 11:07:49 UTC 2009
On Aug 17, 2009, at 19:43 , Mike McGrath wrote:
> On Mon, 17 Aug 2009, Jeff Garzik wrote:
>> On 08/17/2009 10:01 AM, Mike McGrath wrote:
>>> On Mon, 17 Aug 2009, Jeff Garzik wrote:
>>>> Is there any IPv6 plan for *.fedoraproject.org ?
>>> There is currently no plan.
>> What needs to be done to create a plan, and move forward?
> Someone with a clear idea of the benefits, costs, and a plan for
Besides the fact that we have to expect no more free IPv4 adresses
available after 2012 and will then be forced to start working on it, the
greatest benefit would be to start getting experience on the whole new
As long as our uplink providers already support v6, the costs to enable
services within the new address space should be minimal. Providers
usually just charge a setup fee and are actually not allowed to charge
more than that...
I have already some experience with ipv6 from my workplace. The rough
plan for the transition made so far was:
* Enable v6 auto-configuration for all of our server vlans. Thus, all
of our machines had v6 connectivity to the outside, and where able
to use already existing v6 services.
To work around any security bugs which this change could introduce,
we configured stateful filtering on the routers, allowing only
established connections from the outside to our machines.
* Working on the support of internal, ancillary services, such as
monitoring-, accouting- and documentation systems and setting up
firewalls for v6 on all of the hosts.
* Enabling the first non-critical test services, by adding additional
addresses from another address space, which allow inbound
* Enabling more and more services, which are as well visible for our
customers. DNS, SMTP, WEB,...
Looking forward to work with you guys on the transition.
Stefan Schlesinger \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\
sts at ono.at STS45-RIPE
More information about the Fedora-infrastructure-list