IPv6 for Fedora services?

Stefan Schlesinger sts at ono.at
Thu Aug 27 11:07:49 UTC 2009 

On Aug 17, 2009, at 19:43 , Mike McGrath wrote:

> On Mon, 17 Aug 2009, Jeff Garzik wrote:
>
>> On 08/17/2009 10:01 AM, Mike McGrath wrote:
>>> On Mon, 17 Aug 2009, Jeff Garzik wrote:
>>>> Is there any IPv6 plan for *.fedoraproject.org ?
>>> There is currently no plan.
>> What needs to be done to create a plan, and move forward?
> Someone with a clear idea of the benefits, costs, and a plan for
> implementation.

Besides the fact that we have to expect no more free IPv4 adresses
available after 2012 and will then be forced to start working on it, the
greatest benefit would be to start getting experience on the whole new
IPv6 stack.

As long as our uplink providers already support v6, the costs to enable
services within the new address space should be minimal. Providers
usually just charge a setup fee and are actually not allowed to charge
more than that...

I have already some experience with ipv6 from my workplace. The rough
plan for the transition made so far was:

* Enable v6 auto-configuration for all of our server vlans. Thus, all
   of our machines had v6 connectivity to the outside, and where able
   to use already existing v6 services.

   To work around any security bugs which this change could introduce,
   we configured stateful filtering on the routers, allowing only
   established connections from the outside to our machines.

* Working on the support of internal, ancillary services, such as
   monitoring-, accouting- and documentation systems and setting up
   firewalls for v6 on all of the hosts.

* Enabling the first non-critical test services, by adding additional
   addresses from another address space, which allow inbound  
connections.

* Enabling more and more services, which are as well visible for our
   customers. DNS, SMTP, WEB,...

Looking forward to work with you guys on the transition.

Regards, Stefan.

--
Stefan Schlesinger \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\
sts at ono.at                                                    STS45-RIPE

More information about the Fedora-infrastructure-list mailing list