IPv6 migration
Contents:
Current state:
- All linux machines are IPv6 enabled.
- A tunnel connects our network to the IPv6 Internet. Currently no firewalling is in place for this connection.
- Most services running on the linux machines now accept IPv6 connections.
- The local DNS servers contain IPv6 address entries for machines.
Connection
Baal (our internet router) runs a 6-in-4 tunnel to the AARNet IPv6 Migration Broker giving us our own /48 network prefix, which is split into two /64 prefixes for our wired and wireless networks.
Baal also runs a route advertisement daemon allowing automatic configuration.
Services
DNS
- The DNS servers running on Mars, Taliesin (both authoritative), and Baal (forwarder only) handle IPv6 connections.
- The DNS servers on Mars and Taliesin provide AAAA and PTR records for local hosts.
Others
- Both Mars and Taliesin are now running Apache 2.2, handling IPv6 requests.
- Taliesin was running the Polipo caching web proxy for a number of months. It supports IPv6 connections but still has a few big problems.
- Cyrus (IMAP email), Postfix (email server), NTP (time), SSH, and PostgreSQL on Mars also listen on IPv6.
Untested
- Baal runs MRD6 in an attempt to route multicast traffic between our wired and wireless networks. I need to test this, probably with Dad's wireless laptop and VLC.
Caching web proxies
- The Squid project is working on version 3.0, an almost complete rewrite. There is an IPv6 branch, but it still isn't quite finished yet.
- Apache 2.x and mod_proxy would make a reasonable caching proxy. It supposedly improved in Apache 2.2. Unfortunately it still doesn't support any mechanism for blocking ads.
- Polipo supports IPv6 and has a good list of features. The author refuses to add simple logging support based on some misguided concerns about “privacy”, killing the Calamaris reports we‘ve found so useful. It also doesn’t support FTP, only HTTP.
To do
- Get some firewalling set up on the tunnel.
- Get IPv6 running on the windows machines. i.e ipv6 install
- IPsec VPN?
- Still have to figure out multicast, even just to bridge the wired and wireless networks.
- Register a domain, have AAAA and PTR records for at least some of our machines.