The Path to IPv6 from a webhosting perspective
Tuesday, March 29th, 2011My goal in June 2010 was to be completely IPv4/IPv6 dual stack by the end of 2010. This started a long, arduous process that required reworking portions of our network, upgrading the software on our border routers, increasing the memory on our border routers for the larger BGP table, removing a provider that refused to handle IPv6 in the data center we were located in, adding a separate provider so that we could have redundant IPv6 feeds and a number of other issues. In the last 7 days since we turned up IPv6 and started announcing two /48s, We’ve gotten 25% of our network configured for IPv6 and expect to be able to transition the remaining 75% in the next 15 days.
Of course, with IPv6 comes a new kernel as the existing kernel we’ve used didn’t have IPv6. 2.6.38 comes with Automatic Process Grouping which in early testing has had a positive impact on several machines with different workloads. So, we have an additional reason to deploy kernels on every machine.
Some of the issues we ran into:
* Router
** Initial problem with IPv6 and the OS on the router
** Current minor issue with OSPF3
* Route Performance Control Box
** appears to ignore IPv6 traffic
* Aggregate Network
** OSPF3 support, altered network design to reflatten it (this from unflattening it a few years back)
* Nameservers
** Currently using bind9, no issues, switching to PowerDNS for other reasons
** Glue records at register required manual entry (webform didn’t accept : in an IP address)
* MX Servers
** Postfix, no issues, added inet_protocols=ipv4, ipv6, restarted
** Some anti-spam software that depended on IP addressing acts a little odd
** Antivirus daemon appears to only listen on IPv4 socket, but, since that is an internal milter, it doesn’t cause any real problems now.
** First 7 days, 247k emails processed, 2 from IPv6
* Webservers
* Load Balancers
** very odd issue with the new kernel, udev, and the SSD drives, not network/ipv6 related
* Cluster
** No issues, GFS, DRBD, Apache, Dovecot, etc all recognized IPv6
* General Machine issues
** Firewall software on each machine requires separate rulesets for IPv6. Not a huge problem, but, one to consider.
* Client applications
** char(15) in mysql to store IP addresses
** parsing of Apache CLF doesn’t understand IP addresses
One person that was testing with a Teredo tunnel wasn’t able to access the site via IPv6, but, was able to ping. After reading through a number of pages on the web:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
and add a DWORD value:
AddrConfigControl = 0
fixed the issue. For my home connection, I used TunnelBroker along with the script mentioned on the page Enable IPv6 on Mac OS X, the tunnelbroker.net way.
After receiving this tweet, I decided that running this site with a separate hostname for IPv6 was probably not a great test and put the AAAA records in DNS. So far, one person has mentioned that they had difficulties reaching the site, but, that was a problem with their ISP and transit. Their ISP appears to be blocking protocol 41 packets. Switching to a tunnel fixed that problem.
All in all, most of the issues are very minor from a networking standpoint, but, web applications are going to have the most trouble.
We’re working hard to make sure everything is dual-stack enabled by IPv6 Jump Day (June 8, 2011) but I suspect it won’t be until 2020-2030 before we can deploy IPv6 only services.