Our office has a /24 IPv4 and a /48 IPv6 network since 2003, and all our public services are available on IPv4 and IPv6.
This is a test to see if it would be possible to run parts of the TERENA Secretariat office network on IPv6 only.
This page keeps track of progress, bugs, and issues with this transition.
I will start with all systems and services that are used only internally.
This is not the first time this has been tried out:
|
To avoid name resolution problems, it was sometimes necessary to copy to the legacy 127.0.1.1
entries to ::1
in the /etc/hosts
file:
127.0.0.1 localhost 127.0.1.1 ldap.terena.org ldap # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ldap.terena.org ldap |
Skype does not support IPv6 at all. EPIC FAIL!!!! Please everybody VOTE FOR IPv6
This switch does not support IPv6 access lists on VLANs. Needs replacing in 2011 anyway. New box might support NAT64?
These access points do not support IPv6. Need replacing anyway. The AIR-AP1142N-E-K9 could be a drop-in replacement. Also does N.
This copier/printer does not support IPv6 at all.
Could not retrieve e-mail addresses for 'scan to email' after LDAP server went IPv6 only. Hack Work-around: manually put addresses in.
Our big Sharp MX2600n has IPv6 support, so we should get rid of this clunker on the first occasion.
This box does not support IPv6. Needs replacing in 2011 anyway, but don't forget to check!!
Can be configured to do IPv6, but only PING works
Investigate further.
After enabling IPv6 on our Sharp MX2600N printer, the network stack actually works, but only a couple of services are running IPv6:
root@expat:~# nmap -6 2001:610:148:beef::134 Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 10:31 CET Interesting ports on 2001:610:148:beef::134: Not shown: 996 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 515/tcp open printer 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 2.29 seconds |
This is in stark contrast to what runs on IPv4:
root@expat:~# nmap --system-dns 192.87.30.134 Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 10:35 CET Interesting ports on sharp-mx2600n.terena.org (192.87.30.134): Not shown: 991 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 443/tcp open https 515/tcp open printer 631/tcp open ipp 5900/tcp open vnc 9100/tcp open jetdirect 50001/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 2.37 seconds |
Now I'm trying to find out how to print using IPP from Windows 7.
Some tests indicate the Ecdysis works well.
Also, they presented at our own conference last year
Take into consideration!
IPv6 doesn't work. Needed for TERENA web site. Update 2011-03-01: by upgrading Pear_Auth, Pear Live_User was able to use LDAP (via IPv6), without the Radius overhead.
MySQL at this moment does not support IPv6 connections, but the development versions seem to support it (sort of). There are tools to make it work, such as https://twiki.cern.ch/twiki/bin/view/EGEE/IPv6CARE.
Not A Problem Here: we have only one host running MySQL, and that will be phased out in the future any way.
security.ubuntu.com
does not work, so no security updates. Workaround: use local mirror nl.archive.ubuntu.com
for security updates.
Does not like IPv6 addresses, wrote patch.
ntp.ubuntu.com
does not work. Use our own NTP server graham.terena.org
, or one of the many SURFnet chimes.
dumps core without IPv4 loopback address. Workaround: keep legacy 127.0.0.1 address.
Authentication on dual stack LDAP servers does not work. Using an IPv6-only hostname does work. For us this works, because our LDAP server is IPv6 only.
Cannot use IPv6 LDAP server. Filed support ticket at Open.com.au. Fixed as of 2011-02-12. Also make sure to add flags to any custom perl hooks:
my $ldap = Net::LDAP->new('ldap://ldap.terena.org',inet6=>1);
This is a custom email list manager, running on Erasmus. 2 lists were doing queries to ldap.terena.org
. Unfortunately the Net::LDAP in Ubuntu Hardy (libnet-ldap-perl
) is too old and does not recognise the inet6 paramater. Hacked Fixed by copying /usr/share/perl5/Net/LDAP.pm
from a Lucid box.
Nmap only recognizes IPv6 resolvers by specifying "--system-dns
"
This (expensive) financial software package runs on a Windows 2003 server, so it might just work with IPv6.
The needed MS SQL server seems to speak IPv6 as well.
However, after more close inspection it does not look too encouraging:
Having a software package on a dedicated Windows server, with MSSQL etc is quite some overhead, so I was interested in their new web based product Exact Online.
The Exact Online web site (surprise surprise) can't be reached via IPv6. But if everything is running through HTTP(S), then a NAT64/DNS64 solution might make things work.
Upgrade to 4.2.8 or later to get IPv6 going.
Tunneling via SSH does not work. Native Postgres connections work, so the bug must be in sshfwd.dll
.
Confirmed by EMS, but not yet fixed.
Works, but some weird things: I had some repositories checked out with TurtoiseSVN, using my SSH keys from Putty/Pageant. Any actions on the repository started to have a really long delay after switching off IPv4 on the subversion server. Fixed after using the right repository URL format, in my case using the Putty session name instead of the host name. This session has everything set properly already. In my case the hostname is svn.terena.org
, and the PuTTY session name is svn
.
The "Remote Desktop client" in Windows 7 (mstsc.exe
) has some weird behavior. An RDP connection to a Windows 7 computer using a hostname that only has a AAAA record takes 11 seconds. mstsc.exe
does an A query first, gets back a No such name, then wait 11 seconds, then asks for and receives the AAAA record, and then immediately connects. |
Autoconfiguring name servers does not work for Mac OS X. Macs need manually configured name servers, boo!
CIFS client on Mac OS X does not support IPv6. Unable to file bug report due to lame web site ("An error has occurred. Please report the error to Apple Inc. by emailing the error detail to devbugs@apple.com.").
CyberDuck does not work with IPv6 hostnames. Use either literal IPv6 address, or IPv6-only host name godzilla.ipv6.terena.org
.
Fixed in 4.0