中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 13: IPv6 in the Campus/Enterprise

13.3.2 Transition Status(2)

The longer term plan is to use IPv6 firewalling on the Nokia IP740; until then the firewall is an additional BSD system, on which ports are blocked by default. This is a partially stateful firewall.

Two IPv6-only DNS servers have been run in the past; now the main servers network/subnet is IPv6- enabled the department’s three primary BIND9 DNS servers have been IPv6-enabled. This includes reverse delegation of our prefix under 0.d.0.0.0.3.6.0.1.0.0.2.ip6.int and 0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa (the .int is being phased out). The new DNS server information is currently as follows:

ns0.ecs.soton.ac.uk. 390 IN A 152.78.70.1
ns0.ecs.soton.ac.uk. 390 IN AAAA 2001:630:d0:116::53
ns1.ecs.soton.ac.uk. 390 IN A 152.78.68.1
ns1.ecs.soton.ac.uk. 390 IN AAAA 2001:630:d0:117::53
ns2.ecs.soton.ac.uk. 390 IN A 152.78.71.1
ns2.ecs.soton.ac.uk. 390 IN AAAA 2001:630:d0:121::53

The main Linux login server is IPv6-enabled, with ssh logins and sftp file transfer available through the firewall. Once IPv6 is present on the wire, all that was needed was the firewall hole to be opened up for the service, an IPv6 AAAA DNS entry added for the login server, and the sshd daemon with IPv6 support turned on. Offering only secure protocols (and not plain ftp or telnet) can be easier to do when starting afresh with a new protocol.

NTP has been provisioned for IPv6 by use of both the RIPE TTM server as an NTP server, and also a dedicated NTP server from Meinberg, that supports both IPv4 and IPv6.

Our SMTP and MX servers now exchange external email over IPv6. IPv6 DNS records were added for the hosts that provide these services. If the sending or receiving node we are communicating with supports IPv6, IPv6 transport for email is usually preferred.

Almost all of our web servers/sites have been made available using Apache 2, e.g. the main department web site at www.ecs.soton.ac.uk, and many of the 100 or so hosted domains that we run, e.g. the IST IPv6 Cluster site, as operated for the 6LINK project, or the IPv6 Forum web site www.ipv6forum.org.

The department’s Wireless LAN (over 30 access points) is IPv6 enabled. Some Mobile IPv6 has been deployed and tested between the WLAN and the local community wireless network (SOWN), using the MIPL code (which lacks security elements, but is usable). The more advanced WLAN network we deployed uses 802.1x based access control, which is IP version neutral and thus can be used to secure the IPv4 and IPv6 WLAN access.

Monitoring is achieved by a mixture of Netflow v9, Nagios, our RIPE TTM server and MRTG. An example of MRTG doing host monitoring and RIPE TTM output is shown in Figure 13-7.

The latest versions of Radiator and FreeRADIUS allow IPv6 transport for RADIUS.

Dual-stack Jabber and Internet Relay Chat (irc) servers are deployed.

An H.323 IPv6 conferencing system has been tested (GnomeMeeting for Linux), and we host a dualstack Open H.323 MCU server for videoconferencing.

A key point to emphasise is that in making the transition to support IPv6 dual-stack pervasively in our network, we have not seen any adverse affect on IPv4 services. Making our DNS, MX and web servers all able to serve data over IPv4 or IPv6 has not had any noticeable adverse impact on robustness or reliability.
‹ 13.3.2 Transition Status(1)up13.3.3 Supporting Remote Users ›