Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Wikitech

WMF and IPv6

 

 

First page Previous page 1 2 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded


george.herbert at gmail

Feb 3, 2011, 12:50 PM

Post #1 of 50 (2476 views)
Permalink
WMF and IPv6

I just checked and determined that there appear to be no AAAA records
yet for the WMF servers.

I have to admit to having been negligent in examining the IPv6
readiness of the Mediawiki software. Is it generally working and
ready to go on IPv6?

Does the Foundation have a IPv6 support plan ready to go?

The importance of this is going to be high in the Asia-Pacific region
within a few months:
http://www.potaroo.net/tools/ipv4/rir.jpg

(APNIC runs out of IPv4 space to give to providers somewhere around
August, statistically; RIPE in Feb or March 2012, ARIN in July 2012).

In each region, ISPs then will start running out of IPv4 to hand out
within a month to three months of the registry exhaustion.

We have a few months, but by the end of 2012, any major site needs to
be serving IPv6.

Out of curiosity, is anyone from the Foundation on the NANOG mailing lists?



--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jra at baylink

Feb 3, 2011, 12:58 PM

Post #2 of 50 (2421 views)
Permalink
Re: WMF and IPv6 [In reply to]

----- Original Message -----
> From: "George Herbert" <george.herbert [at] gmail>

> I just checked and determined that there appear to be no AAAA records
> yet for the WMF servers.
>
> I have to admit to having been negligent in examining the IPv6
> readiness of the Mediawiki software. Is it generally working and
> ready to go on IPv6?

Is Apache? That's the base question, is it not? I think the answer is
yes.

> The importance of this is going to be high in the Asia-Pacific region
> within a few months:
> http://www.potaroo.net/tools/ipv4/rir.jpg
>
> (APNIC runs out of IPv4 space to give to providers somewhere around
> August, statistically; RIPE in Feb or March 2012, ARIN in July 2012).

ARIN issued the last 5 available /8s to RIRs *today*; we've been talking
about it all day on NANOG.

> In each region, ISPs then will start running out of IPv4 to hand out
> within a month to three months of the registry exhaustion.
>
> We have a few months, but by the end of 2012, any major site needs to
> be serving IPv6.
>
> Out of curiosity, is anyone from the Foundation on the NANOG mailing
> lists?

Oh yeah; that's what triggered this. :-)

Cheers,
-- jra

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


robert at rhl

Feb 3, 2011, 1:04 PM

Post #3 of 50 (2420 views)
Permalink
Re: WMF and IPv6 [In reply to]

I believe the WMF intends to participate in World IPv6 Day [1],
additionally they publish some IPv6 statistics [2]. See also the IPv6
deployment page [3].

[1] http://isoc.org/wp/worldipv6day/
[2] http://ipv6and4.labs.wikimedia.org/
[3] http://wikitech.wikimedia.org/view/IPv6_deployment

Robert

On 2011-02-03, George Herbert wrote:
> I just checked and determined that there appear to be no AAAA records
> yet for the WMF servers.
>
> I have to admit to having been negligent in examining the IPv6
> readiness of the Mediawiki software. Is it generally working and
> ready to go on IPv6?
>
> Does the Foundation have a IPv6 support plan ready to go?
>
> The importance of this is going to be high in the Asia-Pacific region
> within a few months:
> http://www.potaroo.net/tools/ipv4/rir.jpg
>
> (APNIC runs out of IPv4 space to give to providers somewhere around
> August, statistically; RIPE in Feb or March 2012, ARIN in July 2012).
>
> In each region, ISPs then will start running out of IPv4 to hand out
> within a month to three months of the registry exhaustion.
>
> We have a few months, but by the end of 2012, any major site needs to
> be serving IPv6.
>
> Out of curiosity, is anyone from the Foundation on the NANOG mailing lists?
>
>
>
> --
> -george william herbert
> george.herbert [at] gmail
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:05 PM

Post #4 of 50 (2417 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <19663836.4613.1296766691647.JavaMail.root [at] benjamin>,
Jay Ashworth <jra [at] baylink> wrote:
>----- Original Message -----
>> From: "George Herbert" <george.herbert [at] gmail>
>> I have to admit to having been negligent in examining the IPv6
>> readiness of the Mediawiki software. Is it generally working and
>> ready to go on IPv6?
>Is Apache? That's the base question, is it not?

It doesn't matter if Apache supports IPv6, since the Internet-facing
HTTP servers for wikis are reverse proxies, either Squid or Varnish.
I believe the version of Squid that WMF is using doesn't support IPv6.

As long as the proxy supports IPv6, it can continue to talk to Apache
via IPv4; since WMF's internal network uses RFC1918 addresses, it won't
be affected by IPv4 exhaustion.

Apache does support IPv6, though; some other content which is served
using Apache, like lists.wm.o, is available over IPv6.

MediaWiki itself supports IPv6 fine, including for blocking. This was
implemented a while ago. Training admins to handle IPv6 IPs could be
interesting.

>> (APNIC runs out of IPv4 space to give to providers somewhere around
>> August, statistically; RIPE in Feb or March 2012, ARIN in July 2012).
>ARIN issued the last 5 available /8s to RIRs *today*; we've been talking
>about it all day on NANOG.

Not exactly. IANA issued the last 5 /8s to RIRs, of which ARIN is one,
today. But George is talking about RIR exhaustion, which is still some
months away.

>> Out of curiosity, is anyone from the Foundation on the NANOG mailing
>> lists?
>Oh yeah; that's what triggered this. :-)

Does any useful discussion still take place on that list?

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:06 PM

Post #5 of 50 (2422 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 12:58 PM, Jay Ashworth <jra [at] baylink> wrote:
> ----- Original Message -----
>> From: "George Herbert" <george.herbert [at] gmail>
>
>> I just checked and determined that there appear to be no AAAA records
>> yet for the WMF servers.
>>
>> I have to admit to having been negligent in examining the IPv6
>> readiness of the Mediawiki software. Is it generally working and
>> ready to go on IPv6?
>
> Is Apache?  That's the base question, is it not?  I think the answer is
> yes.
>
>> The importance of this is going to be high in the Asia-Pacific region
>> within a few months:
>> http://www.potaroo.net/tools/ipv4/rir.jpg
>>
>> (APNIC runs out of IPv4 space to give to providers somewhere around
>> August, statistically; RIPE in Feb or March 2012, ARIN in July 2012).
>
> ARIN issued the last 5 available /8s to RIRs *today*; we've been talking
> about it all day on NANOG.
>
>> In each region, ISPs then will start running out of IPv4 to hand out
>> within a month to three months of the registry exhaustion.
>>
>> We have a few months, but by the end of 2012, any major site needs to
>> be serving IPv6.
>>
>> Out of curiosity, is anyone from the Foundation on the NANOG mailing
>> lists?
>
> Oh yeah; that's what triggered this.  :-)
>
> Cheers,
> -- jra

Yes, I know YOU are Jay, and presumably I count as I was on NANOG in
1995, but I was asking about WMF staff / ops department.


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jra at baylink

Feb 3, 2011, 1:11 PM

Post #6 of 50 (2425 views)
Permalink
Re: WMF and IPv6 [In reply to]

----- Original Message -----
> From: "River Tarnell" <r.tarnell [at] IEEE>

> It doesn't matter if Apache supports IPv6, since the Internet-facing
> HTTP servers for wikis are reverse proxies, either Squid or Varnish.
> I believe the version of Squid that WMF is using doesn't support IPv6.

Oh, of course.

> As long as the proxy supports IPv6, it can continue to talk to Apache
> via IPv4; since WMF's internal network uses RFC1918 addresses, it
> won't be affected by IPv4 exhaustion.

It might; how would a 6to4NAT affect blocking?

> Apache does support IPv6, though; some other content which is served
> using Apache, like lists.wm.o, is available over IPv6.
>
> MediaWiki itself supports IPv6 fine, including for blocking. This was
> implemented a while ago. Training admins to handle IPv6 IPs could be
> interesting.

I mused on NANOG yesterday as to what was going to happen when network
techs started realizing they couldn't carry around a bunch of IPs in
their heads anymore...

> >> (APNIC runs out of IPv4 space to give to providers somewhere around
> >> August, statistically; RIPE in Feb or March 2012, ARIN in July
> >> 2012).
> >ARIN issued the last 5 available /8s to RIRs *today*; we've been
> >talking about it all day on NANOG.
>
> Not exactly. IANA issued the last 5 /8s to RIRs, of which ARIN is one,
> today. But George is talking about RIR exhaustion, which is still some
> months away.

His phrasing seemed a bit.. insufficiently clear, to me. That was me,
attempting to clarify.

> >> Out of curiosity, is anyone from the Foundation on the NANOG
> >> mailing
> >> lists?
> >Oh yeah; that's what triggered this. :-)
>
> Does any useful discussion still take place on that list?

Sure. The S/N is still lower than the Hats would prefer, but that's
the nature of an expanding universe.

Cheers,
- jra

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:13 PM

Post #7 of 50 (2417 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:05 PM, River Tarnell <r.tarnell [at] ieee> wrote:
> Does any useful discussion still take place on that list?
>
>        - river.

I don't know; did any ever? 8-)

>It doesn't matter if Apache supports IPv6, since the Internet-facing
>HTTP servers for wikis are reverse proxies, either Squid or Varnish.
>I believe the version of Squid that WMF is using doesn't support IPv6.
>
>As long as the proxy supports IPv6, it can continue to talk to Apache
>via IPv4; since WMF's internal network uses RFC1918 addresses, it won't
>be affected by IPv4 exhaustion.

Ah, yes. That problem. "We're" using that hacked up Squid 2.7, right?

I'm not as involved as I was a couple of years ago, but I was running
a large Squid 3.0 and experimental 3.1 site for about 3 years.

Squid wiki says we need any 3.1 release (latest have some significant bugfixes):

http://wiki.squid-cache.org/Features/IPv6


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:17 PM

Post #8 of 50 (2430 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:11 PM, Jay Ashworth <jra [at] baylink> wrote:
>> >> (APNIC runs out of IPv4 space to give to providers somewhere around
>> >> August, statistically; RIPE in Feb or March 2012, ARIN in July
>> >> 2012).
>> >ARIN issued the last 5 available /8s to RIRs *today*; we've been
>> >talking about it all day on NANOG.
>>
>> Not exactly. IANA issued the last 5 /8s to RIRs, of which ARIN is one,
>> today. But George is talking about RIR exhaustion, which is still some
>> months away.
>
> His phrasing seemed a bit.. insufficiently clear, to me.  That was me,
> attempting to clarify.

I was trying to explain the situation without trying to braindump the
totality of how IP space allocation works structurally, globally,
politically, and organizationally, which would have us up all day
attempting to get people to understand it all (much less what the
acronym list expands to). This list is fortunately not NANOG, and
hopefully never will be 8-)


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:19 PM

Post #9 of 50 (2427 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <30181972.4621.1296767510190.JavaMail.root [at] benjamin>,
Jay Ashworth <jra [at] baylink> wrote:
>----- Original Message -----
>> From: "River Tarnell" <r.tarnell [at] IEEE>
>> As long as the proxy supports IPv6, it can continue to talk to Apache
>> via IPv4; since WMF's internal network uses RFC1918 addresses, it
>> won't be affected by IPv4 exhaustion.
>It might

No, it won't. The internal network IPs (which are used for
communication between the proxy and the back-end Apache) are not
publicly visible and are completely inconsequential to users.

>how would a 6to4NAT affect blocking?

ISP NATs are a separate issue, and might be interesting; if nothing
else, as one reason (however small) for ISPs to provide IPv6 to end
users. ("Help! I can't edit Wikipedia because my ISP's CGNAT pool was
blocked!".)

The general situation with existing ISPs that use transparent proxies is
that sometimes users just can't edit. Admins try to document such
addresses and avoid blocking them for too long.

>> >> (APNIC runs out of IPv4 space to give to providers somewhere around
>> >> August, statistically; RIPE in Feb or March 2012, ARIN in July
>> >> 2012).
>> >ARIN issued the last 5 available /8s to RIRs *today*; we've been
>> >talking about it all day on NANOG.
>> Not exactly. IANA issued the last 5 /8s to RIRs, of which ARIN is one,
>> today. But George is talking about RIR exhaustion, which is still some
>> months away.
>His phrasing seemed a bit.. insufficiently clear, to me. That was me,
>attempting to clarify.

Okay. I feel your clarification was not very clear ;-)

ARIN didn't issue any /8s today, IANA did. ARIN was one of the
*recipients* of those /8s.

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:21 PM

Post #10 of 50 (2422 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:11 PM, Jay Ashworth <jra [at] baylink> wrote:
> ----- Original Message -----
>> From: "River Tarnell" <r.tarnell [at] IEEE>
>
>> It doesn't matter if Apache supports IPv6, since the Internet-facing
>> HTTP servers for wikis are reverse proxies, either Squid or Varnish.
>> I believe the version of Squid that WMF is using doesn't support IPv6.
>
> Oh, of course.
>
>> As long as the proxy supports IPv6, it can continue to talk to Apache
>> via IPv4; since WMF's internal network uses RFC1918 addresses, it
>> won't be affected by IPv4 exhaustion.
>
> It might; how would a 6to4NAT affect blocking?

It's not really a 6to4 NAT per se - it's a 6to4 application level
proxy. The question is, what does Squid hand off to Apache via a IPv4
back end connection if the front end connection is IPv6.

Which, frankly, I have no idea (and am off investigating...).


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:24 PM

Post #11 of 50 (2422 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <AANLkTikBWLOYHZy4jLN6jwkpHFjoTGO-PpqxfwuPf1EZ [at] mail>,
George Herbert <george.herbert [at] gmail> wrote:
>>It doesn't matter if Apache supports IPv6, since the Internet-facing
>>HTTP servers for wikis are reverse proxies, either Squid or Varnish.
>>I believe the version of Squid that WMF is using doesn't support IPv6.

>Ah, yes. That problem. "We're" using that hacked up Squid 2.7, right?

As far as I know, yes. I don't know if the plan is to update to a newer
Squid, or to switch to Varnish entirely.

<http://wikitech.wikimedia.org/view/IPv6_deployment> mentions either
using another front-end proxy, or upgrading.

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:24 PM

Post #12 of 50 (2421 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:21 PM, George Herbert <george.herbert [at] gmail> wrote:
> On Thu, Feb 3, 2011 at 1:11 PM, Jay Ashworth <jra [at] baylink> wrote:
>> ----- Original Message -----
>>> From: "River Tarnell" <r.tarnell [at] IEEE>
>>
>>> It doesn't matter if Apache supports IPv6, since the Internet-facing
>>> HTTP servers for wikis are reverse proxies, either Squid or Varnish.
>>> I believe the version of Squid that WMF is using doesn't support IPv6.
>>
>> Oh, of course.
>>
>>> As long as the proxy supports IPv6, it can continue to talk to Apache
>>> via IPv4; since WMF's internal network uses RFC1918 addresses, it
>>> won't be affected by IPv4 exhaustion.
>>
>> It might; how would a 6to4NAT affect blocking?
>
> It's not really a 6to4 NAT per se - it's a 6to4 application level
> proxy.  The question is, what does Squid hand off to Apache via a IPv4
> back end connection if the front end connection is IPv6.
>
> Which, frankly, I have no idea (and am off investigating...).

Q: Are we doing tproxy between the squids and apache servers?

That's the obvious not-supported situation with Squid and IPv6 with
IPv4 backends.

(That would be solved by adding IPv6 addresses to the Apaches, however).


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:31 PM

Post #13 of 50 (2418 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <AANLkTinQPPu_j=0EmUAF2xoJTHQSxdLUW0btGgU8zvjZ [at] mail>,
George Herbert <george.herbert [at] gmail> wrote:
>It's not really a 6to4 NAT per se - it's a 6to4 application level
>proxy. The question is, what does Squid hand off to Apache via a IPv4
>back end connection if the front end connection is IPv6.

I don't think it's useful to think of it in these terms (6to4 anything).
All it is is an HTTP proxy; it receives one HTTP request from a client,
then open a new connection itself to a web server and sends the same
request, then sends the reply back. Whether the client connection comes
via IPv6 has no impact on the backend connection, and vice versa.

Here's a diagram:

request
client ------------> proxy
IPv6

request
proxy -----------> backend
IPv4


response
proxy <----------- backend
IPv4

response
client <------------ proxy
IPv6

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:35 PM

Post #14 of 50 (2421 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <AANLkTi=OnSreaXMi3Gc+0==TzoQ1jfiX63xrkthv6bKr [at] mail>,
George Herbert <george.herbert [at] gmail> wrote:
>Q: Are we doing tproxy between the squids and apache servers?

No. But since you mention it, LVS (Linux kernel-level load balancer) is
used for load balancing, for both Squid and Apache. LVS supports IPv6,
so that shouldn't be an issue.

>(That would be solved by adding IPv6 addresses to the Apaches, however).

That would be another way to do it. I don't know what the plan is; my
only point originally was that Apache doesn't actually need to know/care
about IPv6.

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jra at baylink

Feb 3, 2011, 1:41 PM

Post #15 of 50 (2419 views)
Permalink
Re: WMF and IPv6 [In reply to]

----- Original Message -----
> From: "River Tarnell" <r.tarnell [at] IEEE>

> Jay Ashworth <jra [at] baylink> wrote:
> >----- Original Message -----
> >> From: "River Tarnell" <r.tarnell [at] IEEE>
> >> As long as the proxy supports IPv6, it can continue to talk to
> >> Apache
> >> via IPv4; since WMF's internal network uses RFC1918 addresses, it
> >> won't be affected by IPv4 exhaustion.
> >It might
>
> No, it won't. The internal network IPs (which are used for
> communication between the proxy and the back-end Apache) are not
> publicly visible and are completely inconsequential to users.
>
> >how would a 6to4NAT affect blocking?
>
> ISP NATs are a separate issue, and might be interesting; if nothing
> else, as one reason (however small) for ISPs to provide IPv6 to end
> users. ("Help! I can't edit Wikipedia because my ISP's CGNAT pool was
> blocked!".)

You misunderstood me.

If we NAT between the squids and the apaches, will that adversely affect
the ability of MW to *know* the outside site's IP address when that's v6?

You're not just changing addresses, you're changing address *families*;
is there a standard wrapper for the entire IPv4 address space into v6?
(I should know that, but I don't.)

> >His phrasing seemed a bit.. insufficiently clear, to me. That was me,
> >attempting to clarify.
>
> Okay. I feel your clarification was not very clear ;-)
>
> ARIN didn't issue any /8s today, IANA did. ARIN was one of the
> *recipients* of those /8s.

Acronym failure; sorry. Yes; Something-vaguely-resembling-IANA issued those
last 5 blocks, in keeping with a long-standing sunset policy.

Cheers,
-- jra

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 1:41 PM

Post #16 of 50 (2429 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:35 PM, River Tarnell <r.tarnell [at] ieee> wrote:
> In article <AANLkTi=OnSreaXMi3Gc+0==TzoQ1jfiX63xrkthv6bKr [at] mail>,
> George Herbert  <george.herbert [at] gmail> wrote:
>>Q: Are we doing tproxy between the squids and apache servers?
>
> No.  But since you mention it, LVS (Linux kernel-level load balancer) is
> used for load balancing, for both Squid and Apache.  LVS supports IPv6,
> so that shouldn't be an issue.
>
>>(That would be solved by adding IPv6 addresses to the Apaches, however).
>
> That would be another way to do it.  I don't know what the plan is; my
> only point originally was that Apache doesn't actually need to know/care
> about IPv6.

As Jay pointed out - handling of blocks (and logins) is an issue (at
least, strongly potentially). But without knowing which shaped bricks
are in use...


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jra at baylink

Feb 3, 2011, 1:42 PM

Post #17 of 50 (2418 views)
Permalink
Re: WMF and IPv6 [In reply to]

----- Original Message -----
> From: "George Herbert" <george.herbert [at] gmail>

> > It might; how would a 6to4NAT affect blocking?
>
> It's not really a 6to4 NAT per se - it's a 6to4 application level
> proxy. The question is, what does Squid hand off to Apache via a IPv4
> back end connection if the front end connection is IPv6.
>
> Which, frankly, I have no idea (and am off investigating...).

I rarely have answer, but I do try to ask good questions.

And yes, NAT was a poor choice of terms.

Cheers,
-- jra

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


brion at pobox

Feb 3, 2011, 1:45 PM

Post #18 of 50 (2425 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:41 PM, Jay Ashworth <jra [at] baylink> wrote:

> If we NAT between the squids and the apaches, will that adversely affect
> the ability of MW to *know* the outside site's IP address when that's v6?
>
> You're not just changing addresses, you're changing address *families*;
> is there a standard wrapper for the entire IPv4 address space into v6?
> (I should know that, but I don't.)
>

There's no reason to NAT between the squid proxies and apaches -- they share
a private network, with a private IPv4 address space which is nowhere near
being exhausted.

Front-end proxies need to speak IPv6 to the outside world so they can accept
connections from IPv6 clients, add the clients' IPv6 addresses to the HTTP
X-Forwarded-For header which gets passed to the Apaches, and then return the
response body back to the client.

The actual backend Apache servers can happily hum along on IPv4 internally,
with no impact on IPv6 accessibility of the site.

-- brion
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:50 PM

Post #19 of 50 (2420 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <9259756.4629.1296769269783.JavaMail.root [at] benjamin>,
Jay Ashworth <jra [at] baylink> wrote:
>----- Original Message -----
>> From: "River Tarnell" <r.tarnell [at] IEEE>
>> Jay Ashworth <jra [at] baylink> wrote:
>> >how would a 6to4NAT affect blocking?
>> ISP NATs are a separate issue, and might be interesting[...]
>You misunderstood me.

>If we NAT between the squids and the apaches, will that adversely affect
>the ability of MW to *know* the outside site's IP address when that's v6?

No, since the client IP is passed via the XFF header. (In any case,
putting NAT there doesn't seem very likely to me.)

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Simetrical+wikilist at gmail

Feb 3, 2011, 1:53 PM

Post #20 of 50 (2420 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 3:50 PM, George Herbert <george.herbert [at] gmail> wrote:
> We have a few months, but by the end of 2012, any major site needs to
> be serving IPv6.

Unlikely. ISPs are just going to start forcing users to use NAT more
aggressively, use tunnelling, etc. No residential client is going to
be given a connection that's incapable of accessing IPv4-only sites
until virtually all sites have switched, which is probably at least a
decade from now. They'd (rightfully) cancel their subscription on the
grounds that the Internet doesn't work.

Of course, it would be great if we could switch sooner, and I hope we
will. But it's not like we'll *need* to.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 1:53 PM

Post #21 of 50 (2418 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <AANLkTikpg8sDNmGWKN2xMW2AGqok1gdYUiOPF7QbMrKm [at] mail>,
Brion Vibber <brion [at] pobox> wrote:
>On Thu, Feb 3, 2011 at 1:41 PM, Jay Ashworth <jra [at] baylink> wrote:
>> If we NAT between the squids and the apaches, will that adversely affect
>> the ability of MW to *know* the outside site's IP address when that's v6?

>> You're not just changing addresses, you're changing address *families*;
>> is there a standard wrapper for the entire IPv4 address space into v6?
>> (I should know that, but I don't.)

>There's no reason to NAT between the squid proxies and apaches -- they share
>a private network, with a private IPv4 address space which is nowhere near
>being exhausted.

I almost said this, but we do have Squids in esams, which has only a
/24; and from what I've heard, probably won't be getting any more space,
ever. So depending on how many Squids are added in the future,
communication between esams and sdtpa could be fun.

(The obvious fix there is to use IPv6 for that...)

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 2:01 PM

Post #22 of 50 (2418 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:53 PM, Aryeh Gregor
<Simetrical+wikilist [at] gmail> wrote:
> On Thu, Feb 3, 2011 at 3:50 PM, George Herbert <george.herbert [at] gmail> wrote:
>> We have a few months, but by the end of 2012, any major site needs to
>> be serving IPv6.
>
> Unlikely.  ISPs are just going to start forcing users to use NAT more
> aggressively, use tunnelling, etc.  No residential client is going to
> be given a connection that's incapable of accessing IPv4-only sites
> until virtually all sites have switched, which is probably at least a
> decade from now.  They'd (rightfully) cancel their subscription on the
> grounds that the Internet doesn't work.
>
> Of course, it would be great if we could switch sooner, and I hope we
> will.  But it's not like we'll *need* to.

You're making assumptions here that the residential ISPs in the US and
Asia have stated aren't true...


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


r.tarnell at IEEE

Feb 3, 2011, 2:02 PM

Post #23 of 50 (2423 views)
Permalink
Re: WMF and IPv6 [In reply to]

In article <AANLkTikgM845ZOvSGqpdvq81juHN8Wm3RwZcxvBqN3oX [at] mail>,
Aryeh Gregor <Simetrical+wikilist [at] gmail> wrote:
>ISPs are just going to start forcing users to use NAT more
>aggressively, use tunnelling, etc.

ISPs will probably do this, but I don't think it's right to say they'll
*just* do this. In the US, for example, Comcast has been running IPv6
trials for a while, and expects to start giving end-user IPv6 addresses
this year. So IPv6 for end users is coming, it's just taking longer
than it should have.

- river.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


george.herbert at gmail

Feb 3, 2011, 2:03 PM

Post #24 of 50 (2422 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 1:45 PM, Brion Vibber <brion [at] pobox> wrote:
> On Thu, Feb 3, 2011 at 1:41 PM, Jay Ashworth <jra [at] baylink> wrote:
>
>> If we NAT between the squids and the apaches, will that adversely affect
>> the ability of MW to *know* the outside site's IP address when that's v6?
>>
>> You're not just changing addresses, you're changing address *families*;
>> is there a standard wrapper for the entire IPv4 address space into v6?
>> (I should know that, but I don't.)
>>
>
> There's no reason to NAT between the squid proxies and apaches -- they share
> a private network, with a private IPv4 address space which is nowhere near
> being exhausted.
>
> Front-end proxies need to speak IPv6 to the outside world so they can accept
> connections from IPv6 clients, add the clients' IPv6 addresses to the HTTP
> X-Forwarded-For header which gets passed to the Apaches, and then return the
> response body back to the client.
>
> The actual backend Apache servers can happily hum along on IPv4 internally,
> with no impact on IPv6 accessibility of the site.

XFF mode forwarding seems to make the problem pretty much go away, yes.

Thanks for confirming that's what's in use.


--
-george william herbert
george.herbert [at] gmail

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


wikimail at inbox

Feb 3, 2011, 2:04 PM

Post #25 of 50 (2426 views)
Permalink
Re: WMF and IPv6 [In reply to]

On Thu, Feb 3, 2011 at 4:45 PM, Brion Vibber <brion [at] pobox> wrote:
> Front-end proxies need to speak IPv6 to the outside world so they can accept
> connections from IPv6 clients, add the clients' IPv6 addresses to the HTTP
> X-Forwarded-For header which gets passed to the Apaches, and then return the
> response body back to the client.

Interesting. Is there a standard for using IPv6 inside
X-Forwarded-For headers? I would think you'd need a new header
altogether.

(Yes, this is just used internally so it doesn't matter, but I'm still curious.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

First page Previous page 1 2 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.