On Thu, Aug 27, 2009 at 01:07:49PM +0200, Stefan Schlesinger wrote: > On Aug 17, 2009, at 19:43 , Mike McGrath wrote: > > >On Mon, 17 Aug 2009, Jeff Garzik wrote: > > > >>On 08/17/2009 10:01 AM, Mike McGrath wrote: > >>>On Mon, 17 Aug 2009, Jeff Garzik wrote: > >>>>Is there any IPv6 plan for *.fedoraproject.org ? > >>>There is currently no plan. > >>What needs to be done to create a plan, and move forward? > >Someone with a clear idea of the benefits, costs, and a plan for > >implementation. > > Besides the fact that we have to expect no more free IPv4 adresses > available after 2012 and will then be forced to start working on it, the > greatest benefit would be to start getting experience on the whole new > IPv6 stack. > > As long as our uplink providers already support v6, the costs to enable > services within the new address space should be minimal. Providers > usually just charge a setup fee and are actually not allowed to charge > more than that... > > I have already some experience with ipv6 from my workplace. The rough > plan for the transition made so far was: > > * Enable v6 auto-configuration for all of our server vlans. Thus, all > of our machines had v6 connectivity to the outside, and where able > to use already existing v6 services. > > To work around any security bugs which this change could introduce, > we configured stateful filtering on the routers, allowing only > established connections from the outside to our machines. We don't have control over the routers in most of our data centers. RHEL5's ip6tables can't do stateful filtering either (no conntrack). I agree stateful would be nice, but is it strictly necessary? I don't believe so. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
