Hey Kevin, Not particularly venturing an opinion here, personally would like it to stay, but then I've had native v6 at home for 10+ years > So, we are moving more and more things over to our ocp4 cluster > (which is great!). However, I noticed this weekend, it's going to mean > some of our applications that are reachable via ipv6 will no longer be. > ;( > > The ocp3 cluster is on our vpn and can be reached by all our proxy > network. Many of our proxies have ipv6 connectivity. > > The ocp4 cluster is not on our vpn and can only be reached by the 2 iad2 > proxies. iad2 has currently no ipv6 support. Do we have any data from the proxies as to how much of the traffic is over IPv6 vs IPv4? What services that are on the cluster will be affected by the move? > I'm asking networking folks about ipv6 support in iad2, but last I heard > it was waiting for some hardware upgrades, so I don't know that we can > count on it anytime soon. That was the excuse they used to give in PHX from memory "we will deploy IPv6 in the new DC and the equipment doesn't support it" and support for v6 in equipment has been a requirement to sell to US govt since the late 2000s so by now all their equipment should support it. > So, we can: > > 1. Just not care, and move everything to ocp4 and people will need to > use ipv4 to reach those services. What are the affected services? What is the v6 vs v4 traffic in the current setup? > 2. Try and get the ocp4 compute nodes on our vpn. I looked around and > could not find any handy openvpn reference for openshift4. I'm guessing > this needs a machine-config of some kind to establish the vpn and > possibly some kind of ingress policy to allow incoming connections > there. > > 3. Another layer of proxy. ie, proxies -> vpn -> secondproxyiniad2 -> > ocp4. > > 4. Some other clever plan? > > IMHO, I'd like to do 2... but I have no idea if it's possible/easy. > Can some of you more savvy openshift folks weigh in? I think if we do 1 > there will be complaints, 3 could get super complex fast and also is > going to be slow with another hop in the middle there. 4 might be good > if anyone can think of some plan I missed. ;) I'd prefer 2 and the "we need new HW" seems to have been an excuse from IT for as long as I've been involved in releng/infra :-( Overall I'm sure we'll survive, and I'd like to see the least amount of work option. Some data about services and what levels of v6 vs v6 would be useful I feel to actually gauge the impact. _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
