BGP.guru

BGP.guru

Nerd blog.

20 Aug 2014

Fully IPv6 Enabled

With the deployment of a new nameserver at DigitalOcean NYC3 yesterday (to replace one at NYC2, which doesn’t have IPv6), I have hit a fairly significant personal milestone – All of my public facing services are now fully IPv6 enabled.

This includes:

  • Various http/https websites running nginx and Apache
    • Some of which are anycasted
  • Mail services
    • SMTP (postfix)
    • IMAPS (dovecot)
    • POP3S (dovecot)
  • DNS
    • Nameservers
    • Recursive DNS
  • System services like SSH, FTP
  • SSL VPN which gives out IPv4 and IPv6 addresses
    • Cisco ASA running Cisco ASA 9.1(3)
  • SaltStack
  • Nagios monitoring
    • 2 dual-stack instances

I enjoy the output from check-soa now for my zones:

$ check-soa -i ciscodude.net
ns0.ciscodude.net.
	199.202.21.6: OK: 2014081301 (0 ms)
	2604:4280:d000:11::6: OK: 2014081301 (0 ms)
ns1.henchcdn.com.
	2400:6180:0:d0::55:9001: OK: 2014081301 (238 ms)
	128.199.164.153: OK: 2014081301 (272 ms)
ns2.henchman21.net.
	2604:a880:800:10::8:7001: OK: 2014081301 (35 ms)
	104.131.53.95: OK: 2014081301 (43 ms)
ns3.hcdn.pw.
	2a03:b0c0:1:d0::f:c001: OK: 2014081301 (101 ms)
	178.62.61.54: OK: 2014081301 (108 ms)

In addition, I have native IPv6 access at home. There is also a local Hurricane Electric tunnel server in Winnipeg now, and also a local Hurricane anycast DNS resolver.

traceroute6 -q1 -I 2001:470:20::2
traceroute to 2001:470:20::2 (2001:470:20::2), 30 hops max, 80 byte packets
 1  2604:4280:d000:11::1 (2604:4280:d000:11::1)  0.400 ms
 2  vl270.ar1.400wb.ipv6.as14866.net (2604:4280:14:866::270:1)  1.092 ms
 3  vl13.ix1.400wb.ipv6.ywg.as14866.net (2604:4280:14:866::13:2)  1.336 ms
 4  he-ix.v6.wpgix.net (2001:504:2c::20)  3.466 ms
 5  ordns.he.net (2001:470:20::2)  3.245 ms

Theodore Baschak - Theo is a network engineer with experience operating core internet technologies like HTTP, HTTPS and DNS. He has extensive experience running service provider networks with OSPF, MPLS, and BGP.