Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

IPv6 and self-managed servers

We’ve had IPv6 enabled on the “self-managed server” subnets (164 and 197) for quite a while now, and mostly it has been trouble-free.  Recently, however, we’ve had reports of login slowness to some self-managed servers following a system upgrade.

What we expect to happen is that your machine will automatically set its IPv6 address based on its ether MAC address, together with the prefix that our routers multicast every few seconds (a “SLAAC address”).  We have that MAC address registered in our host-configuration system, so we can create DNS forward and reverse entries using it, with the result that you can refer to your machine by name and the IPv4 or IPv6 address will be used as appropriate.  What seems to have happened is that these upgrades have somehow enabled IPv6 “privacy” addresses instead.

Privacy addresses are a good idea for a laptop which is roaming, as they mean that you can’t be tracked based on the fixed (“IID”) part of your IPv6 address.  However, they make little sense for a server, which is not expected to move around, but is expected to be contactable by its clients.  Ideally you would fix your login slowness by turning these privacy addresses off again, but unfortunately we haven’t yet got a relable set of instructions for doing so.

As a workaround while we find out how to turn off privacy addresses cleanly, what we propose is this: we will leave IPv6 enabled on the subnets, as we know there has been a demand for it; and we will change our DNS configuration so that we generate reverse entries for the IPv6 addresses we expect you to have, but we will stop generating the forward entries by default, so that when a client asks for your machine’s address it won’t be told the IPv6 one that isn’t working in quite a few cases.

On request (send in a support ticket in the usual way) we can easily re-enable those forward entries on a per-host basis, so if you want your machine to be contactable by its clients using IPv6 then that’s no problem.  On the other hand, if you don’t want it to be, or you don’t mind either way, then you don’t need to do anything.

We propose making this change on Monday (27th) at lunch time.  Once we do have a reliable set of instructions we’ll let you know and revert to the current setup.

IPv6 and self-managed servers / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

IPv6 and self-managed servers / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel