[Systems] IPv6 connectivity for Sugar Labs foundation

Daniel Jared Domínguez danjared at MIT.EDU
Tue Aug 11 13:35:45 EDT 2009


Yes, we were able to get to 6to4 working, although that's certainly
suboptimal for various reasons compared to native connectivity.

I looked at the FSF core router, and it is running a recent enough
version of quagga to do v6.

The FSF's router has a virtual interface running an IPv4 BGP session
with a TowardEX router (remote router ID is 216.93.255.131). I believe
it to be doing this on VLAN 1575. I don't know if this can be reused for
the v6 link. This physical interface is at least the one we'd probably
be using since it is going to the MXP. Sorry that I don't have a circuit
ID for you.

--Jared

On Tue, Aug 11, 2009 at 10:21:12AM -0400, Daniel Clark wrote:
> Bernie Innocenti wrote:
> > El Fri, 07-08-2009 a las 13:38 -0400, James Jun escribió:
> >> OCCAID will be happy to assist.  Where do you need the v6
> >> service delivered at, at FSF location or MIT?  If your v6
> >> termination equipment is hosted at FSF which is GNAPS
> >> facility in Quincy, ask them to run a cross-connect for
> >> you to Boston MXP. We can then shoot a vlan across MXP
> >> switch fabric from OCCAID POP in Boston/1 Summer Street
> >> and hand off v6 to you natively.
> > 
> > I'm quite unfamiliar with the FSF network equipment at GNAPs, to the
> > point that I haven't yet even seen the physical box which hosts the
> > main Sugar Labs machine.
> > 
> > I've been talking with Dan Benson of GNAPs (on cc) to figure out
> > what needs to be done.  Danny Clark and Dan Jared of the FSF are
> > going to get in contact with him to get the BGP router connected.
> > 
> > Thanks to everybody for being very helpful.
> 
> FYI danjared and bernie got tun6to4 working last night; we had just
> missed the need to add a line to iptables on the FSF's BGP router,
> ge-core1.qcy.gnu.org [1].
> 
> I think they are still looking at OCCAID, which danjared, who seems to
> have the most clue in this area, thinks is a much better long-term solution.
> 
> [1] /etc/default/iptables-rules change
> --- iptables-rules.aug10.from-filesystem	2009-08-10 23:20:16.000000000 -0400
> +++ iptables-rules	2009-08-10 23:21:18.000000000 -0400
> @@ -28,6 +28,9 @@
> 
>  -A input_block -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec -j
> ACCEPT
> 
> +# bernie and danjared (w/ dclark): allow incoming 6to4 packets
> +-A input_block -p ipv6 -j ACCEPT
> +
>  # Blacklisted hosts
> 
>  -A input_block -p tcp -m tcp --dport 80 --src 216.220.57.41 -j DROP
> 
> Cheers and thanks to everyone for the assistance,
> -- 
> Daniel JB Clark   | Sys Admin, Free Software Foundation
> pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> 



-- 
Daniel Jared Domínguez
email/jabber: danjared at mit.edu
pots phone: 617.368.0509


More information about the Systems mailing list