[Systems] IPv6 connectivity for Sugar Labs foundation

[James Jun]

Yea, FSF is a sponsored (i.e. zero-dollar customer) account, originally
setup with Justin Baugh long time ago.  So, I just double checked and there
won't be any cost for us to enable v6 on this link.

I'm on vacation today. When I get back next week I will get the IPv6
information for you and reply to this email thread.  Let me know if you guys
have any questions in the meantime.

Regards,
James

> -----Original Message-----
> From: Daniel Clark [mailto:dclark at pobox.com]
> Sent: Tuesday, August 11, 2009 3:39 PM
> To: James Jun
> Cc: 'Daniel Jared Domínguez'; 'Bernie Innocenti';
> pubservices at occaid.org; 'Sugar Labs Systems'; noc at occaid.org;
> dan at gnaps.com; 'Peter Olson'
> Subject: Re: IPv6 connectivity for Sugar Labs foundation
> 
> As long as there would be no cost impact on the FSF or GNAPS, and no
> impact to the FSF's IPv4 service, and GNAPS is fine with it, I don't
> see why the FSF (who hosts the Sugar Labs foundation server) would have
> any objection to that.
> 
> --
> Daniel JB Clark   | Sys Admin, Free Software Foundation
> pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> 
> 
> James Jun wrote:
> > Hi folks,
> >
> > We should be able to pump native v6 down the VLAN from Towardex
> > router, since FSF is a customer circuit.  Let me know if you want to
> > move forward with that I'll get the IMT info for v6 on that vlan.
> >
> > James
> >
> >> -----Original Message-----
> >> From: Daniel Jared Domínguez [mailto:danjared at MIT.EDU]
> >> Sent: Tuesday, August 11, 2009 1:36 PM
> >> To: Daniel Clark
> >> Cc: Bernie Innocenti; James Jun; pubservices at occaid.org; 'Sugar Labs
> >> Systems'; noc at occaid.org; dan at gnaps.com; Peter Olson
> >> Subject: Re: IPv6 connectivity for Sugar Labs foundation
> >>
> >> Yes, we were able to get to 6to4 working, although that's certainly
> >> suboptimal for various reasons compared to native connectivity.
> >>
> >> I looked at the FSF core router, and it is running a recent enough
> >> version of quagga to do v6.
> >>
> >> The FSF's router has a virtual interface running an IPv4 BGP session
> >> with a TowardEX router (remote router ID is 216.93.255.131). I
> >> believe it to be doing this on VLAN 1575. I don't know if this can
> be
> >> reused for the v6 link. This physical interface is at least the one
> >> we'd probably be using since it is going to the MXP. Sorry that I
> >> don't have a circuit ID for you.
> >>
> >> --Jared
> >>
> >> On Tue, Aug 11, 2009 at 10:21:12AM -0400, Daniel Clark wrote:
> >>> Bernie Innocenti wrote:
> >>>> El Fri, 07-08-2009 a las 13:38 -0400, James Jun escribió:
> >>>>> OCCAID will be happy to assist.  Where do you need the v6 service
> >>>>> delivered at, at FSF location or MIT?  If your v6 termination
> >>>>> equipment is hosted at FSF which is GNAPS facility in Quincy, ask
> >>>>> them to run a cross-connect for you to Boston MXP. We can then
> >>>>> shoot a vlan across MXP switch fabric from OCCAID POP in Boston/1
> >>>>> Summer Street and hand off v6 to you natively.
> >>>> I'm quite unfamiliar with the FSF network equipment at GNAPs, to
> >> the
> >>>> point that I haven't yet even seen the physical box which hosts
> the
> >>>> main Sugar Labs machine.
> >>>>
> >>>> I've been talking with Dan Benson of GNAPs (on cc) to figure out
> >>>> what needs to be done.  Danny Clark and Dan Jared of the FSF are
> >>>> going to get in contact with him to get the BGP router connected.
> >>>>
> >>>> Thanks to everybody for being very helpful.
> >>> FYI danjared and bernie got tun6to4 working last night; we had just
> >>> missed the need to add a line to iptables on the FSF's BGP router,
> >>> ge-core1.qcy.gnu.org [1].
> >>>
> >>> I think they are still looking at OCCAID, which danjared, who seems
> >> to
> >>> have the most clue in this area, thinks is a much better long-term
> >> solution.
> >>> [1] /etc/default/iptables-rules change
> >>> --- iptables-rules.aug10.from-filesystem	2009-08-10
> >> 23:20:16.000000000 -0400
> >>> +++ iptables-rules	2009-08-10 23:21:18.000000000 -0400
> >>> @@ -28,6 +28,9 @@
> >>>
> >>>  -A input_block -p icmp -m icmp --icmp-type 8 -m limit --limit
> 5/sec
> >> -j
> >>> ACCEPT
> >>>
> >>> +# bernie and danjared (w/ dclark): allow incoming 6to4 packets -A
> >>> +input_block -p ipv6 -j ACCEPT
> >>> +
> >>>  # Blacklisted hosts
> >>>
> >>>  -A input_block -p tcp -m tcp --dport 80 --src 216.220.57.41 -j
> DROP
> >>>
> >>> Cheers and thanks to everyone for the assistance,
> >>> --
> >>> Daniel JB Clark   | Sys Admin, Free Software Foundation
> >>> pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> >>>
> >>
> >>
> >> --
> >> Daniel Jared Domínguez
> >> email/jabber: danjared at mit.edu
> >> pots phone: 617.368.0509
> >