[Systems] IPv6 connectivity for Sugar Labs foundation

[Daniel Jared Domínguez]

Yup, let's do BGP. I'm assuming you have all the details already. Use
the same ASN.

No worries. I hope vacation was restful!

--Jared

On Tue, Sep 15, 2009 at 02:33:36PM -0400, James Jun wrote:
> Dan,
> 
> The IPv6 block for the transfer network vlan between FSF and TowardEX is
> 2001:4830:1FE::4/126.
> TowardEX SIDE is 2001:4830:1fe::5, FSF SIDE is 2001:4830:1fe::6. 
> 
> I assume we want to do BGP routing over this circuit, just like we are doing
> on IPv4?  Please advise.
> 
> Sorry for the delay, been catching up since vacation :)
> 
> James
> 
> 
> > -----Original Message-----
> > From: Daniel Jared Domínguez [mailto:danjared at MIT.EDU]
> > Sent: Tuesday, September 15, 2009 1:50 PM
> > To: James Jun
> > Cc: 'Daniel Clark'; 'Bernie Innocenti'; pubservices at occaid.org; 'Sugar
> > Labs Systems'; noc at occaid.org; dan at gnaps.com; 'Peter Olson'
> > Subject: Re: IPv6 connectivity for Sugar Labs foundation
> > 
> > How is this coming along?
> > 
> > --Jared
> > 
> > On Tue, Aug 11, 2009 at 03:48:59PM -0400, James Jun wrote:
> > > Yea, FSF is a sponsored (i.e. zero-dollar customer) account,
> > originally
> > > setup with Justin Baugh long time ago.  So, I just double checked and
> > there
> > > won't be any cost for us to enable v6 on this link.
> > >
> > > I'm on vacation today. When I get back next week I will get the IPv6
> > > information for you and reply to this email thread.  Let me know if
> > you guys
> > > have any questions in the meantime.
> > >
> > > Regards,
> > > James
> > >
> > > > -----Original Message-----
> > > > From: Daniel Clark [mailto:dclark at pobox.com]
> > > > Sent: Tuesday, August 11, 2009 3:39 PM
> > > > To: James Jun
> > > > Cc: 'Daniel Jared Domínguez'; 'Bernie Innocenti';
> > > > pubservices at occaid.org; 'Sugar Labs Systems'; noc at occaid.org;
> > > > dan at gnaps.com; 'Peter Olson'
> > > > Subject: Re: IPv6 connectivity for Sugar Labs foundation
> > > >
> > > > As long as there would be no cost impact on the FSF or GNAPS, and
> > no
> > > > impact to the FSF's IPv4 service, and GNAPS is fine with it, I
> > don't
> > > > see why the FSF (who hosts the Sugar Labs foundation server) would
> > have
> > > > any objection to that.
> > > >
> > > > --
> > > > Daniel JB Clark   | Sys Admin, Free Software Foundation
> > > > pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> > > >
> > > >
> > > > James Jun wrote:
> > > > > Hi folks,
> > > > >
> > > > > We should be able to pump native v6 down the VLAN from Towardex
> > > > > router, since FSF is a customer circuit.  Let me know if you want
> > to
> > > > > move forward with that I'll get the IMT info for v6 on that vlan.
> > > > >
> > > > > James
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: Daniel Jared Domínguez [mailto:danjared at MIT.EDU]
> > > > >> Sent: Tuesday, August 11, 2009 1:36 PM
> > > > >> To: Daniel Clark
> > > > >> Cc: Bernie Innocenti; James Jun; pubservices at occaid.org; 'Sugar
> > Labs
> > > > >> Systems'; noc at occaid.org; dan at gnaps.com; Peter Olson
> > > > >> Subject: Re: IPv6 connectivity for Sugar Labs foundation
> > > > >>
> > > > >> Yes, we were able to get to 6to4 working, although that's
> > certainly
> > > > >> suboptimal for various reasons compared to native connectivity.
> > > > >>
> > > > >> I looked at the FSF core router, and it is running a recent
> > enough
> > > > >> version of quagga to do v6.
> > > > >>
> > > > >> The FSF's router has a virtual interface running an IPv4 BGP
> > session
> > > > >> with a TowardEX router (remote router ID is 216.93.255.131). I
> > > > >> believe it to be doing this on VLAN 1575. I don't know if this
> > can
> > > > be
> > > > >> reused for the v6 link. This physical interface is at least the
> > one
> > > > >> we'd probably be using since it is going to the MXP. Sorry that
> > I
> > > > >> don't have a circuit ID for you.
> > > > >>
> > > > >> --Jared
> > > > >>
> > > > >> On Tue, Aug 11, 2009 at 10:21:12AM -0400, Daniel Clark wrote:
> > > > >>> Bernie Innocenti wrote:
> > > > >>>> El Fri, 07-08-2009 a las 13:38 -0400, James Jun escribió:
> > > > >>>>> OCCAID will be happy to assist.  Where do you need the v6
> > service
> > > > >>>>> delivered at, at FSF location or MIT?  If your v6 termination
> > > > >>>>> equipment is hosted at FSF which is GNAPS facility in Quincy,
> > ask
> > > > >>>>> them to run a cross-connect for you to Boston MXP. We can
> > then
> > > > >>>>> shoot a vlan across MXP switch fabric from OCCAID POP in
> > Boston/1
> > > > >>>>> Summer Street and hand off v6 to you natively.
> > > > >>>> I'm quite unfamiliar with the FSF network equipment at GNAPs,
> > to
> > > > >> the
> > > > >>>> point that I haven't yet even seen the physical box which
> > hosts
> > > > the
> > > > >>>> main Sugar Labs machine.
> > > > >>>>
> > > > >>>> I've been talking with Dan Benson of GNAPs (on cc) to figure
> > out
> > > > >>>> what needs to be done.  Danny Clark and Dan Jared of the FSF
> > are
> > > > >>>> going to get in contact with him to get the BGP router
> > connected.
> > > > >>>>
> > > > >>>> Thanks to everybody for being very helpful.
> > > > >>> FYI danjared and bernie got tun6to4 working last night; we had
> > just
> > > > >>> missed the need to add a line to iptables on the FSF's BGP
> > router,
> > > > >>> ge-core1.qcy.gnu.org [1].
> > > > >>>
> > > > >>> I think they are still looking at OCCAID, which danjared, who
> > seems
> > > > >> to
> > > > >>> have the most clue in this area, thinks is a much better long-
> > term
> > > > >> solution.
> > > > >>> [1] /etc/default/iptables-rules change
> > > > >>> --- iptables-rules.aug10.from-filesystem	2009-08-10
> > > > >> 23:20:16.000000000 -0400
> > > > >>> +++ iptables-rules	2009-08-10 23:21:18.000000000 -0400
> > > > >>> @@ -28,6 +28,9 @@
> > > > >>>
> > > > >>>  -A input_block -p icmp -m icmp --icmp-type 8 -m limit --limit
> > > > 5/sec
> > > > >> -j
> > > > >>> ACCEPT
> > > > >>>
> > > > >>> +# bernie and danjared (w/ dclark): allow incoming 6to4 packets
> > -A
> > > > >>> +input_block -p ipv6 -j ACCEPT
> > > > >>> +
> > > > >>>  # Blacklisted hosts
> > > > >>>
> > > > >>>  -A input_block -p tcp -m tcp --dport 80 --src 216.220.57.41 -j
> > > > DROP
> > > > >>>
> > > > >>> Cheers and thanks to everyone for the assistance,
> > > > >>> --
> > > > >>> Daniel JB Clark   | Sys Admin, Free Software Foundation
> > > > >>> pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> > > > >>>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Daniel Jared Domínguez
> > > > >> email/jabber: danjared at mit.edu
> > > > >> pots phone: 617.368.0509
> > > > >
> > >
> > >
> > 
> > --
> > Daniel Jared Domínguez
> > email/jabber: danjared at mit.edu
> > pots phone: 617.368.0509
> 

-- 
Daniel Jared Domínguez
email/jabber: danjared at mit.edu
pots phone: 617.368.0509