[Systems] IPv6 connectivity for Sugar Labs foundation

[James Jun]

Hi folks,

We should be able to pump native v6 down the VLAN from Towardex router,
since FSF is a customer circuit.  Let me know if you want to move forward
with that I'll get the IMT info for v6 on that vlan.

James

> -----Original Message-----
> From: Daniel Jared Domínguez [mailto:danjared at MIT.EDU]
> Sent: Tuesday, August 11, 2009 1:36 PM
> To: Daniel Clark
> Cc: Bernie Innocenti; James Jun; pubservices at occaid.org; 'Sugar Labs
> Systems'; noc at occaid.org; dan at gnaps.com; Peter Olson
> Subject: Re: IPv6 connectivity for Sugar Labs foundation
> 
> Yes, we were able to get to 6to4 working, although that's certainly
> suboptimal for various reasons compared to native connectivity.
> 
> I looked at the FSF core router, and it is running a recent enough
> version of quagga to do v6.
> 
> The FSF's router has a virtual interface running an IPv4 BGP session
> with a TowardEX router (remote router ID is 216.93.255.131). I believe
> it to be doing this on VLAN 1575. I don't know if this can be reused
> for
> the v6 link. This physical interface is at least the one we'd probably
> be using since it is going to the MXP. Sorry that I don't have a
> circuit
> ID for you.
> 
> --Jared
> 
> On Tue, Aug 11, 2009 at 10:21:12AM -0400, Daniel Clark wrote:
> > Bernie Innocenti wrote:
> > > El Fri, 07-08-2009 a las 13:38 -0400, James Jun escribió:
> > >> OCCAID will be happy to assist.  Where do you need the v6
> > >> service delivered at, at FSF location or MIT?  If your v6
> > >> termination equipment is hosted at FSF which is GNAPS
> > >> facility in Quincy, ask them to run a cross-connect for
> > >> you to Boston MXP. We can then shoot a vlan across MXP
> > >> switch fabric from OCCAID POP in Boston/1 Summer Street
> > >> and hand off v6 to you natively.
> > >
> > > I'm quite unfamiliar with the FSF network equipment at GNAPs, to
> the
> > > point that I haven't yet even seen the physical box which hosts the
> > > main Sugar Labs machine.
> > >
> > > I've been talking with Dan Benson of GNAPs (on cc) to figure out
> > > what needs to be done.  Danny Clark and Dan Jared of the FSF are
> > > going to get in contact with him to get the BGP router connected.
> > >
> > > Thanks to everybody for being very helpful.
> >
> > FYI danjared and bernie got tun6to4 working last night; we had just
> > missed the need to add a line to iptables on the FSF's BGP router,
> > ge-core1.qcy.gnu.org [1].
> >
> > I think they are still looking at OCCAID, which danjared, who seems
> to
> > have the most clue in this area, thinks is a much better long-term
> solution.
> >
> > [1] /etc/default/iptables-rules change
> > --- iptables-rules.aug10.from-filesystem	2009-08-10
> 23:20:16.000000000 -0400
> > +++ iptables-rules	2009-08-10 23:21:18.000000000 -0400
> > @@ -28,6 +28,9 @@
> >
> >  -A input_block -p icmp -m icmp --icmp-type 8 -m limit --limit 5/sec
> -j
> > ACCEPT
> >
> > +# bernie and danjared (w/ dclark): allow incoming 6to4 packets
> > +-A input_block -p ipv6 -j ACCEPT
> > +
> >  # Blacklisted hosts
> >
> >  -A input_block -p tcp -m tcp --dport 80 --src 216.220.57.41 -j DROP
> >
> > Cheers and thanks to everyone for the assistance,
> > --
> > Daniel JB Clark   | Sys Admin, Free Software Foundation
> > pobox.com/~dclark | http://www.fsf.org/about/staff#danny
> >
> 
> 
> 
> --
> Daniel Jared Domínguez
> email/jabber: danjared at mit.edu
> pots phone: 617.368.0509