* Mel Pilgrim <list_free...@bluerosetech.com> [190625 04:47]: > On 2019-06-24 19:33, Ultima wrote: >> While it may be possible to have an IPv6 only environment, I don't >> think it is really viable. There are simply too many things that don't run >> on or have very limited support for IPv6 that it makes it very hard >> to drop IPv4 altogether and until something comes along forcing the >> move it likely won't happen for at least another decade at the minimum.
> Yes, that is why I wrote "Waving a hand at bug-hunting and lamentations > over the inertia of embedded systems designers". > This a lab experiment specifically to iron out the very wrinkles you > just stated. Depending on what you want to do it is viable now. At work we use IPv6-only jails for web hosting, where all jails on one physical machine share one NAT64 gateway for outgoing connects to IPv4-only services like Github. That gateway is the only dual-stack jail on a machine, the host and all other jails are IPv6 only. The NAT64 jail also provides a reverse proxy for incoming web access on IPv4. Customers on an IPv4-only connection use a ssh jumphost to access the server. We use ipfw for NAT64 and bind for DNS64. At RIPE meetings twice a year I use the provided IPv6-only network for net access with phone and notebook; in these 10 days per year for the last couple of years I have not seen any problems myself. Some people reported problems accessing VPN gateways though, and accessing IPv4-only services that use DNSSEC is a problem if your local resolver on the client does DNSSEC validation. >> On Mon, Jun 24, 2019 at 6:50 PM Mel Pilgrim <list_free...@bluerosetech.com> >> wrote: >>> I'm looking to set up a pure-IPv6 environment to test the viability of >>> it. I tried this a few years ago and fell flat on my face due to the >>> lack of NAT64 and DNS64 support. >>> Reading through docs now, it looks like unbound has a DNS64 module, and >>> NAT64 is baked into ipfw. Waving a hand at bug-hunting and lamentations >>> over the inertia of embedded systems designers, has it really become >>> this easy to turn up an IPv6-only site? _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
