Feeds

Adventures in Tech: Dive on in, the IPv6 is lovely

Blub blub blub, no really it's great

  • alert
  • submit to reddit

The essential guide to IT transformation

Part 2 In the previous part I explored why you should limber up to IPv6 sooner rather than later, and now here's my experience actually walking the talk.

Importantly, mine is not a big-bang approach. I'm not trying to have everything perfect for IPv6 immediately, but rather I want to do just enough to be visible in the brave new world, safely, and tie up loose ends later as I go along.

I expect you to die, Localhost

First, I tackled an issue that'll make you bury your face in your palm: I mentioned in part one that, during development, using localhost rather than 127.0.0.1 in my URLs when testing caused a messy Java stacktrace of doom - localhost was expanded to IPv6 address ::1.

So after a little time isolating that issue and similar ones where I used the generic Java InetAddress but actually assumed IPv4, and a sprinkling of unit tests to make sure that the bug should stay dead, I was done.

I spent maybe an hour or two tackling the main bug, but probably the rest of a day on some triage and holding fixes on less obvious stuff such as geo-locating users by their IP address, and even some simple frontline anti-denial of service attack code, which identifies potential troublemakers by a prefix of their IP address.

In IPv4 that network prefix is of variable length, but simply masking out the last (least significant) 8 to 10 bits does a reasonable job of pinning down individual (misbehaving) users or even companies/groups with fancy proxies that spread out their accesses across multiple outbound addresses, and without too much collateral damage.

In IPv6 the network part is fixed to be the first 64 bits (though you might still want to drop some of the tail end of that for various reasons), which makes things simpler, but still required me to expand my troublemaker lookup keys from 32-bit Integer to 64-bit Long. Something similar will be needed for the geo-location stuff, but no one will cry into their soup with my temporary fix just to disable it for IPv6 for now and let it continue as-is for IPv4.

ipv4code

What not to write! This example real code fragment will fail for IPv6 (though relatively cleanly) even though the method's signature misleadingly accepts any IP address.

Heavenly host

Next, I went to get IPv6 working on my slightly ageing Solaris 10 box co-located with Bogons. After discussion we decided to move my host into a new address range, though I then stupidly applied the old one which caused some head-scratching for a while. Even the smartest tech can be defeated by my idiocy.

That aside all that was really needed to put up my wanted static address was to create a file:

/etc/hostname6.bge0

(bge0 being the name of the network interface device) and put in it the magic incantation:

addif WWWW:XXXX:YYYY:ZZZZ::2/64 up

where WWWW:XXXX:YYYY:ZZZZ is my 64-bit network prefix.

Then reboot.

Now pings in and out (eg to ipv6.google.com) work fine. Hello, world!

This is much less messing around than IPv4 even for a static server address; in particular no default route has to be set as that is auto-discovered in IPv6.

At this point I also added a new connector definition to my Tomcat server (in conf/server.xml) to bind to and accept the IPv6 connections as well as the existing IPv4, and brought up the new code and did some quick testing with the magic of a telnet to port 80 at the new IPv6 address.

<!-- Existing IPv4 connector. --> <Connector executor="tomcatThreadPool" port="80" address="8.8.8.8" protocol="HTTP/1.1" enableLookups="false" /> <!-- New IPv6 connector. --> <Connector executor="tomcatThreadPool" port="80" address="WWWW:XXXX:YYYY:ZZZZ::2" protocol="HTTP/1.1" enableLookups="false" />

I did find some other latent bugs when I added that, and so did another quick release. And in fact I winkled out a few more bugs in a few rapid rounds of upgrades. Users will have seen a few brief glitches, but I now had a working IPv6 and IPv4 site, though no one except me yet knew about the IPv6. Mwaha-ha-ha!

Tunnel of LOv6

I now wanted to be able to get out to IPv6 land from my own development machine to do more testing. Thanks to the Jobsian touch, and the fact that I have static publicly routable IPv4 addresses at my desk, enabling the "6 to 4" thang in Mac OS X 10.7 network settings (in the same pull-down as the VPN stuff) just worked. (Well, on the second attempt, after a bizarre boiler-plate error about a cable being disconnected, which is what I get when I try from NATted IP addresses such as when on 3G wireless.)

But after that I could ping IPv6 addresses on the Net from my machine, and look at IPv6-hosted pages such as Google's ipv6.google.com. And, most importantly, test out my own co-lo IPv6 site from my desk by using the literal IPv6 address in the form:

http://[WWWW:XXXX:YYYY:ZZZZ::2]/

Also on the site is a page that shows what the browser's IP address is, and in that case it shows my Mac's (tunnelled) IPv6 address, so all is working.

Boost IT visibility and business value

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.