Feeds

Adventures in Tech: Dive on in, the IPv6 is lovely

Blub blub blub, no really it's great

  • alert
  • submit to reddit

High performance access to file storage

Part 2 In the previous part I explored why you should limber up to IPv6 sooner rather than later, and now here's my experience actually walking the talk.

Importantly, mine is not a big-bang approach. I'm not trying to have everything perfect for IPv6 immediately, but rather I want to do just enough to be visible in the brave new world, safely, and tie up loose ends later as I go along.

I expect you to die, Localhost

First, I tackled an issue that'll make you bury your face in your palm: I mentioned in part one that, during development, using localhost rather than 127.0.0.1 in my URLs when testing caused a messy Java stacktrace of doom - localhost was expanded to IPv6 address ::1.

So after a little time isolating that issue and similar ones where I used the generic Java InetAddress but actually assumed IPv4, and a sprinkling of unit tests to make sure that the bug should stay dead, I was done.

I spent maybe an hour or two tackling the main bug, but probably the rest of a day on some triage and holding fixes on less obvious stuff such as geo-locating users by their IP address, and even some simple frontline anti-denial of service attack code, which identifies potential troublemakers by a prefix of their IP address.

In IPv4 that network prefix is of variable length, but simply masking out the last (least significant) 8 to 10 bits does a reasonable job of pinning down individual (misbehaving) users or even companies/groups with fancy proxies that spread out their accesses across multiple outbound addresses, and without too much collateral damage.

In IPv6 the network part is fixed to be the first 64 bits (though you might still want to drop some of the tail end of that for various reasons), which makes things simpler, but still required me to expand my troublemaker lookup keys from 32-bit Integer to 64-bit Long. Something similar will be needed for the geo-location stuff, but no one will cry into their soup with my temporary fix just to disable it for IPv6 for now and let it continue as-is for IPv4.

ipv4code

What not to write! This example real code fragment will fail for IPv6 (though relatively cleanly) even though the method's signature misleadingly accepts any IP address.

Heavenly host

Next, I went to get IPv6 working on my slightly ageing Solaris 10 box co-located with Bogons. After discussion we decided to move my host into a new address range, though I then stupidly applied the old one which caused some head-scratching for a while. Even the smartest tech can be defeated by my idiocy.

That aside all that was really needed to put up my wanted static address was to create a file:

/etc/hostname6.bge0

(bge0 being the name of the network interface device) and put in it the magic incantation:

addif WWWW:XXXX:YYYY:ZZZZ::2/64 up

where WWWW:XXXX:YYYY:ZZZZ is my 64-bit network prefix.

Then reboot.

Now pings in and out (eg to ipv6.google.com) work fine. Hello, world!

This is much less messing around than IPv4 even for a static server address; in particular no default route has to be set as that is auto-discovered in IPv6.

At this point I also added a new connector definition to my Tomcat server (in conf/server.xml) to bind to and accept the IPv6 connections as well as the existing IPv4, and brought up the new code and did some quick testing with the magic of a telnet to port 80 at the new IPv6 address.

<!-- Existing IPv4 connector. --> <Connector executor="tomcatThreadPool" port="80" address="8.8.8.8" protocol="HTTP/1.1" enableLookups="false" /> <!-- New IPv6 connector. --> <Connector executor="tomcatThreadPool" port="80" address="WWWW:XXXX:YYYY:ZZZZ::2" protocol="HTTP/1.1" enableLookups="false" />

I did find some other latent bugs when I added that, and so did another quick release. And in fact I winkled out a few more bugs in a few rapid rounds of upgrades. Users will have seen a few brief glitches, but I now had a working IPv6 and IPv4 site, though no one except me yet knew about the IPv6. Mwaha-ha-ha!

Tunnel of LOv6

I now wanted to be able to get out to IPv6 land from my own development machine to do more testing. Thanks to the Jobsian touch, and the fact that I have static publicly routable IPv4 addresses at my desk, enabling the "6 to 4" thang in Mac OS X 10.7 network settings (in the same pull-down as the VPN stuff) just worked. (Well, on the second attempt, after a bizarre boiler-plate error about a cable being disconnected, which is what I get when I try from NATted IP addresses such as when on 3G wireless.)

But after that I could ping IPv6 addresses on the Net from my machine, and look at IPv6-hosted pages such as Google's ipv6.google.com. And, most importantly, test out my own co-lo IPv6 site from my desk by using the literal IPv6 address in the form:

http://[WWWW:XXXX:YYYY:ZZZZ::2]/

Also on the site is a page that shows what the browser's IP address is, and in that case it shows my Mac's (tunnelled) IPv6 address, so all is working.

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.