[CentOS-mirror] discussion about ipv6 availability for msync.centos.org

Tue May 17 09:17:13 UTC 2016
Sascha Spreitzer <sspreitz at redhat.com>

On 17.05.2016 11:04, Fabian Arrotin wrote:
> Just a status update about ipv6 for msync.centos.org
> As of today, we now have 30 nodes (out of 69) having ipv6 connectivity
> on the nodes behind msync.centos.org
> Instead of just advertising the AAAA record for msync I'd like to
> implement it through a specific record (maybe like msync-v6.centos.org)
> 
> The reason  is that if you have ipv6 and that we don't have your ipv6
> address in the whitelist, I'm afraid that rsync will try over ipv6
> directly, and so would be blocked as long as we don't have the proper
> ACL in place for ipv6 mirrors
> 
> So the idea would be to have something like
> msync-v6.centos.org::CentOS-v6, and ask you to provide us the ipv6
> address for your mirror (we can already do that in advance if you
> advertise AAAA record on your side for your mirror) and so it would be
> an "opt-in" thing (at least as a start)
> 
> Then, we can decide to merge the ACLs and also have AAAA record for
> msync , after enough people will have confirmed that everything works.
> 
> Ideas, comments, suggestions ?

I think this is a reasonable way to do that, hence rsync provides a
"-4/-6" option to let you choose which internet protocol to prefer.

IMHO it is safer to have a separate v6 DNS. But this is only because
there is access authorization done on IP level, in other cases I would
strongly encourage to have A and AAAA records for the same name.

"msync-v6.centos.org::CentOS" sounds more semtantic to me.


Please include me in the test phase.
-----------------------------------------------------
HTTP: http://mirror.spreitzer.ch/centos/

Sync schedule: Every 6 hrs
Bandwidth: 1 Gbit/s
Location: Zurich, Zurich, Switzerland
Sponsor: Sascha Spreitzer
Sponsor URL: http://spreitzer.ch
IP to authorize: 2a02:168:7a0e:6:5054:ff:fe77:b410
Email contact: sspreitz at redhat.com
Mirroring AltArch: no
-----------------------------------------------------

PS.: Site is currently offline as of btrfs kernel freeze. (See my other
post)

Kind regards
Sascha


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20160517/51aad5d7/attachment-0006.sig>