[CentOS-mirror] discussion about ipv6 availability for msync.centos.org

Tue May 17 19:14:58 UTC 2016
Iliyan Iliev <iliyani at uni-sofia.bg>

Sofia University St Kliment Ohridski
..::CENTOS.UNI-SOFIA.BG::..

Loadbalancer and rsync client Public IPv6 address: 2001:67c:20d0::38  

host 2001:67c:20d0::38
8.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.2.c.7.6.0.1.0.0.2.ip6.arpa domain name pointer centos.uni-sofia.bg.

Also the official List of CentOS Mirrors page no provide quick information about IP version like IP4, IP4+6, only IP6.



Kind regards, 
ILIYAN ILIEV 



----- Original Message -----
From: "Sascha Spreitzer" <sspreitz at redhat.com>
To: "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
Sent: Tuesday, May 17, 2016 12:17:13 PM
Subject: Re: [CentOS-mirror] discussion about ipv6 availability for msync.centos.org

On 17.05.2016 11:04, Fabian Arrotin wrote:
> Just a status update about ipv6 for msync.centos.org
> As of today, we now have 30 nodes (out of 69) having ipv6 connectivity
> on the nodes behind msync.centos.org
> Instead of just advertising the AAAA record for msync I'd like to
> implement it through a specific record (maybe like msync-v6.centos.org)
> 
> The reason  is that if you have ipv6 and that we don't have your ipv6
> address in the whitelist, I'm afraid that rsync will try over ipv6
> directly, and so would be blocked as long as we don't have the proper
> ACL in place for ipv6 mirrors
> 
> So the idea would be to have something like
> msync-v6.centos.org::CentOS-v6, and ask you to provide us the ipv6
> address for your mirror (we can already do that in advance if you
> advertise AAAA record on your side for your mirror) and so it would be
> an "opt-in" thing (at least as a start)
> 
> Then, we can decide to merge the ACLs and also have AAAA record for
> msync , after enough people will have confirmed that everything works.
> 
> Ideas, comments, suggestions ?

I think this is a reasonable way to do that, hence rsync provides a
"-4/-6" option to let you choose which internet protocol to prefer.

IMHO it is safer to have a separate v6 DNS. But this is only because
there is access authorization done on IP level, in other cases I would
strongly encourage to have A and AAAA records for the same name.

"msync-v6.centos.org::CentOS" sounds more semtantic to me.


Please include me in the test phase.
-----------------------------------------------------
HTTP: http://mirror.spreitzer.ch/centos/

Sync schedule: Every 6 hrs
Bandwidth: 1 Gbit/s
Location: Zurich, Zurich, Switzerland
Sponsor: Sascha Spreitzer
Sponsor URL: http://spreitzer.ch
IP to authorize: 2a02:168:7a0e:6:5054:ff:fe77:b410
Email contact: sspreitz at redhat.com
Mirroring AltArch: no
-----------------------------------------------------

PS.: Site is currently offline as of btrfs kernel freeze. (See my other
post)

Kind regards
Sascha



_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org
https://lists.centos.org/mailman/listinfo/centos-mirror