Slash Boxes

SoylentNews is people

posted by NCommander on Tuesday April 01 2014, @12:00PM   Printer-friendly
from the there-was-much-rejoicing dept.
As part of wanting to be part of a brighter and sunny future, we've decided to disconnect IPv4 on our backend, and go single-stack IPv6. Right now, reading to this post, you're connected to our database through shiny 128-bit IP addressing that is working hard to process your posts. For those of you still in the past, we'll continue to publish A records which will allow a fleeting glimpse of a future without NAT.Believe it or not, we're actually serious on this one.

Linode IPv6 graph

We're not publishing AAAA records on production just yet as Slash has a few minor glitches when it gets an IPv6 address (they don't turn into IPIDs correctly), though we are publishing an AAAA record on dev. With one exception, all of our services communicate with each other on IPv6.

Perhaps I will write an article about our backend and the magical things that happen there :-).
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by sjames on Tuesday April 01 2014, @08:21PM

    by sjames (2882) on Tuesday April 01 2014, @08:21PM (#24449) Journal

    The whole fridge thing is just a red herring.

    I find it handy that in the IPv6 world, my ISP must give me a subnet rather than just a single IP address. I can access anything at home I need to over IPv6 from anywhere. Meanwhile, NAT is resource intensive for a firewall. It's much better to avoid packet re-writing and just filter.

    But much of the benefit is for larger organizations and for the future. We really are running out of v4 addresses even while some of them are being clawed back. NAT presents it's own problems, including the already mentioned resource drain on a firewall. The same hardware filtering v6 rather than NATing v4 can handle many more machines. If you as the admin of such a place (for example, a large office) get an abuse report, instead of just your external IP address and a time that may or may not be accurate, you get an IPv6 address that uniquely identifies the probably infected PC.

    When I stand up a VM at work that doesn't need to be accessible by the public, I can just skip IPv4 and use it's autoconfig v6 address. No need to be concerned with depleting the much smaller pool of available public v4 addresses.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2