[BlueOnyx:21706] 5209R IPv6 support - YUM update notice

Michael Stauber mstauber at blueonyx.it
Wed Feb 7 23:50:12 -05 2018 

Hi all,

As some of you might be aware: I've been working hard for a couple of
months on the IPv6 support for BlueOnyx 5209R. It is now at a stage
where I consider it ready for release.

The YUM update with IPv6 support for 5209R will be moved from the
"testing" YUM repository to the regular YUM repository in the night of
8th to 9th February. So that's tomorrow in the night of Thursday to Friday.

A few days ago I already mentioned it in the news:

http://www.blueonyx.it/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=223&cntnt01origid=15&cntnt01pagelimit=4&cntnt01returnid=54

The YUM update will be painless and shouldn't cause any issues on
existing servers. The existing network configuration won't be touched,
but once the update is installed you can also enable IPv6 under "System
Settings" / "Network" / "TCP/IP" by configuring an IPv6 Gateway and by
giving your BlueOnyx a primary IPv6 IP address.

This update is massive and there isn't a BlueOnyx module that hasn't
seen changes, fixes and improvements. So let me list the changes that
this update provides:

Changes in comparison to the previous "stable" 5209R:
=======================================================
- Added IPv6 support
- Added dual stack IPv4/IPv6 support
- Added CCE command "update" to speed up Handlers/Constructors
- Adjusted all Constructors and some Handlers to use "update".
- All Webscripting components are now added by single Handler.
- Web Server Aliases no longer go walkies during SSL renewals.
- PHP/CGI/SHTML-Settings will no longer go walkies.
- "Hostname" field is now retained if Vsite Add fails.
- IP-Pooling overhauled. Now supports IPv6 as well.
- New GUI validation regexp for fields with IPv6 or IPv4/IPv6.
- *MUCH* fewer HTTPd restarts during CMU-Import or Vsite transactions
- No more Network restarts unless absolutely required.
- ProFTPd no longer buggers out if multiple IPs are bound.
- Anon-FTP functionality removed (sorry, it *had* to go!)
- Dynamically generated routing table for IPv4/IPv6.
- Active Monitor adjusted for IPv6.
- Tons of minor and major quirks fixed.

In general you will notice a speed increase during most GUI
transactions, because fewer handlers need to run and fewer service
restarts take place. Likewise CCEd restarts are now 5-7 times faster
than before, because we use a conditional "update" instead of a
mandatory SET transaction.

CMU-Imports and any Vsite modification via the GUI will also be
massively faster, because fewer Vsite related handlers run and fewer
HTTPd restarts need to take place. That alone is a considerable benefit
and makes the update well worth it, even if you don't plan to use IPv6
in the near future.


Complete Changelog:
====================

http://devel.blueonyx.it/trac/changeset?new=2973%40BlueOnyx%2F5210R&old=2865%40BlueOnyx%2F5210R


How it works:
==============

After the YUM update everything should still be running fine. You can
now perform the basic IPv6 setup.

On a physical server or one running in KVM/Hyper-V:
====================================================

Under "Network Services" / "TCP/IP" configure your "IPv6 Server Gateway"
and "IPv6 IP address". Once that is done, your server itself should be
reachable from the outside via IPv6.

Please note: To run a server in pure IPv6 simply leave the IPv4 Gateway,
IP-Address and Netmask empty. To run the server in pure IPv4, simply
leave IPv6 Gateway and IPv6 IP empty.


On Aventurin{e} / OpenVZ:
==========================

Make sure your Node is fully YUM updated and has IPv6 enabled and
configured in its own "Network Services" / "TCP/IP".

In your "VPS Management" (or via "vzctl set ...") assign at least one
IPv6 IP address to your BlueOnyx 5209R VPS.


BlueOnyx 5209R / Vsite IPv6 usage:
==================================

If you do have "IP-Pooling" enabled, make sure your assigned IPv6 IP
address(es) have their own IP-Pooling range. They should have.

Under "Virtual Site Management" in Vsite "General Settings" you can see
"IPv4 IP Address" and "IPv6 IP Address" - provided your server has both
IPv4 and IPv6 enabled. Enter an IPv6 IP address for the Vsite and save
your changes.

If a Vsite has both IPv4 and IPv6 IP addresses, it'll be reachable under
both protocols, provided you also create a DNS AAAA Record that matches
the IPv6 IP to the FQDN.


APF users please note:
======================

If you are using the Advanced Package Firewall (APF) from the BlueOnyx
Shop, then please note that APF v6.0.X does *NOT* support IPv6. It only
generates firewall rules for "iptables" and not "ip6tables".

Hence enabling IPv6 in addition to IPv4 will open up *all* ports and
services on IPv6 and APF v6.0.X will not protect you there.

However: Tomorrow (together with the YUM updates) we will also release
APF v7.0.0 in the shop, which supports both IPv4 and IPv6.


Pure IPv6 usage of BlueOnyx 5209R caveats:
===========================================

Sooner or later someone will probably try to run a BlueOnyx 5209R with
only IPv6 IP addresses. This is entirely possible and supported,
although if you do so, you may be unable to send email to mailservers
that are only reachable via IPv4. Hence at this time it may be
undesirable to configure a BlueOnyx completely with IPv6 in mind.

Recommended practice if email usage is a must (and it typically is)
would be to set the server up with at least one IPv4 IP address and then
as many IPv6 IPs as you'd like. All Vsites for example could run on
IPv6, but then also set up a MX record that points to the A Record of
the server itself.

The BlueOnyx webpage and the primary YUM repositories are now reachable
both on IPv4 and IPv6 and eventually NewLinQ might be reachable via IPv6
as well.


-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list