-----BEGIN PGP SIGNED MESSAGE-----
I'm having no trouble using IPv6, with a AYIYA tunnel from SixXS.
I can SSH to proxy4 over IPv6, and visit the site with IPv6.
I agree with Matt that we shouldn't just right now switch off IPv6 or
make it only restricted to www.ipv6.fp.o
. If we did that, the other
domains wouldn't get any IPv6 because something like
is a bit too long and would cause a huge mess in the zone file.
We should wait and see until Saturday or Sunday and see if we hear any
more issues before taking big actions like disabling IPv6 or acting
like Google about IPv6 (subdomain for IPv6).
On Sep 9, 2009, at 10:29 PM, Matt Domsch wrote:
On Thu, Sep 10, 2009 at 05:16:23AM +0000, Daniel Drown wrote:
> That said, the various MSS fixes (point #2 and the origional
> poster's iptables
> command) avoid the problem for TCP.
rhel5, which is what we're running in production, has a kernel old
enough that it doesn't have the iptables --clamp-mss-to-pmtu
capability for ipv6.
We've had over 5000 successful connections using ipv6 this week, and
about 5 _reported_ failures. In the same time, we've had millions of
successful v4 connections. I'm inclined to believe the failures,
while annoying, are still few and far between compared with the rest
of our traffic. I'm not quite ready to turn off ipv6 again, or switch
to forcing "knowledgable" users to use www.ipv6.fp.o
, as it would drop
our IPv6 userbase to effectively zero.
Technology Strategist, Dell Office of the CTO
Fedora-infrastructure-list mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
-----END PGP SIGNATURE-----