After spending a fascinating afternoon with IPv6 and Novell OES2 and a myriad of manuals, technical notes and endless searches through forums I thought it time to try and separate the reality from the promise and write up what I found out about IPv6.
Starting with two IPv6-enabled workstations; one running Ubuntu linux (32bit, 10.04) and the other Windows XPsp3 with the Microsoft IPv6 protocol enabled, how far can I get? Both workstations can ping6 each other and both can make SSH and HTTP connections to both on-campus and off-campus systems over IPv6. (The linux system using OpenSSH, firefox and chrome, the Windows system using PuTTY, firefox and chrome). Novell connectivity is provided by ncpfs on the linux system, Novell client 4.91sp4 (??check??) on Windows XP.
IPv6 is enabled by default on an OES2 box when installed – ours were installed as OES2/SLES10sp2 then later upgraded to OES2sp2/SLES10sp3. The basic configuration available through yast is to either enable or disable the protocol – that’s it. The OES2 servers then come up with an autoconfigure address and if you’re a fan of long unwieldy numbers, I can ping6 the address immediately because our network infrastructure people have ensured that we have a working IPv6 as well as IPv4 network, and my linux workstations have both protocols available. The fun then starts when you try to make the OES2 server use IPv6 rather than just have IPv6 available as a kind of bragging point.
A quick visit to the management front end of our DNS system and tick-a-box to say that the OES2 servers are using “auto” on the IPv6 network, magic occurs in the background, and the DNS now serves AAAA records allowing us to use host names from now on. Confirmed by a quick
So what services on the OES2 box will actually use IPv6 by default, and which other ones can I configure to do so?
By default on an OES2sp1 box it looks as though Apache and sshd are listening, netstat on the server shows us what ports are open:
$ netstat -an |grep "::.*LISTEN" tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::9009 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::443 :::* LISTEN
I’ve confirmed both SSH and HTTP are available over IPv6 as both ssh and firefox or chrome on the linux workstation default to making IPv6 connections to this box. Unsure what is using port 9009 (tomcat I suspect), 25 is the postfix implementation listening internally. Pointing an IPv6-enabled browser at the OES2 server gets the standard Novell front page, then we can find out what protocol we used:
$ netstat -an |grep ":80" Password: tcp 0 0 0.0.0.0:8008 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN tcp 0 0 130.194.x.y:8028 0.0.0.0:* LISTEN tcp 0 0 130.194.x.y:8030 0.0.0.0:* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 2001:388:...:80 2001:388:...:41206 TIME_WAIT
Likewise, ssh to the OES2 server from the linux workstation, then check whether we’re using SSH (port 22) on IPv4 or IPv6:
$ ssh oes2svrFQDN netstat -an |grep ":22" Password: tcp 0 0 18.104.22.168:524 22.214.171.124:22606 ESTABLISHED tcp 0 0 :::22 :::* LISTEN tcp 0 1072 2001:388:608c:888:25:22 2001:388:608c:488:59561 ESTABLISHED
Sadly, that seems to be about it. All the core Novell services; eDirectory, NCP file access, NRM all seem to only use IPv4 and not to be configurable to use IPv6. I may be mistaken, but so far I’ve not been able to make them work.
Works. Both the linux OpenSSH and Windows PuTTY implementations default to asking the DNS for AAAA records first and using IPv6 if available.
Works. Both the linux firefox and chrome, and Windows XP firefox and chrome implementations default to asking the DNS for AAAA records first and using IPv6 if available.
TODO: test IE7 access on Windows XP
The default Novell front-page offers little other than links to other services;
- iManager: continues to work on IPv6
- iMonitor: defaults back to IPv4 using port 8030
- NRM: defaults back to IPv4, using ports 8008 and 8009
With LDAP available on the OES2 box, port 389 is open on IPv4 but not on IPv6.
Attempting to add IPv6 addresses to the n4u.server.interfaces entry in
/etc/opt/novell/eDirectory/conf/nds.conf appears to have no affect. The specified port does not show up in the netstat open ports list and no connection can be made to the port from the linux or Windows XP workstations.
Two servers on the same subnet, both with IPv6 enabled and capable of contacting each other over IPv6 via HTTP and SSH, only IPv4 is used for NCP connections between the servers.
A Windows XP workstation with a working IPv6 stack; capable of contacting the IPv6 OES2 server via HTTP (firefox and chrome) and SSH (PuTTY) over IPv6, uses IPv4 for Novell drive connections and all other NCP connections to the OES2 server (Novell client 4.91sp1)
One cryptic comment in the source for ncpfs could be read to imply that there is an NCP implementation available that uses IPv6, but that it is not available to the public.
NRM / HTTPSTK
The addresses used are specified in
/etc/opt/novell/httpstkd.conf, but no examples are given of IPv6 configurations and I was unable to find one by experimentation.
Seems there’s some way to go, or at the very least, that I’ve got a considerable number of manuals to read to try and locate the vital nuggets of information.
Frustratingly, the majority of searches regarding IPv6 seem to turn up documents simply telling people to “disable IPv6 due to issues” in very hand-waving voodoo way, without specifying the “issues” (ie problems) that were experienced.