Apr 132012
Spend 30 minutes with IPv6 every Friday!

The World IPv6 Launch is getting close and you need to get your web server accessible over IPv6 pronto, to get time to test it and make sure that all backend systems like statistics, captchas and database-driven applications work like before. Today, I’ll try to share some tips and tricks that can be useful in your work. Please don’t hesitate to add a comment below if you have some experience, trick or advice to share!

Quick recap: Your todo list

In January, I wrote an article called “Your new goal: The World IPv6 Launch” . Start with going back and reading that, as it gives you a good outline of your to-do list. While it may sound like a simple operation, it’s really something that takes time and resources. Now, what I did not mention at the time was the quick and dirty route. The reverse web proxy.

Quoting an article by Jeff Garzic on linux.yyz.us:

“Integrating IPv6 into a large web site necessarily involves lots of planning, software testing, and sysadmin time. Shortcut that time by configuring a proxy server that serves IPv6 HTTP and FTP requests, passing those requests through to underlying IPv4-only servers that not have yet been transitioned to IPv6. As an added bonus, most proxy servers can also cache data, reducing traffic to the underlying IPv4 servers. This allows organizations to roll out IPv6 on a completely separate network, without having to change or their primary web servers at all. Simply by “turning on” a new server, a web site automatically has IPv6 support.”

What is a reverse proxy server?

A reverse proxy server is a server that you place in front of your web server. This is often used to load balance, accelerate SSL/TLS connections or simply speed up by applying a cache. With a reverse proxy, the users HTTP request hits the reverse proxy, which forwards the request to the actual web server. The reverse proxy has all the web logs, statistics and TLS connection data. This is called a reverse proxy – since a normal web proxy, forwards requests from the users to the web server pointed to by the DNS record for the host name in the URL. The reverse proxy receives the request acting as the actual web server and forwards “backwards” to the web server in the back that hosts the content.

An IPv6 reverse proxy for your IPv4 web server – or the other way around

Most web proxys can act in reverse mode. And many of them support IPv6 to IPv4 gatewaying. Two popular Open Source choices are Apache with mod_proxy and the Squid Open Source proxy. Both of these exist as packages for Linux and *BSD operating systems, so they are easy to install.Both of these are stabile and well-tested applications that has been around for many years. They are used both in enterprise and carrier solutions and have a large user base. Apart from these (and many other Open Source web proxys) there are commercial offerings from many vendors.

How would a possible architecture look like?

First, remember that IPv4 and IPv6 are separate protocols. They do not need to end up in the same server. You can set up a separate server (or a virtual machine) for the reverse IPv6 proxy. This server needs to be dual stack, to have both IPv4 and IPv6. The requests will come in over IPv6 and be forwarded over IPv4 to your web server.

Now, your web server will receive all IPv4-based requests directly from the clients (or their web proxys). The IPv6 requests will go to your IPv6 reverse proxy. The DNS IPv4 entry – A – for www.example.com will point to your existing web server. The DNS IPv6 entry – AAAA – will point to your IPv6 web proxy on another machine.

Pros and cons with this setup

  • Con: You will get two servers to manage
  • Con: You will have to learn and configure a reverse proxy
  • Pro: You don’t have to change your existing web server
  • Pro: You will get more time to produce an improved IPv6 web service

Outsourcing the service is also an option

One of the benefits of IPv6 being a separate network is that you can not only put the IPv6 reverse web proxy on another server in your network, but you can also buy a service. There are many companies that can help you with this.

That is all for this week. I know you have things to learn and lab with, so I’ll leave you to it. Spend 30 minutes on learning about the reverse web proxys and IPv6 – follow the links in this article!