122
stateful
firewall.
Two
IPv6-only
DNS
servers
have
been
run
in
the
past;
now
the
main
servers
network/subnet
is
IPv6-
enabled the department’s three primary BIND9 DNS
servers have been IPv6-enabled.
The main Linux login server is IPv6-enabled, with ssh logins and sftp file transfer
available through the
firewall. Once
IPv6
is present on
the wire,
all that was
needed
was
the firewall hole to be opened up
for the service, an IPv6 AAAA DNS entry added for the
login
server,
and
the
sshd
daemon
with
IPv6
support
turned
on.
Offering
only
secure
protocols (and
not plain
ftp or telnet) can be easier to do when starting afresh
with
a
new
protocol.
NTP
has
been
provisioned
for
IPv6
by
use
of
both
the
RIPE
TTM
server
as
an
NTP
server,
and
also
a
dedicated
NTP
server
from
Meinberg,
that
supports
both
IPv4
and
IPv6.
Our
SMTP
and
MX
servers
now
exchange
external
email
over
IPv6.
IPv6
DNS
records
were added
for the
hosts that provide these services.
If the
sending or receiving
node
we
are
communicating
with supports
IPv6,
IPv6
transport
for
email
is
usually
preferred.
The department’s Wireless LAN (over 30 access points) is IPv6 enabled. Some Mobile
IPv6 has been deployed and tested between the WLAN and
the
local community
wireless
network
(SOWN),
using
the
MIPL
code
(which
lacks
security
elements,
but
is
usable).
The
more
advanced
WLAN
network
we
deployed
uses
802.1x
based
access
control,
 |