(I mentioned that userw01, the server that terminates my tunnel to the IPv6 Internet, is down in a previous post)

According to #ipv6:

00:02 < km-> The hardware for usewr01 failed. OCCAID is in the process of shipping a server from a different facility to replace the failed hardware. ETA for replacement is estimated to be by mid-January due to double cross-country ground shipping.

Not fun.  This means IPv6 DNS, mail, website, etc. is all going to be out until mid-January, not to mention IPv6 Internet access for my network!  The latter I was able to tackle.  However, it's the dirtiest thing I've ever done: IPv6 NAT.

PF supports it.  So, I picked up a new tunnel through Hurricane Electric.  The latency to their NYC PoP is < 1ms via IPv4, and 4.0ms via IPv6 - not bad.  It just took a dirty one-liner to NAT my whole network out of the HE tunnel, so I wouldn't have to renumber:

# IPv6 temp he.net                   
nat on $he from <v6net> to any -> ($he)

v6net is my existing /48 from SixXS and $he is the HE tunnel interface.  Works like a charm!

I've removed a couple of the public AAAA records for www, mail, etc. so users with IPv6 connectivity don't have to wait through timeouts.  I just need to remember to hit all the XXX marks in the zone file when userw01 does come back up…

New comments are currently disabled for this entry.