Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] bacula IPv6 status (unofficially)

2011-06-10 09:54:50
Subject: [Bacula-users] bacula IPv6 status (unofficially)
From: Gavin McCullagh <gavin.mccullagh AT gcd DOT ie>
To: Bacula Users List <bacula-users AT lists.sourceforge DOT net>
Date: Fri, 10 Jun 2011 14:51:29 +0100 
Hi,

just a short note to say that I've been testing Bacula's IPv6 support of
late and have generally found it to be good.

We have:

 - consoles connecting to the director over IPv6
 - director talking to SD and FD over IPv6
 - FD talking to SD over IPv6

As you might expect, if you configure Bacula to connect to a FQDN and
there's no AAAA record, you just get an IPv4 connection.  If there is a
AAAA record available, and a suitable IPv6 route, Bacula will generally try
to connect over IPv6 first and then if it gets a TCP reset (the far end
isn't listening on IPv6) or a timeout (maybe a firewall blocking the
connection), Bacula retries using IPv4 and life proceeds as normal.

A couple of things worth noting:


== Daemon Address Config ==

Thus far, we've found the best thing to do is to use the multiple address
configs with an explicit IPv4 and IPv6 record, eg (for the FD):

  FDAddresses  = {
    ipv4 = { addr = my.fq.dn; }
    ipv6 = { addr = my.fq.dn; }
  }

If you just use ip = {}, I've found that it only binds to the IPv4 address,
you need to explicitly have an ipv6 entry.  The same applies to the
director and storage daemon.  I'm open to better suggestions.

I think Bacula usually listens on 0.0.0.0 (all IPv4 addresses) by default,
but doesn't listen on :: (all IPv6 addresses).  I'm not sure if this is by
design, but I guess perhaps it's arguably sensible to only listen on IPv6
where it's explicitly enabled for now.  The main point is that it can be
enabled.

With IPv6 addresses, if you use SLAAC (stateless address auto-config), the
host's IP address is based on its MAC address, so it doesn't change.  If
the host uses privacy addresses the address may change.  On Windows 7, as I
understand it there are two addresses, one is initially created randomly
when you plug into that network but it stays constant on that network (this
is the one you expect to receive connections on and which usually goes in
the DNS).  A second address is for outgoing connections and changes at each
reboot (or every 24 hours on Windows Vista apparently).


== TCP wrappers ==

In my experience at least, if you use TCP Wrappers on Linux, you need to
enter the IPv6 address of the Bacula daemons which will be connecting.
Although a FQDN will allow an IPv4 host in, you seem to need the IPv6
address.  At a guess, this probably has more to do with tcp wrappers than
Bacula though.

This is one situation where Bacula will fail over IPv6 and not revert to
IPv4 which might still work.  This is because it's not a connection
failure, it's an authentication failure, so that makes some sense.

Gavin



------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] LTO2 get filled at 136GB or 85GB, Marcello Romani
Next by Date:  Re: [Bacula-users] Bacula admin tool and bacula services version, Radosław Korzeniewski
Previous by Thread:  [Bacula-users] LTO2 get filled at 136GB or 85GB, Thomas Stegbauer
Next by Thread:  Re: [Bacula-users] bacula IPv6 status (unofficially), Gavin McCullagh
Indexes:  [Date] [Thread] [Top] [All Lists]