There has traditionally a mentality of disabling IPv6 or otherwise ignoring it for simplicity. That has changed pretty substantially, though, in the past few years, but I’d like to get concensus.
I’d like to see our infrastructure be at least dual stacked, if not IPv6-native with IPv4 in the spots we need it (e.g. external VIPs). Retrofitting a v4-only infrastructure up to v6 is very not-fun.
How much address space is really needed? /29 are affordable and available in my experience. Real dual stack is always the best option. Everything else comes with a headache. And unfortunately there are still many systems and end devices which are v4 only… That is the reason why v6 adoption is often low priority in enterprise.
And with a /29 you have 6 usable addresses, so thats a good reason for native ipv6 ;-).
I know dual stack has less headache, that’s why a good high level design should be created first.
Yeah, right, good design is key. 6 addresses could get you far with reverse proxy / loadbalancer in front. And there was talk about overlay network / vpn. If for s2s connection e.g. between US and DE, there it would make sense to use only v6.
It’s been a while since I had to admin edge IP blocks (about 20 years ), but IIRC, you could not multihome with less than a /24, so we’d have to rely on a single upstream network provider to advertise anything smaller.
With the conversations elsewhere about HA, I think relying on one upstream provider would not be wise.
Geo-redundancy could be also achived by other means I guess. Not as independently as with own anounced IP space… But there is also much potential for disaster
It somehow all depends which cards we are dealt with. There already seems to be infrastructure in Germany and the US. Having two reliable independent hosting partner in these two regions is probably good enough?
Sure! As long as we have a load balancing service which can (re)direct users to the closest/fastest/etc UP location
Even if you tell the end users that services like the repos, ticketing system, etc are definitely not mission critical systems and therefore not built with true HA in mind, they will still complain and throw rocks if they get an error page on the rare occasion.
I’ll be provisioning a few servers in the next day or two. Until decided otherwise and/or until we get set up with our own ASN and IP space as an organization, I’ll be provisioning them dual-stack with a /28 v4 and /64 IPv6 with a /48 reserved. The servers will be placed on a VLAN together.
Well for multihoming, in addition to any blended transit myself or another provider would provide would require an ASN. Personally, as long as the upstream is decent, I don’t see an issue with using provider blend.
Yeah, we do need to get an org-id set up though, so we can manage ip contact info, etc.
I would consider just going with multiple providers instead of hosting everything on one (ex, if we were to rent dedicated servers from hosts).
That way we don’t have any issues with IP space (we can get it from the provider and request SWIP) and just figure out a way to load balance between the providers.
That way we’re not relying on a single provider and we could have better redundancy and availability for whatever is needed.
It probably wouldn’t work if the plan is colocation, but it could be useful as well.
The company I work for has reached out as well and can help with providing hosting once it’s needed, so I hope with help from additional companies, we wouldn’t need to purchase much.
Could PI address space be an option, that way Rocky-Linux gets a bit more flexibility for the near future and when switching to new hosting locations, or even be able to use them at multiple hosting companies/locations ?
Is this even a valid question? Shouldn’t Rocky try to a achieve what CentOS provided, binary compability? A reliable certification ground for RHEL products? Otherwise you could just take Debian, Arch or SUSE…