HAProxy for IPv6 translation to IPv4-only website

Background:
Have you heard of World IPv6 Day? On June 8 2011, a lot of very prominent web sites, like Google, Facebook, Yahoo and many more, are going to host their web site on dual stack for the day. They do this by publishing a AAAA DNS record, that’s an IPv6 address in DNS, so their site will resolve and be available on both IPv4 and IPv6 simultaneously. In other words, if you type in www.google.com on June 8 2011 and your computer can reach the IPv6 Internet, then your browser will fetch the AAAA record and connect to google’s site via IPv6, instead of IPv4. If you don’t have IPv6, you’ll just connect the same old way you do today. Either way, it’s going to be rather transparent to the end user, unless these sites flash something to users to say “HEY, YOU CONNECTED OVER IPv6″.

Challenge:
So, thinking about any web site out there that currently lives on IPv4, how can we make it dual stack, without owning or touching the existing servers? Answer: with a proxy. We want this proxy to be a separate machine, anywhere on the Internet, that already has dual stack hosting.

The dedicated, dual stacked proxy server will listen on an IPv6 IP address and forward that traffic to an IPv4 address. Can this be done reliably for a web site for World IPv6 Day. I think yes, it can. For one, the percentage of Internet traffic that’ll come over IPv6, even on this day, is only about 1% to 5%. So, as long as this proxy server can handle 5% of your normal load, it’ll work.

You can use HAProxy, available at http://haproxy.1wt.eu/, to turn your Linux or Solaris based dedicated (or virtual dedicated) server into an IPv6 translation proxy! And, it’ll work for both HTTP and HTTPS.

You don’t need to load the HTTPS ssl cert, either. HAProxy can TCP proxy, instead of HTTP proxy, so the end user will be talking directly to the server. The only caveot to this is that all traffic from your proxy will appear to the server as coming from the proxy ipv4 ip. You’ll lose all visibility of src ip.

Read on to see the proof of concept, this in action:

Read more

Cox Communication (NOT) using IPv6 transition mechanism 6to4 Relay anycast prefix

This is how Cox is providing us with IPv6 today.

(2/16 UPDATE – I WAS WRONG, MORE DETAILS OF CORRECTION AT BOTTOM OF POST. I AM GETTING IPV6 THROUGH 6TO4 ANYCAST RELAY, BUT NOT PROVIDED BY COX. THIS ARTICLE IS STILL VALID, JUST THAT IT’S NOT COX SUPPLYING IT)

http://www.ietf.org/rfc/rfc3068.txt

Check the comments out on this:
http://whois.arin.net/rest/net/NET-192-88-99-0-1

And what happens when I traceroute to 192.88.99.1 from home:

Read more