1

So I have a SERVER that that utilizes RHEL's (assume 5.6) underlying kernel for setting up TCP connections and other networking aspects. My deployment need requires that the SERVER have dual IP address, an IPv4 and an IPv6 address. The SERVER interacts with two entities, one on the left having an IPv6 address and one on the right having an IPv4 address (as shown in the figure below). The left entity sends a message M to the SERVER over a TCP/IPv6 socket. The same message M needs to be delivered to the right entity by the SERVER over a TCP/IPv4 socket.

My questions:

  1. Does RHEL 5.6 allow this? I am assuming yes, but would request any issues I would need to be aware of from configuration perspective.
  2. Any limitation from process/thread standpoint? I believe the IPv6 thread/process that manages the connection needs to communicate with the IPv4 thread/process? How complicated is that?
  3. Any impacts to scalability with respect to number of TCP connections either side of the IP interface (IPv4 and v6)?

Thank you!

enter image description here

user947914
  • 121
  • 3
  • 1
    You'll need a proxy of some kind. There's no protocol translation between IPv4 and IPv6 so it can't simply be done with `iptables`. What is the application protocol? – bahamat Apr 10 '13 at 23:13
  • Can you give more details about what you mean by message? Is it a particular protocol ( HTTP, SNMP, SMTP, DNS, FTP). Or are you looking for a generic solution that can handle any IP packet? – becomingwisest Apr 11 '13 at 01:27
  • @becomingwisest it's a custom protocol packaged as a TCP payload. – user947914 Apr 11 '13 at 18:02

3 Answers3

1

If it's a simple IPv6-to-IPv4 translator, this could be done through IPTables and a translation rule. Or alternately, funnel it through something like stunnel if you really need the network connection to terminate on the server.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
0

RHEL 5 (and it's siblings like CentOS) have quite poor IPv6 support, particularly in the kernel's connection tracking.

As mentioned, you need to configure either a NAT64 [1] or application proxy to relay the message. AFAIK, RHEL 5 does not have any tools to do that.

[1] http://en.wikipedia.org/wiki/NAT64

fukawi2
  • 5,396
  • 3
  • 32
  • 51
0

NAT64 can cause MTU problems. Proxy software is a better solution. Haproxy is one I can recommend. You will need to install some software to make this work. I don't think RHEL5 has a recent enough haproxy package.

PS: Keep an eye on the ISOC Deploy360 website. A whitepaper on exactly this issue will be published soon.

Sander Steffann
  • 7,712
  • 19
  • 29