Monthly Archives: June 2016

Setting up IPV6 on Linux and on apache,nginx webserver

As we know internet is running out of IPV4 addresses and various companies like Apple has been asking for using IPV6 addresses for your ios 9 app to be used on Apple Stores. More info https://developer.apple.com/news/?id=05042016a.

So first thing is where to look for IPV6 hosting providers there are now in existence for AWS you can use ELB(Amazon Load balancer) supporting IPV6, digitalocean, godaddy etc.

The real deal comes in setting up ipv6 addresses on your ethernet devices and running your webserver with the IPV6 ip.

For dhcp just an example  sample file you can put this in /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0″
BOOTPROTO=”dhcp”
NM_CONTROLLED=”yes”
ONBOOT=”yes”
IPV6INIT=yes
IPV6ADDR=2001:08D8:0971:4D00:0000:0000:0064:CF72/64
IPV6_DEFAULTGW=fe80::1

Then restart your network service if it is your redhat/centos/fedora use the below command:-

#service network restart.

From your cpanel set the IPV6 address as AAAA record to your domain to get binded on your public IPV6 address provided by your VPC/Cloud provider.The AAAA record is similar to the A record, but it allows you to point the domain to an Ipv6 address.

Then you can use host,dig,ping  command to check your ipv6 configuration.

host -t AAAA www.alokthaker.com

ping6 2001:08D8:0971:4D00:0000:0000:0064:CF72

64 bytes from 2001:8d8:971:4d00::64:cf72: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 2001:8d8:971:4d00::64:cf72: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 2001:8d8:971:4d00::64:cf72: icmp_seq=3 ttl=64 time=0.037 ms

dig AAAA www.alokthaker.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> AAAA www.alokthaker.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11520
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.alokthaker.com.            IN      AAAA

;; AUTHORITY SECTION:
alokthaker.com.         900     IN      SOA     ns01.one.com. hostmaster.one.com. 2016060508 14400 3600 1209600 900

;; Query time: 41 msec
;; SERVER: 10.255.255.4#53(10.255.255.4)
;; WHEN: Tue Jun 14 12:04:05 2016
;; MSG SIZE  rcvd: 92

Note that my domain doesn’t has IPV6 Assigned so you would not get the IPV6 address but if you have an IPV6 address assigned to AAAA record you would see in the results of dig command during DNS lookup.

From windows machine you can ping ipv6.alokthaker.com to check or use nslookup utility to get the IPV6 address allocation to your domain.

To know the main differences between IPV4 and IPV6 a nice link you can go through.

http://www.omnisecu.com/tcpip/ipv6/differences-between-ipv4-and-ipv6.php

To check your domain is passing the test of IPV6 for your www you can use http://ipv6-test.com/validate.php or http://go6.se/check/. There are many more sites too for the same.

Before using the tools you have to configure your webserver to listen on your IPV6 ipaddress.

For apache you can put the following lines in httpd.conf

Listen [IPV6 address]:80

For more you can see http://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/

For nginx you can see http://www.cyberciti.biz/faq/nginx-ipv6-configuration/

Sometimes you might not be able to access IPV6 sites to firewall enabled in Linux. So use iptables6 to accept the traffic and make your own rules.

Feel for any queries or comments.

-Alok Thaker

 

Linux Certifications

Lot of administrators and even developers are opting for Linux certifications but there has been a lot of confusion which one to go for.  Linux has various flavors like Redhat,SUSE, Ubuntu,Debian etc so the confusion persists being various distributions available.

Entry Level

The certifications in this section are ideal for junior-level network administrators of small networks, as well as individuals who install or provide technical support on Linux systems.

Linux Professional Institute Certified – Level 1 (LPIC-1)

This is a solid, well-established, vendor-neutral certification best suited for junior-level Linux administrators. There are other LPIC certifications level 2 and 3 covering network and security level expertise to pass.

Mid-Level

If you work on small- to medium-sized enterprise networks or provide mid-level systems support and operations, any of these certifications should serve you well.

Red Hat Certified Systems Administrator (RHCSA)

The Red Hat distribution of Linux is widely used at the enterprise level and this credential benefits greatly from that name recognition.

Oracle Certified Professional, Oracle Linux System Administrator

Although Oracle’s associate level credential has been around for a while, this professional-level credential is a brand new certification requiring more in-depth expertise. Stack this on top of an OCA Linux Administrator credential and you’ll have a major “in” for corporate jobs where Oracle has a long-established presence.

Red Hat Certified Engineer (RHCE) — this cornerstone Red Hat certification is designed to test and validate the skills and knowledge necessary to work as a senior-level Linux system administrator. Topics covered include advanced IP routing and services, managing runtime kernel behavior, working with iSCSI, automating maintenance tasks with shell scripts and working with networking services for Web, FTP, NFS, SMB, SMTP, SSH and more. An RHSCA is a prerequisite for the RHCE.

Red Hat Certified Architect (RHCA) — Red Hat’s pinnacle certification takes the RHCE or Red hat Certified JBoss Developer (RHCJD) as a prerequisite, and also requires candidates to earn at least five certificates of expertise within one of the concentrations: Datacenter, Cloud, Application Platform or Enterprise Application Development. Expertise areas include OpenStack, hybrid cloud storage, JBoss administration, platform as a service (PaaS), deployment and systems management, virtualization, clustering and storage management, server hardening and performance tuning. Each certificate requires passing a performance-based exam, which lasts up to six hours. This is a grueling, difficult, expensive and time-consuming credential to earn but is valued highly.

Feel free for any comments or queries.

-Alok Thaker