[Users] Kernel panic in nf_conntrack_ipv6 IPv6 Firewall 2.6.27-aivazovsky

Michael H. Warfield mhw at WittsEnd.com
Mon Jan 19 16:49:32 EST 2009


On Mon, 2009-01-19 at 16:31 -0500, John Drescher wrote:
> >        Just don't load the IPv6 contracking module.  Disabling IPv6 is really
> > no longer an option and we might as well get use to it.  IPv4 address
> > space run-out is now within the foreseeable future (ICANN and the RIR's
> > have no settled on the allocation of the FINAL /8's and some locals will
> > be out within the next year or two).  I've been operational on the
> > global IPv6 network for well over 7 years now and there's just no more
> > excuse for this "head in the sand" approach to IPv6.
> >
> I usually disable ipv6 because all of my gigabit switches at work do
> not support ipv6 without a firmware update and I am not sure that all
> of them have firmware updates.

	That doesn't make sense.  IPv6 is a higher layer protocol.   Switches
will bridge and span based on MAC addresses on the link layer regardless
of the IP layer version.  I have yet to see a switch not pass native
IPv6 properly (much less tunneled IPv6 in all its myriad forms).  Even
my consumer level Linksys wireless router handles IPv6 properly (in
bridging mode).  I was advertising IPv6 routes across our Cisco
switching fabric at work ages ago.  It doesn't know or care about higher
levels.  Routers are another matter.  Switches are nothing.  Test it.
I'll bet you discover it just works.  I do routinely and I always do.

	OTOH...  If they are managed switches, they might not recognize IPv6
for their management ports.  THAT may be what you need your firmware
update for.

	I have yet to find a single spot on the Internet where I could not get
to IPv6 (including several cruise ships at sea), one way or the other
(yes, I have lots of tunneling tricks - they work real easy).  After
presenting what to look for in some of my talks on the subject, people
have come back to me saying they had seen that on their networks for
ages and just didn't know what it was.

	Right now...  According to Google, the US ranks 6th, in IPv6 adoption
as measured by their test project where they tested to see what clients
would preferentially connect to their IPv6 service (#1 was Russia -
maybe because of the hackers which are exploiting it to take advantage
of those who think they can ignore it).  Main source of US traffic on
IPv6 was Mac's, which have IPv6 and 6to4 enabled in Mac OS X.  Windows
XP has it (plus Teredo) available with only a couple of mouse clicks and
Windows Vista and Windows 7 have it enabled with no way to disable (and
had Teredo enabled as well).

> John

	Regards,
	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://openvz.org/pipermail/users/attachments/20090119/fccf56a9/attachment.bin


More information about the Users mailing list