On Thu, Feb 3, 2011 at 1:45 PM, Brion Vibber <[email protected]> wrote: > On Thu, Feb 3, 2011 at 1:41 PM, Jay Ashworth <[email protected]> wrote: > >> If we NAT between the squids and the apaches, will that adversely affect >> the ability of MW to *know* the outside site's IP address when that's v6? >> >> You're not just changing addresses, you're changing address *families*; >> is there a standard wrapper for the entire IPv4 address space into v6? >> (I should know that, but I don't.) >> > > There's no reason to NAT between the squid proxies and apaches -- they share > a private network, with a private IPv4 address space which is nowhere near > being exhausted. > > Front-end proxies need to speak IPv6 to the outside world so they can accept > connections from IPv6 clients, add the clients' IPv6 addresses to the HTTP > X-Forwarded-For header which gets passed to the Apaches, and then return the > response body back to the client. > > The actual backend Apache servers can happily hum along on IPv4 internally, > with no impact on IPv6 accessibility of the site.
XFF mode forwarding seems to make the problem pretty much go away, yes. Thanks for confirming that's what's in use. -- -george william herbert [email protected] _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
