The World is running out of IPv4 addresses, but luckily, we have IPv6 here now, and running the whole data center on IPv6 only is not just happening, it’s becoming the standard. But what if you have an app, a daemon, or a container that actually needs IPv4 connectivity? Then you may use 464XLAT to provide an IPv4 tunnel through your IPv6 only infrastructure. Clatd is one component in 464XLAT.

Clatd is a CLAT / SIIT-DC Edge Relay implementation for Linux. From the GitHub wash label:

Clatd implements the CLAT component of the 464XLAT network architecture specified in RFC 6877. It allows an IPv6-only host to have IPv4 connectivity that is translated to IPv6 before being routed to an upstream PLAT (which is typically a stateful NAT64 operated by the ISP) and there translated back to IPv4 before being routed to the IPv4 internet. This is especially useful when local applications on the host requires actual IPv4 connectivity or cannot make use of DNS64 (…) Clatd may also be used to implement an SIIT-DC Edge Relay as described in RFC 7756.

Note that Clatd relies on Tayga for the actual translation of packets between IPv4 and IPv6.

Yesterday, I pushed Clatd for Fedora testing and EPEL testing. Please test and report feedback by Bugzilla.

For more information on Clatd, see the documentation included in the package, or the Clatd GitHub home page. For more info on Tayga, visit http://www.litech.org/tayga/.

For general information about the process of transitioning to the bright future of IPv6, consider https://en.wikipedia.org/wiki/IPv6_transition_mechanism

Ingvar Hagelund

Team Lead, Application Management for Media at Redpill Linpro

Ingvar has been a system administrator at Redpill Linpro for more than 20 years. He is also a long time contributor to the Fedora and EPEL projects.

The irony of insecure security software

It can probably be understood from my previous blog post that if it was up to me, I’d avoid products like CrowdStrike - but every now and then I still have to install something like that. It’s not the idea of “security software” per se that I’m against, it’s the actual implementation of many of those products. This post lists up some properties that should be fulfilled for me to happy to install such a product.

Free and ... [continue reading]

Thoughts on the CrowdStrike Outage

Published on July 23, 2024

Alarms made right

Published on June 27, 2024