Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

IPV6 Assessment

From EGIWiki
Revision as of 09:48, 2 November 2017 by Spinoso (talk | contribs)
Jump to navigation Jump to search

Core/EGI services

Core/EGI service Contact point IPv6 readiness Comments
Accounting repositories and portal
 Adrian Coveney PARTIAL Portal is OK, updates to SSM required to support IPv6.
Activities and services for the long tail of science
 Stéphane Gérard
 YES hosted by CYFRONET, check CYFRONET
Application DB Kostas Koumantaros YES
Collaboration tools Martin Kuba YES full support
E-GRANT services hosting and technical operations Tomasz Szepieniec CANCELLED
 to be integrated in Marketplace
Helpdesk (GGUS) Guenter Grein PARTIAL For production instances IPv6 configuration is scheduled for the GGUS release on July, 26th 2017.
Helpdesk human support Zdeněk Šustr YES human support, no need to assess readiness
Message brokers Christos Kanellopoulos YES
Monitoring services Christos Kanellopoulos YES
Operations Portal Cyril L’Orphelin PARTIAL planning to virtualize and replace a part of the web cluster (the only non-IPv6 compliant part) next year (2nd semester)
Security coordination and security tools David Kelsey UNKNOWN
Service registry (GOCDB) George Ryall PARTIAL IPv6 ready, STFC not ready
Services for AAI Christos Kanellopoulos PARTIAL

The EGI Catch All CA CRL is served only via IPv4 at the moment, but this will be fixed soon

The EGI Catch All VOMS services, do NOT support IPv6 and there is no plan to support it

UMD quality assurance Jorge Gomes NO IFCA/LIP no plans, CESGA partial
UMD software provisioning infrastructure Kostas Koumantaros YES
CheckIn Christos Kanellopoulos YES
CSGF Roberto Barbera YES
CVMFS Stratum-0 Catalin Condurache PARTIAL IPv6 ready, STFC not ready
DIRAC4EGI Andrei Tsaregorodtsev YES The DIRAC software is dual stack already
and supports IPv4/v6 client server communications. However, the hosting infrastructure at
CYFRONET where the DIRAC4EGI servers are running is still IPv4 and not IPv6 ready according
to the local administrators. I do not have time estimations from them about the IPv6 enabling.
EC3 Miguel Caballer YES
Perun Michal Prochazka YES
User registration portal Roksana Dobrzańska CANCELLED to be integrated in Marketplace
WS-PGRADE Zoltán Farkas YES No tests so far, but should be ready.

UMD

The following tables collects the products tested so far during the UMD software provisioning process. Moved from https://wiki.egi.eu/wiki/Middleware_products_verified_for_the_support_of_IPv6


Product name IPv6 support Comments GGUS ticket
CREAM YES

DPM YES

FTS YES

BDII YES

LFC YES

VOMS-SERVER YES

UI YES

StoRM YES

frontier-squid-3 YES

argus-pep-api-c, lcmaps-plugins-c-pep, argus-gsi-pep-callout, argus-pepcli, XACML YES argus-pep-api-c, lcmaps-plugins-c-pep, argus-gsi-pep-callout, argus-pepcli rely fully on libcurl, hence is fully dual-stack. XACML

does not create sockets or do name lookups.


lcmaps-plugins-scas-client PARTIAL lcmaps-plugins-scas-client does do a name lookup and socket creation and

is currently not IPv6 compliant, but can only connect over IPv4. This is fixed in our trunk and will be released together with a fix for OpenSSL 1.1, which is currently blocked by VOMS.


dCache
 YES All currently supported versions of dCache support IPv6 in dual-stack and stand-alone mode.

Since dCache is a distributed system, it is possible to have a dCache cluster that comprises of a mixture of IPv4-only, dual-stack, and IPv6-only machines.  This, too, is supported, but obviously an IPv4-connected client cannot be redirected to an IPv6-only node. In such cases, dCache will make internal replicas or proxy the data.

CMD and FedCloud product readiness

Infrastructure status and plans

IPv6 infrastructure readiness
NGI
 Status and plans Total sites
 Sites implementing IPv6
 Is NREN ready?
 Willing tutorial on IPv6 in general Willing tutorial on IPv6 security Comments
AsiaPacific






CERN






NGI_AEGIS






NGI_ARMGRID






NGI_BG






NGI_BY






NGI_CH






NGI_CZ






NGI_DE






NGI_FI






NGI_FRANCE






NGI_GE





In Georgia there is only one Grid site and it is IPv4 only, the same is GRENA network. Currently we are not planing to introduce IPv6 because there is still no demand in it. In this situation mentioned tutorials will not be very useful for our system administrators.
NGI_GRNET






NGI_HR






NGI_HU






NGI_IBERGRID






NGI_IL






NGI_IT






NGI_MARGI






NGI_MD






NGI_ME
 WON'T_DO 1
 0
 NO


NGI_NDGF






NGI_NL
 WILL_DO 3
 3
 3
 NO
 NO

If you, and another NGI or site, are offering capabilities and services that are not yet v6 enabled and offer status web content, please consider fronting it with e.g. CloudFlare's free offering to gain such v6 capability at no cost to you and for the benefit of all

Security training is in general always good, but - just if case they did not get it - for IPv6 a pointer to the proper guidance RFCs on v6 security should be good. The HEPiX v6 WG also has relevant materials in this area that can be re-used.

NGI_PL






NGI_RO






NGI_SI






NGI_SK






NGI_TR
 WILL_DO 3
 3
 YES
 YES
 YES
NGI_UA






NGI_UK






ROC_Canada
 WILL_DO
 4
 4
 YES
 YES
 YES
 Four sites: one site has storage testbed with IPv6 enabled and plan to put all production storage services on IPv6 (dual stack) before April 2018. Another 3 sites plan to implement dual stack in 1~2 years.
ROC_LA






Russia






IDGF






NGI_CHINA






WLCG plans

References

Retrieved from "https://wiki.egi.eu/w/index.php?title=IPV6_Assessment&oldid=97705"