Are there any know issues with running the org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder a purely IPv6 environment? I looked here and it mentions there may be issues with clusters becoming detached but does not offer any specifics. Any information would be appreciated, thanks.
I'm not aware of any IPv6 problems per se, so if your network is configured correctly I would expect it to work.
The problem we typically see when IPv6 is enabled is that it's possible to route to the IPv4 address but not the IPv6 address -- which is why setting preferIPv4Stack works.
Related
My Setup/Goal:
I'm running a specific version of Debian 10 on my rpi 4b and have nextcloudpi installed on top. This results in the need for another (virtual) interface because nextcloudpi runs on apache2, port 80 (as well as pi-hole).
I could have changed the apache port 80 but I want another interface/IP for my pihole/unbound setup. I could have also achieved it by using docker but it failed (either because IPv6 and macvlan are sometimes a bit buggy within docker or because my brain is a bit buggy).
However, I've installed Pihole successfully using IPv4 and IPv6 (local unicast fd00) of my macvlan. I have told apache to only use my physical interface IP, bound lighttpd to the other IPv4 of my Macvlan, and configured pihole to use the IPv4 and IPv6 local unicast of my Macvlan (setupvars.conf).
Central issue:
My central question: How do I configure unbound correctly to use the Macvlan interface? Do I have to change the default config at all?
Assuming my macvlan IPv4 looks like: 192.168.178.123/24,
what would my interface line look like?
Would I just need to add
interface: 192.168.178.123#5335
interface: my corresponding local unicast address of my Macvlan#5335 (fd00....)
???
Some further questions regarding Macvlan:
My Macvlan has also a global unicast address and I'm not sure about it since I remember a post which told me that macvlan with a global unicast address might be a security risk? In case this is true: how do I disable the global address for my Macvlan?
The important line if my interfaces.d file is:
pre-up ip link add name macvlan1 link eth0:1 address 02:3E:A6:22:01:05 type macvlan
Do I have to add "mode bridge"? What does it exactly do? I've read some information about networks and bridge mode in general but I'm still not sure whether to use or not?
So would it be
.... type macvlan mode bridge
?
Thank you much for your help!
I was successful by using the run command.
docker run --name=unbound --net=macvlan_network --ip=xxx.xxx.xx.x --restart=unless-stopped --detach=true mvance/unbound-rpi
I have setup a CentOS VM to test Hadoop. I set a network interface in NAT mode with a paravirtualized network type interface. Port redirection for SSH (TCP 22) works without issues. However some other ports do not seem to fully work (9870, 8042, 9864). I can see some "action" happening. Let me give an example for port 9870.
These are my rules (remember I said the SSH rule works without issues):
RulesX TCP 127.0.0.1 59870 10.0.3.15 9870
When I try to access http://127.0.0.1:59870 I get automatically redirected to https://127.0.0.1:59870 but eventually I get a ERR_TIMED_OUT error.
Tracing the traffic on the VM, I can see the traffic coming in but I cannot see any response back (I have one single network interface):
I am not sure what else to look at.
Any idea is highly welcome. Thank you!
More than likely, you need to open the non-standard ports on Centos firewall.
Open firewall port on CentOS 7
I am looking for a gateway service to transform an IPv6 address to an IPv4. I have a VPS connected to an IPv6 Network but my ISP is on IPv4. So I can't (or don't know how) connect via SSH to my VPS server.
I will appreciate any suggestions?
So you have a client machine on an ipv4-only network and you want to ssh into a machine on an ipv6-only network.
There are a few options.
6to4, works automatically through relays found by internet routing. 6to4 gateway machine must have a public IPv4 address. ipv6 address block is derived from ipv4 address. Relays are sometimes overloaded leading to poor performance.
teredo, works through relays found by internet routing but requires a configured server for connection setup. Several operators run free public teredo servers. Works from behind most NATs. Can be a bit fragile and relays are often overloaded.
configured point to point tunnels either free or paid for. Well-known free operators include Hurricane Electric and gogo6. Free tunnels may have restrictions on allowed protocols and/or poor performance.
I work in a company where almost all private ipv4 space is already used, so using 10.254.0.0/16 for service address space is a non-starter. I have carved out a /64 of ipv6 space that I can use, but I can't seem to make it work.
Here's my apiserver config:
# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=::"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port kubelets listen on
KUBELET_PORT="--kubelet-port=10250"
# Address range to use for services
# KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=fc00:dead:beef:cafe::/64"
# Add your own!
KUBE_API_ARGS=""
But when I try to start kube-apiserver.service I get an error about "invalid argument". Is it possible to use IPv6 for kubernetes?
I don't think IPv6 is fully supported. I don't think there is a strong motivation among the developers of the project to add IPv6 support, because the largest group of contributors is Google employees. Google Compute Engine (and thus Google Container Engine) doesn't support IPv6, so it wouldn't benefit Google directly to pay their employees to support IPv6. Best thing to do would probably be to pull in employees of companies that run their hosted product on AWS (as AWS has IPv6 support) such as RedHat, or try to contribute some of the work yourself.
From the linked PR, it looks like Brian Grant (Google) is, for whatever reason, somewhat interested and able to contribute IPv6 support. He'd probably be a good resource to query if you're interested in contributing this functionality to Kubernetes your self.
AWS already made IPv6 by default for almost all of their major services --
https://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/
Recently, the IPv6 support is accepted, one by another started too, in-fact, the POD implementation has done so far. k8 is moving towards Service and then issues.
Currently, the open blocker issues are still open with good use cases --
https://github.com/kubernetes/kubernetes/issues/27398
I have an iPhone app which relies on connecting via the local network to a server running on a user's mac/pc.
The server is running an http service on port 8080
I already add exceptions to the default windows firewall, or the default mac firewall to ensure traffic is allowed to reach my app.
However the most common customer issue is that the iPhone can't communicate with the server.
Normally this is the network router blocking traffic - though sometimes the user is running their own firewall which blocks the traffic.
Is there a protocol which will let me say something to the effect of
'will all the firewalls on this network, please allow communication to <an ip> on <a port> if the traffic originates within this network?'
I have looked into upnp - but that seems to concentrate on opening a port to the outside world which I don't want to do.
suggestions?
thanks in advance.
No, there is no such way or protocol aside from UPnP. And I wouldn't recommend it anyway because in company networks it would cause all sorts of problems and security issues if this were possible.
I'd suggest that you set up a FAQ entry or installation section for your software where you describe this common issue and give details to the customers how they can detect and solve this problem.
In general, higher ports (above 8000 or 16000) are not blocked or firewalled. I would seriously consider allocating a random port in that range.
Also, consider to advertise your service with Bonjour. Using Bonjour has the nice side-effect that your iPhone app does not have to know the port number. It can simply browse the network for available servers. If there is just one then connect to that, otherwise present the user with a list to choose.
Is there any way to run the server on port 80? You're likely to encounter fewer issues on a standard port.