How to deploy IPv6 at a WLCG Tier-2 site

Submitted by sciaba on
Type

Introduction

The process of deploying IPv6 at a Tier-2 WLCG site  requires several steps and it has been followed only by a few sites, so far. This document will evolve into a detailed how-to guide for sites to follow, but initially it will contain a sketch of the procedure based on the experience of those sites which already deployed IPv6 in production.

IPv6 deployment steps

Very broadly speaking, the IPv6 deployment will require sites to go through these steps:

  1. Enable IPv6 at the network infrastructure level. This implies to ensure that all networking equipment (routers, switchers, adaptors) is updated, and al network services (DNS, etc.) are fully capable to work with IPv6, that host names are resolved to both IPv4 and IPv6 addresses, etc.
  2. Perform basic IPv6 connectivity tests on selected nodes where IPv6 has been enabled to ensure that there are no issues at this level.
  3. Deploy perfSONAR in dual stack and ensure that tests are run also via IPv6; check that the results are visible in the perfSONAR dashboard.
  4. Enable dual-stack connectivity on squid servers, using the latest squid version certified for Frontier (if applicable) and CVMFS. This change should be safe to execute, but check that no issues appear (for this purpose, SAM tests may be useful, if the supported VO has some for Frontier or CVMFS).
  5. If necessary, consult with the supported VOs to understand how to proceed with any experiment service hosted at your site and proceed according to the VO indications.
  6. Enable dual-stack connectivity on the site storage. This is arguably the most difficult step. If it cannot be tested on a preproduction instance, plan it in a way that allows for a fast rollback in case of problems.

Deploy IPv6 at the site

In this section, sites are invited to contribute with examples from their experience of what they had to do (or ask to be done) to achieve basic IPv6 connectivity.

It would be useful to give some tips on how to enable IPv6 on a modern Linux node (assuming it is not enabled by default).

Deploy squid for Frontier and CVMFS in dual stack

The latest frontier-squid-3 configuration works fine with IPv6. The installation instructions explicitly cover the case of IPv6.

Deploy perfSONAR in dual stack

The current version of perfSONAR works in dual-stack out of the box. To have it added to the dual stack mesh, send an email to duncan.rand@imperial.ac.uk.

Deploy dual stack on specific nodes (excluging storage)

This section should include instructions to make squid dual stack, which should be fairly straightforward. Other services may have to be duack stack depending on the supported VOs.

Deploy dual stack on storage

dCache

Any of the supported versions supports IPv6 out-of-the-box.

NOTE: do NOT add the IPv6 address as an alias interface, e.g. "eth0:0". The IPv6 address MUST be added to the normal interface, e.g. "eth0"; otherwise gridFTP will not work properly. This is because gridFTP doors and pools require that if a client can connect to an IPv6 address on an interface, that interface should also have an IPv4 address to which the client can connect.

DPM

DPM will work out of the box with IPv6 on a dual-stack node, both services and frontends. On SL6, a few additional steps are needed. More details are available in the official documentation (with and without SRM).

xrootd

xrootd 4.* and newer supports IPv6 out of the box.

StoRM

TBA.