The IPv6 situation is far from ideal since January's migration: since I still don't have a real failover process (and my hoster doesn't give a fuck about it), I have to use DNS round-robin to achieve real redundancy. Unfortunately, round-robin is used for load-balancing, not failover; the second host still have to serve data, and there are additional issues like no file lock on NFS when exported using ZFS.

To make things simpler and to get real failover, I eventually switched to a 6in4 tunnel which allow me to easily move the connexion across machines, even if, that way, I get a much slower connexion (110 ms vs 30 ms ping, ouch) and another SPOF.

So, I'm using Hurricane Electric's IPv6 Tunnel broker which offers up to 5 free tunnels. You need to know two things, however:

  • The tunnel breaks if not used. So you'll have to create a keepalive solution by sending periodical pings to the gateway:
  • port 25 is filtered by default; it's not really an issue - I will continue to use the native IPv6 link for that - but I lost quite some time trying to understand why this fucking qmail was not responding from the outside!

The Tourmentine should be reachable on the new IPs in the next few hours/days, by DNS' propagation magic.

Edit 11/27: because I didn't want to lose any e-mail, I asked the support to open port 25, which was done less than five hours later - considering time difference. Clean, efficient, quick. Thanks, Hurricane!

