On Thu, Feb 3, 2011 at 1:41 PM, Jay Ashworth jra@baylink.com wrote:
If we NAT between the squids and the apaches, will that adversely affect the ability of MW to *know* the outside site's IP address when that's v6?
You're not just changing addresses, you're changing address *families*; is there a standard wrapper for the entire IPv4 address space into v6? (I should know that, but I don't.)
There's no reason to NAT between the squid proxies and apaches -- they share a private network, with a private IPv4 address space which is nowhere near being exhausted.
Front-end proxies need to speak IPv6 to the outside world so they can accept connections from IPv6 clients, add the clients' IPv6 addresses to the HTTP X-Forwarded-For header which gets passed to the Apaches, and then return the response body back to the client.
The actual backend Apache servers can happily hum along on IPv4 internally, with no impact on IPv6 accessibility of the site.
-- brion