Apache Talking IPv6
Now you have compiled, installed and customized the Apache configuration. As we mentioned previously, IPv6 support is now included within the Apache source code, so you do not need to do any special configuration to activate it. To start the server, you can use the Apache Control Script that is designed to allow an easy command-line interface to control Apache. Using it you can start the server, stop it, restart it, check its status and do a configuration syntax test. Therefore, to start the server you would type apachectl start, and then you should be able to request documents via http://ServerName or http://localhost/.
With the advent of 128-bit addressing comes the pains of typing long IP addresses. The correct syntax of an IPv6 address is eight fields of four hexadecimal characters separated by colons, totaling 128 bits. Note that in URLs, port numbers can be appended to addresses following a colon, like this: 22.214.171.124:80. Since IPv6 addresses already make use of the colon within the address itself, the address in an IPv6 URL is enclosed in square brackets and the colon and port appended after the closing square bracket, like this: [3ffe:200:8:1000:250:bbff:fe00:25]:80.
Not all web browsers are capable of parsing IPv6 addresses. Netscape Navigator 6.x and Mozilla are the two tested browsers that do support IPv6 addresses. We believe that although their support for IPv6 is not yet mature (as they sometimes freeze and require killing the browser process or restarting it), both of them do allow successful parsing of aliased hostnames. Aliased hostnames are hostnames assigned to a unique IP address in /etc/hosts file. For instance, we can define aliases for IPv6 address by editing /etc/hosts as follows:
::1 node02-v6-localhost 3ffe:200:8:1000:250:bbff:fe00:25 node02-v6
When we start Netscape or Mozilla, we type in the defined aliases as the URL and use these aliases to request a web page over IPv6, such as http://node2-v6/ or http://node2-v6-localhost/.
To benchmark the performance of Apache, we followed the above steps to install the latest kernel with IPv6 support and install Apache 2.0.16. The machine is a 1U Celeron 500MHz rackmount unit with 256MB of RAM. It runs Red Hat 7.0. As for benchmarking, we used ApacheBench, a tool that comes free with the Apache web server.
We ran two tests: Apache 2.0.16 over IPv4 and then Apache 2.0.16 over IPv6. For comparison's sake, we ran the same tests on another machine with the same setup, except with Apache 1.3.19, to be able to compare the performance and support for IPv6 in the two versions. To enable IPv6 with Apache 1.3.19, we downloaded the IPv6 Apache patch from the Kame Project web site and applied it to the 1.3.19 source tree. Next, we ran the configure script:
and enabled the INET6 option. Lastly, we did a make && make install, which compiled and installed Apache 1.3.19 with IPv6 support from Kame.
Table 1 shows the results of the benchmarking tests. Each of the benchmarks was the result of 1,000 requests with a concurrency level of 1. There were no failed requests or write errors.
There are few remarks regarding the results. Apache 1.3.19 was able to serve more requests per second than Apache 2.0.16. In the tested versions of Apache, we had fewer requests per second in IPv6 compared to IPv4; this may be due to the fact that the IPv6 code added to Apache has not been tested and debugged thoroughly. On the other hand, if we examine the transfer rate of Apache 1.3.19, we notice that it is much higher than the transfer rate of Apache 2.0.16. This still needs to be investigated.
At the Ericsson Open Architecture Research Lab, we currently have a benchmarking environment to test the performance of our Linux clusters and application servers (including Apache, Tomcat and Jigsaw web servers). However, the environment and the tests are designed to work with IPv4, not IPv6. Our plan is to port the environment to generate IPv6 HTTP requests in order to test the performance of Apache (and other web servers) with IPv6 under heavy load. We currently have a total of 100 1U rackmount units (a mix of Celeron 500 and Pentium III machines with 256MB and 512 MB of RAM) that soon will be generating IPv6 traffic with one node collecting and compiling the results. We will publish our results as soon as the work is completed. This will be more comprehensive than the preliminary testing that was done for the purposes of this article.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide