Our Mastodon instance "burningboard.net" now internally **ONLY** uses the Internet Protocol in Version 6. I did successfully migrate away from any RFC1918 addresses in any of the internal infrastructure connections.

larvitz@burningboard.net

Our Mastodon instance "burningboard.net" now internally **ONLY** uses the Internet Protocol in Version 6. I did successfully migrate away from any RFC1918 addresses in all of the internal infrastructure connections.

Nginx -> Mastodon: IPv6
Mastodon -> PostgreSQL: IPv6
Mastodon -> Opensearch: IPv6
Mastodon -> Sidekiq: IPv6
Mastodon -> Loki: IPv6
Sidekiq -> PostgreSQL: IPv6
Prometheus -> Mastodon: IPv6

All using globally routed unique addresses and proper routing and packet filtering with "pf" (FreeBSD).

Outbound connections to legacy hosts (for example for Federation) uses NAT64 over Tayga.

Inbound the Nginx is the only component, that supports IPv4 via NAT on a best-effort basis.
I refuse to put a lot of work into this as we have 2026 and it's a dying, smelly protocol, that I don't even monitor anymore.

And if someone looks at the Firewall rules.. Yes, we do run a (private) Factorio Server on our Mastodon server :factorio:

#mastodon #mastoadmin #ipv6 #networking #freebsd @tux

stepech@fosstodon.org

@Larvitz @tux that's interesting, are you using /64 for all internal subnets for SLAAC, or are you splitting them into smaller ones for this to work?

larvitz@burningboard.net

@stepech @tux I don't use SLAAC. It's all statically assigned adresses. (Multiple /80s)

CIRCLE WITH A DOT

Our Mastodon instance "burningboard.net" now internally ONLY uses the Internet Protocol in Version 6. I did successfully migrate away from any RFC1918 addresses in any of the internal infrastructure connections.