[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 - a noobs prespective

I completely agree with Franck.  If you wanted to try a new acme
thingamawidget on your network, what would you do?  You'd probably
isolate it onto its own vlan, and assign a subnet.  Route that subnet,
and then prevent access in either your L3 device or firewall if you
didn't want it interfering with the rest of your network.  If you were
truly excited about the device, and wanted to try it out, you could
set this up in no time.  There would be nothing stopping you if you
were motivated.

 So why is ipv6 any different?  Personally, my plan is to create an
ipv6 vlan and assign virtual nics to virtual machines.  A machine is
dual stack if it has a v4 nic and v6 nic.  Use something like
reflexive acls as a simple firewall, blocking inbound access to
certain /64s.  I'm already doing this at home and at work.  They can
coexist, without being fully "dual stack".  You just have a ipv6
network layered on the same equipment you're using for the current
ipv4 network.

 What is the network besides a tool for logical grouping and managed
organization?  IPv6 is just another piece of the overall toolset.

 I don't think it's practical to jump into ipv6 completely replacing
ipv4, but rather they coexist for a while.  Those prepared to support
that scenario are going to be ahead of the curve.  Someday ipv4 will
seem like a joke, and our kids will laugh at us.

On Wed, Feb 9, 2011 at 2:17 PM, Franck Martin <franck at genius.com> wrote:
> Don't think as IPv6 the same as IPv4. You do not need to have all your IPv4 gear to support IPv6.
> IPv6 is a separate network that runs on the same Ethernet wires as IPv4.
> You will see that a few of your machine, in fact do not support IPv6 and will not till the end of the year (think load balancers from a famous vendor), http://www.theipv6experts.net/2011/ipv6-ipv4/
> Just build a separate IPv6 network, with firewall, routing gear, etc... that reaches the same machines on your network. The deployment of IPv6 at Google, was I think to put some separate IPv6 only customer facing machines. As the load on IPv6 is still small, then you can start by a small set (best is if you can have same machines do IPv4 and IPv6, but you are not obliged to think it, it is the same network).
> Why I don't recommend your servers to go IPv6 first, well get IPv6 to your engineers, the people that develop your applications and configure the servers, get them to be familiar with it, give them a sandbox, and then when everyone stop to run like headless chicken, plan your transition.
> ----- Original Message -----
> From: "William Herrin" <bill at herrin.us>
> To: "Franck Martin" <franck at genius.com>
> Cc: nanog at nanog.org, "Robert Lusby" <nanogwp at gmail.com>
> Sent: Thursday, 10 February, 2011 7:37:31 AM
> Subject: Re: IPv6 - a noobs prespective
> On Wed, Feb 9, 2011 at 1:19 PM, Franck Martin <franck at genius.com> wrote:
>> From: "William Herrin" <bill at herrin.us>
>>> The thing that terrifies me about deploying IPv6 is that apps
>>> compatible with both are programmed to attempt IPv6 before IPv4.
>>> [...] is going to break again. And again. And again.
>> This is dual stack, my recommendation is disable
>> IPv6 on your servers (so your clients will still talk to
>> them on IPv4 only), and let your client goes IPv6 first.
>> Once you understand what is happening, get on IPv6
>> on your servers.
> That advice reminds me of a limerick I once heard:
> A host is a host
> >From coast to coast
> And nobody talks to a host that's close
> Unless the host that isn't close
> Is busy, hung or dead.
> Thanks, but it doesn't really speak to the problem I fear.

? ? ? ? ? ? ? ? ? ? ? Fred