IPv6 Deployment for the LAN

Perry Lorier perry at coders.net
Thu Oct 22 06:22:52 CDT 2009


bmanning at vacation.karoshi.com wrote:
> On Thu, Oct 22, 2009 at 12:02:14PM +0200, Iljitsch van Beijnum wrote:
>   
>> On 22 okt 2009, at 01:55, bmanning at vacation.karoshi.com wrote:
>>
>>     
>>> 	so your not a fan of the smart edge and the stupid network.
>>>       
>> I'm a fan of getting things right. A server somewhere 5 subnets away  
>> doesn't really know what routers are working on my subnet. It can take  
>> a guess and then wait for people to complain and then an admin to fix  
>> stuff if the guess is wrong, but I wouldn't call that a "smart edge".
>>
>> Always learn information from the place where it's actually known.
>>     
>
> 	i'm ok w// that mindset.
>
> 	one should learn routing from the router(s),
> 	time from the time servers,
> 	DNS from the DNS servers,
> 	etc...
>
>   

I quite liked the old 
http://tools.ietf.org/html/draft-ietf-ipv6-dns-discovery-07 idea.  
(tl;dr version: Have a set of well known site local anycast address for 
recursive name servers).  It has a number of nice features such as:

* since it's not in globally routable space people can't (ab)use your 
recursive name servers from outside your network. 
* you don't have to change recursive name servers when going to a 
different network -- they're the same everywhere.
* the addresses can be set as the default addresses by the OS 
manufacturer, and then don't need to be configured ever again.
* If your recursive name server becomes unreachable, broken or otherwise 
out of contact, it withdraws the address from your IGP, then since you 
can any cast these addresses, another node takes over.  Similar to the 
shared fate idea of RA's.
* You don't tie your recursive nameservers addresses to any point in the 
network, since they have their own special range, moving them, 
reshuffling them, or anything doesn't impact anything.  They don't need 
to cohabit a router sending RA's or anything odd like that.

However it has a number of obvious drawbacks, primarily amongst them 
being that it uses deprecated site local addresses.

You could imagine extending this to other services such as NTP, but I'm 
not sure that you really would want to go that far, perhaps using DNS to 
lookup "_ntp._udp.local IN SRV" or similar to find your local NTP servers.

Another obvious approach might be to have a service discovery protocol 
where you send to a "service discovery" multicast group a message asking 
"wheres the nearest nameserver(s)?" then nameserver implementations 
could listen on this multicast group and reply.  Again shared fate.  
This does have the downside of people running rogue nameservers and 
needing a "ServiceDiscovery-Guard" feature for switches.... 

Personally I like the first option (anycast addresses) better, you can 
control who has access to your IGP and if your IGP is down, then for all 
intents and purposes your recursive nameservers are offline too :)






More information about the NANOG mailing list