IPV6 in enterprise best practices/white papaers

• Previous message (by thread): IPV6 in enterprise best practices/white papaers
• Next message (by thread): IPV6 in enterprise best practices/white papaers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In principle, I agree with the EDGE-in approach.

However, if you need to do LAN before EDGE (e.g. DISA can't get you
connectivity but you need to make some progress) you need to block AAAA
queries from getting replies.  BIND has a "filter AAAA on IPv4" option that
helps here ... (just don't give the hosts the v6 addresses of the  internal
DNS servers).

HTH,
/TJ
On Jan 26, 2013 12:49 PM, "William Herrin" <bill at herrin.us> wrote:

> On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow at gmail.com> wrote:
> > I can start to create
> > AAAA record and PTR recors in DNS and after that I should configure my
> > dhcp servers and after all has been done I can test ipv6 in LAN and
> > after that I can start configure bgp with ISP.
> > Is this correct procedure?
>
> Nope.
>
> In their infinite(simal) wisdom the architects of IPv6 determined that
> a host configured with both a global scope IPv6 address and an IPv4
> address will attempt IPv6 in preference to IPv4. If you configure IPv6
> on a LAN without first installing your IPv6 Internet connection, that
> LAN will break horribly.
>
> Work your way from the outside in: start with BGP, then the interior
> routers and configure the LAN last.
>
> Regards,
> Bill Herrin
>
>
>
> --
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>
>

• Previous message (by thread): IPV6 in enterprise best practices/white papaers
• Next message (by thread): IPV6 in enterprise best practices/white papaers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]