IPV6 in enterprise best practices/white papaers
Jay Ashworth
jra at baylink.com
Tue Jan 29 19:54:13 UTC 2013
----- Original Message -----
> From: "Doug Barton" <dougb at dougbarton.us>
> > Depends on how big your "deployment" is. For a small office -- say,
> > 100 PCs or less; something that will fit in what I will catch schidt
> > for referring to as a "Class C" :-) -- with a single current
> > generation consumer market edge NAT router, then yes, in fact, you
> > Just Plug It All In.
>
> Well sure, but the same would be true for the equivalent IPv6
> deployment.
Is that in fact true? My takeaway from watching NANOG the last 8 years
is that it doesn't always work like that.
> > Well, no, not really. As you note, of course, most of those things
> > are reflexes for most network engineering types, but certainly they
> > took a while to get there.
>
> Yes, that's precisely my point. :) No one learned IPv4 networking
> overnight. But people who already know IPv4 are complaining that they
> can't magically come to the same degree of competence with IPv6 without
> spending any time to learn it. The irony is that people who already
> know "networking" will have a much easier time learning IPv6, with a
> minimal amount of extra work, but minimal != zero.
Well, this it my point. My integration of the questions I see, and
the problems I had trying to even get a first tier grasp of it myself
is that I *expect* leverage from understanding v4 which I did not
in fact *get*; enough stuff has changed at a fundamental level that
my v4 knowledge isn't all that helpful.
> > I think "marginal added complexity" is probably a polite
> > understatement;
>
> No, it really isn't. I realize that the IPv6 zealots hate it when I say
> this, but in many ways you can treat IPv6 just like IPv4 with bigger
> addresses.
>
> 1. Don't filter ICMPv6.
> 2. Treat a /64 roughly the way you'd treat a /24 in IPv4.
> 3. Put SLAAC on the networks you have DHCPv4 on.
> 4. Statically assign addresses and networks for v6 on the systems you
> statically assign them on v4 (servers, etc.)
> 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
> to worry about it (just like you hardly ever need to worry about arp).
>
> Voila! You've just learned 80% of what you need to know to be
> successful with IPv6.
Great, and now you've answered the OPs question.
So where, in fact, *is* the IPv6 primer that says that stuff, with
enough backfill that you can do the further research about how and
why?
> > In consequence of that, IPv6 feels to me like it has a bad case of
> > what Fred Brooks would call Second System Syndrome.
>
> Your assessment is correct, but the good news is that you can ignore
> almost all of it. The "SLAAC vs. full-featured DHCPv6" thing is still
> kind of a PITA, but it's working itself out. Beyond that, if there is
> a feature of IPv6 that you're not interested in, don't use it. :)
Hmmm...
> > You seem to be suggesting, though, to drag the conversation back
> > where I started it, that there is *so much new stuff* with IPv6 that
> > it's difficult *even for old hats with IPv4* to learn it by analogy.
>
> No, quite the opposite. What I'm saying is that if you already
> understand how to run a network with v4 that learning the v6 terminology
> and equivalent concepts, plus the few extra things that you actually
> do need to manage for v6, is not that difficult. It just *seems* hard
> because before you tackle it, it's all new and strange.
Hmmm ^ 2.
> > (Yes, yes, I am coming late to this argument; the networks I'm
> > responsible are historically relatively small. IPv6 connectivity has
> > been troublesome to acquire except at the last couple.)
>
> Roger that. Not that I'm trying to toot my own horn, but most of my
> experience has been with large enterprise networks, often spanning
> multiple continents, so I tend to think in those terms. The good news
> for smaller shops is that if you can get it, IPv6 is pretty much "just
> plug it in," very similar to how you described IPv4 for a smaller shop
> above.
You haven't tried to *buy* IPv6 edge transit, have you?
Has that gotten any easier than "months later, nobody has the first
clue what I'm talking about"? :-)
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the NANOG
mailing list