IPV6 in enterprise best practices/white papaers

Jay Ashworth jra at baylink.com
Tue Jan 29 19:54:13 UTC 2013


----- Original Message -----
> From: "Doug Barton" <dougb at dougbarton.us>

> > Depends on how big your "deployment" is. For a small office -- say,
> > 100 PCs or less; something that will fit in what I will catch schidt
> > for referring to as a "Class C" :-) -- with a single current
> > generation consumer market edge NAT router, then yes, in fact, you
> > Just Plug It All In.
> 
> Well sure, but the same would be true for the equivalent IPv6
> deployment.

Is that in fact true?  My takeaway from watching NANOG the last 8 years 
is that it doesn't always work like that.

> > Well, no, not really. As you note, of course, most of those things
> > are reflexes for most network engineering types, but certainly they
> > took a while to get there.
> 
> Yes, that's precisely my point. :) No one learned IPv4 networking
> overnight. But people who already know IPv4 are complaining that they
> can't magically come to the same degree of competence with IPv6 without
> spending any time to learn it. The irony is that people who already
> know "networking" will have a much easier time learning IPv6, with a
> minimal amount of extra work, but minimal != zero.

Well, this it my point.  My integration of the questions I see, and
the problems I had trying to even get a first tier grasp of it myself
is that I *expect* leverage from understanding v4 which I did not
in fact *get*; enough stuff has changed at a fundamental level that 
my v4 knowledge isn't all that helpful.

> > I think "marginal added complexity" is probably a polite
> > understatement;
> 
> No, it really isn't. I realize that the IPv6 zealots hate it when I say
> this, but in many ways you can treat IPv6 just like IPv4 with bigger
> addresses.
> 
> 1. Don't filter ICMPv6.
> 2. Treat a /64 roughly the way you'd treat a /24 in IPv4.
> 3. Put SLAAC on the networks you have DHCPv4 on.
> 4. Statically assign addresses and networks for v6 on the systems you
> statically assign them on v4 (servers, etc.)
> 5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
> to worry about it (just like you hardly ever need to worry about arp).
> 
> Voila! You've just learned 80% of what you need to know to be
> successful with IPv6.

Great, and now you've answered the OPs question.

So where, in fact, *is* the IPv6 primer that says that stuff, with 
enough backfill that you can do the further research about how and
why?

> > In consequence of that, IPv6 feels to me like it has a bad case of
> > what Fred Brooks would call Second System Syndrome.
> 
> Your assessment is correct, but the good news is that you can ignore
> almost all of it. The "SLAAC vs. full-featured DHCPv6" thing is still
> kind of a PITA, but it's working itself out. Beyond that, if there is
> a feature of IPv6 that you're not interested in, don't use it. :)

Hmmm...

> > You seem to be suggesting, though, to drag the conversation back
> > where I started it, that there is *so much new stuff* with IPv6 that
> > it's difficult *even for old hats with IPv4* to learn it by analogy.
> 
> No, quite the opposite. What I'm saying is that if you already
> understand how to run a network with v4 that learning the v6 terminology
> and equivalent concepts, plus the few extra things that you actually
> do need to manage for v6, is not that difficult. It just *seems* hard
> because before you tackle it, it's all new and strange.

Hmmm ^ 2.

> > (Yes, yes, I am coming late to this argument; the networks I'm
> > responsible are historically relatively small. IPv6 connectivity has
> > been troublesome to acquire except at the last couple.)
> 
> Roger that. Not that I'm trying to toot my own horn, but most of my
> experience has been with large enterprise networks, often spanning
> multiple continents, so I tend to think in those terms. The good news
> for smaller shops is that if you can get it, IPv6 is pretty much "just
> plug it in," very similar to how you described IPv4 for a smaller shop
> above.

You haven't tried to *buy* IPv6 edge transit, have you?

Has that gotten any easier than "months later, nobody has the first
clue what I'm talking about"?  :-)

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274




More information about the NANOG mailing list