Remember "Internet-In-A-Box"?

• Previous message (by thread): Remember "Internet-In-A-Box"?
• Next message (by thread): Remember "Internet-In-A-Box"?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15 July 2015 at 02:02, Mike <mike-nanog at tiedyenetworks.com> wrote:

> I am a small provider with a 16 bit asn, a /20 and a /22 of ipv4 and a /32
> of v6, but no clue yet how to get from where I am today to where we all
> should be. The flame wars and vitrol and rhetoric is too much noise for me
> to derive anything useful from. Someone needs to stand up and lead. I will
> happily follow.
>
> Whats really needed, is for you gods of ipv6, to write that 'ipv6 for ipv4
> dummies', targeting service providers and telling us exactly what we need
> to do. No religious wars about subnet allocation sizes or dhcpv6 vs slaac
> or anything. Tell us how to get it onto our network, give us reasonable
> deployment scenarios that leverage our experience with IPv4 and tell us
> what we are going to tell our customers. Help us understand WHY nat is not
> a security model, and how to achieve the same benefits we have with nat
> now, in an ipv6 enabled world.


You can't be a "dummy" and a service provider...

There is a million ways to implement a service provider network and that
goes for both IPv4 and IPv6. Writing a simple text that covers all
possibilities is impossible. What is your setup like?

Implementing IPv6 can be very simple, almost just run the "on" command. Or
it can be very hard. It depends on what equipment you got and what features
you need. And your luck.

In my case it turned out to be hard. I thought it would be easy. I bought
equipment that had IPv6 written all over it and it was a greenfield
network. The plan was to have IPv6 from birth. That was not to be.

A year later knew far too much about:

DHCPv6 relay chaining - not supported. Relay chaining is when you have the
access switch tag the DHCPv6 request with a customer identifier and then
your access router has to do DHCPv6 relay on that.

DHCPv6 relay in supervlan - not supported.

IPv6 must not be enabled at the same time as MPLS layer 2 VPN (VPLS).

DHCPv6-PD: When we said we had DHCPv6 support we meant IA_NA not IA_PD.
DHCPv6 snooping not supported with prefix delegation.

MPLS VPNv6 not supported.

IPv6 prefixes more specific than /64 gets routed in CPU without any
warnings.

No support for route injection by DHCPv6-PD snooping.

Oh and they just said they fixed most of the above issue in a new firmware
that is not compatible with the hardware I got.

I am afraid that even in 2015 many IPv6 implementations are still half
baked. I was left feeling like I was the first guy to actually test this
stuff.

I managed to duct tape it all together despite the above limitations. But
forget about easy.

Regards,

Baldur

• Previous message (by thread): Remember "Internet-In-A-Box"?
• Next message (by thread): Remember "Internet-In-A-Box"?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]