IPv6 - a noobs prespective

Tony Hain alh-ietf at tndh.net
Wed Feb 9 12:30:05 CST 2011


Franck Martin wrote:
> This is dual stack, my recommendation is disable IPv6 on your servers
> (so your clients will still talk to them on IPv4 only), and let your
> client goes IPv6 first. Once you understand what is happening, get on
> IPv6 on your servers.

You don't have to disable IPv6 on the servers, just don't put a AAAA in dns. The simplest way to move forward is to get the entire path in place without the key to knowing is there, then for a few test subjects either provide a different dns response, or distribute a host file. Making the mass change of enabling the servers at the point you expect service to work is just asking for support calls...

> 
> Alternatively, use someone else network to understand IPv6. Attend,
> NANOG, ICANN, IETF, they always have IPv6 enabled, you can better
> understand how your machine reacts, what tools you have, how to do
> ping, debug, packet capture,...
> 
> For the firewall, shorewall does IPv4 and IPv6, with a relatively
> simple interface and is free...
> 
> ----- Original Message -----
> From: "William Herrin" <bill at herrin.us>
> To: "Robert Lusby" <nanogwp at gmail.com>
> Cc: nanog at nanog.org
> Sent: Thursday, 10 February, 2011 7:03:01 AM
> Subject: Re: IPv6 - a noobs prespective
> 
> On Wed, Feb 9, 2011 at 6:00 AM, Robert Lusby <nanogwp at gmail.com> wrote:
> > I also get why we need IPv6, that it means removing the NAT (which,
> surprise
> > surprise also runs our Firewall), and I that I might need new kit for
> it.
> >
> > I am however *terrified* of making that move. There is so many new
> phrases,
> > words, things to think about etc
> 
> The thing that terrifies me about deploying IPv6 is that apps
> compatible with both are programmed to attempt IPv6 before IPv4. This
> means my first not-quite-correct IPv6 deployments are going to break
> my apps that are used to not having and therefore not trying IPv6. But
> that's not the worst part... as the folks my customers interact with
> over the next couple of years make their first not-quite-correct IPv6
> deployments, my access to them is going to break again. And again. And
> again. And I won't have the foggiest idea who's next until I get the
> call that such-and-such isn't working right.
> 
> Regards,
> Bill Herrin
> 
> 
> 
> --
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004






More information about the NANOG mailing list