IPv6 - a noobs prespective
jared at puck.nether.net
Wed Feb 9 14:43:35 CST 2011
On Feb 9, 2011, at 1:22 PM, Jack Bates wrote:
> On 2/9/2011 12:03 PM, William Herrin wrote:
>> The thing that terrifies me about deploying IPv6 is that apps
>> compatible with both are programmed to attempt IPv6 before IPv4. This
>> means my first not-quite-correct IPv6 deployments are going to break
>> my apps that are used to not having and therefore not trying IPv6. But
>> that's not the worst part... as the folks my customers interact with
>> over the next couple of years make their first not-quite-correct IPv6
>> deployments, my access to them is going to break again. And again. And
>> again. And I won't have the foggiest idea who's next until I get the
>> call that such-and-such isn't working right.
> What scares me most is that every time I upgrade a router to support needed hardware or some badly needed IPv6 feature, something else breaks. Sometimes it's just the router crashes on a specific IPv6 command entered at CLI (C) or as nasty as NSR constantly crashing the slave (J); the fixes generally requiring me to upgrade again to the latest cutting edge releases which everyone hates (where I'm sure I'll find MORE bugs).
> The worst is when you're the first to find the bug(which I'm not even sure how it's possible given how simplistic my configs are, isis multitopology, iBGP, NSR, a few acls and route-maps/policies), it takes 3-6 months or so to track it down, and then it's put only in the next upcoming release (not out yet) and backported to the last release.
> Jack (hates all routers equally, doesn't matter who makes it)
Welcome to the life of being a network operator. :)
I know we have had to regularly upgrade for SIRT/PSIRT issues in the past that only impacted our network due to our deployment of IPv6, but it also has allowed us years of additional outages/upgrade justifications. I've not been happy any time we've had this come around, as honestly, nobody wants to be chasing these, but it's also a good experience to view the entire set of risks that we face in the network. I'd rather be upgrading because of a known threat than be hit by an unknown one...
I've found it imperative in my life to always have a device running the (so called) latest and greatest software in the network. Sometimes this has caused great pain, other times it's reduced the pain when a forced upgrade comes upon us (for new hardware, or PSIRT).
Making sure that the entire team understands these requirements, and following the usual advisories will help you manage this risk. (and hopefully with a great deal of success).
More information about the NANOG