ipv6 book recommendations?
bill at herrin.us
Tue Jun 5 16:23:17 CDT 2012
On 6/5/12, David Hubbard <dhubbard at dino.hostasaurus.com> wrote:
> Does anyone have suggestions on good books to really get
> a thorough understanding of v6, subnetting, security practices,
> etc. Or a few books. Just turned up dual stack with our
> peers and a test network but I'd like to be a lot more
> comfortable with it before looking at our customer network.
Instead of going the book route, I'd suggest getting some tunneled
addresses from he.net and then working through
They have the basics pretty well covered, it's interactive and it's free.
Some additional thoughts:
1. Anybody who tells you that there are security best practices for
IPv6 is full of it. It simply hasn't seen enough use in the
environment to which we're now deploying it and rudimentary
technologies widely used in IPv4 (e.g. NAT/PAT to private address
space) haven't yet made their transition.
2. Subnetting in v6 in a nutshell:
a. If it's a LAN, /64. Always. Stateless autoconfiguration (SLAAC)
only works for /64.
b. Delegations on 4-bit boundaries for reverse-DNS convenience.
c. If it's a point to point, a reasonable practice seems to be a /64
per network area and around /124 per link. Works OK for ethernet point
to points too.
d. Default customer assignments should be /56 or /48 depending on who
you ask. /48 was the IETF's original plan. Few of your customers
appear to use tens of LANS, let alone thousands. Maybe that will
change but the motivations driving such a thing seem a bit pie in the
sky. /56 let's the customer implement more than one LAN (e.g. wired
and wireless) but burns through your address space much more slowly.
/60 would do that too but nobody seems to be using it. /64 allows only
one LAN, so avoid it.
e. "sparse allocation" if you feel like it. The jury is still out on
whether this is a good idea. Basically, instead of assigning address
blocks linearly, you divide your largest free space in half and stick
the new assignment right in the middle. Good news: if the assignment
later needs to grow your can probably just change the subnet mask,
keeping the number of entries in the routing table the same. Bad news:
fragments the heck out of your address space so when you actually need
a large address block for something, you don't have it.
Trying to keep non-dynamic assignments in local or regional aggregable
blocks works about as well as it did in IPv4, which is to say poorly.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG