ipv6 book recommendations?

Wed Jun 6 13:53:02 UTC 2012

On 6 June 2012 14:12, Cutler James R <james.cutler at consultant.com> wrote:
>
> On Jun 5, 2012, at 5:23 PM, William Herrin wrote:
>
> > On 6/5/12, David Hubbard <dhubbard at dino.hostasaurus.com> wrote:
> >> Does anyone have suggestions on good books to really get
> >> a thorough understanding of v6, subnetting, security practices,
> >> etc.  Or a few books.  Just turned up dual stack with our
> >> peers and a test network but I'd like to be a lot more
> >> comfortable with it before looking at our customer network.
> >
> > Hi David,
> >
> > Instead of going the book route, I'd suggest getting some tunneled
> > addresses from he.net and then working through
> > http://ipv6.he.net/certification/ .
> >
> > They have the basics pretty well covered, it's interactive and it's free.
> >
> >
> > Some additional thoughts:
> >
> > 1. Anybody who tells you that there are security best practices for
> > IPv6 is full of it. It simply hasn't seen enough use in the
> > environment to which we're now deploying it and rudimentary
> > technologies widely used in IPv4 (e.g. NAT/PAT to private address
> > space) haven't yet made their transition.
> >
> >
> > 2. Subnetting in v6 in a nutshell:
> >
> > a. If it's a LAN, /64. Always. Stateless autoconfiguration (SLAAC)
> > only works for /64.
> >
> > b. Delegations on 4-bit boundaries for reverse-DNS convenience.
> >
> > c. If it's a point to point, a reasonable practice seems to be a /64
> > per network area and around /124 per link. Works OK for ethernet point
> > to points too.
> >
> > d. Default customer assignments should be /56 or /48 depending on who
> > you ask. /48 was the IETF's original plan. Few of your customers
> > appear to use tens of LANS, let alone thousands. Maybe that will
> > change but the motivations driving such a thing seem a bit pie in the
> > sky. /56 let's the customer implement more than one LAN (e.g. wired
> > and wireless) but burns through your address space much more slowly.
> > /60 would do that too but nobody seems to be using it. /64 allows only
> > one LAN, so avoid it.
> >
> > e. "sparse allocation" if you feel like it. The jury is still out on
> > whether this is a good idea. Basically, instead of assigning address
> > blocks linearly, you divide your largest free space in half and stick
> > the new assignment right in the middle. Good news: if the assignment
> > later needs to grow your can probably just change the subnet mask,
> > keeping the number of entries in the routing table the same. Bad news:
> > fragments the heck out of your address space so when you actually need
> > a large address block for something, you don't have it.
> >
> > Trying to keep non-dynamic assignments in local or regional aggregable
> > blocks works about as well as it did in IPv4, which is to say poorly.
> >
> > Regards,
> > Bill Herrin
> >
> >
> > --
> > William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> > Falls Church, VA 22042-3004
> >
>
> Bill's additional comments about subnetting are a concise and accurate view.  They also show and overlooked benefit of IPv6 over IPv4 -- For address planning, it is no longer necessary to count individual end points, rather only the subnets must be counted.  This reduces labor in planning, assigning, and tracking addresses.
>
>
> James R. Cutler
> james.cutler at consultant.com
>

Hi all,

Potentially silly question but, as Bill points out a LAN always occupies a /64.

Does this imply that we would have large L2 segments with a large
number of hosts on them? What about the age old discussion about
keeping broadcast segments small?

Or, will it be that a /64 will only typically have a similar number of
hosts in it as say, a /23|4 in the IPv4 world?

Cheers,
Anton