turning on comcast v6

Owen DeLong owen at delong.com
Fri Dec 20 21:07:06 UTC 2013


On Dec 20, 2013, at 12:50 PM, Matthew Huff <mhuff at ox.com> wrote:

> 
> On Dec 20, 2013, at 3:23 PM, Owen DeLong <owen at delong.com> wrote:
> 
>> 
>> On Dec 20, 2013, at 6:29 AM, Matthew Huff <mhuff at ox.com> wrote:
>> 
>>> With RA, what is the smallest interval failover will work? Compare that with NHRP such as HSRP, VRRP, etc with sub-second failover.
>> 
>> RA and VRRP are not mutually exclusive. What you can’t have (currently) is routing information distributed by a DHCP server which may or may not actually know anything about the routing environment to which it is sending such information.
>> 
>>> In corporate networks most of the non-client systems will be statically addressed with privacy addresses turned off. This is for regulatory, audit, security and monitoring requirement. One of the many challenges of ipv6 in a corporate environment.
>> 
>> There’s no problem doing this in IPv6. You can easily statically address a system and you can easily turn off privacy addresses. You can even do that and still get your default router via RA or you can statically configure the default router address.
>> 
>> As such, can someone please explain what is the actual missing or problematic requirement for the corporate world?
>> 
>> Owen
> 
> Reality.
> 
> Owen, not all OS and especially hardware appliances (dedicated NTP appliances, UPS cards, ILO), etc... will work with RA and static addresses. They just don't. Some OS's won't disable SLAAC unless you disable autoconf on the switch. When you 

Not all devices have working IPv6 stacks. OK, they’re broken, complain to the vendor and get them to fix their product or buy a working product from a different vendor.

> do that, they loose the ability to pickup RA. Some will only work with link local gateway addresses, some will only work with link global gateway addresses. There is a lot of cruft out there in the enterprise world that claims IPv6

Link Local gateway addresses are required functionality in IPv6. A device which requires a global gateway address is
broken. See above.

>  compatibility, but in the real world doesn't work consistently. Almost all can be made to work, but require custom configuration. Far too much work for many organizations to see value in deployment. In at least on IT department I know of, IPv6 is banned because the CIO read about one of the “advantages" of IPv6 is bringing back the p2p model of IP, and most corporate management has zero interest in having any p2p connectivity within their network.

IPv4 didn’t work perfectly in the beginning either. Enterprises spent many years getting vendors to correct issues with their iPv4 products and we’re just starting that process with IPv6.

I’m asking what’s broken in the protocol design since that’s what the IETF can attempt to fix.


> For our desktop environments (Windows 7 and RHEL6) we have two different configurations on the switches on separate VLANs using SLAAC with DHPCv6 and that works fine with RA announcing the NHRP. Other equipment, not so much.

Sounds like you need to contact the vendors for that other equipment and get them to fix their IPv6 implementations.

Owen




More information about the NANOG mailing list