IPV6 in enterprise best practices/white papaers

Pavel Dimow paveldimow at gmail.com
Sat Jan 26 21:10:14 UTC 2013

Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence "as-is". ;)

Tnx once again to all.

On Sat, Jan 26, 2013 at 6:59 PM, TJ <trejrco at gmail.com> wrote:
> In principle, I agree with the EDGE-in approach.
> However, if you need to do LAN before EDGE (e.g. DISA can't get you
> connectivity but you need to make some progress) you need to block AAAA
> queries from getting replies.  BIND has a "filter AAAA on IPv4" option that
> helps here ... (just don't give the hosts the v6 addresses of the  internal
> DNS servers).
> HTH,
> /TJ
> On Jan 26, 2013 12:49 PM, "William Herrin" <bill at herrin.us> wrote:
>> On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow at gmail.com> wrote:
>> > I can start to create
>> > AAAA record and PTR recors in DNS and after that I should configure my
>> > dhcp servers and after all has been done I can test ipv6 in LAN and
>> > after that I can start configure bgp with ISP.
>> > Is this correct procedure?
>> Nope.
>> In their infinite(simal) wisdom the architects of IPv6 determined that
>> a host configured with both a global scope IPv6 address and an IPv4
>> address will attempt IPv6 in preference to IPv4. If you configure IPv6
>> on a LAN without first installing your IPv6 Internet connection, that
>> LAN will break horribly.
>> Work your way from the outside in: start with BGP, then the interior
>> routers and configure the LAN last.
>> Regards,
>> Bill Herrin
>> --
>> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004

More information about the NANOG mailing list