IPV6 in enterprise best practices/white papaers
Pavel Dimow
paveldimow at gmail.com
Sat Jan 26 21:10:14 UTC 2013
Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence "as-is". ;)
Tnx once again to all.
On Sat, Jan 26, 2013 at 6:59 PM, TJ <trejrco at gmail.com> wrote:
> In principle, I agree with the EDGE-in approach.
>
> However, if you need to do LAN before EDGE (e.g. DISA can't get you
> connectivity but you need to make some progress) you need to block AAAA
> queries from getting replies. BIND has a "filter AAAA on IPv4" option that
> helps here ... (just don't give the hosts the v6 addresses of the internal
> DNS servers).
>
> HTH,
> /TJ
>
> On Jan 26, 2013 12:49 PM, "William Herrin" <bill at herrin.us> wrote:
>>
>> On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow at gmail.com> wrote:
>> > I can start to create
>> > AAAA record and PTR recors in DNS and after that I should configure my
>> > dhcp servers and after all has been done I can test ipv6 in LAN and
>> > after that I can start configure bgp with ISP.
>> > Is this correct procedure?
>>
>> Nope.
>>
>> In their infinite(simal) wisdom the architects of IPv6 determined that
>> a host configured with both a global scope IPv6 address and an IPv4
>> address will attempt IPv6 in preference to IPv4. If you configure IPv6
>> on a LAN without first installing your IPv6 Internet connection, that
>> LAN will break horribly.
>>
>> Work your way from the outside in: start with BGP, then the interior
>> routers and configure the LAN last.
>>
>> Regards,
>> Bill Herrin
>>
>>
>>
>> --
>> William D. Herrin ................ herrin at dirtside.com bill at herrin.us
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>
>
More information about the NANOG
mailing list