IPV6 in enterprise best practices/white papaers
dougb at dougbarton.us
Tue Jan 29 18:53:25 UTC 2013
On 01/29/2013 09:20 AM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Doug Barton" <dougb at dougbarton.us>
>> On 1/28/2013 6:23 AM, Jay Ashworth wrote:
>>> To paraphrase Guy L Steele:
>>> If we are this far on into the "new IPv6 world" and that question is
>>> one which can be answered by a link on the first page of ghits for
>>> 'implementing IPv6', then the IPv6 people have blown it badly.
>> Can you show me the equivalent link for "I want to implement IPv4 on
>> my network"?
> IPv4 is mature enough that for small to medium sized networks, the answer
> is "you plug everything in".
> My appraisal of v6 is that it's an order of magnitude (or two) more complex
> than that, both in 'attack' surface and interoperability issues.
> But, I suppose, it took me a couple years to really learn IPv4 well.
> That said, *having* learned IPv4 relatively well, I remain surprised
> that there's as much additional (perceived) complexity in v6.
You have perfectly illustrated one of the largest barriers to IPv6
adoption. You of course know that if you were to go into a greenfield
IPv4 deployment the answer would not be "just plug everything in." You'd
have to figure out how to split your allocated space (and/or 1918 space)
into reasonable networks, decided which networks get DHCP, assign IP
helpers, carve out p-t-p links, etc. etc. But because you've done that a
million times, and all the terminology and factors to consider are well
known to you, in effect it amounts to, "just plug everything in."
Whereas, with IPv6 you have most, if not all of the same factors to
consider, but there is some marginal added complexity around things like
SLAAC/RA, some different terminology, binary math in hex instead of
octal, network sizes are many orders of magnitude larger, etc. So the
net effect is that even though "under the hood" it's not all that
different, it all feels new and strange. And we all know how humans
react to things that are new and strange. :)
My point in asking you to provide the equivalent link for IPv4 is to
show that there isn't one, nor could there be. You can't give someone a
cookie-cutter IPv4 network layout because the unique factors that they
have to consider will prevent that. The same is true for IPv6. What you
_can_ do, for both protocols, is to teach people best practices around
the key issues, and help and guidance along the way. There are lots of
lists that exist to do this with v6. One of the best is
ipv6-ops at lists.cluenet.de. If people are interested in learning more
about v6 by osmosis that's a good list to lurk on. It's medium traffic,
but high signal::noise, and any discussions you are not interested in
you can just delete.
More information about the NANOG