Hotels/Airports with IPv6

Mel Beckman mel at beckman.org
Fri Jul 10 23:48:46 UTC 2015


You perhaps haven't worked a large government network deployment before. One doesn't activate features not enumerated in the design. Ever. Because they won't get and can thus introduce security or reliability covered in acceptance testing and could introduce security or reliability problems. These networks have many engineers, months of meetings, and rigorous change control. Turning on IPv6 without authorization would result in termination. 

-mel via cell

> On Jul 10, 2015, at 3:32 PM, Jared Mauch <jared at puck.Nether.net> wrote:
> 
>> On Fri, Jul 10, 2015 at 10:08:15PM +0000, Mel Beckman wrote:
>> There is most certainly a cost to IPv6, especially in a large, complex deployment, where everything requires acceptance testing. And I'm sure you realize that IPv6 only is not an option.  I agree that it would have been worth the cost, which would have been just a small fraction of the total. The powers that be chose not to incur it now. But we did deploy only IPv6 gear and systems, so it can probably be turned up later for that same incremental cost. 
>> 
> 
>    I had the luxury that as we deployed IPv6 across the network
> we rolled it from the 6bone -> core -> edge over a period of a few months.
> 
>    As we shut down the 6bone/3ffe stuff and moved people to gre/ip
> and native the core was ready.  This doesn't mean the edges have IPv6
> turned on, but it's usually the flip of a switch.
> 
>    Where possible take your core and IPv6 enable it and then
> touch the upstreams at the same time/next time you do work there.
> 
>    Assuming you patch devices for the various SIRT/PSIRT type
> events, most devices will be rebooted once every 6-12 months.  this
> gives you the chance to drop in and enable ipv6 during or after that 
> change/maint window.
> 
>    Rolling out the core really isn't hard, go ahead and do it.  There
> are plenty of people here who will help you with these steps.
> 
>    - Jared
> 
> -- 
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



More information about the NANOG mailing list