Home page logo

nanog logo nanog mailing list archives

Re: IPV6 in enterprise best practices/white papaers
From: TJ <trejrco () gmail com>
Date: Sat, 26 Jan 2013 12:59:25 -0500

In principle, I agree with the EDGE-in approach.

However, if you need to do LAN before EDGE (e.g. DISA can't get you
connectivity but you need to make some progress) you need to block AAAA
queries from getting replies.  BIND has a "filter AAAA on IPv4" option that
helps here ... (just don't give the hosts the v6 addresses of the  internal
DNS servers).

On Jan 26, 2013 12:49 PM, "William Herrin" <bill () herrin us> wrote:

On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow () gmail com> wrote:
I can start to create
AAAA record and PTR recors in DNS and after that I should configure my
dhcp servers and after all has been done I can test ipv6 in LAN and
after that I can start configure bgp with ISP.
Is this correct procedure?


In their infinite(simal) wisdom the architects of IPv6 determined that
a host configured with both a global scope IPv6 address and an IPv4
address will attempt IPv6 in preference to IPv4. If you configure IPv6
on a LAN without first installing your IPv6 Internet connection, that
LAN will break horribly.

Work your way from the outside in: start with BGP, then the interior
routers and configure the LAN last.

Bill Herrin

William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]