Home page logo
/

nanog logo nanog mailing list archives

Re: IPV6 in enterprise best practices/white papaers
From: Mark Andrews <marka () isc org>
Date: Sun, 27 Jan 2013 09:38:54 +1100


In message <CAP-guGX01KLj2cG3ASmfXbmpxZ6j=i1b0DZ++s4-W8Uq_vy-5Q () mail gmail com>, William Herrin writes:
On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow () gmail com> wrote:
I can start to create
AAAA record and PTR recors in DNS and after that I should configure my
dhcp servers and after all has been done I can test ipv6 in LAN and
after that I can start configure bgp with ISP.
Is this correct procedure?

Nope.

In their infinite(simal) wisdom the architects of IPv6 determined that
a host configured with both a global scope IPv6 address and an IPv4
address will attempt IPv6 in preference to IPv4. If you configure IPv6
on a LAN without first installing your IPv6 Internet connection, that
LAN will break horribly.

The default is to tune for IPv6 first but it been configurable for
years now.  Given one generally wants to use IPv6 over IPv4 to avoid
having you packets going through CGN boxes this is a good thing for
you and your ISP.

As for "breaking" your LAN, if the applications take 60 seconds to
fallback to the other address they were already broken.  Go complain
to your application vendor.  Some vendors have already fixed this
problem with their applications.

Work your way from the outside in: start with BGP, then the interior
routers and configure the LAN last.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault