Home page logo

nanog logo nanog mailing list archives

Re: IPV6 in enterprise best practices/white papaers
From: Jay Ashworth <jra () baylink com>
Date: Tue, 29 Jan 2013 14:54:13 -0500 (EST)

----- Original Message -----
From: "Doug Barton" <dougb () dougbarton us>

Depends on how big your "deployment" is. For a small office -- say,
100 PCs or less; something that will fit in what I will catch schidt
for referring to as a "Class C" :-) -- with a single current
generation consumer market edge NAT router, then yes, in fact, you
Just Plug It All In.

Well sure, but the same would be true for the equivalent IPv6

Is that in fact true?  My takeaway from watching NANOG the last 8 years 
is that it doesn't always work like that.

Well, no, not really. As you note, of course, most of those things
are reflexes for most network engineering types, but certainly they
took a while to get there.

Yes, that's precisely my point. :) No one learned IPv4 networking
overnight. But people who already know IPv4 are complaining that they
can't magically come to the same degree of competence with IPv6 without
spending any time to learn it. The irony is that people who already
know "networking" will have a much easier time learning IPv6, with a
minimal amount of extra work, but minimal != zero.

Well, this it my point.  My integration of the questions I see, and
the problems I had trying to even get a first tier grasp of it myself
is that I *expect* leverage from understanding v4 which I did not
in fact *get*; enough stuff has changed at a fundamental level that 
my v4 knowledge isn't all that helpful.

I think "marginal added complexity" is probably a polite

No, it really isn't. I realize that the IPv6 zealots hate it when I say
this, but in many ways you can treat IPv6 just like IPv4 with bigger

1. Don't filter ICMPv6.
2. Treat a /64 roughly the way you'd treat a /24 in IPv4.
3. Put SLAAC on the networks you have DHCPv4 on.
4. Statically assign addresses and networks for v6 on the systems you
statically assign them on v4 (servers, etc.)
5. Neighbor Discovery (ND) replaces arp, but mostly you don't every need
to worry about it (just like you hardly ever need to worry about arp).

Voila! You've just learned 80% of what you need to know to be
successful with IPv6.

Great, and now you've answered the OPs question.

So where, in fact, *is* the IPv6 primer that says that stuff, with 
enough backfill that you can do the further research about how and

In consequence of that, IPv6 feels to me like it has a bad case of
what Fred Brooks would call Second System Syndrome.

Your assessment is correct, but the good news is that you can ignore
almost all of it. The "SLAAC vs. full-featured DHCPv6" thing is still
kind of a PITA, but it's working itself out. Beyond that, if there is
a feature of IPv6 that you're not interested in, don't use it. :)


You seem to be suggesting, though, to drag the conversation back
where I started it, that there is *so much new stuff* with IPv6 that
it's difficult *even for old hats with IPv4* to learn it by analogy.

No, quite the opposite. What I'm saying is that if you already
understand how to run a network with v4 that learning the v6 terminology
and equivalent concepts, plus the few extra things that you actually
do need to manage for v6, is not that difficult. It just *seems* hard
because before you tackle it, it's all new and strange.

Hmmm ^ 2.

(Yes, yes, I am coming late to this argument; the networks I'm
responsible are historically relatively small. IPv6 connectivity has
been troublesome to acquire except at the last couple.)

Roger that. Not that I'm trying to toot my own horn, but most of my
experience has been with large enterprise networks, often spanning
multiple continents, so I tend to think in those terms. The good news
for smaller shops is that if you can get it, IPv6 is pretty much "just
plug it in," very similar to how you described IPv4 for a smaller shop

You haven't tried to *buy* IPv6 edge transit, have you?

Has that gotten any easier than "months later, nobody has the first
clue what I'm talking about"?  :-)

-- jra
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]