Choose your networking equipment with RIPE-554

In case the industry press hasn’t told you yet, tomorrow is the World IPv6 Launch day. While the obstinate naysayers will still claim IPv6 doesn’t matter (but then there are people believing in flat Earth being ~6000 years old and riding on a stack of turtles), the rest of us should be prepared to enable IPv6 when needed … and it all starts with the networking equipment that supports IPv6 and has IPv6 performance that has at least the same order of magnitude as the IPv4 performance.

It’s impossible to keep current with all the IPv6-related RFCs and other requirements, and requesting “equipment that supports IPv6” will enable everyone to pull wool over your eyes (including the vendors that claim to have IPv6-ready equipment). Fortunately, Jan Žorž, one of the great IPv6 evangelists started a “let’s make an official list of requirements” process a few years ago, which resulted in RIPE-501 published in November 2010.

Jan didn’t stop there – he gathered a great team of co-authors, they spent over a year polishing RIPE-501-bis, included tons of comments from the RIPE IPv6 mailing list, and the result has just been published: RIPE-544, a document that you can use during the equipment evaluation and in the RFP creation process. The German government did just that and created an IPv6 profile that closely mirrors RIPE-554 (which was not yet available at that time).

7 comments:

  1. Super nice. Thanks a lot

    ReplyDelete
  2. Supporting IPv6 and supporting IPv6 are too different things. Always look twice and always evaluate and test the equipment you have or will buy.

    In my current project there was a pair of Cat 6500 using VSS. Sure they support IPv6 just fine. But there was a IPv6 related Bug which lead reboots. :-(

    And I guess there is still no current IOS that supports (routed) IPv6 over WLAN on my old Cisco 871w (there was at least one but someone from Cisco told me it was a bug that IPv6 was working on the wireless interface).

    So you'll also have to look for the small things like monitoring (different counters for IPv4/IPv6, BGP via SNMP), RA Guard, ....

    ReplyDelete
  3. There is no reference to RA guard (RFC 6105). Why ?

    ReplyDelete
  4. thnx for promoting our work, you were a huge part of this effort. Can't express our appreciation about your really down-to-earth comments and suggestions. Pitty you couldn't make it to our go6 event on the boat today :)

    cheers, Jan

    ReplyDelete
  5. @Tiziano

    I suspect that's an error, as it does list:

    "Requirements for enterprise/ISP grade "Layer 2 switch" equipment
    Mandatory support:
    Router Advertisement (RA) filtering [RFC4862]"

    I suspect they got the RFC reference wrong and that one should be RFC6105.

    ReplyDelete
  6. Does anybody know what are the specific RFC or draft compliance the RIPE 554 is expecting for
    a. MLDv2 snooping
    b. DHCPv6 filtering
    c. Router Advertisement (RA) filtering
    d. Dynamic "IPv6 Neighbor solicitation/advertisement" inspection
    e. Neighbor Unreachability Detection [NUD, RFC4861] filtering
    f. Duplicate Address Detection [DAD, RFC4429] snooping and filtering

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.