Building Network Automation Solutions
6 week online course starting in September 2017

Basics of IPv6 Addressing

Another Friday, another short IPv6 video (didn’t have time to create anything more substantial this week). This one describes the basics of IPv6 addressing – I know most of you don’t need it, but do forward the link to friends who are still struggling with IPv6 basics.

9 comments:

  1. Really? Use /64 everywhere? And make that many neighbor entries possible?! Terrible advice.

    ReplyDelete
    Replies
    1. Yeah, what are they thinking? The next thing you know, they'll be telling us to run BGP across the DC core or to use layer 3 switches. Oh wait, what year is it?

      Delete
    2. Nice try, fanboy. BGP != 18,446,744,073,709,551,616 potential entries in a finite table, or using massive address spaces because it's "too hard" to subnet.

      This is the stuff of charlatans.

      Delete
    3. Just because a vendor messed up their hardware so that they do NDP snooping before ingress ACL doesn't mean that "using /64 everywhere" is a bad advice. And BTW, I was writing about that years ago...

      http://blog.ipspace.net/2011/05/ipv6-neighbor-discovery-exhaustion.html

      Not sure whether that particular vendor fixed their bug, but I'm positive this myth will persist for decades.

      Also, if you're that security conscious, why don't you use LLA for non-edge interfaces?

      Delete
    4. Also, dear Anonymous, do check the /64 table sizes versus LPM table sizes on data center switches. Many of them have interesting limitations for prefixes longer than /64.

      Delete
  2. I'm migrating LAN to IPv6. What happens with address selection if I want to use IPv6 ULA for LAN only and IPv4 for Internet?
    Will it work? Or Windows will prefer ULA for Internet and fail?
    Thanks

    ReplyDelete
    Replies
    1. As soon as the host gets a AAAA response to the DNS query, it will try to reach the IPv6 address of the server.

      Happy Eyeballs should take care of web browsing, everything else will experience various levels of brokenness.

      Long story short: don't do it.

      Delete
    2. Thanks. But with the new OS is almost a necessity to configure IPv6 inside and the ISP doesn't give IPv6 outside yet. So what can we do? Maybe, dual stack inside with ULA, and IPv4 outside with NAT64 and DNS64?

      Delete
    3. The hosts that desperately need IPv6 (primarily Windows Server) will use either LLA or 6-over-4 (in whatever form).

      Don't claim to have what you don't have.

      Delete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.