Building network automation solutions

9 module online course

Start now!

Category: IPv6

RFC8200: IPv6 Is an Internet Standard

You wouldn’t believe it – after almost 22 years (yeah, it’s been that long since RFC 1883 was published), IPv6 became an Internet standard (RFC8200/STD86). No wonder some people claim IETF moves at glacial speed ;)

Speaking of IPv6, IETF and glacial speeds – there’s been a hilarious thread before Prague IETF meeting heatedly arguing whether the default WLAN SSID should be IPv6-only (+NAT64). Definitely worth reading (for the entertainment value) over a beer or two.

see 3 comments

And this is how you build an IPv6-only data center

Tore Anderson has been talking about IPv6-only data centers (and running a production one) for years. We know Facebook decided to go down that same path… but how hard would it be to start from scratch?

Not too hard if you want to do it, know what you're doing, and are willing to do more than buy boxes from established vendors. Donatas Abraitis documented one such approach, and he's not working for a startup but a 12-year-old company. So, don't claim it's impossible ;)

see 1 comments

Cutting through the IPv6 Requirements Red Tape

Few years ago a bunch of engineers agreed that the customers need a comprehensive “IPv6 Buyer’s Guide” and thus RIPE-554 was born. There are also IPv6 certification labs, US Government IPv6 profile and other initiatives. The common problem: all these things are complex.

However, it’s extremely easy to get what you want as Ron Broersma explained during his presentation at recent Slovenian IPv6 meeting. All it takes is a single paragraph in the RFP saying something along these lines:

The equipment must have the required functionality and performance in IPv6-only environment.

Problem solved (the proof is left as an exercise for the reader… or you could cheat and watch Ron’s presentation, which you should do anyway ;).

see 2 comments

IPv6 Microsegmentation in Data Center Environments

The proponents of microsegmentation solutions would love you to believe that it takes no more than somewhat-stateful packet filters sitting in front of the VMs to get rid of traditional subnets. As I explained in my IPv6 Microsegmentation talk (links below), you need more if you want to have machines from multiple security domains sitting in the same subnet – from RA guard to DHCPv6 and ND inspection.

read more see 1 comments

IPv6 Address Allocation Is Operating System-Specific

The breadth of address allocation options available in IPv6 world confuses many engineers thoroughly fluent in IPv4, but it also gives operating system developers way too many options… and it turns out that different operating systems behave way differently when faced with the same environment.

2016-01-21: In the meantime, Luka got further details on Windows behavior, and Enno Rey provided a few additional links.

read more see 16 comments

There’s a Problem with IPv6 Multihoming

In an amazing turn of events, at least one IETF working group recognized we have serious problems with IPv6 multihoming. According to the email Fred Baker sent to a number of relevant IETF working groups:

PI multihoming demonstrably works, but PA multihoming when the upstreams implement BCP 38 filtering requires the deployment of some form of egress routing - source/destination routing in which the traffic using a stated PA source prefix and directed to a remote destination is routed to the provider that allocated the prefix. The IETF currently has no such recommendation, or consensus that it should have.

Here are a few really old blog posts just in case you don’t know what I’m talking about (and make sure you read the comments as well):

read more see 11 comments