Category: IPv6

A while ago Sander Steffann and Iljitsch van Beijnum wrote a fantastic document that compared most (somewhat) widely used IPv6-over-IPv4 tunneling mechanisms. The document got published as RFC 7059 in November and is a definite must-read for anyone having to deal with this particular can of worms.

Unfortunately the document doesn’t cover the recent IPv4 sunset developments – numerous mechanisms that transport IPv4 leftovers over IPv6-only access networks (MAP-E, DS-Lite, lw4over6, 464XLAT …). One can only hope Sander and Iljitsch plan to produce a complementary document soon ;)

Interested in IPv4-to-IPv6 transition mechanisms?

Check out IPv6 Transition Mechanisms webinar and other IPv6 resources on ipSpace.net.

“I want default router address in DHCPv6 options” is a popular religious war on various IPv6 mailing lists. One of the underlying reasons is the need to implement poor man’s first hop load balancing (I won’t even consider the “I don’t want to think, so want IPv6 to behave like IPv4” mentality in this blog post), and as always, the arguments have more to do with suboptimal implementations than true technical needs.

From the IPv6 Trivia department: can a host with an ULA address reach a service with a global IPv6 address? Can a host with only a link-local address reach a service with a global IPv6 address? The answer to both questions might be Yes (but you better know what scopes and zones are if you want to figure it out).

Having “do we need ULA” blogologs with Ed Horley is great … and the best part of them is that we’re both right (aka: It Depends). OK, let’s try to quantify that last part.

More news from the IPv6 is not like IPv4 department: there's no DF bit in IPv6, so you have to use slightly different troubleshooting tricks to figure out the path MTU size (and they depend on the operating system). More in a detailed blog post by my good friend Matjaž Straus.

My recommendation to use ULA addresses for internal communications within organizations that don’t have their own provider-independent address space resulted in the following comment:

[…] Having ULA for internal company communication and global IPv6 addresses for communication with the Internet will cause lots of issues with application guys since now application has to bind to specific IPv6 address for internal communications and another IPv6 address to go to the Internet.

Numerous aspects of IPv6 may still be broken, but fortunately this is not one of them.

Ed Horley wrote another great post arguing you don’t need Unique Local Addresses in an IPv6 network … and I couldn’t figure out what the problem was until I got the underlying context: it seems many engineers try to transplant their IPv4 mentality into IPv6 world and see ULAs as a nice replacement for RFC1918 with NAT66 or NPT66 on the private network edge. No wonder Ed argues against that.

Someone left the following comment on one of my blog posts a few days ago:

IPv6 to a network engineer is like Communism to a Marxist. It would come in such a distant future that it would be in a form we can barely picture accurately. […] So my money is on NAT444, at least in the US.

Meanwhile on planet Earth (in 2014):

In the first Terastream blog post I mentioned Deutsche Telekom decided to use an IPv6-only access network. Does that mean they decided to go down the T-Mobile route and deployed NAT64 + 464XLAT? That combo wouldn’t work well for them, and they couldn’t use MAP-E due to lack of IP address space, so they deployed yet another translation mechanism – Lightweight 4over6.

Dan sent me the following question:

I had another read of the ‘Building IPv6 Service Provider Networks’ material and can see the PE routers use site local ipv6 addressing. I’m about to build another small service provider setup and wondered: would you actually use site local for PE loopbacks etc, or would you use ULA or global addressing? I’m thinking ULA would be better from a security point of view?

TR&DR summary: Don’t do that.

During the final part of the IPv6-only data centers webinar Tore Anderson described his deployment guidelines and answered a few more questions.

Ed Horley, an awesome IPv6 geek I had the privilege to meet at NFD6, wrote an interesting blog post arguing against IPv6 ULA usage (particularly when combined with NPT66). We would all love to get rid of NAT, however ...

Not surprisingly, the unorthodox ideas of Tore Anderson generated plenty of questions, so he spent ~20 minutes answering them.

Remember Tore Anderson’s IPv6-only data center design he described in last June’s webinar? Wondered how he got it done? The secret sauce he used is SIIT – the stateless IPv6-to-IPv4 translation technology. His trick: turning it around.

Tore Anderson started his part of the IPv6-Only Data Centers webinar with a comprehensive analysis of numerous design options you have when implementing dual-stack access to your data center.

Unless you decided to live under a rock for the next 20 years or plan to drop out of networking in the very near future, you simply (RFC 2119) MUST watch this video.