[137131] in North American Network Operators' Group
Re: IPv6 - a noobs prespective
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Feb 9 15:44:08 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <4D52DB6E.9080009@brightok.net>
Date: Wed, 9 Feb 2011 15:43:35 -0500
To: Jack Bates <jbates@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 9, 2011, at 1:22 PM, Jack Bates wrote:
> On 2/9/2011 12:03 PM, William Herrin wrote:
>> The thing that terrifies me about deploying IPv6 is that apps
>> compatible with both are programmed to attempt IPv6 before IPv4. This
>> means my first not-quite-correct IPv6 deployments are going to break
>> my apps that are used to not having and therefore not trying IPv6. =
But
>> that's not the worst part... as the folks my customers interact with
>> over the next couple of years make their first not-quite-correct IPv6
>> deployments, my access to them is going to break again. And again. =
And
>> again. And I won't have the foggiest idea who's next until I get the
>> call that such-and-such isn't working right.
>=20
> What scares me most is that every time I upgrade a router to support =
needed hardware or some badly needed IPv6 feature, something else =
breaks. Sometimes it's just the router crashes on a specific IPv6 =
command entered at CLI (C) or as nasty as NSR constantly crashing the =
slave (J); the fixes generally requiring me to upgrade again to the =
latest cutting edge releases which everyone hates (where I'm sure I'll =
find MORE bugs).
>=20
> The worst is when you're the first to find the bug(which I'm not even =
sure how it's possible given how simplistic my configs are, isis =
multitopology, iBGP, NSR, a few acls and route-maps/policies), it takes =
3-6 months or so to track it down, and then it's put only in the next =
upcoming release (not out yet) and backported to the last release.
>=20
>=20
> Jack (hates all routers equally, doesn't matter who makes it)
Welcome to the life of being a network operator. :)
I know we have had to regularly upgrade for SIRT/PSIRT issues in the =
past that only impacted our network due to our deployment of IPv6, but =
it also has allowed us years of additional outages/upgrade =
justifications. I've not been happy any time we've had this come =
around, as honestly, nobody wants to be chasing these, but it's also a =
good experience to view the entire set of risks that we face in the =
network. I'd rather be upgrading because of a known threat than be hit =
by an unknown one...
I've found it imperative in my life to always have a device running the =
(so called) latest and greatest software in the network. Sometimes this =
has caused great pain, other times it's reduced the pain when a forced =
upgrade comes upon us (for new hardware, or PSIRT).
Making sure that the entire team understands these requirements, and =
following the usual advisories will help you manage this risk. (and =
hopefully with a great deal of success).
- Jared=
