[153433] in North American Network Operators' Group
Re: ipv6 book recommendations?
daemon@ATHENA.MIT.EDU (Cutler James R)
Wed Jun 6 09:14:12 2012
From: Cutler James R <james.cutler@consultant.com>
In-Reply-To: <CAP-guGVfDuF80g7c68A51KP8Xik5QeSOG9TjFn7wPNuH65CkdA@mail.gmail.com>
Date: Wed, 6 Jun 2012 09:12:40 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 5, 2012, at 5:23 PM, William Herrin wrote:
> On 6/5/12, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
>> Does anyone have suggestions on good books to really get
>> a thorough understanding of v6, subnetting, security practices,
>> etc. Or a few books. Just turned up dual stack with our
>> peers and a test network but I'd like to be a lot more
>> comfortable with it before looking at our customer network.
>=20
> Hi David,
>=20
> Instead of going the book route, I'd suggest getting some tunneled
> addresses from he.net and then working through
> http://ipv6.he.net/certification/ .
>=20
> They have the basics pretty well covered, it's interactive and it's =
free.
>=20
>=20
> Some additional thoughts:
>=20
> 1. Anybody who tells you that there are security best practices for
> IPv6 is full of it. It simply hasn't seen enough use in the
> environment to which we're now deploying it and rudimentary
> technologies widely used in IPv4 (e.g. NAT/PAT to private address
> space) haven't yet made their transition.
>=20
>=20
> 2. Subnetting in v6 in a nutshell:
>=20
> a. If it's a LAN, /64. Always. Stateless autoconfiguration (SLAAC)
> only works for /64.
>=20
> b. Delegations on 4-bit boundaries for reverse-DNS convenience.
>=20
> c. If it's a point to point, a reasonable practice seems to be a /64
> per network area and around /124 per link. Works OK for ethernet point
> to points too.
>=20
> d. Default customer assignments should be /56 or /48 depending on who
> you ask. /48 was the IETF's original plan. Few of your customers
> appear to use tens of LANS, let alone thousands. Maybe that will
> change but the motivations driving such a thing seem a bit pie in the
> sky. /56 let's the customer implement more than one LAN (e.g. wired
> and wireless) but burns through your address space much more slowly.
> /60 would do that too but nobody seems to be using it. /64 allows only
> one LAN, so avoid it.
>=20
> e. "sparse allocation" if you feel like it. The jury is still out on
> whether this is a good idea. Basically, instead of assigning address
> blocks linearly, you divide your largest free space in half and stick
> the new assignment right in the middle. Good news: if the assignment
> later needs to grow your can probably just change the subnet mask,
> keeping the number of entries in the routing table the same. Bad news:
> fragments the heck out of your address space so when you actually need
> a large address block for something, you don't have it.
>=20
> Trying to keep non-dynamic assignments in local or regional aggregable
> blocks works about as well as it did in IPv4, which is to say poorly.
>=20
> Regards,
> Bill Herrin
>=20
>=20
> --=20
> William D. Herrin ................ herrin@dirtside.com bill@herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>=20
Bill's additional comments about subnetting are a concise and accurate =
view. They also show and overlooked benefit of IPv6 over IPv4 -- For =
address planning, it is no longer necessary to count individual end =
points, rather only the subnets must be counted. This reduces labor in =
planning, assigning, and tracking addresses.
James R. Cutler
james.cutler@consultant.com
