[153437] in North American Network Operators' Group
Re: ipv6 book recommendations?
daemon@ATHENA.MIT.EDU (Anton Smith)
Wed Jun 6 09:54:17 2012
In-Reply-To: <A69AAEA6-598B-49E7-8049-266D31C75E33@consultant.com>
Date: Wed, 6 Jun 2012 14:53:02 +0100
From: Anton Smith <anton@huge.geek.nz>
To: Cutler James R <james.cutler@consultant.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6 June 2012 14:12, Cutler James R <james.cutler@consultant.com> wrote:
>
> On Jun 5, 2012, at 5:23 PM, William Herrin wrote:
>
> > On 6/5/12, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
> >> Does anyone have suggestions on good books to really get
> >> a thorough understanding of v6, subnetting, security practices,
> >> etc. =C2=A0Or a few books. =C2=A0Just turned up dual stack with our
> >> peers and a test network but I'd like to be a lot more
> >> comfortable with it before looking at our customer network.
> >
> > Hi David,
> >
> > Instead of going the book route, I'd suggest getting some tunneled
> > addresses from he.net and then working through
> > http://ipv6.he.net/certification/ .
> >
> > They have the basics pretty well covered, it's interactive and it's fre=
e.
> >
> >
> > Some additional thoughts:
> >
> > 1. Anybody who tells you that there are security best practices for
> > IPv6 is full of it. It simply hasn't seen enough use in the
> > environment to which we're now deploying it and rudimentary
> > technologies widely used in IPv4 (e.g. NAT/PAT to private address
> > space) haven't yet made their transition.
> >
> >
> > 2. Subnetting in v6 in a nutshell:
> >
> > a. If it's a LAN, /64. Always. Stateless autoconfiguration (SLAAC)
> > only works for /64.
> >
> > b. Delegations on 4-bit boundaries for reverse-DNS convenience.
> >
> > c. If it's a point to point, a reasonable practice seems to be a /64
> > per network area and around /124 per link. Works OK for ethernet point
> > to points too.
> >
> > d. Default customer assignments should be /56 or /48 depending on who
> > you ask. /48 was the IETF's original plan. Few of your customers
> > appear to use tens of LANS, let alone thousands. Maybe that will
> > change but the motivations driving such a thing seem a bit pie in the
> > sky. /56 let's the customer implement more than one LAN (e.g. wired
> > and wireless) but burns through your address space much more slowly.
> > /60 would do that too but nobody seems to be using it. /64 allows only
> > one LAN, so avoid it.
> >
> > e. "sparse allocation" if you feel like it. The jury is still out on
> > whether this is a good idea. Basically, instead of assigning address
> > blocks linearly, you divide your largest free space in half and stick
> > the new assignment right in the middle. Good news: if the assignment
> > later needs to grow your can probably just change the subnet mask,
> > keeping the number of entries in the routing table the same. Bad news:
> > fragments the heck out of your address space so when you actually need
> > a large address block for something, you don't have it.
> >
> > Trying to keep non-dynamic assignments in local or regional aggregable
> > blocks works about as well as it did in IPv4, which is to say poorly.
> >
> > Regards,
> > Bill Herrin
> >
> >
> > --
> > William D. Herrin ................ herrin@dirtside.com =C2=A0bill@herri=
n.us
> > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> > Falls Church, VA 22042-3004
> >
>
> Bill's additional comments about subnetting are a concise and accurate vi=
ew. =C2=A0They also show and overlooked benefit of IPv6 over IPv4 -- For ad=
dress planning, it is no longer necessary to count individual end points, r=
ather only the subnets must be counted. =C2=A0This reduces labor in plannin=
g, assigning, and tracking addresses.
>
>
> James R. Cutler
> james.cutler@consultant.com
>
Hi all,
Potentially silly question but, as Bill points out a LAN always occupies a =
/64.
Does this imply that we would have large L2 segments with a large
number of hosts on them? What about the age old discussion about
keeping broadcast segments small?
Or, will it be that a /64 will only typically have a similar number of
hosts in it as say, a /23|4 in the IPv4 world?
Cheers,
Anton
