[159873] in North American Network Operators' Group
Re: IPV6 in enterprise best practices/white papaers
daemon@ATHENA.MIT.EDU (Pavel Dimow)
Sat Jan 26 16:10:28 2013
In-Reply-To: <CALOgxGY1UVFWppYj7FfBwNyC=3Ejo9oiE_PHkptb6hF9kLMG3Q@mail.gmail.com>
Date: Sat, 26 Jan 2013 22:10:14 +0100
From: Pavel Dimow <paveldimow@gmail.com>
To: trejrco@gmail.com
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence "as-is". ;)
Tnx once again to all.
On Sat, Jan 26, 2013 at 6:59 PM, TJ <trejrco@gmail.com> wrote:
> In principle, I agree with the EDGE-in approach.
>
> However, if you need to do LAN before EDGE (e.g. DISA can't get you
> connectivity but you need to make some progress) you need to block AAAA
> queries from getting replies.  BIND has a "filter AAAA on IPv4" option that
> helps here ... (just don't give the hosts the v6 addresses of the  internal
> DNS servers).
>
> HTH,
> /TJ
>
> On Jan 26, 2013 12:49 PM, "William Herrin" <bill@herrin.us> wrote:
>>
>> On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow@gmail.com> wrote:
>> > I can start to create
>> > AAAA record and PTR recors in DNS and after that I should configure my
>> > dhcp servers and after all has been done I can test ipv6 in LAN and
>> > after that I can start configure bgp with ISP.
>> > Is this correct procedure?
>>
>> Nope.
>>
>> In their infinite(simal) wisdom the architects of IPv6 determined that
>> a host configured with both a global scope IPv6 address and an IPv4
>> address will attempt IPv6 in preference to IPv4. If you configure IPv6
>> on a LAN without first installing your IPv6 Internet connection, that
>> LAN will break horribly.
>>
>> Work your way from the outside in: start with BGP, then the interior
>> routers and configure the LAN last.
>>
>> Regards,
>> Bill Herrin
>>
>>
>>
>> --
>> William D. Herrin ................ herrin@dirtside.com  bill@herrin.us
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>
>