[167611] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Dec 20 16:08:01 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <653B375D-82F7-4A7F-9739-9F118BF3D7EA@ox.com>
Date: Fri, 20 Dec 2013 13:07:06 -0800
To: Matthew Huff <mhuff@ox.com>
Cc: nanog2 <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 20, 2013, at 12:50 PM, Matthew Huff <mhuff@ox.com> wrote:
>=20
> On Dec 20, 2013, at 3:23 PM, Owen DeLong <owen@delong.com> wrote:
>=20
>>=20
>> On Dec 20, 2013, at 6:29 AM, Matthew Huff <mhuff@ox.com> wrote:
>>=20
>>> With RA, what is the smallest interval failover will work? Compare =
that with NHRP such as HSRP, VRRP, etc with sub-second failover.
>>=20
>> RA and VRRP are not mutually exclusive. What you can=92t have =
(currently) is routing information distributed by a DHCP server which =
may or may not actually know anything about the routing environment to =
which it is sending such information.
>>=20
>>> In corporate networks most of the non-client systems will be =
statically addressed with privacy addresses turned off. This is for =
regulatory, audit, security and monitoring requirement. One of the many =
challenges of ipv6 in a corporate environment.
>>=20
>> There=92s no problem doing this in IPv6. You can easily statically =
address a system and you can easily turn off privacy addresses. You can =
even do that and still get your default router via RA or you can =
statically configure the default router address.
>>=20
>> As such, can someone please explain what is the actual missing or =
problematic requirement for the corporate world?
>>=20
>> Owen
>=20
> Reality.
>=20
> Owen, not all OS and especially hardware appliances (dedicated NTP =
appliances, UPS cards, ILO), etc... will work with RA and static =
addresses. They just don't. Some OS's won't disable SLAAC unless you =
disable autoconf on the switch. When you=20
Not all devices have working IPv6 stacks. OK, they=92re broken, complain =
to the vendor and get them to fix their product or buy a working product =
from a different vendor.
> do that, they loose the ability to pickup RA. Some will only work with =
link local gateway addresses, some will only work with link global =
gateway addresses. There is a lot of cruft out there in the enterprise =
world that claims IPv6
Link Local gateway addresses are required functionality in IPv6. A =
device which requires a global gateway address is
broken. See above.
> compatibility, but in the real world doesn't work consistently. =
Almost all can be made to work, but require custom configuration. Far =
too much work for many organizations to see value in deployment. In at =
least on IT department I know of, IPv6 is banned because the CIO read =
about one of the =93advantages" of IPv6 is bringing back the p2p model =
of IP, and most corporate management has zero interest in having any p2p =
connectivity within their network.
IPv4 didn=92t work perfectly in the beginning either. Enterprises spent =
many years getting vendors to correct issues with their iPv4 products =
and we=92re just starting that process with IPv6.
I=92m asking what=92s broken in the protocol design since that=92s what =
the IETF can attempt to fix.
> For our desktop environments (Windows 7 and RHEL6) we have two =
different configurations on the switches on separate VLANs using SLAAC =
with DHPCv6 and that works fine with RA announcing the NHRP. Other =
equipment, not so much.
Sounds like you need to contact the vendors for that other equipment and =
get them to fix their IPv6 implementations.
Owen
