[167617] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Matthew Huff)
Fri Dec 20 17:16:20 2013
From: Matthew Huff <mhuff@ox.com>
To: Owen DeLong <owen@delong.com>
Date: Fri, 20 Dec 2013 17:16:08 -0500
In-Reply-To: <21D7E22B-CE29-476A-8ED7-5FD321429D60@delong.com>
Cc: nanog2 <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Owen,
Have you ever worked in a corporate environment? Replacing equipment can be=
a 5-7 year window and has to be justified and budgeted. Replacing a piece =
of equipment because it's an incomplete IPv6 implementation (which has chan=
ged considerably as it has been deployed), isn't feasible. There are a lot=
of things that have changed as IPv6 has been deployed such as DHCPv6 (not =
even talking about setting default GW via DHCP, but things such as DNS serv=
ers, DNS domain name, etc). Not all vendors especially ones in niche market=
s can update the firmwares that often, and certainly not unless they have a=
business justification.
On Dec 20, 2013, at 4:07 PM, Owen DeLong <owen@delong.com> wrote:
>=20
> On Dec 20, 2013, at 12:50 PM, Matthew Huff <mhuff@ox.com> wrote:
>=20
>>=20
>> On Dec 20, 2013, at 3:23 PM, Owen DeLong <owen@delong.com> wrote:
>>=20
>>>=20
>>> On Dec 20, 2013, at 6:29 AM, Matthew Huff <mhuff@ox.com> wrote:
>>>=20
>>>> With RA, what is the smallest interval failover will work? Compare tha=
t with NHRP such as HSRP, VRRP, etc with sub-second failover.
>>>=20
>>> RA and VRRP are not mutually exclusive. What you can=92t have (currentl=
y) is routing information distributed by a DHCP server which may or may not=
actually know anything about the routing environment to which it is sendin=
g such information.
>>>=20
>>>> In corporate networks most of the non-client systems will be staticall=
y addressed with privacy addresses turned off. This is for regulatory, audi=
t, security and monitoring requirement. One of the many challenges of ipv6 =
in a corporate environment.
>>>=20
>>> There=92s no problem doing this in IPv6. You can easily statically addr=
ess a system and you can easily turn off privacy addresses. You can even do=
that and still get your default router via RA or you can statically config=
ure the default router address.
>>>=20
>>> As such, can someone please explain what is the actual missing or probl=
ematic requirement for the corporate world?
>>>=20
>>> Owen
>>=20
>> Reality.
>>=20
>> Owen, not all OS and especially hardware appliances (dedicated NTP appli=
ances, UPS cards, ILO), etc... will work with RA and static addresses. They=
just don't. Some OS's won't disable SLAAC unless you disable autoconf on t=
he switch. When you=20
>=20
> Not all devices have working IPv6 stacks. OK, they=92re broken, complain =
to the vendor and get them to fix their product or buy a working product fr=
om a different vendor.
>=20
>> do that, they loose the ability to pickup RA. Some will only work with l=
ink local gateway addresses, some will only work with link global gateway a=
ddresses. There is a lot of cruft out there in the enterprise world that cl=
aims IPv6
>=20
> Link Local gateway addresses are required functionality in IPv6. A device=
which requires a global gateway address is
> broken. See above.
>=20
>> compatibility, but in the real world doesn't work consistently. Almost a=
ll can be made to work, but require custom configuration. Far too much work=
for many organizations to see value in deployment. In at least on IT depar=
tment I know of, IPv6 is banned because the CIO read about one of the =93ad=
vantages" of IPv6 is bringing back the p2p model of IP, and most corporate =
management has zero interest in having any p2p connectivity within their ne=
twork.
>=20
> IPv4 didn=92t work perfectly in the beginning either. Enterprises spent m=
any years getting vendors to correct issues with their iPv4 products and we=
=92re just starting that process with IPv6.
>=20
> I=92m asking what=92s broken in the protocol design since that=92s what t=
he IETF can attempt to fix.
>=20
>=20
>> For our desktop environments (Windows 7 and RHEL6) we have two different=
configurations on the switches on separate VLANs using SLAAC with DHPCv6 a=
nd that works fine with RA announcing the NHRP. Other equipment, not so muc=
h.
>=20
> Sounds like you need to contact the vendors for that other equipment and =
get them to fix their IPv6 implementations.
>=20
> Owen
>=20
