[167620] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Dec 20 17:41:00 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <75E34391-D8F2-4AE8-932F-C58F6A23149B@ox.com>
Date: Fri, 20 Dec 2013 14:33:17 -0800
To: Matthew Huff <mhuff@ox.com>
Cc: nanog2 <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 20, 2013, at 14:16 , Matthew Huff <mhuff@ox.com> wrote:
> Owen,
>=20
> Have you ever worked in a corporate environment? Replacing equipment =
can be a 5-7 year window and has to be justified and budgeted. Replacing =
a piece of equipment because it's an incomplete IPv6 implementation =
(which has changed considerably as it has been deployed), isn't =
feasible. There are a lot of things that have changed as IPv6 has been =
deployed such as DHCPv6 (not even talking about setting default GW via =
DHCP, but things such as DNS servers, DNS domain name, etc). Not all =
vendors especially ones in niche markets can update the firmwares that =
often, and certainly not unless they have a business justification.
Yes, I have.
We've been advocating that people look at the IPv6 capabilities they =
need from their vendors, test, report bugs, and insist on working IPv6 =
implementations for more than 10 years now. The DHCPv6 RFC (3315) was =
published in July, 2003.
DHCPv6 has not actually changed all that significantly and the =
provisions for DHCPv6 in RAs were standardized around the same time as =
RFC-3315. The most recent significant change in RAs I can come up with =
is RFC-6106 which is 2010, but it's entirely optional and just adds DNS =
search string capabilities to RFC-5006 which goes back to September, =
2007.
So unless you have a change you can point to that is more recent than =
2007, I think we've got the 5-7 year thing pretty well covered.
Owen
>=20
>=20
>=20
> On Dec 20, 2013, at 4:07 PM, Owen DeLong <owen@delong.com> wrote:
>=20
>>=20
>> On Dec 20, 2013, at 12:50 PM, Matthew Huff <mhuff@ox.com> wrote:
>>=20
>>>=20
>>> On Dec 20, 2013, at 3:23 PM, Owen DeLong <owen@delong.com> wrote:
>>>=20
>>>>=20
>>>> On Dec 20, 2013, at 6:29 AM, Matthew Huff <mhuff@ox.com> wrote:
>>>>=20
>>>>> With RA, what is the smallest interval failover will work? Compare =
that with NHRP such as HSRP, VRRP, etc with sub-second failover.
>>>>=20
>>>> RA and VRRP are not mutually exclusive. What you can=92t have =
(currently) is routing information distributed by a DHCP server which =
may or may not actually know anything about the routing environment to =
which it is sending such information.
>>>>=20
>>>>> In corporate networks most of the non-client systems will be =
statically addressed with privacy addresses turned off. This is for =
regulatory, audit, security and monitoring requirement. One of the many =
challenges of ipv6 in a corporate environment.
>>>>=20
>>>> There=92s no problem doing this in IPv6. You can easily statically =
address a system and you can easily turn off privacy addresses. You can =
even do that and still get your default router via RA or you can =
statically configure the default router address.
>>>>=20
>>>> As such, can someone please explain what is the actual missing or =
problematic requirement for the corporate world?
>>>>=20
>>>> Owen
>>>=20
>>> Reality.
>>>=20
>>> Owen, not all OS and especially hardware appliances (dedicated NTP =
appliances, UPS cards, ILO), etc... will work with RA and static =
addresses. They just don't. Some OS's won't disable SLAAC unless you =
disable autoconf on the switch. When you=20
>>=20
>> Not all devices have working IPv6 stacks. OK, they=92re broken, =
complain to the vendor and get them to fix their product or buy a =
working product from a different vendor.
>>=20
>>> do that, they loose the ability to pickup RA. Some will only work =
with link local gateway addresses, some will only work with link global =
gateway addresses. There is a lot of cruft out there in the enterprise =
world that claims IPv6
>>=20
>> Link Local gateway addresses are required functionality in IPv6. A =
device which requires a global gateway address is
>> broken. See above.
>>=20
>>> compatibility, but in the real world doesn't work consistently. =
Almost all can be made to work, but require custom configuration. Far =
too much work for many organizations to see value in deployment. In at =
least on IT department I know of, IPv6 is banned because the CIO read =
about one of the =93advantages" of IPv6 is bringing back the p2p model =
of IP, and most corporate management has zero interest in having any p2p =
connectivity within their network.
>>=20
>> IPv4 didn=92t work perfectly in the beginning either. Enterprises =
spent many years getting vendors to correct issues with their iPv4 =
products and we=92re just starting that process with IPv6.
>>=20
>> I=92m asking what=92s broken in the protocol design since that=92s =
what the IETF can attempt to fix.
>>=20
>>=20
>>> For our desktop environments (Windows 7 and RHEL6) we have two =
different configurations on the switches on separate VLANs using SLAAC =
with DHPCv6 and that works fine with RA announcing the NHRP. Other =
equipment, not so much.
>>=20
>> Sounds like you need to contact the vendors for that other equipment =
and get them to fix their IPv6 implementations.
>>=20
>> Owen
>>=20
