[182144] in North American Network Operators' Group
Re: Hotels/Airports with IPv6
daemon@ATHENA.MIT.EDU (Mel Beckman)
Fri Jul 10 19:48:54 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Jared Mauch <jared@puck.Nether.net>
Date: Fri, 10 Jul 2015 23:48:46 +0000
In-Reply-To: <20150710223234.GD23237@puck.nether.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
You perhaps haven't worked a large government network deployment before. On=
e doesn't activate features not enumerated in the design. Ever. Because the=
y won't get and can thus introduce security or reliability covered in accep=
tance testing and could introduce security or reliability problems. These n=
etworks have many engineers, months of meetings, and rigorous change contro=
l. Turning on IPv6 without authorization would result in termination.=20
-mel via cell
> On Jul 10, 2015, at 3:32 PM, Jared Mauch <jared@puck.Nether.net> wrote:
>=20
>> On Fri, Jul 10, 2015 at 10:08:15PM +0000, Mel Beckman wrote:
>> There is most certainly a cost to IPv6, especially in a large, complex d=
eployment, where everything requires acceptance testing. And I'm sure you r=
ealize that IPv6 only is not an option. I agree that it would have been wo=
rth the cost, which would have been just a small fraction of the total. The=
powers that be chose not to incur it now. But we did deploy only IPv6 gear=
and systems, so it can probably be turned up later for that same increment=
al cost.=20
>>=20
>=20
> I had the luxury that as we deployed IPv6 across the network
> we rolled it from the 6bone -> core -> edge over a period of a few months=
.
>=20
> As we shut down the 6bone/3ffe stuff and moved people to gre/ip
> and native the core was ready. This doesn't mean the edges have IPv6
> turned on, but it's usually the flip of a switch.
>=20
> Where possible take your core and IPv6 enable it and then
> touch the upstreams at the same time/next time you do work there.
>=20
> Assuming you patch devices for the various SIRT/PSIRT type
> events, most devices will be rebooted once every 6-12 months. this
> gives you the chance to drop in and enable ipv6 during or after that=20
> change/maint window.
>=20
> Rolling out the core really isn't hard, go ahead and do it. There
> are plenty of people here who will help you with these steps.
>=20
> - Jared
>=20
> --=20
> Jared Mauch | pgp key available via finger from jared@puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements are only min=
e.
