[AusNOG] IPv6 on WiFi

[Glen Turner]

Imtiaz Ahmad made happy little electrons sing the chorus:
> Is there any idea about best practices for IPv6 support on WiFi at customer end?

(Assuming this is wifi and not some metro-wide thing)

All APs in one big subnet (it's not like you are going to run out of addresses, so it's the level of multicast from clients which becomes the limiting factor).

Autoconf with EUI64. Anything with statefull DHCP6 is just asking for client support dramas. Provide a IPv6 DNS server address in the RA, but in practice expect hosts to use the IPv4 DNS server address from DHCP.

Turn on whatever features the AP has for limiting abuse of RA, SLAAC, ARP, etc.

Turn on whatever ICMPv6 multicast short-circuit features are available. At the moment these are vendor-specific features, so if you have multiple AP vendors then it's not a great story.

Global addressing with a stateful firewall denying unanticipated incoming connections to protect those who don't know they're running IPv6.  Usual ACLs preventing outgoing SMTP and DNS except through your servers.

If you have a small implementation then don't get seduced into the whole IPv6 wireless mobility thing. It's an active area of vendor development because they want to challenge the 3G mobile phone data infrastructure and get their beak into that river of money. That may not be your agenda in bring up IPv6 on a few APs.

-- 
 Glen Turner <http://www.gdt.id.au/~gdt/>