[AusNOG] IPv6 is hard.

Mark Newton newton at atdot.dotat.org
Thu Jul 5 12:31:39 EST 2012


On Tue, Jul 03, 2012 at 05:01:50PM +0930, Tom Lanyon wrote:
 
 > Part of the way into deployment of the routing equipment, and
 > partly spurred on by newly released [at the time] stateful NAT64
 > support in Cisco's ASR1000 IOS, we decided it would be worth
 > trying to run IPv6-only on our internal network and just terminate
 > all IPv4 on our load balancing/content switching infrastructure.

If I'm reading correctly, that's probably the crux of where your
issues originated.

I'm probably a bigger IPv6 proponent than just about anybody,
but I don't think it's going to be realistic to do v6-only for 
quite some time.

At the very least, some lagacy NATted IPv4 connectivity will be
needed.

At present, I think it's useful for anyone deploying IPv6 to 
run a lab which has examples of each common "connectivity mode"
for v6.

The common connectivity modes I reckon exist right now are:

   - Full dual-stack, where each host has global v4 and v6 addresses

   - NAT4 dual-stack, where each host has global v6 and NAT v4

   - Global IPv6-only

   - Dual-stack, where the topology differs between v4 and v6

That last one is useful for seeing how various "happy eyeballs"
implementations swap protocol stacks on you based on things like
TCP startup latency and DNS response times.

You can build such an environment with one Internet-connected
lab router and one VLAN-capable switch.  Implement connectivity-mode
#4 with a tunnel to HE for IPv6, and use native (dual stack)
connectivity for everything else.

That gives you the opportunity to see how an application works
in one environment, then swap VLANs on its switchport to see
how it works in a slightly different environment.  Some of 
the results can be a bit surprising/disappointing/awe-inspiring.

(pro tip: the Cisco SG300-10 makes an excellent home lab router.
10 un-oversubscribed gig-E ports, including two that'll take 
SFPs; QoS; VLANs; ssh management; Spanning tree; Fanless and
noiseless; All in a box that costs about $200 and runs on a
few hundred milliamps.)

  - mark



More information about the AusNOG mailing list