On Oct 3, 2019, at 12:30 PM, Stephen Satchell <list@satchell.net> wrote:
On 10/3/19 8:22 AM, Fred Baker wrote:
And on lists like this, I am told that there is no deployment - that nobody wants it, and anyone that disagrees with that assessment has lost his or her mind. That all leaves me wondering which of us doesn't quite have their eye on the ball. For the reasons you provided in your original message, the learning curve for IPv6 -- EVERYTHING about IPv6, not "just enough to get by" -- is steep and uncertain.
And I think you may be misunderstanding the problem. It's not that people don't want it. They lack the zen of it, they don't see the four corners of the thing, something that people took years to learn in IPv4. (I had a leg up, being involved in the original ARPAnet, so I got to watch it grow. Still have the 1984 DDN handbooks, too.)
Funny thing. I was quoting the email in this thread just prior to yours. I won’t say there are no issues in IPv6 deployment; there are. However, having done some myself, if you have IPv4-zen, IPv6-zen is pretty easy to come by with a cheat sheet. For example, does your configuration have statements like IP address 192.0.2.1 255.255.255.0 ? Everywhere you find that, you add a statement like ipv6 address 2001:db8:AABB:1234::/64 eui-64 What I did for the IID (IPv4-speak: “host part”) in a recent project was use the IPv4 address of the interface: IP address 192.0.2.1 255.255.255.0 IPv6 address 2001:db8:aabb:1234:192:0:2:1::/128 The idea was to give the operator a clue. I also put the VLAN number in as the subnet number. A security geek would be all over me - “too many clues!”. That said, I found that by typing “IPv6 address command” into google; the first hit was https://study-ccna.com/how-to-configure-ipv6/. Then, noting that Cisco has a bad habit of pulling things out of there air even though there is a defined way to accomplish it, I corrected the prefix to use the defined documentation prefix. It gets a little interesting when you step away from the switch or router to the firewall; they have their own commands. The ASA, for example, really believes in what Cisco calls “zone-based access control” or “context-based access control”. The good news is that if that’s what you’re trying to achieve (it’s common), configuring that for IPv6 is pretty simple. And similarly, BGP and access lists look a lot like their IPv4 counterparts. What’s a little more of a pain is that if you are using other appliance in your network, they may or may not have IPv6 configurability, and there may or may not be a drop-in replacement. That becomes a conversation with your vendors of choice.