On 15 July 2015 at 02:02, Mike <mike-nanog@tiedyenetworks.com> wrote:
I am a small provider with a 16 bit asn, a /20 and a /22 of ipv4 and a /32 of v6, but no clue yet how to get from where I am today to where we all should be. The flame wars and vitrol and rhetoric is too much noise for me to derive anything useful from. Someone needs to stand up and lead. I will happily follow.
Whats really needed, is for you gods of ipv6, to write that 'ipv6 for ipv4 dummies', targeting service providers and telling us exactly what we need to do. No religious wars about subnet allocation sizes or dhcpv6 vs slaac or anything. Tell us how to get it onto our network, give us reasonable deployment scenarios that leverage our experience with IPv4 and tell us what we are going to tell our customers. Help us understand WHY nat is not a security model, and how to achieve the same benefits we have with nat now, in an ipv6 enabled world.
You can't be a "dummy" and a service provider... There is a million ways to implement a service provider network and that goes for both IPv4 and IPv6. Writing a simple text that covers all possibilities is impossible. What is your setup like? Implementing IPv6 can be very simple, almost just run the "on" command. Or it can be very hard. It depends on what equipment you got and what features you need. And your luck. In my case it turned out to be hard. I thought it would be easy. I bought equipment that had IPv6 written all over it and it was a greenfield network. The plan was to have IPv6 from birth. That was not to be. A year later knew far too much about: DHCPv6 relay chaining - not supported. Relay chaining is when you have the access switch tag the DHCPv6 request with a customer identifier and then your access router has to do DHCPv6 relay on that. DHCPv6 relay in supervlan - not supported. IPv6 must not be enabled at the same time as MPLS layer 2 VPN (VPLS). DHCPv6-PD: When we said we had DHCPv6 support we meant IA_NA not IA_PD. DHCPv6 snooping not supported with prefix delegation. MPLS VPNv6 not supported. IPv6 prefixes more specific than /64 gets routed in CPU without any warnings. No support for route injection by DHCPv6-PD snooping. Oh and they just said they fixed most of the above issue in a new firmware that is not compatible with the hardware I got. I am afraid that even in 2015 many IPv6 implementations are still half baked. I was left feeling like I was the first guy to actually test this stuff. I managed to duct tape it all together despite the above limitations. But forget about easy. Regards, Baldur