You perhaps haven't worked a large government network deployment before. One doesn't activate features not enumerated in the design. Ever. Because they won't get and can thus introduce security or reliability covered in acceptance testing and could introduce security or reliability problems. These networks have many engineers, months of meetings, and rigorous change control. Turning on IPv6 without authorization would result in termination. -mel via cell
On Jul 10, 2015, at 3:32 PM, Jared Mauch <jared@puck.Nether.net> wrote:
On Fri, Jul 10, 2015 at 10:08:15PM +0000, Mel Beckman wrote: There is most certainly a cost to IPv6, especially in a large, complex deployment, where everything requires acceptance testing. And I'm sure you realize that IPv6 only is not an option. I agree that it would have been worth the cost, which would have been just a small fraction of the total. The powers that be chose not to incur it now. But we did deploy only IPv6 gear and systems, so it can probably be turned up later for that same incremental cost.
I had the luxury that as we deployed IPv6 across the network we rolled it from the 6bone -> core -> edge over a period of a few months.
As we shut down the 6bone/3ffe stuff and moved people to gre/ip and native the core was ready. This doesn't mean the edges have IPv6 turned on, but it's usually the flip of a switch.
Where possible take your core and IPv6 enable it and then touch the upstreams at the same time/next time you do work there.
Assuming you patch devices for the various SIRT/PSIRT type events, most devices will be rebooted once every 6-12 months. this gives you the chance to drop in and enable ipv6 during or after that change/maint window.
Rolling out the core really isn't hard, go ahead and do it. There are plenty of people here who will help you with these steps.
- Jared
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.