On Tuesday, May 26, 2015, David Sotnick <sotnickd-nanog@ddv.com> wrote:
Hi NANOG,
The company I work for has no business case for being on the IPv6-Internet. However, I am an inquisitive person and I am always looking to learn new things, so about 3 years ago I started down the IPv6 path. This was early 2012.
Fast forward to today. We have a /44 presence for our company's multiple sites; All our desktop computers have been on the IPv6 Internet since June, 2012 and we have a few AAAAs in our external DNS for some key services — and, there have been bugs. *Lots* of bugs.
Now, maybe (_maybe_) I can have some sympathy for smaller network companies (like Arista Networks at the time) to not quite have their act together as far as IPv6 goes, but for larger, well-established companies to still have critical IPv6 bugs is just inexcusable!
This month has just been the most disheartening time working with IPv6.
Vendor 1:
Aruba Networks. Upon adding an IPv6 address to start managing our WiFi controller over IPv6, I receive a call from our Telecom Lead saying that or WiFi VoIP phones have just gone offline. WHAT? All I did was add an IPv6 address to a management interface which has *nothing* to do with our VoIP system or SSID, ACLs, policies, roles, etc.
Vendor 2:
Palo Alto Networks: After upgrading our firewalls from a version which has a nasty bug where the IPv6 neighbor table wasn't being cleaned up properly (which would overflow the table and break IPv6), we now have a *new* IPv6 neighbor discovery bug where one of our V6-enabled DMZ hosts just falls of the IPv6 network. The only solution: clear the neighbor table on the Palo Alto or the client (linux) host.
Vendor 3:
Arista Networks: We are seeing a very similar ND bug with Arista. This one is slightly more interesting because it only started after upgrading our Arista EOS code — and it only appears to affect Virtual Machines which are behind our RedHat Enterprise Virtualization cluster. None of the hundreds of VMware-connected hosts are affected. The symptom is basically the same as the Palo Alto bug. Neighbor table gets in some weird state where ND breaks and the host is unreachable until the neighbor table is cleared.
Oh, and the final straw today, which is *almost* leading me to throw in the IPv6 towel completely (for now): On certain hosts (VMs), scp'ing a file over the [Arista] LAN (10 gigabit LAN) takes 5 minutes over IPv6 and <1 second over IPv4. What happened?
It really saddens me that it is still not receiving anywhere near the kind of QA (partly as a result of lack of adoption) that IPv4 has.
Oh, and let's not forget everybody's "favorite" vendor, Cisco. Why is it, Cisco, that I have to restart my IPv6 OSPF3 process on my ASA every time my Palo Alto firewall crashes and fails over, otherwise none of my VPN clients can connect via IPv6?
Why do you hurt me so, IPv6? I just wanted to be friends, and now I just want to break up with you. Maybe we can try to be friends again when your vendors get their shit together.
-David
Had ipv4 ever hurt you ? Me too. CB