I completely agree with Franck. If you wanted to try a new acme thingamawidget on your network, what would you do? You'd probably isolate it onto its own vlan, and assign a subnet. Route that subnet, and then prevent access in either your L3 device or firewall if you didn't want it interfering with the rest of your network. If you were truly excited about the device, and wanted to try it out, you could set this up in no time. There would be nothing stopping you if you were motivated. So why is ipv6 any different? Personally, my plan is to create an ipv6 vlan and assign virtual nics to virtual machines. A machine is dual stack if it has a v4 nic and v6 nic. Use something like reflexive acls as a simple firewall, blocking inbound access to certain /64s. I'm already doing this at home and at work. They can coexist, without being fully "dual stack". You just have a ipv6 network layered on the same equipment you're using for the current ipv4 network. What is the network besides a tool for logical grouping and managed organization? IPv6 is just another piece of the overall toolset. I don't think it's practical to jump into ipv6 completely replacing ipv4, but rather they coexist for a while. Those prepared to support that scenario are going to be ahead of the curve. Someday ipv4 will seem like a joke, and our kids will laugh at us. On Wed, Feb 9, 2011 at 2:17 PM, Franck Martin <franck@genius.com> wrote:
Don't think as IPv6 the same as IPv4. You do not need to have all your IPv4 gear to support IPv6.
IPv6 is a separate network that runs on the same Ethernet wires as IPv4.
You will see that a few of your machine, in fact do not support IPv6 and will not till the end of the year (think load balancers from a famous vendor), http://www.theipv6experts.net/2011/ipv6-ipv4/
Just build a separate IPv6 network, with firewall, routing gear, etc... that reaches the same machines on your network. The deployment of IPv6 at Google, was I think to put some separate IPv6 only customer facing machines. As the load on IPv6 is still small, then you can start by a small set (best is if you can have same machines do IPv4 and IPv6, but you are not obliged to think it, it is the same network).
Why I don't recommend your servers to go IPv6 first, well get IPv6 to your engineers, the people that develop your applications and configure the servers, get them to be familiar with it, give them a sandbox, and then when everyone stop to run like headless chicken, plan your transition.
----- Original Message ----- From: "William Herrin" <bill@herrin.us> To: "Franck Martin" <franck@genius.com> Cc: nanog@nanog.org, "Robert Lusby" <nanogwp@gmail.com> Sent: Thursday, 10 February, 2011 7:37:31 AM Subject: Re: IPv6 - a noobs prespective
On Wed, Feb 9, 2011 at 1:19 PM, Franck Martin <franck@genius.com> wrote:
From: "William Herrin" <bill@herrin.us>
The thing that terrifies me about deploying IPv6 is that apps compatible with both are programmed to attempt IPv6 before IPv4. [...] is going to break again. And again. And again.
This is dual stack, my recommendation is disable IPv6 on your servers (so your clients will still talk to them on IPv4 only), and let your client goes IPv6 first. Once you understand what is happening, get on IPv6 on your servers.
That advice reminds me of a limerick I once heard:
A host is a host
From coast to coast And nobody talks to a host that's close Unless the host that isn't close Is busy, hung or dead.
Thanks, but it doesn't really speak to the problem I fear.
-- Fred