Franck Martin wrote:
This is dual stack, my recommendation is disable IPv6 on your servers (so your clients will still talk to them on IPv4 only), and let your client goes IPv6 first. Once you understand what is happening, get on IPv6 on your servers.
You don't have to disable IPv6 on the servers, just don't put a AAAA in dns. The simplest way to move forward is to get the entire path in place without the key to knowing is there, then for a few test subjects either provide a different dns response, or distribute a host file. Making the mass change of enabling the servers at the point you expect service to work is just asking for support calls...
Alternatively, use someone else network to understand IPv6. Attend, NANOG, ICANN, IETF, they always have IPv6 enabled, you can better understand how your machine reacts, what tools you have, how to do ping, debug, packet capture,...
For the firewall, shorewall does IPv4 and IPv6, with a relatively simple interface and is free...
----- Original Message ----- From: "William Herrin" <bill@herrin.us> To: "Robert Lusby" <nanogwp@gmail.com> Cc: nanog@nanog.org Sent: Thursday, 10 February, 2011 7:03:01 AM Subject: Re: IPv6 - a noobs prespective
I also get why we need IPv6, that it means removing the NAT (which, surprise surprise also runs our Firewall), and I that I might need new kit for it.
I am however *terrified* of making that move. There is so many new
On Wed, Feb 9, 2011 at 6:00 AM, Robert Lusby <nanogwp@gmail.com> wrote: phrases,
words, things to think about etc
The thing that terrifies me about deploying IPv6 is that apps compatible with both are programmed to attempt IPv6 before IPv4. This means my first not-quite-correct IPv6 deployments are going to break my apps that are used to not having and therefore not trying IPv6. But that's not the worst part... as the folks my customers interact with over the next couple of years make their first not-quite-correct IPv6 deployments, my access to them is going to break again. And again. And again. And I won't have the foggiest idea who's next until I get the call that such-and-such isn't working right.
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004