nanog mailing list archives
Re: ipv6 book recommendations?
From: Seth Mos <seth.mos () dds nl>
Date: Wed, 06 Jun 2012 09:10:37 +0200
Op 5-6-2012 23:23, William Herrin schreef:
On 6/5/12, David Hubbard<dhubbard () dino hostasaurus com> wrote: Hi David, Instead of going the book route, I'd suggest getting some tunneled addresses from he.net and then working through http://ipv6.he.net/certification/ . They have the basics pretty well covered, it's interactive and it's free.
+1 it's one of the best ways to learn. Do.
Some additional thoughts: 1. Anybody who tells you that there are security best practices for IPv6 is full of it. It simply hasn't seen enough use in the environment to which we're now deploying it and rudimentary technologies widely used in IPv4 (e.g. NAT/PAT to private address space) haven't yet made their transition.
Well, not quite, but firewall rules work just the same as before. Use those.The longer version is that some people used from internet to any rules on their wan which in a IPv4 NAT really translated to allow everything to my external address. Unless you used 1:1 ofcourse, but I digress.
In IPv6 such a rule really means anything internal. People that have administered firewalls that route public addresses will know exactly what I mean.
You seem to miss a semi important thing here. Daisy chaining of routers in the premises. Some routers (pfSense included) allow for setting up prefix delegation, this means that you can connect routers behind the one you have and still have native v6.d. Default customer assignments should be /56 or /48 depending on who you ask. /48 was the IETF's original plan. Few of your customers appear to use tens of LANS, let alone thousands. Maybe that will change but the motivations driving such a thing seem a bit pie in the sky. /56 let's the customer implement more than one LAN (e.g. wired and wireless) but burns through your address space much more slowly. /60 would do that too but nobody seems to be using it. /64 allows only one LAN, so avoid it.
Although the automatic setup system I wrote for this works with /56 networks it will only setup PD for /64 networks at this point. I allocate a part of the assigned /56 network for prefix delegation automatically.
If the PD is /48 I can delegate /56 networks to the subrouters, which on their turn can delegate /64 networks to another sub router.
It's not that the user itself will actually assign all those networks, but routers will do automatically and you need proper route aggregation. It's unlikely that all networks will be directly assinged as /64 networks either, it could also be multiple routers.
Even if it was done manually I'd assign a /60 route out of a /56 PD. The notion that it will always be a /64 is... well.
Regards, Seth
Current thread:
- Re: ipv6 book recommendations?, (continued)
- Re: ipv6 book recommendations? William Herrin (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? Chris Grundemann (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? Chris Grundemann (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? William Herrin (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? William Herrin (Jun 05)
- Re: ipv6 book recommendations? Owen DeLong (Jun 05)
- Re: ipv6 book recommendations? Mark Boolootian (Jun 05)
- Re: ipv6 book recommendations? JORDI PALET MARTINEZ (Jun 06)
- Re: ipv6 book recommendations? Anton Smith (Jun 06)
- IPv6 /64 links (was Re: ipv6 book recommendations?) Jean-Francois . TremblayING (Jun 06)
- RE: IPv6 /64 links (was Re: ipv6 book recommendations?) Chuck Church (Jun 06)
- Re: IPv6 /64 links (was Re: ipv6 book recommendations?) Dale W. Carder (Jun 06)
- Re: IPv6 /64 links (was Re: ipv6 book recommendations?) Owen DeLong (Jun 06)
- Re: IPv6 /64 links (was Re: ipv6 book recommendations?) Steve Clark (Jun 06)
- Message not available
- Re: IPv6 /64 links (was Re: ipv6 book recommendations?) Owen DeLong (Jun 06)