nanog mailing list archives
Re: IPv6 uptake (was: The Reg does 240/4)
From: Justin Streiner <streinerj () gmail com>
Date: Fri, 16 Feb 2024 00:40:04 -0500
The Internet edge and core portion of deploying IPv6 - dual-stack or otherwise - is fairly easy. I led efforts to do this at a large .edu starting in 2010/11. The biggest hurdles are/were/might still be: 1. Coming up with a good address plan that will do what you want and scale as needed. It should also be flexible enough to accommodate re-writes if you think of something that needs to be added/changed down the road :) 2. For providers who run older kit, v6 support might still be a bit dodgy. You might also run into things like TCAM exhaustion, neighbor table exhaustion, etc. The point at which box X tips over is often not well defined and depends on your use case and configuration. 3. The last time I checked, v6 support in firewalls and other middle-mile devices was still poor. Hopefully that has gotten better in the last 6-7 years. My current day job doesn't have me touching firewalls, so I haven't kept up on developments here. I recall coming up with a base firewall ruleset for Cisco ASAs to balance security with the functionality v6 needs to work correctly. Hopefully firewall vendors have gotten better about building templates to handle some of the heavy lifting. 4. Getting people to unlearn the "NAT=Security" mindset that we were forced to accept in the v4 world. Thank you jms On Thu, Feb 15, 2024 at 8:43 PM John Levine <johnl () iecc com> wrote:
It appears that Stephen Satchell <list () satchell net> said:Several people in NANOG have opined that there are a number of mail servers on the Internet operating with IPv6 addresses. OK. I have a mail server, which has been on the Internet for decades. On IPv4. For the last four years, every attempt to get a PTR record in ip6.arpa from my ISP has been rejected, usually with a nasty dismissive.I don't think you'll get much disagreement that AT&T is not a great ISP. One straightforward workaround is to get an IPv6 tunnel from Hurricane. It's free, it works, and they will delegate the rDNS anywhere you want. My local ISP doesn't do IPv6 at all (they're a rural phone company who of course say you are the only person who's ever asked) so until they do, HE is a quite adequate option. R's, John
Current thread:
- Re: The Reg does 240/4, (continued)
- Re: The Reg does 240/4 Owen DeLong via NANOG (Feb 15)
- Re: The Reg does 240/4 Brian Knight via NANOG (Feb 15)
- Re: The Reg does 240/4 Tom Beecher (Feb 15)
- Re: The Reg does 240/4 Brian Knight via NANOG (Feb 15)
- Re: The Reg does 240/4 Mike Hammett (Feb 16)
- RE: The Reg does 240/4 Howard, Lee via NANOG (Feb 16)
- Re: The Reg does 240/4 Tom Beecher (Feb 15)
- IPv6 uptake (was: The Reg does 240/4) Stephen Satchell (Feb 15)
- Re: IPv6 uptake (was: The Reg does 240/4) Mark Andrews (Feb 15)
- Re: IPv6 uptake (was: The Reg does 240/4) John Levine (Feb 15)
- Re: IPv6 uptake (was: The Reg does 240/4) Justin Streiner (Feb 15)
- Re: IPv6 uptake (was: The Reg does 240/4) Stephen Satchell (Feb 15)
- Re: IPv6 uptake (was: The Reg does 240/4) Jay R. Ashworth (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) Michael Thomas (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) Michael Thomas (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) Michael Thomas (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) William Herrin (Feb 16)
- Re: IPv6 uptake (was: The Reg does 240/4) Michael Thomas (Feb 17)