Show 21 – IPv6 For The Win! Part 1

What You’ll Hear

This week on the Packet Pushers podcast Greg and Ethan do an IPv6 technical deep-dive with Matt Ryanczak, Network Operations Manager at ARIN (where they’ve been running IPv6 since 2003) and Jan Bervar from NIL who has done several enterprise IPv6 deployments.

This is part 1 of 2…we’ll release part 2 on the week of 10/3/2010 – watch PacketPushers.net or iTunes for the next show.

  • Let’s talk about IPv6 addressing.  Colons and letters and chazwazzas, oh my!
  • Are we supposed to use an IPv6 equivalent of RFC1918 addressing and then NAT?  What about proxies to help with the IPv4 to IPv6 transition?
  • What’s the process for getting IPv6 address space from the regional internet registries?  Or do enterprises just get IPv6 addresses from their ISPs?
  • There’s globally addressable, link-local, unique local, multicast, anycast and other types of IPv6 addresses.  What are they and how do they work?
  • Are we really, really going to have to use IPv6?  Is there *any* chance we can wish IPv6 away?
  • Did you know IPSEC and QoS were originally developed for IPv6 and back ported to IPv4?
  • How do you size enterprise IPv6 subnets?  We love our IPv4 /24s, but do /24s make sense in an IPv6 world?  Could switch silicon even handle that?
  • We discuss how network discovery works for IPv6 hosts showing up on the wire, and how frames get made.  ARP no longer exists in IPv6.  It’s all about ICMP now, my friends.
  • Did you know that while you can, you don’t *have* to use DHCP in IPv6?
  • In IPv6, the importance of IPv6′s reliance on ICMP messages needs to be considered when writing access lists.
  • ARP spoofing from far, far away becomes possible in an interesting way which we discuss.
  • How is DNS behavior different in IPv6?  Or is it?

Feedback

Follow the Packet Pushers on Twitter (@packetpushers | Greg @etherealmind | Dan @rovingengineer | Ethan @ecbanks), and send your queries & comments about the show to packetpushers@gmail.com.  We want to hear from you!

Ethan Banks
Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
Ethan Banks
Ethan Banks
  • pim

    Can Anycast be used to replace the totally horrifying MS NLB on the internal network? If so why would you still need hardware load balancers?

    • http://www.arin.net Matt Ryanczak

      I don't think you can use IPv6 anycast to replace your hardware or software load balancer. IPv6 anycast allows hosts to share an IPv6 address and traffic is routed to the host with the shortest route path from the sender. This is not the same as classic load balancing for high availability or high performance. There also some potential issues with v6 anycast as well such as lack of persistence in routing when a route path changes. This can cause stateful protocols to fail. I'm not sure of a good use case for IPv6 anycast other than DNS (well UDP anyway) and other stateless protocols such as NTP.

      • http://blog.ioshints.info Ivan Pepelnjak

        Based on Matt's explanation, IPv6 anycast is no different from IPv4 anycast, thus it has the same limitations as its IPv4 cousin.

        Let's face it: there is no scalable mechanism that would allow servers to automagically balance the load between themselves based on L2/L3 tricks.

        • http://twitter.com/trejrco TJ

          This is largely true; IPv6 anycast really ends up being the same as IPv4 anycast – just looks like multiple routes to same destination, routing protocol picks the "closest". Similarly, not ideally suited to stateful operations – unless their is state-synchronization taking place between the instances.

          (Also, no special header is required here – the speaker seemed to co-mingle anycast and routing headers in some fashion … ? )

  • http://twitter.com/trejrco TJ

    I'd also like to hear more about the remote ND spoofing … every implementation "must" ignore ND messages that do not have a Hop Limit of 255 (the max), thus – unless we are doing some interesting/nested encapsulations, any routed ND messages should be harmless/ignored. Any further thoughts there?

    Thanks 'pushers, and keep up the great work – PPP is easily the best work-related podcasts!

  • Jan Bervar

    Good catch TJ, I was unaware of the TTL trick in ND. This does indeed make ND resistant against plain remote spoofing, unless the target host violates the RFC.

    • http://twitter.com/trejrco TJ

      "unless the target host violates the RFC" – that would be the details, wherein lurks the devil(s) :).

  • Pingback: Show 21 – IPv6 for the Win! Part 2 — Packet Pushers

  • Pingback: Show 33 – IPv6 It All Comes Down to Money — Packet Pushers

  • Pingback: Show 33 – IPv6 It All Comes Down to Money – Gestalt IT

  • http://www.altn.com/ Robert Franzke

    Oustanding IPv6 shows guys. Really helped me out. Thanks.

  • Pingback: Show 21 – IPv6 for the Win! Part 2