I’ve always advised my clients to carefully plan the implementation of IPv6. The protocol opens new attack vectors on which ne’er-do-wells can assault your infrastructure. There are countless examples I’ve seen such as service providers locking down access to routers using IPv4 transport but leaving IPv6 transport completely open. About a year ago, I stumbled…
The Cost of IPv6 on Amazon Web Services
AWS is a great platform for businesses that have the technical savvy to administer servers and applications but do not want to bear the costs and responsibilities of on-site physical infrastructure. What AWS’s engineers have accomplished is very impressive. Given this achievement, I am surprised that several IaaS competitors have beaten AWS in rolling out…
(Some) Vendors Dig IPv6
Now that World IPv6 Launch is behind us, let’s look into how a sampling of network hardware vendors support IPv6 on their web sites. Will they offer production-quality web sites over IPv6? For this post’s eponymous test, I’ll use the familiar ‘dig’ tool to test the existence of an AAAA record for primary web sites…
Using L2TPv3 for Layer 3 VPNs
Deploying L3VPNs using MPLS is common in service provider and—more recently—in enterprise environments. While not as widespread, using L2TPv3 as the foundation for RFC2547bis-like VPNs is a viable alternative that has its advantages. In this post, I’ll describe reasons for selecting L2TPv3 for L3VPN and highlight arguments against the protocol. I’ll refer to the technology…
Thank Goodness for NAT66
I’m participating in a beta test with my ISP for IPv6 connectivity. The ISP deployed a basic IPv6 service that relies exclusively on SLAAC for address assignment. I can connect my end stations to a gigabit switch with direct connectivity to the provider or insert a router in a path. Without receiving a /64 for…
Why Your Network Should Go IPv6 Only
The looming exhaustion of IPv4 address space at the Regional Internet Registries (RIRs) in 2012 will pressure organizations to develop IPv6 migration strategies. The myriad of transition technologies–including NAT64, 6rd, and DS-Lite–are daunting to network designers and support staff. Many articles and posts on the Internet point to dual stack–the coexistence of IPv4 and IPv6…
