Show 244 – Design & Build #3 – Dual Stack IPv4 + IPv6

In this third entrant into the design & build series, Guilherme Goes & Jeff Carrell join Ethan Banks for a discussion of running IPv4 & IPv6 dual stack.

Dual stack. Let’s define it.

• Is this a migration strategy or co-existence strategy? Ships in the night?
• By the way, does IPv4 ever go away?

Planning for dual-stack. Let’s assume you’ve got an IPv4 infrastructure. What needs to be considered before starting on IPv6 dual-stack deployment?

• A common IPv6 deployment strategy is IPv6 at the edge, using a proxy or NAT64 strategy to handle IPv6 to IPv4 translation. In this context, do we even need dual-stack throughout a network?
• How should existing network equipment capability be evaluated?
• Is the extra burden on control plane much of a concern?
• IPv6 address planning. How to subnet?
  • Nibble boundaries
  • Wasted space is okay.
  • Best practice for IPv6 numbering of P2P links that are /30 or /31 in IPv4.
  • Side question – does PI make sense for most enterprises?
• Problems of scale. Are there unique considerations that enter when deploying dual-stack IPv6 in large environments?
• What are the most common mistakes new dual-stackers make?
• Address assignment:
  • DHCPv6
  • SLAAC: privacy considerations, new RFC 4941 dealing with this issue.
  • Should servers/printers be statically assigned?
• Choosing your ISP:
  • Dual Stack links? Overlay? Dedicated v6?
  • Pick your service: Internet, L3VPN, DNS Servers?
  • IPv6 footprint and peering arrangements
  • BGP Sessions? PI address space?

Dual-stack operations. What changes in the day to day network when running a dual-stack environment?

• Managing network devices. Should IPv4 or IPv6 be used in the management plane? Increased dependency of DNS for everything!
• CoPP in a dual-stack environment.
• Common dual-stack problems & troubleshooting strategies
  • Multiple host addresses – which one is being used?
  • Wireshark is your friend.
  • ICMPv6 is relied upon heavily – don’t forget this when building ACLs.
• Security for all environments (even non dual stack ones):
  • RA Guard
  • Remote address resolution exhaustion

About Guilherme Goes:

“Currently I’m researching how to best deploy IPv6 on the network I manage. The most likely scenario is to deploy it on the Internet edge up to the LB with those having a NAT64/Proxy role.”

About Jeff Carrell:

“I am an IPv6Forum Certified Engineer (Gold) and Trainer (Gold). I present on IPv6 technology at conferences, facilitate IPv6 workshops and training, and provide network consulting with a focus on IPv6.”

Links:

IPv6 cheat sheet from Jeff
http://teachmeipv6.com/IPv6-Essentials-Cheat-Sheet.pdf

Operational Security Considerations for IPv6 Networks draft-ietf-opsec-v6-06
https://tools.ietf.org/id/draft-ietf-opsec-v6-06.txt

IPv6 Forum
http://ipv6forum.org/

Infoblox’s IPv6 Center of Excellence Blog
https://community.infoblox.com/taxonomy/term/281

Ed Horley’s IPv6 blog
http://www.howfunky.com/

Jeff’s IPv6 Book List

• Guide to TCP/IP, 4th Edition by Jeffrey L Carrell, Laura A. Chappell, Ed Tittel, and James Pyles (Course Technology, Cengage Learning)
• IPv6 Address Planning, by Tom Coffeen (O’Reilly Press)
• IPv6 Essentials, Third Edition by Silva Hagen (O’Reilly Press)
• Practical IPv6 for Windows Administrators by Edward Horley (Apress)
• IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 by Rick Graziani (Cisco Press)
• Understanding IPv6, Third Edition by Joseph Davies (Microsoft Press)
• IPv6 Security, by Scott Hogg & Eric Vyncke (Cisco Press)
• IPv6 for Enterprise Networks, By Shannon McFarland, Muninder Sambi, Nikhil Sharma, Sanjay Hooda (Cisco Press)