IPv6 - updates and topics
Sorry for the long gap in time, but many other pressing issues came up, not the least of which were medical in nature... But, back to the topic at hand…
I finally managed to get the financing for the public IPv6 address space taken care of at work (it wasn't the amount mind you, just the paperwork which is the real pain as anyone in a large corporation will tell you). I'm currently working on an education plan for our Network Engineering and Network Management group to get things rolling. I've written a reasonable overview doc (see my earlier post for a link to a generic version of it), but I need to present it in a classroom format so that they can ask questions and get a discussion going. Plus I need a bit more time on the 4 to 6 transition mechanisms like Teredo and ISATAP as I have not had much opportunity to work with them.
One of the most important items is coming up with the allocation scheme. IPv6 subnets are, for all practical purposes, infinitely large, so you don’t need multiple subnets for sizing reasons, but for segregating traffic, it’s important to lay them out carefully. My company has separate networks for VoIP, Wireless, Wired, Industrial equipment, etc. So we have at least 7 subnets in most sites today. We do break things up on reasonable boundaries so that we don’t have too many routes being advertised at a given site, but with v6 we can bring it down to a single summarized route per site. We’re looking at about 16 network ranges per site which will include the previously mentioned networks, plus the serial link network and a single network range for loopback addresses (broken into /128 host addresses). This will make it a bit cleaner for route advertisements than we are able to accomplish today.
BTW - For those of you who are interested, especially in larger organizations, you can receive a /48 allocation direct from ARIN (North America) IF you already have a direct IPv4 allocation. A /48 is a no questions asked allocation if you already have a IPv4 direct allocation of any size; if you want a larger block, you'll have to justify it. They are currently waiving the annual fees (nothing new for you more recent allocation recipients, but for those who have had their v4 allocation since "dirt" you may have to pay a fee, see www.arin.net ) since you already pay them for your current v4 allocation. You will, unfortunately, have to cough up $500 US for the "registration" fee. Seems rather petty to me since they're really trying to encourage v6 adoption, but for the moment, at least, that's the deal. Most folks will probably get their allocation from the upstream ISP which is the better way to go if you aren't multi-homing. If you are multi-homing, you'll definitely want to look into a PI allocation (provider independent a.k.a. portable address range like direct v4 allocations from ARIN) as it makes multi-homing significantly less complicated to deal with.
I would like to emphasize the importance of setting up a lab and playing with IPv6 before even thinking of deploying it. I have been tinkering about with IPv6 for over a year now, and I’m just now getting a real comfort level with the details (I’m not a slow learner, mind, but as this is personal time stolen out of 50-60 hr work weeks, so it’s sometimes hard to explain to the wife about the extra couple of hours spent in the lab especially in my home lab).
I posted the contents of my home network in a prior entry, a few changes have happened since then (gee that never happens in a lab :), so I figured I’d post an update to the inventory (and yes, I’m a big B5 fan if you couldn’t tell from the system names):
HomeLab
Servers:
7 Win 2003 R2 Servers
2 Win 2003 Servers
2 SuSE 10 Servers
1 SPLAT Firewall manager
1 Nokia IPSO Firewall
Workstations:
2 Win XP Desktops
1 Win XP Laptop
1 Vista Ultimate Laptop
Network:
1 Cisco 3640 router
1 Cisco 3620 router
1 Cisco 3750 POE switch
2 Extreme Summit 200-48 switches
1 TrendNet Wireless AP
1 3Com TR Hub
Other:
Avaya VoIP Phone
WorkLab
3 HP DL380 servers (scratch boxes at the moment)
2 WinXP desktops
1 Nokia IPSO Firewall
1 Nortel 1750 Contivity VPN Router
1 Cisco 3620 router
4 Cisco 3750 (2 x 2 switch stacks)
1 Cisco 3750 POE switch
1 Extreme Summit 200-48 switch
Avaya VoIP Phone
I have these two labs tied together via a VPN connection over IPv4 as mentioned earlier. I have also connected a work peer’s home network via VPN connection as well. All three lab networks are using IPv6 over IPv4 tunnels with BGP between them for peering. The work lab also has a connection to a remote Linux server using a 6over4 tunnel as well. The Cisco 3620 work lab router connects to the SIT virtual interface on the Linux system. I’m not running any routing over it, so I had to include a default route on the Linux side pointing back to the 3620 in the lab. All three lab networks can reach this remote server via IPv6. If you want to learn how to setup the SIT interface, check out the man page on ifcfg-tunnel. The Cisco side is configured just like any other 6over4 tunnel and the Linux box is configured with a static SIT tunnel using its local Ethernet IPv4 interface.
Next steps for work include the aforementioned lunch-and-learns, some high-level marketing to the technical managers, and getting the official data center lab rigged with IPv6. The data center lab has a much larger variety of hardware available including IBM P-Series servers, E-Series servers, z/OS system, Cisco chassis switches, Cisco VoIP equipment, and other expensive toys that I’m not able to “acquire” for my little test lab. My current expectations are to have a formal lab environment setup by year end, and possible pilot deployment overlaying the IPv4 environment in a small number of sites by Q2 2008. We’ll have to see…
Until next time.