Re: turning on comcast v6

[Owen DeLong <owen () delong com>]

On Dec 20, 2013, at 14:16 , Matthew Huff <mhuff () ox com> wrote:

> Owen,
>
> Have you ever worked in a corporate environment? Replacing equipment can be a 5-7 year window and has to be justified 
> and budgeted. Replacing a piece of equipment because it's an incomplete IPv6 implementation (which has changed 
> considerably as it has been deployed), isn't feasible.  There are a lot of things that have changed as IPv6 has been 
> deployed such as DHCPv6 (not even talking about setting default GW via DHCP, but things such as DNS servers, DNS 
> domain name, etc). Not all vendors especially ones in niche markets can update the firmwares that often, and 
> certainly not unless they have a business justification.

Yes, I have.

We've been advocating that people look at the IPv6 capabilities they need from their vendors, test, report bugs, and 
insist on working IPv6 implementations for more than 10 years now. The DHCPv6 RFC (3315) was published in July, 2003.

DHCPv6 has not actually changed all that significantly and the provisions for DHCPv6 in RAs were standardized around 
the same time as RFC-3315. The most recent significant change in RAs I can come up with is RFC-6106 which is 2010, but 
it's entirely optional and just adds DNS search string capabilities to RFC-5006 which goes back to September, 2007.

So unless you have a change you can point to that is more recent than 2007, I think we've got the 5-7 year thing pretty 
well covered.

Owen

> On Dec 20, 2013, at 4:07 PM, Owen DeLong <owen () delong com> wrote:
>
> > On Dec 20, 2013, at 12:50 PM, Matthew Huff <mhuff () ox com> wrote:
> >
> > > On Dec 20, 2013, at 3:23 PM, Owen DeLong <owen () delong com> wrote:
> > >
> > > > On Dec 20, 2013, at 6:29 AM, Matthew Huff <mhuff () ox com> wrote:
> > > >
> > > > > With RA, what is the smallest interval failover will work? Compare that with NHRP such as HSRP, VRRP, etc with 
> > > > > sub-second failover.
> > > >
> > > > RA and VRRP are not mutually exclusive. What you can’t have (currently) is routing information distributed by a 
> > > > DHCP server which may or may not actually know anything about the routing environment to which it is sending such 
> > > > information.
> > > >
> > > > > In corporate networks most of the non-client systems will be statically addressed with privacy addresses turned 
> > > > > off. This is for regulatory, audit, security and monitoring requirement. One of the many challenges of ipv6 in a 
> > > > > corporate environment.
> > > >
> > > > There’s no problem doing this in IPv6. You can easily statically address a system and you can easily turn off 
> > > > privacy addresses. You can even do that and still get your default router via RA or you can statically configure 
> > > > the default router address.
> > > >
> > > > As such, can someone please explain what is the actual missing or problematic requirement for the corporate world?
> > > >
> > > > Owen
> > >
> > > Reality.
> > >
> > > Owen, not all OS and especially hardware appliances (dedicated NTP appliances, UPS cards, ILO), etc... will work 
> > > with RA and static addresses. They just don't. Some OS's won't disable SLAAC unless you disable autoconf on the 
> > > switch. When you 
> >
> > Not all devices have working IPv6 stacks. OK, they’re broken, complain to the vendor and get them to fix their 
> > product or buy a working product from a different vendor.
> >
> > > do that, they loose the ability to pickup RA. Some will only work with link local gateway addresses, some will only 
> > > work with link global gateway addresses. There is a lot of cruft out there in the enterprise world that claims IPv6
> >
> > Link Local gateway addresses are required functionality in IPv6. A device which requires a global gateway address is
> > broken. See above.
> >
> > > compatibility, but in the real world doesn't work consistently. Almost all can be made to work, but require custom 
> > > configuration. Far too much work for many organizations to see value in deployment. In at least on IT department I 
> > > know of, IPv6 is banned because the CIO read about one of the “advantages" of IPv6 is bringing back the p2p model 
> > > of IP, and most corporate management has zero interest in having any p2p connectivity within their network.
> >
> > IPv4 didn’t work perfectly in the beginning either. Enterprises spent many years getting vendors to correct issues 
> > with their iPv4 products and we’re just starting that process with IPv6.
> >
> > I’m asking what’s broken in the protocol design since that’s what the IETF can attempt to fix.
> >
> >
> > > For our desktop environments (Windows 7 and RHEL6) we have two different configurations on the switches on separate 
> > > VLANs using SLAAC with DHPCv6 and that works fine with RA announcing the NHRP. Other equipment, not so much.
> >
> > Sounds like you need to contact the vendors for that other equipment and get them to fix their IPv6 implementations.
> >
> > Owen