Re: IPV6 in enterprise best practices/white papaers

[Pavel Dimow <paveldimow () gmail com>]

Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence "as-is". ;)

Tnx once again to all.


On Sat, Jan 26, 2013 at 6:59 PM, TJ <trejrco () gmail com> wrote:
> In principle, I agree with the EDGE-in approach.
>
> However, if you need to do LAN before EDGE (e.g. DISA can't get you
> connectivity but you need to make some progress) you need to block AAAA
> queries from getting replies.  BIND has a "filter AAAA on IPv4" option that
> helps here ... (just don't give the hosts the v6 addresses of the  internal
> DNS servers).
>
> HTH,
> /TJ
>
> On Jan 26, 2013 12:49 PM, "William Herrin" <bill () herrin us> wrote:
> > On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow <paveldimow () gmail com> wrote:
> > > I can start to create
> > > AAAA record and PTR recors in DNS and after that I should configure my
> > > dhcp servers and after all has been done I can test ipv6 in LAN and
> > > after that I can start configure bgp with ISP.
> > > Is this correct procedure?
> >
> > Nope.
> >
> > In their infinite(simal) wisdom the architects of IPv6 determined that
> > a host configured with both a global scope IPv6 address and an IPv4
> > address will attempt IPv6 in preference to IPv4. If you configure IPv6
> > on a LAN without first installing your IPv6 Internet connection, that
> > LAN will break horribly.
> >
> > Work your way from the outside in: start with BGP, then the interior
> > routers and configure the LAN last.
> >
> > Regards,
> > Bill Herrin
> >
> >
> >
> > --
> > William D. Herrin ................ herrin () dirtside com  bill () herrin us
> > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> > Falls Church, VA 22042-3004