Re: New Office, New Network. Questions.

[William Herrin <bill () herrin us>]

On Sun, Jul 10, 2016 at 2:53 PM, Nikolai Petrov <prnpetrov () yandex com> wrote:
> I thought of taking the chance to remove some
> "technical debt" and make everything from
> scratch again.

Hi Nikolai,

This is a rookie mistake. Every in-place system encodes business
knowledge, most of it forgotten and much of it still relevant. From
your comments I infer that you haven't been doing the job long enough
to know where the skeletons are buried.


> 1. Currently we do not have IPv6 in our network but I
> have seen the ISP is giving us a "/56 Block" which
> from what I understand is a couple hundred "/64 Subnets".

Good for you! We've been urging folks to deploy IPv6 for years and
you're taking the advice to heart.

Now stop. IPv6 has enough inherent issues and problems that you'll
want to deploy it when your configuration is otherwise quiescent. If
you do it while also making other large changes, you're begging to get
hurt.



> 2. The previous administrator did some bad
>  job in some parts of the network. We have
> an internal router protocol to move traffic between
> routers, but in some cases he used NAT instead
> of adding these subnets to the router protocol.

I urge you to tread lightly. You don't know what business knowledge
was encoded in this configuration. Maybe the servers respond
differently depending on whether the source is internal or external
and some of the origins should be treated to the external rules.


> I have found two protocols in our router that are
> good and support IPv6 and they are OSPF
> and BGP.

OSPF is an interior gateway protocol. Use between routers within your
network. BGP is an exterior gateway protocol. Use it when you want to
talk to multiple ISPs at the same time.



> 3. In our old network we use "VRRP" which from
> what I know is a system for routers to shae IPs
> and load balance or "failover" the traffic. I have
> seen that IPv6 has a built-in system which is similar
> and has something like priorities, etc. What
> happens if I have two routers with same priority?

If the guy who wrote the stack wasn't asleep at the switch, the host
will pick one and use it as long as the router keeps advertising it.
But it's not a good idea to tempt fate - set each router at a
different priority.

IPv6 router advertisements are nothing like IPv4 VRRP. In IPv4, hosts
receive a single default gateway. VRRP lets two or more routers decide
among themselves who will serve up the IP address for that default
gateway. And then swap it when the router serving the address breaks.

IPv6 hosts can have more than one default gateway. Each router with a
path to the Internet can offer act as a default gateway and hosts will
accept and use it. Preventing machines which should not act as default
gateways from making offers that the hosts hear and use is one of the
many idiosyncrasies you'll enjoy debugging when you first deploy IPv6.


> Also, can I use "VRRP" to load balance traffic to
> our DNS look-up "recursor"?

No. VRRP is a failover system. It has nothing to do with load balancing.

Regards,
Bill Herrin



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>