RIPE NCC 25/09/2013 IPv6 for LIRs course

Posted on by

compress IPv6 addresses with double colons from the left to the right

also don’t compress a single quad of 4 zeroes

(read RFCs if wanted)

Status “ASSIGNED PA” becomes “ASSIGNED”

AGGREGATED-BY-LIR is new: put all your /56’s that you assign to customers there
use “assignment-size” switch to show how big the assignments are

sub-allocated-pa becomes “allocated-by-lir”
see: http://www.ripe.net/lir-services/resource-management/faq/sub-allocation

INFRASTRUCTURE is a

getting PI IPv6 space:

minimum /48
NO SUB-ASSIGNMENTS!!! Never.

example Fridge6:
4000 fridges – each with internet, security, alerting and wifi router

transition mechanisms
6in4?
6to4 uses anycast!
6RD > relay operations!
NAT64!
DNS64
464xlat > fixes the problems NAT64/DNS64 causes
DS-lite – tunnel ipv4 over ipv6

conclusion: DUAL-STACK while you can
it is still possible!

use /64’s for Loopbacks!

network design: Take the router with the most interfaces and prepare for a /64 per interface
STANDARDIZE!
don’t assign different sizes for routers
imagine: Nexus 7000 – maximum port density?
256 interfaces per router is assumed so /56 per router
or /52 per router, 4096 x /64 per port
/40 per router/switch that can handle customers > 256 x /48 possible

the number of hosts in a /64 is irrelevant!

SLAAC

flip the bit and use EUI-64
listen to RA’s
a router’s response will contain:
– address of router
– prefixes allowed on link
– SLAAC allowed?
– MTU

problem: Privacy! – same MAC address
solution: Privacy extensions (random ID)

“managed” flag forces DHCPv6

security:
use RA guard
disable RA’s (cisco)
human error!!!

colo checklist:

set ACLs
set SNMP (and protect)
have DNS working

SLAAC can assign you a subnet “unexpectedly”
not all firewalls support ipv6
be careful with “ipv6 ready”

DSL provider:
/48 per pop
/56 per router
/64 per interface

servers:
don’t use EUI-64!
no autoconfig
port number for services > IPv6 addresses!
set gateway manually

in the CORE: USe /64 per link – ::1 and ::2 stuff
easy to remember

RIPE tools:
download RIPE 554 and “what to do with IPv6”

> stars get t-shirt