Awesome Conferences

Recently in IPv6 Category

I remember in the 1990s every vendor was saying, "whoa whoa whoa! You have to give us time to roll out silicon that will support this stuff!" and demanding 10 years before deployment. It takes a while to develop silicon, and years to get it into the field. Well, it has been twice your request. No f'ing excuses. IPv6 should be the default protocol on all network equipment.

Hey FIOS. Hey Comcast. Hey Time Warner! You have no excuse either.

And stop encouraging people to use NAT. That's soooo 1990s. Stateful inspection firewalls do not require NAT.

Posted by Tom Limoncelli in IPv6

Did you catch Vint Cerf on The Colbert Report last night?

He talks about Al Gore's involvement in funding the NSFNET, and the need for IPv6 deployments.

Vint handles handles Cobert brilliantly. He literally blows Cobert out of the water in a few places.

Posted by Tom Limoncelli in IPv6

My hosting company has enrolled this site in their beta for IPv6. All I had to do was ask.

If you have a hosted site, I highly recommend that you open a ticket asking for your site to be available via IPv6. If they don't offer it, ask for an arrival date and keep them to it. Enroll in any beta tests and so on. The more demand hosting companies see, the better.

Posted by Tom Limoncelli in IPv6

IPv6 Flashcards

In IPv4 there are a number of things that every sysadmin knows. I bet you recognize the following:

  • 127.0.0.1
  • 10.0.0.0/8
  • 192.168.0.1
  • /24
  • /26
  • /32
  • 255.255.255.255
  • 255.255.255.0

You probably didn't even have to think hard about most of those.

So what are the equivalents in IPv6? I don't mean the direct translations, but what is the list of terms and numbers that sysadmins should know?

I recently sat down and came up with such a list. I listed things that Unix and Windows sysadmins should know. WAN/LAN network administrators need to know a lot, lot, more. This just covers common knowledge, a lot like the IPv4 list above.

Next I did what any good geek would do: I made Flashcards.

You can study them, quiz yourself, and even print them out. They make a great birthday gift (not really).

The flashcards are here: http://www.flashcardmachine.com/2649907/i19n. Click "start study session" then either "standard" or "4D". The "Printer Friendly HTML" view is good too.

I'd like to thank Phillip Remaker Eliot Lear (both from Cisco) and Shumon Huque (from UPenn) for their help proofreading the cards. Shumon gets special thanks since I used his slides to get most of the information. Shumon will be teaching classes at Usenix LISA 2013 on DNSSEC and, of course, IPv6!

Posted by Tom Limoncelli in IPv6LISA

IPv6 Flashcards

IPv6 is an entirely new protocol. It isn't IPv4 with larger addresses. It is new enough that you'll feel like you are starting over on a new planet; one that invented the internet using protocols that remind you of IPv4 but are.... different.

I find flashcards are a useful way to learn new terminology. I found these online:

Enjoy!

Tom Limoncelli

Posted by Tom Limoncelli in IPv6

Earlier today, the RIPE NCC (Réseaux IP Européens Network Coordination Centre) announced it is down to its last "/8" worth of IPv4 addresses. This means that it is no longer possible to obtain new IPv4 addresses in Europe, the former USSR, or the Middle East, ...

http://arstechnica.com/information-technology/2012/09/europe-officially-runs-out-of-ipv4-addresses/

I'll be doing my "Convince your boss to deploy IPv6" talk at the New Jersey chapter of LOPSA meeting next month. That's thursday, oct 4th near Princeton, NJ.

Posted by Tom Limoncelli in IPv6

"There is a myth that IPv6 is only for those in Asia, but that's not true. According to new data discussed this week at an IETF conference, there are more IPv6 users in the U.S than anywhere else in the world -- coming in at 3 million. From the article: 'George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) has a reasonable idea of what the current levels are globally for IPv6 adoption, thanks to some statistical research he has been doing. In his view, IPv6 is now a reality in terms of adoption. "I think you're used to us standing up and saying 'woe is me, woe is me, v6 isn't happening," George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) said. "But it is actually happening, these are not trivial numbers of people that are now using IPv6 on a routine basis."'"

Quoted from http://tech.slashdot.org/story/12/08/02/2159255/us-ipv6-usage-grows-to-3-million-users

Posted by Tom Limoncelli in IPv6Industry

RFC 6540: IPv6 Support Required for All IP-Capable Nodes

This new RFC basically says that vendors can no longer consider IPv6 as an optional feature. If you say it supports 'IP' you better include IPv6.

The RFC specifically calls out these best practices:

  • New IP implementations must support IPv6.
  • Updates to current IP implementations should support IPv6.
  • IPv6 support must be equivalent or better in quality and functionality when compared to IPv4 support in a new or updated IP implementation.
  • New and updated IP networking implementations should support IPv4 and IPv6 coexistence (dual-stack), but must not require IPv4 for proper and complete function.
  • Implementers are encouraged to update existing hardware and software to enable IPv6 wherever technically feasible.

You: If you haven't started using IPv6 in your environment I highly recommend you take the time to educate yourself: Read a book, learn how Google did it, or sign up for the excellent IPv6 training at PICC.

Your vendors: When talking with vendors do not treat IPv6 as a "would be nice". Inform them that anything you buy this year must be IPv6 capable and can't have worse performance than IPv4. New network gear and software purchased this year will probably be in your network until 2020 or longer. If you don't think IPv6 will be in your environment this year, you have to agree it will be by 2020.

Your boss: If you need help explaining this to your boss read this fine article on IPv6 migrations (The "introduction" section is all background and history, after that is all the advice.) TLDR version: Start from your ISP to your external gateway, then work your way in enabling IPv6 carefully at each step.

Lastly... if you want a fun starter project, get it enabled at your house either via your ISP or get a free tunnel.

Posted by Tom Limoncelli in IPv6

I'm going to be extremely technical here. Sysadmins should really understand what World IPv6 Day is.

Does it mean the world is converting to IPv6 today? No. No, not at all. The upgrade requires technical planning and work. It can't happen without your help and without your knowing. Besides, the plan is to move to "dual stacked" IPv4+IPv6 on all hosts/networks and run that way for a good long time.

Does it mean my ISP is going to enable IPv6 on my connection? No. Not at all. (Seriously, folks, when was the last time your ISP added a feature without you having to beg for it first?)

So what does it mean?

You know that an IPv4 host as a DNS "A" record. Right?

You may know that an IPv6 host has a DNS "AAAA" record. (it is 4 times longer than IPv4, get it?)

Do a DNS lookup of www.everythingsysadmin.com and you'll get both an A record and a AAAA record.

A machine that is "IPv4-only" will ignore the AAAA record.

A machine that is "IPv6-only" will ignore the A record.

A machine that is "IPv4 and IPv6 dual stack" will try AAAA first.

Makes sense, right?

Macs, Windows, Linux boxes and a lot of other equipment comes with IPv6 enabled so that if you plug into a network that handles IPv6 it will just magically work. This is freakin' awesome.

It also causes a small problem.

Here's the problem. If you plug into a badly configured router, your machine might think there is IPv6. Maybe there is just for that subnet but not from that subnet to the ISP. What would a machine do in that situation? It would try the AAAA-record, and those packets would go nowhere. Eventually the machine will try the A-record, but that could be 30 seconds away. Not a happy experience.

The machines with this problem are about 0.05% of the internet. Not a lot, but not zero.

So what do sites do?

Google (for example) has AAAA-records for nearly all its services. However, if the DNS query comes over IPv4 it doesn't show you the AAAA-records. It only gives them to users that do their DNS queries over IPv6.

This is pretty cool if you think about it. If your DNS query could get to Google over IPv6, it must be safe for you to do your http over IPv6 too. Smart, right?

Google, Bing and tons of other sites do this trick.

Now that you know all that, I can tell you what "World IPv6 Day" is.

It is 24 hours where sites are going to give you the AAAA-record AND the A-record even if the DNS query came over IPv4.

That's it? Basically, yes, that's it.

How does this affect you?

You see, it isn't about the 0.05% of the users. It is about YOU and YOUR NETWORK which is causing one of those 0.05% to be in that 0.05%!

If you find a machine that is having problems, you can disable IPv6. However you should also fix whats wrong with that network. Disable IPv6 on the router or (much better) fix the IPv6 connectivity between the machine and "the internet".

Got it?

Great.

Here's what you can do:

Oh, and the day also raises awareness of the IPv6 issue in the media and in the technical world. That's a good thing too.

Thank you for listening.

P.S. If your machine has IPv6 enabled it will create a "link local" IP address. That isn't enough for it to think it has IPv6 connectivity.

P.P.S. People that attend LOPSA PICC had an amazing IPv6 half-day tutorial. Neener neener!

Posted by Tom Limoncelli in IPv6

Credits