On Oct 3, 2019, at 12:30 PM, Stephen Satchell <l...@satchell.net> wrote:
> 
> On 10/3/19 8:22 AM, Fred Baker wrote:
>> And on lists like this, I am told that there is no deployment - that
>> nobody wants it, and anyone that disagrees with that assessment has
>> lost his or her mind. That all leaves me wondering which of us
>> doesn't quite have their eye on the ball.
> For the reasons you provided in your original message, the learning
> curve for IPv6 -- EVERYTHING about IPv6, not "just enough to get by" --
> is steep and uncertain.
> 
> And I think you may be misunderstanding the problem.  It's not that
> people don't want it.  They lack the zen of it, they don't see the four
> corners of the thing, something that people took years to learn in IPv4.
> (I had a leg up, being involved in the original ARPAnet, so I got to
> watch it grow.  Still have the 1984 DDN handbooks, too.)

Funny thing. I was quoting the email in this thread just prior to yours. I 
won’t say there are no issues in IPv6 deployment; there are. However, having 
done some myself, if you have IPv4-zen, IPv6-zen is pretty easy to come by with 
a cheat sheet. For example, does your configuration have statements like

IP address 192.0.2.1 255.255.255.0 ?

Everywhere you find that, you add a statement like 
ipv6 address 2001:db8:AABB:1234::/64 eui-64
What I did for the IID (IPv4-speak: “host part”) in a recent project was use 
the IPv4 address of the interface:
IP address 192.0.2.1 255.255.255.0
IPv6 address 2001:db8:aabb:1234:192:0:2:1::/128
The idea was to give the operator a clue. I also put the VLAN number in as the 
subnet number. A security geek would be all over me - “too many clues!”. That 
said, 
I found that by typing “IPv6 address command” into google; the first hit was 
https://study-ccna.com/how-to-configure-ipv6/. Then, noting that Cisco has a 
bad habit of pulling things out of there air even though there is a defined way 
to accomplish it, I corrected the prefix to use the defined documentation 
prefix.
It gets a little interesting when you step away from the switch or router to 
the firewall; they have their own commands. The ASA, for example, really 
believes in what Cisco calls “zone-based access control” or “context-based 
access control”. The good news is that if that’s what you’re trying to achieve 
(it’s common), configuring that for IPv6 is pretty simple.
And similarly, BGP and access lists look a lot like their IPv4 counterparts.
What’s a little more of a pain is that if you are using other appliance in your 
network, they may or may not have IPv6 configurability, and there may or may 
not be a drop-in replacement. That becomes a conversation with your vendors of 
choice.

Reply via email to