Franck Martin wrote: > This is dual stack, my recommendation is disable IPv6 on your servers > (so your clients will still talk to them on IPv4 only), and let your > client goes IPv6 first. Once you understand what is happening, get on > IPv6 on your servers.
You don't have to disable IPv6 on the servers, just don't put a AAAA in dns. The simplest way to move forward is to get the entire path in place without the key to knowing is there, then for a few test subjects either provide a different dns response, or distribute a host file. Making the mass change of enabling the servers at the point you expect service to work is just asking for support calls... > > Alternatively, use someone else network to understand IPv6. Attend, > NANOG, ICANN, IETF, they always have IPv6 enabled, you can better > understand how your machine reacts, what tools you have, how to do > ping, debug, packet capture,... > > For the firewall, shorewall does IPv4 and IPv6, with a relatively > simple interface and is free... > > ----- Original Message ----- > From: "William Herrin" <b...@herrin.us> > To: "Robert Lusby" <nano...@gmail.com> > Cc: nanog@nanog.org > Sent: Thursday, 10 February, 2011 7:03:01 AM > Subject: Re: IPv6 - a noobs prespective > > On Wed, Feb 9, 2011 at 6:00 AM, Robert Lusby <nano...@gmail.com> wrote: > > I also get why we need IPv6, that it means removing the NAT (which, > surprise > > surprise also runs our Firewall), and I that I might need new kit for > it. > > > > I am however *terrified* of making that move. There is so many new > phrases, > > words, things to think about etc > > The thing that terrifies me about deploying IPv6 is that apps > compatible with both are programmed to attempt IPv6 before IPv4. This > means my first not-quite-correct IPv6 deployments are going to break > my apps that are used to not having and therefore not trying IPv6. But > that's not the worst part... as the folks my customers interact with > over the next couple of years make their first not-quite-correct IPv6 > deployments, my access to them is going to break again. And again. And > again. And I won't have the foggiest idea who's next until I get the > call that such-and-such isn't working right. > > Regards, > Bill Herrin > > > > -- > William D. Herrin ................ her...@dirtside.com b...@herrin.us > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004