Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi Jens and list, Jens Link writes: > Benedikt Stockebrand writes: > >> They used AWS/S3 for some relevant stuff, and since it was done >> externally it wasn't properly QAed. When Amazon switched IPv6 off >> again, they had a little bit of an issue. We only found out kind of >> accidentially, especially so because they didn't want to make it all >> that obvious that they are using Amazon. > > Can't be that relevant if it was not monitored properly. sorry, but I really can't publicly get into the details of that. Let's just say this was the tip of the iceberg, or the trailer of the TV series, or the reason I got so fond of drain cleaner... Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
On Thu, May 5, 2016 at 1:11 PM, Jens Link wrote: > Benedikt Stockebrand writes: > >> They used AWS/S3 for some relevant stuff, and since it was done >> externally it wasn't properly QAed. When Amazon switched IPv6 off >> again, they had a little bit of an issue. We only found out kind of >> accidentially, especially so because they didn't want to make it all >> that obvious that they are using Amazon. > > Can't be that relevant if it was not monitored properly. Your statement is true - but in the ideal world only... -- SY, Jen Linkova aka Furry
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Benedikt Stockebrand writes: > They used AWS/S3 for some relevant stuff, and since it was done > externally it wasn't properly QAed. When Amazon switched IPv6 off > again, they had a little bit of an issue. We only found out kind of > accidentially, especially so because they didn't want to make it all > that obvious that they are using Amazon. Can't be that relevant if it was not monitored properly. Jens -- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi Jens and list, > Seriously. Several people told me "If AWS doesn't offer IPv6 we don't > need IPv6." On the other hand someone told me "our solution for IPv6 > hosting is Amazon. Or some other cloud provider." I had a somewhat similar experience with a customer not too long (not long enough?) ago. They used AWS/S3 for some relevant stuff, and since it was done externally it wasn't properly QAed. When Amazon switched IPv6 off again, they had a little bit of an issue. We only found out kind of accidentially, especially so because they didn't want to make it all that obvious that they are using Amazon. To my knowledge they are still trying to figure out where to move everything to, and how to do such a move seamlessly. Good News[TM] is that this was outside the scope of my responsibilities, but it was still rather frustrating. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Benedikt Stockebrand writes: Hi, >> Well many content providers / startups use "the cloud". No IPv6 there, >> no content. > > Stopitstopitstopitstopit! Seriously. Several people told me "If AWS doesn't offer IPv6 we don't need IPv6." On the other hand someone told me "our solution for IPv6 hosting is Amazon. Or some other cloud provider." Jens -- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi Jens and list, Jens Link writes: > Benedikt Stockebrand writes: > > Hi, > >>> And may I add cloud providers? >> >> No, you may not. Definitely not. Go away. And take those enterprises >> using them as a cheap CDN with you... > > Well many content providers / startups use "the cloud". No IPv6 there, > no content. Stopitstopitstopitstopit! >> And what's even more frustrating: The Amazon stuff at some time >> supported IPv6 at least on a best effort base, but they switched it off >> again. > > AFAIK only for HTTP(S) Loadbalancing. Which according to some totally unconfirmed rumors was "good enough" for some organization to use as their wannabe CDN. And then Amazon switched IPv6 support off again... I want a drink. And something strong. Like drain cleaner, or at least battery acid. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Benedikt Stockebrand writes: Hi, >> And may I add cloud providers? > > No, you may not. Definitely not. Go away. And take those enterprises > using them as a cheap CDN with you... Well many content providers / startups use "the cloud". No IPv6 there, no content. > And what's even more frustrating: The Amazon stuff at some time > supported IPv6 at least on a best effort base, but they switched it off > again. AFAIK only for HTTP(S) Loadbalancing. Jens -- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi Jens and list, Jens Link writes: > When I look for example at > https://www.vyncke.org/ipv6status/detailed.php?country=de > I would say many (most?) content providers have to work on IPv6. that's the point. And I still find it difficult to tell people that the increasing number of users stuck behind DS-Lite will actually become a problem to the IPv4-only content providers---at best things will be slower, but at worst they will work less reliably. > And may I add cloud providers? No, you may not. Definitely not. Go away. And take those enterprises using them as a cheap CDN with you... > Last time I checked none of the big players (Amazon, > Google, ...) supported IPv6 in their cloud products. And what's even more frustrating: The Amazon stuff at some time supported IPv6 at least on a best effort base, but they switched it off again. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi, >> Maybe we can do that panel discussion in Madrid(?) > > Sounds like a plan ;) \o/ Sander signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Benedikt Stockebrand writes: Hi, > Otherwise, I heartily agree. IPv6 is currently changing from an ISP > issue to an enterprise and (especially small to medium) content provider > issue. When I look for example at https://www.vyncke.org/ipv6status/detailed.php?country=de I would say many (most?) content providers have to work on IPv6. And may I add cloud providers? Last time I checked none of the big players (Amazon, Google, ...) supported IPv6 in their cloud products. Jens -- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
On Tue, May 3, 2016 at 12:37 AM, Benedikt Stockebrand wrote: >>> That would be a great panel discussion with some diverse speakers on the >>> panel :-) >> >> I have been doing some enterprise stuff as well recently. If there is >> going to be such a panel I would love to participate! :) > > Unless Jen somehow scares away various speakers (and I guess that's > something she's *not* going to be particularly successful with:-) our > schedule is already pretty full. > > Otherwise, I heartily agree. IPv6 is currently changing from an ISP > issue to an enterprise and (especially small to medium) content provider > issue. And if I've learned anything the last two years, then that this > opens a completely different can of worms. > > Maybe we can do that panel discussion in Madrid(?) Sounds like a plan ;) -- SY, Jen Linkova aka Furry
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi folks, sorry for the late reply, but now that Jen is back I've taken a couple days off myself. Sander Steffann writes: >> Op 25 apr. 2016, om 19:35 heeft Silvia Hagen het >> volgende geschreven: >> >> That would be a great panel discussion with some diverse speakers on the >> panel :-) > > I have been doing some enterprise stuff as well recently. If there is > going to be such a panel I would love to participate! :) Unless Jen somehow scares away various speakers (and I guess that's something she's *not* going to be particularly successful with:-) our schedule is already pretty full. Otherwise, I heartily agree. IPv6 is currently changing from an ISP issue to an enterprise and (especially small to medium) content provider issue. And if I've learned anything the last two years, then that this opens a completely different can of worms. Maybe we can do that panel discussion in Madrid(?) Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi, > Op 25 apr. 2016, om 19:35 heeft Silvia Hagen het > volgende geschreven: > > That would be a great panel discussion with some diverse speakers on the > panel :-) I have been doing some enterprise stuff as well recently. If there is going to be such a panel I would love to participate! :) Cheers, Sander signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
That would be a great panel discussion with some diverse speakers on the panel :-) Silvia -Ursprüngliche Nachricht- Von: ipv6-wg [mailto:ipv6-wg-boun...@ripe.net] Im Auftrag von Benedikt Stockebrand Gesendet: Montag, 25. April 2016 20:14 An: christian bretterhofer Cc: ipv6-wg@ripe.net Betreff: Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2 Hi Christian and list, christian bretterhofer writes: > I think the basic work for ISPs in concern to IPv6 is covered. well, depends on the ISP in question. To me it looks a lot like many are still struggling to get the necessary knowledge and experience to their tech and support crowd---not necessarily with the people actively involved in the RIPE community, but at least with the big ones. A customer recently asked one of the large players here in Germany if they were interested in a contract that would have allowed my customer to outsource some IPv6-related tasks---or rather, to outsource some tasks that were also expected to be supported via IPv6. They were turned down with the explanation "we don't have the necessary manpower to operate this". > But i miss the topics to be addressed if you want to migrate from a > IPv4 Microsoft Active domain using company to an system where most > server in an enterprise could by just IPv6 only and use technologies > like NAT46 ( SIIT-DC ) or similar to still make IPv4 only windows > clients happy. Now I've taken a bit of a look at these things, but then I'm not exactly a Microsoft guy. From all I've seen, going for NAT64 and such is generally a bad idea. Instead, ensure that IPv6 is provided wherever it is needed and then make your servers dual stacked. Yes, that frequently involves upgrades on various servers nobody really wants to touch, but the very reasons why nobody wants to touch them are the reasons why you actually clean that stuff up. > Switching an enterprise with location around the global from a "we > donot route any IPv6 traffic across our WAN Links" "most servers have > IPv6 disabled" to > We start IPv6 routing partially and enable partial IPv6 support on > servers in a Microsoft ADS environment seems not covered in most IPv6 > covering websites and presentations. That may be because your approach is unnecessarily painful. You want to get IPv6 up and running in the network infrastructure first, then make your servers dual-stacked and then deal with the clients. At least that's the "strategic" outline of an approach. Beyond that it's really a lot of detail work to do on an individual basis. > Maintaining dual stack for the datacenters is just painfull and there > should be a "single" device in the form of NAT46/SIIT/SIIT-DC in front > of each server area. I am not sure that Active directory is ready for > that. Nonononono, don't do that. Whenever something goes wrong with that "single device", you'll have a serious disruption of service, not everything works through it, and you'll never ever get a chance to get rid of it in the long run because there'll always be that one last server that depends on it, or might depend on it but nobody knows for sure. Yes, that means that you need to have all your servers dual stacked, and yes, that's some serious extra workload in a data center context, but anything else is quite likely way worse. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
Hi Christian and list, christian bretterhofer writes: > I think the basic work for ISPs in concern to IPv6 is covered. well, depends on the ISP in question. To me it looks a lot like many are still struggling to get the necessary knowledge and experience to their tech and support crowd---not necessarily with the people actively involved in the RIPE community, but at least with the big ones. A customer recently asked one of the large players here in Germany if they were interested in a contract that would have allowed my customer to outsource some IPv6-related tasks---or rather, to outsource some tasks that were also expected to be supported via IPv6. They were turned down with the explanation "we don't have the necessary manpower to operate this". > But i miss the topics to be addressed if you want to migrate from a > IPv4 Microsoft Active domain using company to an system where most > server in an enterprise could by just IPv6 only and use technologies > like NAT46 ( SIIT-DC ) or similar to still make IPv4 only windows > clients happy. Now I've taken a bit of a look at these things, but then I'm not exactly a Microsoft guy. From all I've seen, going for NAT64 and such is generally a bad idea. Instead, ensure that IPv6 is provided wherever it is needed and then make your servers dual stacked. Yes, that frequently involves upgrades on various servers nobody really wants to touch, but the very reasons why nobody wants to touch them are the reasons why you actually clean that stuff up. > Switching an enterprise with location around the global from a "we > donot route any IPv6 traffic across our WAN Links" "most servers have > IPv6 disabled" to > We start IPv6 routing partially and enable partial IPv6 support on > servers in a Microsoft ADS environment seems not covered in most IPv6 > covering websites and presentations. That may be because your approach is unnecessarily painful. You want to get IPv6 up and running in the network infrastructure first, then make your servers dual-stacked and then deal with the clients. At least that's the "strategic" outline of an approach. Beyond that it's really a lot of detail work to do on an individual basis. > Maintaining dual stack for the datacenters is just painfull and there > should be a "single" device in the form of NAT46/SIIT/SIIT-DC in front > of each server area. I am not sure that Active directory is ready for > that. Nonononono, don't do that. Whenever something goes wrong with that "single device", you'll have a serious disruption of service, not everything works through it, and you'll never ever get a chance to get rid of it in the long run because there'll always be that one last server that depends on it, or might depend on it but nobody knows for sure. Yes, that means that you need to have all your servers dual stacked, and yes, that's some serious extra workload in a data center context, but anything else is quite likely way worse. Cheers, Benedikt -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
christian bretterhofer writes: Hi, > "most servers have IPv6 disabled" I'm always wondering about that part. The only information from Microsoft I could find is "turn of IPv6 at your own risk. We only tested it with IPv6 enabled." > But for a production move we need to be shure that a partial enabling > of Dualstack and IPv6 only networking for servers does not break > things. I'm currently working for a university. I don't do windows but all newer Windows server are dual-stacked. I don't think there are any problems. Unfortunately the main public facing servers (web, mail) are not dual-stacked but that is purely a Layer 8 problem. > Any ideas or links which could help us here? You may find some things documented here: http://wiki.test-ipv6.com/wiki/Main_Page If you stumble over another problem it would be great if you document it in the there. This wiki could use more content. You may also find some information here: http://luka.manojlovic.net/2016/03/13/ipv6-in-windows-environment-for-beginners-part-1-isp-ipv6-delivery/ For the client side: We enabled IPv6 in the wireless network in October 2015 and had no complaints so far. There about 3-4.000 Clients online during day time. If I figure out why I only see IPv6 in the sflow export from the brocade switches (miss)used as border routers I could provide some traffic stats. Jens -- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] ipv6-wg Digest, Vol 55, Issue 2
1. Re: RIPE72 IPv6 WG: call for presentations (Benedikt Stockebrand) Hello to all I think the basic work for ISPs in concern to IPv6 is covered. But i miss the topics to be addressed if you want to migrate from a IPv4 Microsoft Active domain using company to an system where most server in an enterprise could by just IPv6 only and use technologies like NAT46 ( SIIT-DC ) or similar to still make IPv4 only windows clients happy. Switching an enterprise with location around the global from a "we donot route any IPv6 traffic across our WAN Links" "most servers have IPv6 disabled" to We start IPv6 routing partially and enable partial IPv6 support on servers in a Microsoft ADS environment seems not covered in most IPv6 covering websites and presentations. Maintaining dual stack for the datacenters is just painfull and there should be a "single" device in the form of NAT46/SIIT/SIIT-DC in front of each server area. I am not sure that Active directory is ready for that. We are currently moving a complete test ads domain into a Testlab with locations in AT/CN/FI/US into dualstack and here we accept a "not working" during migration and i also hope we can move some servers into a IPv6 only area of those networks. But for a production move we need to be shure that a partial enabling of Dualstack and IPv6 only networking for servers does not break things. Any ideas or links which could help us here? best regards Christian Bretterhofer https://andritz.me ( one Testlab DMZ)
