RE: Ipv6? [7:93034]

From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Mon Sep 27 2004 - 08:45:05 GMT-3

At 5:33 AM -0400 9/27/04, Scott Morris wrote:
>Hehehehe.... Very true. I'll try not to get started, so that way we save
>Howard some time in defending things! (grin)
>
>One of the biggest things that is going to make life "interesting" with IPv6
>is the security aspect. Not to add paranoia for lab preparation, but just
>stating for real-life implementation. A firewall's ability (to begin with)
>is a huge issue, but just the sheer knowledge of the protocol and subnet
>issues is another.
>
>While the multi-header issue is nice from an organizational point of view,
>it can present new and exciting problems when it comes to efficient firewall
>processing.

As you may know, there are V6 multihoming and operations working
groups in the IETF, and, among other things, there are proposals to
redefine site-local.

I suspect the long-term solution may pass some of the problem from
the network to the host. Where address shortage is a network issue
today, it's quite possible that hosts may routinely need to be able
to respond to multiple addresses -- as, for example, if their site is
multihomed such that there are multiple TLA/NLA sequences.

>
>IMHO, I would have added a three-bit leader to the IPv4 address, like
>1:10.10.10.4 where we would have a completely separate IPv4 address space
>per continent (or whatever we chose for the leading bit to mean. This
>solves anyone issue with address availability, doesn't make anything THAT
>difficult to understand and, well, just is nicer. :) Obviously Antartica
>doesn't need a full set of IP addresses,

Scott, I am shocked. This is blatant discrimination against penguins
who desire Internet connectivity. Seals, too -- can you think of a
more appropriate species to run the firewall than a "seal"?

>so there's a reclaimed space plus
>the one extra (there are 7 continents) to play with and reserve for our
>extraterrestrial communication needs!
>
>But in the meantime... Brush up on your hex! ;)
>
>
>Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
>JNCIP, et al.
>IPExpert CCIE Program Manager
>IPExpert Sr. Technical Instructor
>swm@emanon.com/smorris@ipexpert.net
>http://www.ipexpert.net
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Jonathan R. Charles
>Sent: Monday, September 27, 2004 12:10 AM
>To: ccielab@groupstudy.com
>Subject: RE: Ipv6? [7:93034]
>
>The lack of the hassle is the downside?
>
>From what I have been reading, IPv6 doesn't look that bad, but I can see how
>it can quite easily become a complete nightmare... Doing the binary
>aggregation of multiple 128 bit numbers is going to seriously be annoying.
>
>And when it comes to multicast and ICMP, and everything else that has been
>altered completely, it will present a challenge that will be quite difficult
>to master by even the most experienced engineer.
>
>I can almost envision the CCNA exam of 2011 requiring you to summarize 20
>IPv6 addresses...
>
>
>
>
>Jonathan
>
>-----Original Message-----
>From: Scott Morris [mailto:swm@emanon.com]
>Sent: Sunday, September 26, 2004 22:43
>To: 'Jonathan R. Charles'; ccielab@groupstudy.com
>Subject: RE: Ipv6? [7:93034]
>
>The "address-family" is akin to creating a separate RIB/routing process.
>Remember, in OSPF we have local process numbers where nobody cares. In
>EIGRP it's AS driven, but you either match or you don't. In BGP, we want to
>retain the same single AS number no matter who we talk to (generally).
>
>IPv5 was a minor variant compatible with IPv4 that some people didn't think
>was nearly as much of a hassle to converting things to hexadecimal and
>giving away more IP address space than we could use even after we colonize
>Mars.
>
>;)
>
>
>Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
>JNCIP, et al.
>IPExpert CCIE Program Manager
>IPExpert Sr. Technical Instructor
>swm@emanon.com/smorris@ipexpert.net
>http://www.ipexpert.net
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Jonathan R. Charles
>Sent: Sunday, September 26, 2004 2:35 AM
>To: ccielab@groupstudy.com
>Subject: RE: Ipv6? [7:93034]
>
>A friend of a friend said he was at Networkers and Cisco said it would only
>be a very basic configuration on one link, where you would have to apply the
>address and get connectivity going, nothing major, no routing protocols, no
>interlacing of IPv4 and IPv6 for all your BGP speakers.
>
>Remember IPv6 implementation is not around the corner, it is not even in
>this time zone for the general networking community.
>
>I suspect highly that the configuration will be simple, basic and probably
>only worth 2 points or so.
>
>While we are on the topic, what is this whole 'address-family' thing for
>mBGP referring to? Would you subconfigure two routing processes inside the
>BGP AS, one for IPv4 and the other for IPv6?
>
>Also, what ever happened to IPv5? Was it a complete disaster?
>
>
>
>
>Jonathan
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Sameer@mesiniaga.com.my
>Sent: Sunday, September 26, 2004 00:54
>To: Scott Morris
>Cc: ccielab@groupstudy.com
>Subject: RE: Ipv6? [7:93034]
>
>Hi Scott,
>
>Thnx for your advice...Can you also clarfiy whether IPV6 will be a sub topic
>in CCIE LAB JAN 2005 or The entire IP Addressing will be IPV6.
>
>Thnx & Regards
>Sameer Tandon
>
>
>
>
>"Scott Morris" <swm@emanon.com>
>Sent by: nobody@groupstudy.com
>20-09-04 11:22 AM
>Please respond to "Scott Morris"
>
> To: "'James'" <james@towardex.com>, "'Joseph D. Phillips'"
><josephdphillips@fastmail.us>
> cc: "'group study'" <ccielab@groupstudy.com>
> Subject: RE: Ipv6? [7:93034]
>
>
>Saying it's no different is a huge understatement. :)
>
>Many rules change when it comes to how you program the routing protocols...
>However, in the grand scheme of things, just realize that it is not a "core"
>topic....
>
>Learn the general concepts and know how to look things up on the DocCD...
>The CD has very good information about dealing with IPv6.
>
>788 pages is nice if you want to implement it. Skimming it, playing with it
>once or twice and knowing where to look it up is nice if you want to not
>freak out when it shows up on your CCIE lab exam in January!
>
>HTH,
>
>
>Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
>JNCIP, et al.
>IPExpert CCIE Program Manager
>IPExpert Sr. Technical Instructor
>swm@emanon.com/smorris@ipexpert.net
>http://www.ipexpert.net
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>James
>Sent: Sunday, September 19, 2004 5:12 PM
>To: Joseph D. Phillips
>Cc: group study
>Subject: Re: Ipv6? [7:93034]
>
>On Sun, Sep 19, 2004 at 01:51:24PM -0700, Joseph D. Phillips wrote:
>> We just have to memorize this:
>>
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgc
>> r/ipv6_r/ipv6book.pdf
>>
>> It's only 788 pages. Should be no problem.
>>
>> Seriously, though, the paucity of discussion on this topic is unusual.
>>
>> What are we supposed to know by 1/1/2005?
>>
>> Or whenever...
>
>IPv6 is not any different than IPv4 with exception of few proto related
>cosmetic changes such as anycast, etc, etc. As far as inter-routing goes its
>not any different in conceptual thoughts.
>
>You do need to get some idea of how the subnetting and addressing types
>work, which there is a good documentation here:
>
> http://www.tdoi.org/ipv6.php
>
>There are lots of IPv6 addresses to spare today and there are few tunnel
>brokers / tunnel providers who can provide anyone with a tunnel and live BGP
>session to setup IPv6. You will then need to know how to setup MP-BGP for
>ipv6-unicast and do basic ipv6 static routing and stuff -- if you have
>multiple routers, learn about v6 isis or ospfv3 as appropriate. One can
>easily assign one of the cisco routers in your rack with a live public IP to
>terminate the ipv6-in-ipv4 tunnel and get a /48 v6 delegation to lab it up
>with thru the entire rack.
>
>If you have strong conceptual knowledge in ipv4 routing (IGP, BGP), you
>should not find problems quickly picking up IPv6 routing.
>
>There are few tunnel brokers who also can throw in a BGP feed for enduser to
>play with, such as hurrican electric tunnelbroker (www.tunnelbroker.net).
>
>I myself also run a relatively large 6bone pTLA network providing free
>experimental transit to several ASN's (some tunnels, some native), if anyone
>is also interested.
>
>HTH,
>-J
>
>--
>James Jun TowardEX
>Technologies,
>Inc.
>Technical Lead Network Design, Consulting, IT
>Outsourcing
>james@towardex.com Boston-based Colocation & Bandwidth
>Services
>cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
>www.twdx.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:50 GMT-3