[GRLUG] IPv6 network nightmare

Adam Tauno Williams awilliam at whitemice.org
Mon Sep 8 10:13:27 EDT 2014


On Sun, 2014-09-07 at 19:51 -0400, Christopher House wrote: 
> Not an IPv6 person at all but thought those on the list might find
> this
> interesting: http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/
> "I have come to the conclusion that so much in IPv6 design and
> implementation has been botched by protocol designers and vendors
> (both ours and others) that it is simply unsafe to run IPv6 on a
> production network except in very limited geographical circumstances
> and with very tight central administration of hosts."

Bull.

Most of his issues relate completely to a bad vendor / crappy firmware.
Nothing here indicates anything was "botched" by "designers".  People
keep saying this - but IPv6 is much *SIMPLER* than IPv4, there is much
less to botch.

I will agree that the replacement of ARP with discovery changes a lot of
things - way more than people realize [I suspect at this point most
people don't even think about it as they are so accustomed to the
idiosyncrasies of ARP].

But I think the nut of his argument is here: "since IPv6 is still not
implemented on very large layer-2 networks like a campus network or
*****our***** building,"

This sounds much more like an issue with Juniper than IPv6.

When we get to the statement: '''IPv6 “privacy” addresses are an
incredible botch added to IPv6''' then I entirely agree.  This "privacy"
setup is **INSANE**.  But can be turned off.  ALWAYS turn it off.

  Windows:
   netsh interface ipv6 set privacy state=disabled store=persistent
   netsh interface ipv6 set privacy state=disabled store=active

  Linux:
     /proc/sys/net/ipv6/conf/eth0/use_tempaddr
     0 = disabled
     1 = enabled but prefer a real address
     >1 = enabled and use this stupid feature
    
'''We will probably move towards not supporting IPv6 “stateless”
autoconfiguration at all, and rely on DHCPv6 to assign stable, traceable
addresses to all IPv6 clients'''

Yes. That has been the recommended practice for a long time.
Statelessness is magick, and the trouble with all magick thusly applies:
tamogenesis.


-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



More information about the grlug mailing list