100 likes | 229 Vues
IPv6 The Saga Continues. Dave Funk EITC, October 2011. World IPv6 Day, June 8, 2011. Lessons learned. http://www.worldipv6day.org. According to: “ The Register ”. World IPv6 Day fails to kill the Internet. Publicity stunt over, now the work begins.
E N D
IPv6 The Saga Continues Dave Funk EITC, October 2011 EITC 2010, @Penn State
World IPv6 Day, June 8, 2011 Lessons learned http://www.worldipv6day.org EITC 2011 @Penn State
According to: “The Register” World IPv6 Day fails to kill the Internet Publicity stunt over, now the work begins http://www.theregister.co.uk/2011/06/09/ipv6_fails_to_kill EITC 2011 @Penn State
In for a Penny, in for a Pound Pick the services to offer then do the full kit For each interface doing v6, provide full-circle DNS EITC 2011 @Penn State
Need things such as AAAA records in SPF/DKIM mail IN A 128.255.18.25 ; IN AAAA 2620:0:e50:7016::80ff:1219 IN TXT "v=spf1 +a +ip6:2620:0:e50:7016::80ff:1219 -all" IN MX 10 mail-gw.icaen.uiowa.edu. EITC 2011 @Penn State
Every place you have an IPv4 address, need corresponding IPv6 address • Sendmail conf files • Sendmail access file • Samaba config files • etc EITC 2011 @Penn State
IPv6 firewall is hard to do correctly even Microsoft makes mistakes FE80::/9 isn't same as FE80::/64 EITC 2011 @Penn State
When making configs & firewalls beware of unexpected packet flows EG: global-scope -> local-scope connection: Source addr: [2620:0:e50:7016::80ff:1219] -> [fe80::2] EITC 2011 @Penn State
Don’t SLAC servers SLAC is OK for clients but servers should have fixed dependable addresses. (even with DDNS). clients may cache server addresses and when they change will cause problems. (Altiris server issue) EITC 2011 @Penn State
IPv6 what services? • Clients • infrastructure (DNS, router, etc) • Any server that remote clients directly connect to • Incoming mail MX (?, whole debate here) EITC 2011 @Penn State