1 / 10

IPv6 The Saga Continues

IPv6 The Saga Continues. Dave Funk EITC, October 2011. World IPv6 Day, June 8, 2011. Lessons learned. http://www.worldipv6day.org. According to: “ The Register ”. World IPv6 Day fails to kill the Internet. Publicity stunt over, now the work begins.

tejana
Download Presentation

IPv6 The Saga Continues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 The Saga Continues Dave Funk EITC, October 2011 EITC 2010, @Penn State

  2. World IPv6 Day, June 8, 2011 Lessons learned http://www.worldipv6day.org EITC 2011 @Penn State

  3. According to: “The Register” World IPv6 Day fails to kill the Internet Publicity stunt over, now the work begins http://www.theregister.co.uk/2011/06/09/ipv6_fails_to_kill EITC 2011 @Penn State

  4. In for a Penny, in for a Pound Pick the services to offer then do the full kit For each interface doing v6, provide full-circle DNS EITC 2011 @Penn State

  5. Need things such as AAAA records in SPF/DKIM mail IN A 128.255.18.25 ; IN AAAA 2620:0:e50:7016::80ff:1219 IN TXT "v=spf1 +a +ip6:2620:0:e50:7016::80ff:1219 -all" IN MX 10 mail-gw.icaen.uiowa.edu. EITC 2011 @Penn State

  6. Every place you have an IPv4 address, need corresponding IPv6 address • Sendmail conf files • Sendmail access file • Samaba config files • etc EITC 2011 @Penn State

  7. IPv6 firewall is hard to do correctly even Microsoft makes mistakes FE80::/9 isn't same as FE80::/64 EITC 2011 @Penn State

  8. When making configs & firewalls beware of unexpected packet flows EG: global-scope -> local-scope connection: Source addr: [2620:0:e50:7016::80ff:1219] -> [fe80::2] EITC 2011 @Penn State

  9. Don’t SLAC servers SLAC is OK for clients but servers should have fixed dependable addresses. (even with DDNS). clients may cache server addresses and when they change will cause problems. (Altiris server issue) EITC 2011 @Penn State

  10. IPv6 what services? • Clients • infrastructure (DNS, router, etc) • Any server that remote clients directly connect to • Incoming mail MX (?, whole debate here) EITC 2011 @Penn State

More Related