• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

A Bit Confused - Setting up IPv6 Infrastructure

Started by geomechanica, April 20, 2011, 01:29:10 PM

Previous topic - Next topic

geomechanica

Hey everyone,

I am in the process of setting up a rack of servers, and next month I will receive a T1 service for the rack.  Since these are all brand new servers that are first coming online, I have decided to "do the world a favor" and just go with IPv6 from the start.  I have asked the helpful folks on #ipv6 (freenode) for some advice, and I have to admit I'm still a bit confused.  My understanding is that I need to obtain a block of IPv6 addresses for the company, and I have contacted my service provider to request this.  If I am unable to obtain these addresses, I am under the impression that I can get a block of addresses from HE and use tunneling.  Is that right?

Assuming I get a block of addresses from HE, I would then setup my corporate router to tunnel to HE routers, so that my addresses are reachable over IPv4.  I assume this means that my traffic (1.5Mbps) is going to go through HE routers while the IPv6 Internet grows.  In order to be "reachable" by the outside world, I understand that I can use DNS to give an IPv6 or IPv4 address depending upon how the DNS server was queried.

I find IPv6 a bit confusing, and I hope you're able to give me some helpful advice.  On a side note, I am writing up a blog with my experiences to help others understand how to migrate to IPv6, the blog will come online when I get my T1 and IPv6 addresses :-).

cholzhauer

Quote
I am in the process of setting up a rack of servers, and next month I will receive a T1 service for the rack.  Since these are all brand new servers that are first coming online, I have decided to "do the world a favor" and just go with IPv6 from the start.  I have asked the helpful folks on #ipv6 (freenode) for some advice, and I have to admit I'm still a bit confused.  My understanding is that I need to obtain a block of IPv6 addresses for the company, and I have contacted my service provider to request this.  If I am unable to obtain these addresses, I am under the impression that I can get a block of addresses from HE and use tunneling.  Is that right?

Correct...try in that order too...ISP, then HE

I think you're over thinking it.  Your IPv4 traffic will not be affected.  Basically you're setting up a Server/Appliance to tunnel to HE.  Any IPv6 traffic that's destined for the outside world is sent to your router.  The router encapsulates it in an IPv4 packet and sends it to HE.  HE strips off the IPv4 outer layer and sends the IPv6 packet on its way.

That's greatly simplified, but I hope it helps.

One host can have both an A (IPv4) and AAAA (IPv6) record.  If you do a lookup on mars.sscorp.com, you'll see what I mean.  If the person trying to reach you has IPv6 (and their system is set to prefer it over IPv4) they will try and connect to you over IPv6.  If they don't have IPv6, traffic will continue over IPv4

geomechanica

Okay, I just got the answer from my ISP... apparently there is no IPv6 routing in Canada yet, and they do not give IPv6 addresses. 

It makes sense to me now that only IPv6 traffic will get routed through HE's tunnel, which should be relatively little traffic (until IPv6 becomes more common place).  Looks like the HE solution is the way to go.

Given that the company is in Canada, is HE still the right place to get a block of addresses?  Are these address allocations somewhat permanent, so that I don't have to go through a big hassle later?  Is there a charge for the address block?  A charge for the tunnel services (given that this is for corporate use)?  What happens when the world starts to see IPv6 adoption, will I have to change my address block to something allocated by my ISP?

In the IPv4 world I know, we get a few addresses from our ISP... then use internal NAT with a private network to give addresses to endpoints.  My understanding of the IPv6 world is that we get an address block, and private network addresses are not required, I simply allocate from my own pool as I see fit.  Is that right?

cholzhauer

GoGo6 is in Canada, but if I had to choose between them and HE, I'd go with HE (Sorry Bruce)

Free allocations even for enterprise roll-outs. You'll probably want to request a /48 because I'm sure you'll be doing multiple subnets.  You don't need to use private IPv6 addresses, although you're welcome to if you so choose.  (I personally don't see a reason to, but I don't want to get into that discussion)

The HE addresses are permanent as long as you have your tunnel.  Once your ISP rolls out native IPv6, you'll have to renumber (What's your ISP?  The biggest one I've heard of up there is Shaw and they don't seem to know their left from their right)


geomechanica

My ISP is Allstream.  I've gotten IPv6 figured out I think :-)  There was mostly a mental block, and a few technical details... it really is easier than I thought.  At this time, I have selected to use a private subnet until I get a /48 allocated through the tunnel, and eventually from my ISP as you say.  Since I do not yet have a static IP (the network line comes next month), I have decided to hold off on configuration of the tunnel until then.  By using a private subnet, I am able to do my server configuration right now and just change part of the IP next month.  Right now I'm at the interesting part: making sure all my applications and devices work with my local IPv6 network.