Community discussions

MUM Europe 2020
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 107
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:

Migrating to IPv6

Tue Aug 14, 2018 2:13 pm

Hello!

I currently have about 2000 pppoe clients in a CCR 1036+ and two BGP sessions on a CCR1072. All is fine and working, but the time to migrate from IPv4 to IPv6 is upon us, and I wonder what kind of moddifications are in place to go this way. Is the equipment going to be able to handle IPv6? Is is possible to keep working with IPv4 for some situations along with IPv6? Most important, is it going to cause too much trouble with my clients?

Thanks again for all the time and help!
MTCNA MTCRE
 
jwier92
just joined
Posts: 7
Joined: Tue Aug 14, 2018 12:59 am

Re: Migrating to IPv6

Tue Aug 14, 2018 2:47 pm

Good that you are starting to think about this.

First your most important question: Is this going to cause problems for your clients? I would say to roll it out slowly, ask for some that want to try it first, then let them use it for a few weeks and ask for another bunch. Then work with them. I would assume the answer is no, it will not cause problems, but here is the main thing to remember and this is IMPORTANT.
  • Your clients equipment will have real on the net IP addresses, so firewall rules are important. Right now they are hiding behind NAT and do not pay much attention to security, because they are unreachable (kind of). After this change, they will be fully exposed if not protected from the firewall. It will be nice not to have to do NAT, but now your clients will have to block all outside traffic that is not established or related to an inside request and then let in services they wish to offer. Again, no NAT!!! The world is good again.


Getting started:
  • Have you applied from ARIN for you IPv6 block? I would assume with that many clients a /32 or larger will be given. Just get your own to start with as it is worth it not to change them in the future and they hand them out willingly.
  • Have the talk with your upstream providers about supplying you IPv6. Even if it is only one for now, that should be fine.
  • I do not see any need for different equipment, but you might need to make some considerations on BGP for IPv6. I think you should have enough RAM to pull in full tables.
After you get all this started, I would suggest the Hurricane Electric courses to get yourself really good with IPv6. https://ipv6.he.net/certification/ and get a tunnel from them to start playing with in the mean time. (One thing to note, do not hand out HE IPv6 addresses to clients as Netflix blocks their address space).
 
User avatar
victorsoares
Member Candidate
Member Candidate
Topic Author
Posts: 107
Joined: Thu Feb 15, 2018 6:29 pm
Location: Ubatuba, São Paulo - Brazil
Contact:

Re: Migrating to IPv6

Tue Aug 14, 2018 2:55 pm

Thanks so much for the answer, it really helped me. I do not work with NAT now, only public IPv4's for all my clients, and I want to keep it that way, that's why I don't want to go the CGNAT route.

My traffic providers already work with IPv6, so that's pretty much covered. Now what is left for me is to apply for IPv6 and get myself some /32 blocks. Meanwhile I'll play around with HE course, and see what is ahead of me.

Thanks again for clarifying things a bit further for me!
MTCNA MTCRE
 
Paternot
Long time Member
Long time Member
Posts: 609
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Migrating to IPv6

Tue Aug 14, 2018 4:51 pm

Thanks so much for the answer, it really helped me. I do not work with NAT now, only public IPv4's for all my clients, and I want to keep it that way, that's why I don't want to go the CGNAT route.

My traffic providers already work with IPv6, so that's pretty much covered. Now what is left for me is to apply for IPv6 and get myself some /32 blocks. Meanwhile I'll play around with HE course, and see what is ahead of me.

Thanks again for clarifying things a bit further for me!
But each of your clients get only one IPv4 address, right? So, they are behind a NAT of their own: the one made by their router. With IPv6 this gets thrown out of the window.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Guntis and 98 guests