I recommend any of a number of online courses for a quick understanding of IPv6. But nothing beats making your own IPv6 lab and getting hands-on experience. Here's a course I built walking you through that process:
http://windowsitpro.com/build-your-own-ipv6-lab-and-become-ipv6-guru-demand -mel beckman > On Oct 4, 2015, at 7:49 AM, Stephen Satchell <[email protected]> wrote: > >> On 10/04/2015 06:40 AM, Matthias Leisi wrote: >> Fully agree. But the current state of IPv6 outside "professional“ >> networks/devices is sincerely limited by a lot of poor CPE and >> consumer device implementations. > > I have to ask: where is the book _IPv6 for Dummies_ or equivalent? > > Specifically, is http://www.xnetworks.es/contents/Infoblox/IPv6forDummies.pdf > any good? (I just downloaded it to inspect.) > > My bookshelf is full of books describing IPv4. Saying "IPv6 just works" > ignores the issues of configuring intelligent firewalls to block the > ne-er-do-wells using the new IP-level protocol. > > In Robert L. Ziegler's book _Linux Firewalls_ Second Edition (2002, ISBN > 0-7357-1099-6), the *only* mention of IPv6 is in the discussion of NAT, and > that discussion is limited to "NAT is a stopgap until IPv6 achieves wide > implementation. A preview of the Third Edition fails to mention ip6tables at > all, the same lack that the Second Edition has. > > I use CentOS, the community version of Red Hat Enterprise. I looked around > for useful books on building IPv6 firewalls with the same granularity as the > above-mentioned book for IPv4, and haven't found anything useful as yet. In > particular, I'm looking for material that lays out how to build a > mostly-closed firewall and DMZ in IPv6. The lack of IPv6 support goes > further: I didn't find anything useful in Red Hat (CentOS) firewall tools > that provides IPv6 support...but that's probably because I don't know what > I'm looking for. (Also, that GUI software is intended for use on individual > servers/computers, not in a edge-firewall with forwarding and DMZ > responsibilities.) > > Building a secure firewall takes more than just knowing how to issue ip6table > commands; one also needs to know exactly what goes into those commands. > NANOG concentrates on network operators who need to provide a good Internet > experience to all their downstream customers, which is why I see the bias > toward openness...as it should be. Those of us who run edge networks have > different problems to solve. > > I'm not asking NANOG to go past its charter, but I am asking the IPv6 > fanatics on this mailing list to recognize that, even though the net itself > may be running IPv6, the support and education infrastructure is still behind > the curve. Reading RFCs is good, reading man pages is good, but there is no > guidance about how to implement end-network policies in the wild yet...at > least not that I've been able to find. > > "ipv6.disable" will be changed to zero when I know how to set the firewall to > implement the policies I need to keep other edge networks from disrupting > mine. >
