Re: [c-nsp] Recommended IPv6 Resources
Hi I personally like and find this resource useful: http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf thanks Arun On Wed, Mar 14, 2012 at 8:59 PM, Justin M. Streiner strei...@cluebyfour.org wrote: On Tue, 13 Mar 2012, Steve McCrory wrote: I'm more than prepared to hunt for resources and have a play with IPv6 for myself, I just wanted a pointer in the direction of good, informative, up-to-date material. Your point is well taken :) IPv6, like many other technologies, has launched numerous religious debates (read through the NANOG list archives for many examples ;) ), so there is lots of information available, but there is also lots of potential mis-information. There are also many areas where either vendor support is lean (inet6 firewall filters in Junos), or their documentation is lean (Cisco IPv6 inspection capabilities in the ASA comes to mind). jms __**_ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/cisco-nsphttps://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/**pipermail/cisco-nsp/http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
On Tue, 13 Mar 2012, Steve McCrory wrote: I'm more than prepared to hunt for resources and have a play with IPv6 for myself, I just wanted a pointer in the direction of good, informative, up-to-date material. Your point is well taken :) IPv6, like many other technologies, has launched numerous religious debates (read through the NANOG list archives for many examples ;) ), so there is lots of information available, but there is also lots of potential mis-information. There are also many areas where either vendor support is lean (inet6 firewall filters in Junos), or their documentation is lean (Cisco IPv6 inspection capabilities in the ASA comes to mind). jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Recommended IPv6 Resources
Hi Guys, I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. I'm attending a course at the end of the month on the subject but would like to get a head start as I find I generally get more out of a course if I'm at least familiar with the material to begin with. My last exposure to IPv6 was several years ago while I was studying for the CCNP and not had much reason for a refresh since then. I've pretty much forgotten everything I learned back then and I'm also thinking that things may have moved on in the intervening period. There is obviously a plethora of resources out there but I'm looking for those that carry personal recommendations. If it helps narrow things down, I'm interested in resources that are up to date, covers the basics through to deployment strategies and those that have a slant towards service providers. Thanks in advance Steven This email has been swept by Webroot for viruses. Any files transmitted with it are confidential and intended solely for the email recipient. If you are not the intended recipient please delete this email immediately. Be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this email in error please notify the system administrator. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. GCI Com incorporates the following Group Companies: GCI Telecom Group Limited Reg. No. 5396496, Edge Telecommunications Ltd Reg. No. 5748740, Edge Telecom Ltd Reg. No. 3101247, IP Infrastructures Ltd Reg. No. 4657026, Invomo Ltd Reg. No. 6267056, NetServices UK Ltd Reg. No. 7118768, WAN Services Ltd Reg. No. 4082862. All Registered in England and Wales, Registered Office: Global House, 2 Crofton Close, Lincoln, LN3 4NT ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
Hi, On Tue, Mar 13, 2012 at 01:39:03PM -, Steve McCrory wrote: I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. 96 more bits, no magic gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpVXJlhtq3Rj.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
Hi, On Tue, Mar 13, 2012 at 02:49:28PM +0100, Gert Doering wrote: On Tue, Mar 13, 2012 at 01:39:03PM -, Steve McCrory wrote: I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. 96 more bits, no magic This might have been a bit too terse, though :-) - what I was trying to say: IPv6 is not *that* different from IPv4. It has longer addresses, the addresses are written in a weird way, and people have all of a sudden started to waste addresses like crazy (because we can!) - but the underlying principles of BGP, OSPF, RIP, longest-match-wins, etc. are basically still the same. So just go and experiment :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpeEGCvNwojp.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
On Tue, 13 Mar 2012, Steve McCrory wrote: I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. It's really not all that different from IPv4 other than much larger address space, conservative IP assignment gets flipped around 180*, and watch out for things like needing IPv6 ACLs on things like router/switch vty lines, and RA / SLAAC automatically enabling IPv6 on hosts before they've been configured for it (ACLs). -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
Hi, On Tue, Mar 13, 2012 at 02:13:28PM -, Steve McCrory wrote: I appreciate this list doesn't look favourably on the 'I can't figure this out and can't be bothered looking for myself, please do it for me' type of posts but that's not what I'm looking for here. I'm more than prepared to hunt for resources and have a play with IPv6 for myself, I just wanted a pointer in the direction of good, informative, up-to-date material. Yeah, and unfortunately, I don't have anything nicely packaged for you. There's stuff on http://www.cisco.com/go/ipv6 - some marketing blurb, but also links to whitepapers and such. But basically, you might not even *need* it, since it's just 96 more bits, no magic - that was the point I was trying to make. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp8IAAC8aExM.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
A few good resources and cheat sheets: http://www.estoile.com/ and http://www.estoile.com/links/ipv6.pdf http://packetlife.net/library/cheat-sheets/ http://search.oreilly.com/?q=ipv6x=0y=0 Also check out some of the Live Virtual sessions covering IPv6, some very good intros there. If you can be a bit more specific on what specifically you want to read on, I'm sure the group can come up with more resources to cover that use case. (Peering, customer filtering, exchange point configuration, access switch issues, MPLS, 6VPE, etc.) Jeremy On 3/13/2012 9:13 AM, Steve McCrory wrote: Gert, Not at all, I took it in the nature it was intended :o) I appreciate this list doesn't look favourably on the 'I can't figure this out and can't be bothered looking for myself, please do it for me' type of posts but that's not what I'm looking for here. I'm more than prepared to hunt for resources and have a play with IPv6 for myself, I just wanted a pointer in the direction of good, informative, up-to-date material. On Tue, Mar 13, 2012 at 02:49:28PM +0100, Gert Doering wrote: On Tue, Mar 13, 2012 at 01:39:03PM -, Steve McCrory wrote: I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. 96 more bits, no magic This might have been a bit too terse, though :-) - what I was trying to say: IPv6 is not *that* different from IPv4. It has longer addresses, the addresses are written in a weird way, and people have all of a sudden started to waste addresses like crazy (because we can!) - but the underlying principles of BGP, OSPF, RIP, longest-match-wins, etc. are basically still the same. So just go and experiment :-) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
Hi, I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. there are a few IPv6 books out there - from the cisco offerings to third party and usual stalwart publishers. they should get you well versed on the subject. yes, address space is bigger - but its the other things that will get you .. uses multicast to do everything, ICMPv6 is very very important for operation of hosts, SLAAC is the 'easy way' to get addresses from the router - your DHCP server may well not do DHCPv6 (and if it does, the clients probably dont! ;-) ) so how do you record/manage hosts? what about reverse records - you going to have 65k of entries for each /64 that you deal with? ACLs and switch behaviour - and what about end point protection - theres a good layer of ipv4 protection on particualr cisco access layer switches now - but the ipv6 is lacking. likewise management - its a big big shame that cisco havent gone full-on with mgmt in IPv6 - theres no reason why the mgmt of your switches/APs etc cant all be in IPv6 and you have no IPv4 on those netsbut no.. latest IOS has some mgmt functions that work over IPv6.. not bad considering how long v6 has been around before. my take home message? you can leanr a WHOLE LOT more about it by having a dev/test router, a couple of VLANs and home hosts (oh, be sure to tick the IPv6 box in VMware if you are virtualised with it ;-) ) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Recommended IPv6 Resources
+1 on test lab. Lots of issues won't show up until actual use. For example, on a Cisco router by if you disable SLAAC by doing: # ipv6 nd prefix default 300 180 no-autoconfig Windows and Linux work fine. However, Solaris no longer gets a default route from RA. These are the gotcha's that you have to find out yourself. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Alan Buxey Sent: Tuesday, March 13, 2012 2:35 PM To: Steve McCrory Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Recommended IPv6 Resources Hi, I'm dipping my toe into the world of IPv6 and I'm looking for recommendations on resources - books, design guides, white papers, tutorials etc. there are a few IPv6 books out there - from the cisco offerings to third party and usual stalwart publishers. they should get you well versed on the subject. yes, address space is bigger - but its the other things that will get you .. uses multicast to do everything, ICMPv6 is very very important for operation of hosts, SLAAC is the 'easy way' to get addresses from the router - your DHCP server may well not do DHCPv6 (and if it does, the clients probably dont! ;-) ) so how do you record/manage hosts? what about reverse records - you going to have 65k of entries for each /64 that you deal with? ACLs and switch behaviour - and what about end point protection - theres a good layer of ipv4 protection on particualr cisco access layer switches now - but the ipv6 is lacking. likewise management - its a big big shame that cisco havent gone full-on with mgmt in IPv6 - theres no reason why the mgmt of your switches/APs etc cant all be in IPv6 and you have no IPv4 on those netsbut no.. latest IOS has some mgmt functions that work over IPv6.. not bad considering how long v6 has been around before. my take home message? you can leanr a WHOLE LOT more about it by having a dev/test router, a couple of VLANs and home hosts (oh, be sure to tick the IPv6 box in VMware if you are virtualised with it ;-) ) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ smime.p7s Description: S/MIME cryptographic signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
