On Wed, 2013-01-30 at 09:39 +0200, Jussi Peltola wrote:
High density virtual machine setups can have 100 VMs per host.
OK, I see where you are coming from now.
Hm. If you have 100 VMs per host and 48 hosts on a switch, methinks you
should probably invest in the finest switches money can buy,
On 30/01/2013 10:24, Karl Auer wrote:
Hm. If you have 100 VMs per host and 48 hosts on a switch, methinks you
should probably invest in the finest switches money can buy, and they
will have no problem tracking that state.
What make+model switches would these be, did you say?
Nick
On Wed, 2013-01-30 at 10:33 +, Nick Hilliard wrote:
On 30/01/2013 10:24, Karl Auer wrote:
Hm. If you have 100 VMs per host and 48 hosts on a switch, methinks you
should probably invest in the finest switches money can buy, and they
will have no problem tracking that state.
What
On 30 January 2013 02:39, Jussi Peltola pe...@pelzi.net wrote:
High density virtual machine setups can have 100 VMs per host. Each VM
has at least a link-local address and a routable address. This is 200
groups per port, 9600 per 48 port switch.
um - let's compare apples to apples here - 100
On Mon, 28 Jan 2013, Doug Barton wrote:
On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
- configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
Hopefully that did not included filtering ICMPv6? :)
The level of IPv6 support in firewalls has been all over the place, even
from
The smarter way to do this is to assign a /64 to each host and route
to it instead of exporting any L2 issues beyond the TOR switch.
In general, WLANs don't scale to large numbers of clients particularly
well for a variety of reasons that have little to do with ND. More
APs with smaller range are
Subject: Re: IPV6 in enterprise best practices/white papaers Date: Mon, Jan 28,
2013 at 08:45:39PM +0400 Quoting Mukom Akong T. (mukom.ta...@gmail.com):
On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.netwrote:
I thought about running pure IPv6 inside and do 6to4, but it's
On Tue, 2013-01-29 at 09:37 +0100, Måns Nilsson wrote:
Subject: Re: IPV6 in enterprise best practices/white papaers Date: Mon, Jan
28, 2013 at 08:45:39PM +0400 Quoting Mukom Akong T. (mukom.ta...@gmail.com):
On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.netwrote:
Does
- Original Message -
From: Doug Barton do...@dougbarton.us
On 1/28/2013 6:23 AM, Jay Ashworth wrote:
To paraphrase Guy L Steele:
If we are this far on into the new IPv6 world and that question is
not
one which can be answered by a link on the first page of ghits for
On 01/29/2013 09:20 AM, Jay Ashworth wrote:
- Original Message -
From: Doug Barton do...@dougbarton.us
On 1/28/2013 6:23 AM, Jay Ashworth wrote:
To paraphrase Guy L Steele:
If we are this far on into the new IPv6 world and that question is
not
one which can be answered by a link
- Original Message -
From: Doug Barton do...@dougbarton.us
IPv4 is mature enough that for small to medium sized networks, the
answer is you plug everything in.
My appraisal of v6 is that it's an order of magnitude (or two) more
complex than that, both in 'attack' surface and
On 01/29/2013 01:09 PM, Jay Ashworth wrote:
- Original Message -
From: Doug Barton do...@dougbarton.us
IPv4 is mature enough that for small to medium sized networks,
the answer is you plug everything in.
My appraisal of v6 is that it's an order of magnitude (or two)
more complex
- Original Message -
From: Doug Barton do...@dougbarton.us
Depends on how big your deployment is. For a small office -- say,
100 PCs or less; something that will fit in what I will catch schidt
for referring to as a Class C :-) -- with a single current
generation consumer market
On 01/29/2013 01:54 PM, Jay Ashworth wrote:
You haven't tried to *buy* IPv6 edge transit, have you?
*cough*Implementation detail*cough*
:)
Also, if a switch does not do MLD snooping, it will flood multicast to
all ports. You lose one of the major benefits of IPv6 multicast - less
admin traffic.
Agreed; but just to be fair: there is still a difference between
multicast being flodded everywhere and boradcast being flooded
Not sure if anyone mentioned Aaron's presentation on this topic
from way back... Here's the link:
http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf
John Kemp (k...@routeviews.org)
On 1/26/13 1:26 AM, Pavel Dimow wrote:
Hi,
I have read
- Original Message -
From: John Kemp k...@network-services.uoregon.edu
Not sure if anyone mentioned Aaron's presentation on this topic
from way back... Here's the link:
http://www.nanog.org/meetings/nanog47/presentations/Wednesday/Hughes_Kosters_fundamentals_N47_Wed.pdf
I hadn't,
In article
xs4all.12519635.4213.1359489253787.javamail.r...@benjamin.baylink.com you
write:
- Original Message -
From: Doug Barton do...@dougbarton.us
Depends on how big your deployment is. For a small office -- say,
100 PCs or less; something that will fit in what I will catch
Whereas, with IPv6 you have most, if not all of the same factors
to consider, but there is some marginal added complexity around
things like SLAAC/RA, some different terminology, binary math in
hex instead of octal, network sizes are many orders of magnitude
larger, etc. So the net effect
On Mon, Jan 28, 2013 at 6:45 PM, Mukom Akong T. mukom.ta...@gmail.com wrote:
On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.net
wrote:
I thought about running pure IPv6 inside and do 6to4, but it's too
much of a headache,
Nice call (skipping 6to4)
not to mention that
On Mon, Jan 28, 2013 at 8:58 PM, Doug Barton do...@dougbarton.us wrote:
On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
- configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
Hopefully that did not included filtering ICMPv6? :)
No, of course not :)
I did a bit (actually very
On Mon, Jan 28, 2013 at 9:54 PM, Owen DeLong o...@delong.com wrote:
On Jan 28, 2013, at 10:03 , Joe Maimon jmai...@ttec.com wrote:
Eugeniu Patrascu wrote:
On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
As being personally involved deploying IPv6 on an enterprise
On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote:
Also, if a switch does not do MLD snooping, it will flood multicast to
all ports. You lose one of the major benefits of IPv6 multicast - less
admin traffic.
You need to spec new switches with IPv6 capability.
NDP multicast has
On Wed, 2013-01-30 at 06:41 +0200, Jussi Peltola wrote:
On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote:
Also, if a switch does not do MLD snooping, it will flood multicast to
all ports. You lose one of the major benefits of IPv6 multicast - less
admin traffic.
NDP multicast has
High density virtual machine setups can have 100 VMs per host. Each VM
has at least a link-local address and a routable address. This is 200
groups per port, 9600 per 48 port switch. This is a rather large amount
of state for what it's worth. If you have mld snooping on a switch
aggregating
- Original Message -
From: Pavel Dimow paveldi...@gmail.com
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
What I mean is that for example I want to start implementation of ipv6
in my enterprise according to mu
On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
Hi,
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
What I mean is that for example I want to start implementation of ipv6
in my enterprise
On Mon, Jan 28, 2013 at 7:27 PM, Eugeniu Patrascu eu...@imacandi.netwrote:
I thought about running pure IPv6 inside and do 6to4, but it's too
much of a headache,
Nice call (skipping 6to4)
not to mention that not all the internal equipment
knows about IPv6 - L2 switches, some terminal
On Sat, 26 Jan 2013 10:26:43 +0100, Pavel Dimow said:
Hi,
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
I wish I had taken notes when we actually did this last century.
pgpeb2r7wChr6.pgp
Description: PGP signature
Eugeniu Patrascu wrote:
On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
As being personally involved deploying IPv6 on an enterprise network,
here's how I did it (keeping in mind the fact that we have our own
ASN):
I suggest this be step 0
- get a /48 PI from
On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
- configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
Hopefully that did not included filtering ICMPv6? :)
On 1/28/2013 6:23 AM, Jay Ashworth wrote:
To paraphrase Guy L Steele:
If we are this far on into the new IPv6 world and that question is not
one which can be answered by a link on the first page of ghits for
'implementing IPv6', then the IPv6 people have blown it badly.
Can you show me the
On Jan 28, 2013, at 10:03 , Joe Maimon jmai...@ttec.com wrote:
Eugeniu Patrascu wrote:
On Sat, Jan 26, 2013 at 11:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
As being personally involved deploying IPv6 on an enterprise network,
here's how I did it (keeping in mind the fact that we
On 26 January 2013 17:38, Mark Andrews ma...@isc.org wrote:
As for breaking your LAN, if the applications take 60 seconds to
fallback to the other address they were already broken. Go complain
to your application vendor. Some vendors have already fixed this
problem with their applications.
On Sat, Jan 26, 2013 at 5:38 PM, Mark Andrews ma...@isc.org wrote:
In message
CAP-guGX01KLj2cG3ASmfXbmpxZ6j=i1b0dz++s4-w8uq_vy...@mail.gmail.com, William
Herrin writes:
In their infinite(simal) wisdom the architects of IPv6 determined that
a host configured with both a global scope IPv6
On 1/27/13 9:01 AM, Harald Koch wrote:
On 26 January 2013 17:38, Mark Andrews ma...@isc.org wrote:
As for breaking your LAN, if the applications take 60 seconds to
fallback to the other address they were already broken. Go complain
to your application vendor. Some vendors have already fixed
On 2013-01-26 09:41, Sander Steffann wrote:
after that I can start configure bgp with ISP.
No. *First* talk to your ISP, get address space (either from your ISP or
provider independent), make an addressing plan, configure your firewalls and
configure your back bone, then connect to your ISP,
On 2013-01-27 11:01, joel jaeggli wrote:
On 1/27/13 9:01 AM, Harald Koch wrote:
In the meantime, the network engineers struggling with this stuff need
workarounds (like the tuning parameters you and others have
mentioned).
Tunning dekstop operating systems is not the scalable side of
Subject: Re: IPV6 in enterprise best practices/white papaers Date: Sun, Jan 27,
2013 at 10:01:04AM -0800 Quoting joel jaeggli (joe...@bogus.com):
Tunning dekstop operating systems is not the scalable side of
enterprise network deployment.
No problem if it is a deployment. If it is the usual
Subject: Re: IPV6 in enterprise best practices/white papaers Date: Sun, Jan 27,
2013 at 12:31:37PM -0500 Quoting William Herrin (b...@herrin.us):
Right. On a each local machine you can often override the default
behavior. That default dynamically kicks in for all machines as soon
as there's
In message
capyk2_xonyrkqrlmjbvd26jscex5jdbjyqu3h_2sbbfvg3u...@mail.gmail.com, Harald
Koch writes:
On 26 January 2013 17:38, Mark Andrews ma...@isc.org wrote:
As for breaking your LAN, if the applications take 60 seconds to
fallback to the other address they were already broken. Go
On Sun, 2013-01-27 at 12:31 -0500, William Herrin wrote:
Right. On a each local machine you can often override the default
behavior. That default dynamically kicks in for all machines as soon
as there's an IPv6 router on the LAN. Configurable? Sort of. Realistic
solution to the cited problem?
Hi,
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
What I mean is that for example I want to start implementation of ipv6
in my enterprise according to mu knowledge so far
my first step is to create address plan, then
Hi,
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
Keep an eye on Deploy360: http://www.internetsociety.org/deploy360/ipv6/
What I mean is that for example I want to start implementation of ipv6
in my enterprise
On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
I can start to create
record and PTR recors in DNS and after that I should configure my
dhcp servers and after all has been done I can test ipv6 in LAN and
after that I can start configure bgp with ISP.
Is this
In principle, I agree with the EDGE-in approach.
However, if you need to do LAN before EDGE (e.g. DISA can't get you
connectivity but you need to make some progress) you need to block
queries from getting replies. BIND has a filter on IPv4 option that
helps here ... (just don't give
Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence as-is. ;)
Tnx once again to all.
On Sat, Jan 26, 2013 at 6:59 PM,
Op 26 jan 2013, om 18:47 heeft William Herrin het volgende geschreven:
On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
I can start to create
record and PTR recors in DNS and after that I should configure my
dhcp servers and after all has been done I can test
In message
CAP-guGX01KLj2cG3ASmfXbmpxZ6j=i1b0dz++s4-w8uq_vy...@mail.gmail.com, William
Herrin writes:
On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
I can start to create
record and PTR recors in DNS and after that I should configure my
dhcp servers and
49 matches
Mail list logo
