Comment by kuon

Comment by kuon 19 hours ago

About two years ago, when we deployed our datacenter, I insisted for IPv6 first.

All out management network is IPv6 only, all kvm, switches, routers...

It was a pain and gives nearly no practical advantage (at the time), but the motivation was to make everyone "intimate" with IPv6. We learned a lot and we even discovered some implementation bugs (for example, Cisco default link local address is not /64 and this is not compliant with more recent RFC and will make them unable to communicate with BSD systems).

Now we have IPv6 everywhere and everybody from dev to sysadmin is aware of IPv6 and we start to see some real advantages. VPN are easier to manage, routing is easier, firewall is easier, clustering, failover... everything is "cleaner".

We still have IPv4 (dual stack) on some servers, but about 80% of them are IPv6 only with DNS64/NAT64.

api 18 hours ago

It's obvious that a major reason more people don't do this is a lack of instant payoff.

Reply View 4 replies

freedomben 14 hours ago

Indeed, but also not everyone gets the payoff that GP did. We did IPv6 only and abandoned it after a while because there were some show-stoppers in our cloud provider that didn't work (at the time, this was a few years ago). It ended up being a good investment in the two people spearheading the work, but otherwise was a waste of time/money.

Reply View | 0 replies
bravetraveler 17 hours ago

Same applies for directory services, configuration management, etc. Eating vegetables

Reply View | 2 replies
- Gud 6 hours ago
  
  All those give me a clear advantage in the long run. What’s the advantage for me with ipv6?
  
  Reply View | 1 reply
  
  bravetraveler 2 hours ago
  
  I don't know you as well as I should :) I should say I'm not that interested in selling something that is both free and 'politically' loaded.
  People have made up their minds, they'll pick it up or they won't. No "skin off my teeth" at all. Implementation details matter to those who care. They have their reasons, I'm not one to question them.
  One of the things I like about v6 is it allows us to give up the charade or vanity of addressing. At least minify it. One can define classes of networks and simply identify hosts by MAC (or FQDN assuming an AAAA record).
  I already have to tote that information around to configure them. Having a v4 address can be seen as duplicating the role of identity, while risking conflict. Outright removal of v4 may offer benefits in some scenarios.
  Now... 'conflict' is how BGP anycast literally works. Two or more hosts announce the same location. There are perfectly valid reasons to still use v4, neither precludes the other.
  
  Reply View | 0 replies

BonoboIO 19 hours ago

Why is it now easier to manage?

Reply View 2 replies

JackSlateur 16 hours ago

No translation, no subnet allocation issue (because no scarcity), global reachability from everybody to everybody (as internet was meant to be), no overlap (because no RFC1918)
The world is much easier when everybody has its own identity.

Reply View | 0 replies
simoncion 18 hours ago

I'm not the OP, but I expect VPNs are easier to manage because you don't have to worry about slicing up the very, very limited IPv4 non-public space and puzzling out how to resolve addressing collisions between all of the various networks you have to manage. With IPv6 you can just calculate a /48 ULA prefix and allocate /64s for your VPNs (and every other internal network) out of that. If ever you run out of room, just calculate another /48 and carry on... easy!

Reply View | 0 replies

BartjeD 18 hours ago

You are a shining example!

Reply View 0 replies

NewJazz 19 hours ago

What do you use for a NAT64 gateway?

Reply View 1 reply

zamadatix 19 hours ago

Not GP but in similar setups I've had good success with using the FWs (typically Fortinet or Palo Alto) as the NAT64 gateway. Hosted services that require 1:1 NATs also end up there anyways so it's a good fit for DC.

Reply View | 0 replies