[nycbug-talk] upcoming IPv6 meeting

Miles Nordin carton at Ivy.NET
Mon Sep 17 16:47:25 EDT 2007


>>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:

    il> *practical* parts of IPv6 deployment,

As for how to get a good no-bullshit tunnel even if you're willing to
pay, I still don't have an answer here, unless you have some kind of
lucky inside connection.  I've gotten a tunnel from a friend at a
small ISP who has some Hurricane Electric transit.  he.net doesn't
seem to be nearly as bad as they used to be (not so much
NYC->Europe->Japan->California problems), so if you can talk them into
selling you a colocation in New York you may be all set.

The mrmcd110b conference had IPv6 which I helped set up.  It was
delivered natively on gigabit Ethernet over SMF from friends at MANDA,
the Metropolitan Area Network of Darmstadt.  There was Juniper on
MANDA's end and FreeBSD on our end.  The primary problem here is the
same one I have at home: it's not affordable to route a gigabit of
IPv6.  It's possible to get gigabit L2 and L3 switches which are
affordable, even some old fairly good ones---for example I've bought
an Extreme Alpine which is not perfect (everyone hates its CLI and I
suspect it may be flow-based routing not true longest-prefix
matching), but still it's really pretty good and will do BGP and OSPF
and QoS.  But these are all v4-only!  For v6, AFAICT so far only Cisco
and Juniper can do it, which isn't cheap.  Extreme is still routing v6
in software (!!)  even on their latest currently-shipping XOS
switches.  I don't know if Foundry even has a complete v6 stack
(including OSPFv3 for example) at all.  so you are easily talking
$10,000 for something proper that can do >1Gbit/s of L3 IPv6.

The answer at mrmcd and at home was to use PeeCees, and this just
sucks.  They have lots of jitter compared to real switches, and the
QoS is absent or not working, and the realistic performance even with
FreeBSD polling(4) is almost two orders of magnitude less than my
Extreme Alpine's v4 capability which has a 64Gbit/s backplane.

Cisco is doing fairly well with working and relatively complete v6
support in even old, cheap, slow devices (1605, 1720, 3620 all working
fine), and first-class support on the 6500 with hardware switching,
hardware ACL's, QoS classification on L4 of IPv6, all that (although
one guy has told me running it there is ``still scary'' because of
possible crashes or Pings of Death or some such).

However even though they are better than many of their competitors,
still I don't know if Cisco's IPsec stack is supporting v6, or if PIX
supports it---i suspect ``no'' or ``not well.''  in comparison, BSD PF
does support it and works well.  'racoon' is supposed to support it,
but I haven't tried.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20070917/f8379254/attachment.bin>


More information about the talk mailing list