On Sun, Dec 5, 2010 at 6:50 AM, Rudi Ahlers <Rudi at softdux.com> wrote: > Seeing as IPV4 is near it's end of life > (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm), > I'm curios as who know whether everyone is ready for the changeover to > IPV6? > > Is anyone using it in production already, and what are your experiences with it? > > -- > Kind Regards > Rudi Ahlers > SoftDux > > Website: http://www.SoftDux.com > Technical Blog: http://Blog.SoftDux.com > Office: 087 805 9573 > Cell: 082 554 7532 I've been using IPv6 with Vyatta through a tunnel broker (he.net). I'm running a dual stack configuration and have a few websites enabled. I have been holding off my email as Zimbra isn't fully compliant. The other holdup is that ISPs, like Verizon FIOS, aren't supporting it. I called Verizon FIOS's business support line and when I asked about obtaining a IPVv6 /64 or /48, he asked me what IPv6 was. For now the tunnel broker is great, but it adds complexity and there is no SLA. What bothers me about IPv6 is that they used : to separate the address portions. This makes extra work to go directly to the IP in a browser, configure Apache, etc as it has to be put in []. You also can't browse IPv6 network shares by IP. At least in Windows you have to replace : with - and append . ipv6-literal.net Stateless auto configuration works great, but I don't use it on my servers. The address becomes too long to keep track of so I have manually configured them. It looks like most sites supporting IPv6 have done the same. With stateless configuration on the clients I loose the dynamic DNS that DHCP provides. The DHCP6 server on CentOS 5.5 doesn't support dynamic DNS updates either. I use it to only hand out the DNS server address. CentOS 6 will come with the ISC DHCPv6 server that will support dynamic DNS. When that happens I plan to switch over to DHCP entirely so DNS will be updated. It is really annoying to see last login by some random IPv6 address on my CentOS boxes. It is great to see that NAT is gone. No more UPnP or NAT port mapping nonsense. On my Vyatta box I have just blocked all incoming IPv6 traffic that is no established or related. I think allowed only ICMP echo request to any IPv6 address and ports for my servers. This makes it just as secure as IPv4 with NAT. The other issue I foresee is all the Windows XP users. Windows XP doesn't support a native IPv6 implementation. It can only query DNS through IPv4. Microsoft needs to pull the plug on Windows XP. Although running IPv6 only is a few if not more years away. Ryan