23 March 2012

Firewalling IPv6

Basic firewalling of IPv6 isn't a whole lot different to how we managed firewalls for IPv4.

19 March 2012

DHCP is required for Internode Native IPv6

Part of the way Internode have setup their internal network means that you must use DHCPv6 on your gateway to request prefix delegation, even if you have a static assignment.

From discussions with Internode staff, the DHCPv6 PD request notifies their routing systems "where" you are. Unless you do this, your IPv6 traffic will be aggregate routed to a null route in Los Angles (LAX).

Cisco default null route of IPv6

Upstream IPv6 connectivity comes to our network as Native IPv6 from ISP Internode, via a Cisco 887 router.

While installing the Cisco 887, I came across a bug in the IPv6 support of Cisco IOS and the way it handles DHCPv6 and null-routes vs static routes.

Windows 2008 R2 obtains address via DHCP, but is configured with Static Address

We currently have 3 Windows servers in our organization:
  1. Legacy 2003 Domain Controller ear-marked for retirement (not part of my IPv6 implementation).
  2. Windows 2008 R2 Domain Controller (FSMO Master)
  3. Windows 2008 R2 Application Server
Server #3 above recently had some interesting addressing issues with IPv6.

Introduction

I am the ICT Manager for a "small" manufacturing business (approx $100m annual revenue) in Australia.

I am also the entire ICT Department so my daily tasks range from printer jams and "I lost this document" to Systems Security and Strategic Planning for our ICT resources.

One aspect of company ICT direction is implementing a full IPv4/IPv6 dual-stack layer. I thought it would be useful to myself, and hopefully to others, to document the progress, problems and solutions as I go.