IPv6 and related work over the next month

We’ve a timeline of work for the IPv6 deployment for the next month which might be of interest to some and at the same time we’ve work updating the hardware and operating systems for certain core services. There’s other services that will also need to support IPv6 but I don’t want to plan at an operational level for much more than a month ahead since unexpected additional tasks tend to crop up and skew the dates.

In brief we’re enabling IPv6 to our server room and starting the first core service upgrades, in some cases mixing the migration in with a standard hardware/software refresh (where combining the tasks makes the migration simpler rather than harder). The dates reflect the weekly JANET at risk period for maintenance, Tuesday 7:00am-9:00am.

Date Project Work
7th September IPv6
  • Enabling IPv6 to first half of the OUCS server room
  • Make all networks team development hosts IPv6 enabled
14th September IPv6/Servers
  • Enabling IPv6 to the last half of the OUCS server room
  • Make ntp.oucs.ox.ac.uk accessible via IPv6
  • Make the webcache service accessible via IPv6
  • Migrate one authoritative and one resolver to new hardware/software
21st September IPv6
  • Make the comms.oucs.ox.ac.uk utilities website for IT support staff accessible via IPv6
28th September IPv6/Servers
  • Make authoritative and resolver DNS available via IPv6
  • Migrate network monitoring host (monitors services) to new hardware/software and IPv6 enable
5th October IPv6/Servers
  • Migrate database host to new hardware/software and IPv6 enable
12th October Servers
  • Migrate DHCP service to new hardware/software
19th October Servers
  • Migrate DNS master to new hardware/software
20th October and relax…
  • update the blog about what our IPv6 plans are for the next month

You might think that we could enable core services faster however the above is one persons work from a four man team – we will have normal duties and other projects underway during this period (the team manages 22 public services and about 13 internal services (physical network monitoring, telecoms integration etc).

The enabling of the first part of the OUCS server room this morning (and the background research/testing as well as the notes this section is based on) was done by another team member however the essential features are that we’re providing IPv6 to the server room with router advertisements disabled, meaning dual stacked servers run by other teams won’t suddenly obtain an IPv6 address automatically. We can get on and IPv6 enable our teams services with a statically configured address without disrupting others. The configuration on a cisco device looks like

ipv6 nd ra suppress
ipv6 nd prefix default 2592000 604800 no-autoconfig

The Cisco IPv6 command reference for nd is available online. In the example above ignore the numbers which are just defaults for valid-lifetime and preferred-lifetime in seconds (normally for a specific network prefix, which we do not need in this case) via router advertisement. The important part is the ‘suppress’ and ‘no-autoconfig’.

The first line tells the router that for ipv6 neighbour discovery it should suppress periodic router advertisements. The second line instructs the router that if asked it should tell the client not to use autoconfiguration for the network. In technical terms, when it gets a request from a client it will respond but in the Prefix Option (see RFC2461) the A-bit is cleared, meaning that the client must not use autoconfiguration for that prefix.

For further information see this c-nsp thread on RA/RS messages and also this other thread.

Posted in IPv6 | Comments Off on IPv6 and related work over the next month

Comments are closed.