Network Connectivity Needs:
So now that we have the basics covered, lets get into the meat of why we started down this path. The hope was to have a network at home and a few machines at a local Service Provider here in Austin TX called Core Nap. The reason I like them is that they are small very responsive and were able to give me an IPv6 /56 block to play with, at a very affordable price.
The main things I wanted connectivity to were Active Directory servers in both locations to be able to sync and for the IP Phones at home to connect to the PBX at the Service Provider. At home I am using Time Warner Cable with no access to IPv6 and a non permanent DHCP address for Internet access. At the Service Provider I had a IPv4 block and a /56 IPv6 block.
To address the issue of Active Directory syncing through a double NAT I decided that the best way to get around it was to create a site to site VPN that routed both my IPv4 and IPv6 traffic and avoided the opening of firewall ports to the Internet. In the process I also avoided opening the firewall to allow for SIP connections from the house to the Service Provider and back. The end result was my network looked like this:
- IPv6 And IPv4 networking
The firewalls I used were my favorite full featured (free for home use) Astaro Security Gateways (ASG). The ASG is fully featured security device and not just a basic firewall. What I liked about the ASG 8.0.2 was the fact that it handled all my IPv6 and IPv4 needs. I could configure its interfaces with both IPv4 and IPv6 addresses and it would do IPv6 Prefix Announcement for each network segment. I chose to use static IPv6 addresses for my servers so that I could use simple IPv6 address such as 2001:DB8:10:301::6 as opposed to 2001:DB8:10:301:20c:29ff:feab:d5de that the machine would have auto configure.
I chose to use the Active Directory based DNS servers to perform internal DNS and registered all internal IP address in DNS to make my life easier. Next step is to get CoreNap to delegate my /56 to me so I can do my own DNS for the reverse lookups.
For External DNS I chose to use the services of my Domain Name Registrer GoDaddy. They now have a really slick interface for managing and maintaing DNS entries and even give you 100 DNS entries per domain for free to boot.
After all this work, one thing I quickly realized was that there was a dire shortage of IPv6 sites to be visited out there. I ended up having to re-enable IPv4 on my laptop to get anything done outside my network. Internally I could get to all my machines using native IPv6. I found that applications like Google Chrome default to IPv6 addresses if they are available. Maybe a lot of other apps that are IPv6 capable probably do the same too, which way cool. I had no issue with Linux, OS X, and even Windows 7 and their ability, onc configured, to play nice in an IPv6 environment. This is said based on my casual use and not some extensive compatibility tests.
Testing Tools:
Once you have everything configured and are ready to start testing the first thing you should try hitting is ipv6.google.com or www.borgcube.com. If you do not get any of these to work, you might have some configuration issues. First thing to try is see if you can traceroute to one of the sites. Note that currently with Linux and OS X you have to use traceroute6 and ping6 to do ICMP based tests.
That is about it. Not really much in terms of architectural differences between implementing an IPv4 and IPv6 based infrastructure, obviously other than the issues surrounding IPv6 address assignment and maintenance.
This being my first foray into IPv6 I am sure there are some easier ways to do things and I would love to hear from all of you out there with some good ideas. I plan on exploring some of the more advanced IPv6 features like IPSec and mobility without address changes. I promise to share my findings when I get round to trying these out.