Collected thoughts on IPv6

So at 14:30 today (3/2/11) the IPv4 unicast address space was declared fully depleted.

ARIN (@TeamARIN), the body in charge of US Internet regulation released the blog post linked below.

Their post links to the summary of the event that occurred earlier today. It also contains links for an IPv6 specific wiki.
Their recommendation is that you incorporate IPv6 support into your existing network infrastructure as soon as possible, be it through native or translation methods.

The only ISP's in Ireland that support native IPv6 at the moment are Airwire and HEANet. (See warning about ISP provided IPv6 addressing below)

The easiest method is to register with a "6to4" or Teredo provider. This allows you to create a tunnel that encapsulates an IPv6 packet within an IPv4 packet. This IPv6-in-IPv4 packet is then relayed to a Teredo server/relay which forwards your request into the IPv6 address space.

6to4 is used if you are implementing IPv6 support on a device that has a public IPv4 address, like a router.

Teredo is used for client devices, i.e. laptops!

Examples of Teredo/6to4 providers are:

Registration with a provider is generally free.
From an Irish point-of-view, I suggest registering with SIXXS. Their Irish node is hosted by HEANet in Dublin.

Configuring IPv6 on a Cisco CPE Device ::

You don't need a Cisco device to get IPv6 support. I just thought this was interesting!!

I found this blog post that deals with configuring a LAN for IPv6 access using a tunnel mechanism. The author of the blog has no native IPv6 support.
He also deals with configuring the stateful firewall on the device. As far as I can tell the firewall is allowing outgoing TCP, UDP, ICMP and FTP. It is blocking everything but SSH access to a specific IPv6 network prefix. I may be wrong though! I haven't studied the IOS firewall yet!

The device in question is a Cisco 877 Integrated Services router.

Cisco web page for the 877 --
If you want to buy said device --

Disadvantages of 6to4 / Teredo ::

Teredo can be blocked by some types of NAT. It's blocked in the college for instance! It's also UDP traffic, so don't be surprised if it's not as reliable as what you're used to!

IPv6 currently has no provision for NAT64 or NAT66 so any globally routable IPv6 address you get will be fully exposed to attack. A firewall is necessary otherwise it'll be as if you were on a DMZ. Some details on IPv6 capable Firewalls are contained in ARIN's IPv6 Wiki which can be found at the link above.

A warning against ISP provided IPv6 Addressing ::

Greg Ferro, (@etherealmind) a CCIE based mainly in the UK, wrote a blog post on the topic of why ISP provided IPv6 might be a bad thing! It deserves a read. It illustrates some very important issues that will need consideration if you change ISP in the future!


Enjoy the wall of text
Forgive the Wikipedia links. It's convenient and it is quite late at night! :-D