Suitable 'device' for IPv6 gateway in large company?
Shadow Hawkins on Friday, 19 June 2015 03:27:47
What is the best way to establish an IPv6 tunnel to one of the Sixxs PoPs, in a corporate environment? In the setup that we have, there is the service provider's hardware, followed by a Cisco router and then a Juniper firewall. This firewall is IPv6 capable. I was thinking of adding the 'device' on the DMZ side of the firewall, but I am not sure what the best device would be in a corporate environment? Since a Raspberry Pi is capable in a home environment, I am wondering whether a similarly capable device exists, but corporate friendly?
This work is being done in my company's 'lab' environment (for testing new technology to be deployed in the firm), where the setup mirrors the equivalent setup used by the company outside the lab, but in a 'safe' environment such as not to break the company's means to carry out normal business. I am new to working with corporate grade networking hardware, so I am a bit lost trying to convert lessons from home to there. One of the requirements would likely be the networking and device management be separate (the latter could be via kvm).
Suitable 'device' for IPv6 gateway in large company?
Jeroen Massar on Friday, 19 June 2015 08:59:28 What is the best way to establish an IPv6 tunnel to one of the Sixxs PoPs, in a corporate environment?
Your subject is 'large company' and here you also reinforce that with 'corporate'.
As it is 2015, you should be requesting native IPv6 from your Internet providers.
If they do not have it, dump them. It is 2015, they have known about this coming for over a decade, hence they are not thinking in the customer's interest.
Note also that SixXS does not provide any kind of SLA, hence, if stuff breaks, you would have broken IPv6 which will hurt your company. Thus while one can of course use it, we recommend everybody (all users, not only companies) to search for native IPv6 where possible.
SixXS won't be around forever...
That said...
followed by a Cisco router and then a Juniper firewall.
Both of these should be able to terminate a standard static proto-41 tunnel.
The Cisco can even do heartbeat tunnels.
Terminating a tunnel, which effectively is just a 'link' (tunnel, dsl, cable, fiber, no real difference there), on the router makes sense.
Since a Raspberry Pi is capable in a home environment, I am wondering whether a similarly capable device exists, but corporate friendly?
You got a Cisco. What model? These things typically do IPv6 quite fine. Original IPng.nl (predecessor of SixXS, the nlams02 PoP) was running of a Cisco 25xx series.
This work is being done in my company's 'lab' environment [...]
Ah, that changes the first part. For labbing using a tunnel is a good thing. Though still, ask for native as you'll need to go there one day anyway.
I am new to working with corporate grade networking hardware,
If you can list the toys (brand / model) you have in your lab you'll find likely that many of these have IPv6 support. If they do not, yell hard at the vendor.
Suitable 'device' for IPv6 gateway in large company?
Shadow Hawkins on Friday, 19 June 2015 15:46:03
Thanks Joroen.
The main issue we have in Canada is that the main service providers don't do IPv6 and Bell is in an odd state (they don't provide IPv6 for non-dedicated and for dedicate they provide you connectivity on the condition you have your own IPv6 block). As a company we also need to work with a 'approved' vendors. We are pushing to have IPv6 in our lab, so we can get management thinking about the technology, even if our providers are
In the Lab all the equipment can do IPv6, but the missing part of the puzzle is the IPv6 tunnel establishment. The hardware we have:
- Cisco 1921 (Router)
- Juniper SSG520G (Firewall)
- Cisco 3560X (Switch)
If you have any information on how to achieve an IPv6 tunnel, using the Cisco 1921 router, to one of the Sixxs PoPs, this would be appreciated.
BTW Just to confirm the IPv6 situation in Canada, last I looked there were no Sixxs PoPs in Canada. Videotron in Quebec does provide IPv6 for home use (via 6RD), but when I tried finding out about corporate use the answer became a bit murky, making me uncomfortable about relying on them and making the effort to bring them on an an approved vendor.
Suitable 'device' for IPv6 gateway in large company?
Jeroen Massar on Monday, 22 June 2015 06:13:12 In the Lab all the equipment can do IPv6, but the missing part of the puzzle is the IPv6 tunnel establishment. The hardware we have:
Both the 1921 and the SSG520G should be able to terminate a static tunnel.
The 1921 is standard IOS, thus see the FAQ, ScreenOS is listed in the Wiki.
BTW Just to confirm the IPv6 situation in Canada, last I looked there were no Sixxs PoPs in Canada.
Because no ISP has offered one.
Videotron in Quebec does provide IPv6 for home use (via 6RD), but when I tried finding out about corporate use the answer became a bit murky, making me uncomfortable about relying on them and making the effort to bring them on an an approved vendor.
For 6RD one cannot guarantee performance as it is a shared solution, hence why they likely don't want to terminate business customers.
Next to that one typically has a dynamic prefix with 6rd, which is also something folks do not want.
Posting is only allowed when you are logged in. |