1. October 3, 2011EITC 2010, @Penn State1 IPv6 The Saga Continues Dave Funk EITC, October 2011

2. October 3, 2011EITC 2011 @Penn State2 World IPv6 Day, June 8, 2011 Lessons learned http://www.worldipv6day.org

3. October 3, 2011EITC 2011 @Penn State3 According to: “The Register” World IPv6 Day fails to kill the Internet http://www.theregister.co.uk/2011/06/09/ipv6_fails_to_kill Publicity stunt over, now the work begins

4. October 3, 2011EITC 2011 @Penn State4 In for a Penny, in for a Pound Pick the services to offer then do the full kit For each interface doing v6, provide full-circle DNS

5. October 3, 2011EITC 2011 @Penn State5 Need things such as AAAA records in SPF/DKIM mail IN A 128.255.18.25 ; IN AAAA 2620:0:e50:7016::80ff:1219 IN TXT "v=spf1 +a +ip6:2620:0:e50:7016::80ff:1219 -all" IN MX 10 mail-gw.icaen.uiowa.edu.

6. October 3, 2011EITC 2011 @Penn State6 Every place you have an IPv4 address, need corresponding IPv6 address Sendmail conf files Sendmail access file Samaba config files etc

7. October 3, 2011EITC 2011 @Penn State7 IPv6 firewall is hard to do correctly even Microsoft makes mistakes FE80::/9 isn't same as FE80::/64

8. October 3, 2011EITC 2011 @Penn State8 When making configs & firewalls beware of unexpected packet flows EG: global-scope -> local-scope connection: Source addr: [2620:0:e50:7016::80ff:1219] -> [fe80::2]

9. October 3, 2011EITC 2011 @Penn State9 Don’t SLAC servers SLAC is OK for clients but servers should have fixed dependable addresses. (even with DDNS). clients may cache server addresses and when they change will cause problems. (Altiris server issue)

10. October 3, 2011EITC 2011 @Penn State10 IPv6 what services? Clients infrastructure (DNS, router, etc) Any server that remote clients directly connect to Incoming mail MX (?, whole debate here)