[afnog] What are the major challenges in enabling Services to run on IPv6?

Noah noah at neo.co.tz
Tue Oct 28 19:35:11 UTC 2014


On Tue, Oct 28, 2014 at 9:00 PM, Geert Jan de Groot <
GeertJan.deGroot at xs4all.nl> wrote:

> On Mon, 27 Oct 2014 13:59:59 +0400 Kofi ANSA AKUFO wrote:
> > What are the major challenges in enabling Services to run on IPv6 in our
> > region?
>
> Let me try to shed some insight while typing this from a residential,
> native IPv4/IPv6 connection in the Netherlands. Not Africa, but I think
> there's still some lessons to learn.
>
> Setting up dual-stack webservices is easy, that has been done for 15 years
> or so.
> Techniques required for that are well understood and I won't elaborate
> here.
> The question, however, is how to make the services accessible to the users.
>
> My service provider, XS4all, started providing IPv6 connectivity in 2001
> or so,
> initially through IPv4 tunnels (I've IPv6-connected the AfNOG network in
> Kampala
> this way, for instance) and since a number of years natively.
> IPv6 is enabled by default so if you enroll as customer you automatically
> get IPv4 and IPv6.
>
> That road was not easy. Getting the core routers to talk IPv4 and IPv6 is
> easy enough (I'm pretty sure that most of the routers of the African ISP
> community *can* to IPv6, perhaps a config option, perhaps an image update
> but that's it). There were several challenges getting customers connected.
>
> One issue is that XS4all doesn't do local loops to consumer customers
> themselves,
> they depend on DSL loops from the incumbent provider and add their ISP
> service
> on top of it. These days, that service is PPPoE and it's easy to do IPv4
> and IPv6
> over this DSL pipeline. The old DSL network (which, I'm told, will be
> switched off
> before the end of the year) used PPPoA and could not do this. The old
> network is
> at least 15 years old now and even I have migrated away from it now.
>
> Another issue is the CPE. Many CPE's won't / can't do IPv6, and XS4all had
> to
> work together with one that does. The result is actually cool: XS4all got
> to
> create the specs for the IPv6 functionality (there are RIPE documents about
> 'IPv6 CPE requirements') and they are now using prefix delegation, the
> PPPoE segment runs numberless, and, from what I hear, the helpdesk is
> pretty
> quiet about the whole issue.
>
> One thing that the CPE does, by default, is add a diode (only outgoing
> connections,
> no incoming connections, by default). That does help a lot for poorly
> patched
> domestic windows PC's (we all know them!). Like with IPv4 NAT, is it
> possible to
> make holes in the diodes to allow connections to certain hosts/ports but
> the
> defaults are 'safe'
>
> I do know that XS4all spent a lot of time and effort to make this all
> 'right',
> but it's there now and I, for one, would not notice if IPv4 would shut down
> tomorrow as nearly everything I talk to is IPv6 capable now.
>
> The net result is that a. most XS4all residential customers do have IPv6
> (unless they manually switched it off or broke it), and b. new customers,
> by default, do have IPv6 as well. And there's hardly any additional effort
> - anymore - as the hard work was done years ago.
>
> I don't think the situation in Africa neccessary needs to be much different
> from here. Yes, you probably have braindead CPE's - we got those too.
> There are ill-advised 'reasons' not to do this - we got those too.
> But, ping6 works from here. Go figure!
>
> The architecture actually isn't bad. You can add more PPPoE sessions for
> closed networks (that's how IPtv apperently works, but I don't use it),
> or VoIP (as implemented by other ISP's using the same infrastructure),
> so there are other advantages.
>
> The key thing is to Just Do It and select your kit accordingly when you do.
>
>
++1 and a very good piece GJ.


> Geert Jan
>
> (and, for the record, I do worry about the current 'health issue'.
> My thoughts are with those affected, and I am hoping for more positive news
> from the continent!)
>

We all hope so...

Noah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20141028/9691cf54/attachment.html>


More information about the afnog mailing list