[afnog] IPv6 Native Mass Market Deployment arrives in Kenya!

Fri Aug 12 12:44:28 UTC 2016

On 12/Aug/16 12:32, Andrew Alston wrote:

>  
>
> Firstly, we by default allocate a /48 per customer.  We do this
> because I strongly subscribe to the belief that if there is a
> possibility that someone may want to subnet, they should get at
> minimum a /56, and if they are an enterprise, a /48 is kinda bare
> minimum.  It was therefore simply easier to stick to a single prefix
> length size and go /48 all the way.
>

That's reasonable.

We still do the /56 or /48 thing based on customer type, but everyone
has their style, provided the customer is able to create multiple
subnets within their networking environment, i.e., don't assign /64's or
/128's to customers, in the name of all that is sweet and holy.

>  
>
> The next issue was, enabling the SLAAC to the customer (since that
> only works on /64s), and to do this, we’re pushing config to the CPE’s
> that takes a /64 out of the /48 that’s routed and automagically puts
> it on the LAN interface with SLAAC enabled.  This works perfectly with
> the CPE’s we are using, and we’re testing it with other CPE’s to have
> more variety of choice of CPE as well. 
>
>  
>
> Sadly, the CPE’s we’ve seen did NOT do this straight out of the box so
> we have to push a config on installation when a new customer connects.
>

The CPE's are not DHCP-PD friendy?

>  
>
> The next biggest issue was customers who for some bizarre reason
> wanted to run CPE’s behind the CPE’s supplied (effectively doing
> dual-NAT on the v4), and if those don’t support v6 or aren’t
> configured for it, there isn’t a huge amount we can do.
>

Yes. You do get some customers who have had their CPE for a long time,
and run the ISP-supplied CPE in Bridge mode. You're right, if the
customer's own CPE does not support IPv6, or is not fully compliant with
your BNG and back-end systems, you can't do much about that.

The point is you have provided the support, and if they upgrade their
CPE software, change their CPE or dump it and use the CPE you have
supplied, they will be golden. No one can ask more of you than that :-).

For the BNG-to-CPE point-to-point connection, did you go for
DHCPv6-IA_NA or ND/RA?

>  
>
> With regards to actual machines picking up the v6 where the above
> scenario isn’t happening, zero problems, and we’re actively seeing a
> large number of V6 DNS requests to our DNS servers coming from the
> customers and we’ve seen a massive increase in our V6 traffic levels
> since enabling this – so we know for a fact customers are actually
> using the v6 in fairly large volumes.  In particular I see a LOT of v6
> to Google, Facebook, Amazon AWS, and various other sites.
>

This is great.

Of course, things will always be better if customers are running as
current an OS release as possible, as Happy Eyeballs and IPv6 will
generally be better-supported out of the box in that code.

>  
>
> So far so good though, but we’re constantly monitoring and hopefully
> in the next few weeks once we have collected a lot more statistics
> I’ll be able to share those as well.
>

Well done.

Beer is in order for more war stories in the coming months :-).

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160812/2cd482ae/attachment-0001.html>