IPv6 in the Industry

IPv6 Security – Server Operating Systems

The DoD has done an excellent job in annotating the best security practices for operating systems for years with its Security Technical Implementation Guides, or STIGs.  In fact, STIGs for networking systems like routers, IDS/IPS, switches, devices, etc have been updated to reflect the new reality: IPv6.  However, with STIGs on the operating system there […]

Tachyon Dynamics Speaking on IPv6 NFV at the North American IPv6 Summit

Tomorrow, our very own Jeremy Duncan will be speaking on “IPv6 Best Practices in Network Functions Virtualization (NFV) with Vmware NSX,” tomorrow around 11:10 am MDT.  We are also here in the Denver Tech Center, so come on by and let’s talk!  We have a booth right in front of the main conference room. If […]

IPv6 Whitebox Networking Presentation

We had a great time at the North American IPv6 Summit last week.  I recommend everyone check out the virtual downloads and sessions, as there was so much great content this year.  Most of this year’s excitement is how IPv6 intersects with things like Software Defined Networking (SDN), OpenStack, Whitebox networking, and Network Functions Virtualization […]

DNS: Back to Basics for Network Engineers

Speaking with quite a few network engineers in the last few months, I was shocked by the lack of real understanding of the Domain Naming System (DNS).  It shocked me because it is the singular application functionality that is entirely network-based.  Meaning that DNS is the foundation of the Internet, and from their perspective, should […]

Authentication for OSPFv3 Address Family support in IOS-XE? Think again

Bottom line up front: Cisco has a broken implementation of OSPFv3 authentication. This story begins like many do with network engineers trying to do their best in implementing IPv6 after a thorough and exhaustive engineering exercise.  Cisco’s Aggregation Services Router (ASR) routing platform running IOS-XE, starting with version 3.1.0 until the most recent  3.09.02 S, […]

The Urgency Behind IPv6

A couple of my buddies Shannon McFarland (Cisco) and Ed Horley (Groupware) did a great short video with Jeff Doyle (TCP/IP legend) on the urgency behind IPv6 in the service provider and the enterprise space.  Enjoy! [youtuber youtube=’http://www.youtube.com/watch?v=oq0RxI1p6zc’] Also located in Ed’s post here: http://www.howfunky.com/2013/07/enterprise-ipv6-video-with-jeff-doyle.html Check out Ed’s blog for some great IPv6 deployment tips […]

Nexus 7000 IPv6 Configuration Pitfalls

I have recently started working in a datacenter configuring quite a few Nexus 7000 series switches to act mainly as datacenter access switches – mainly making use of the popular features of Virtual Device Contexts (VDCs) and Virtual Port-Channels (vPCs).  Well, IPv6 is a key part of the network environment. So for the last week, […]

2012 US Government IPv6 Mandate: The Day of Reckoning

Well, today is the day, or the last day I should say.  At midnight tonight, the US Government will have shut the books on yet another Fiscal Year.  Although, it’s not finances that has the technology industry glued to government tech news; it’s IPv6 adoption.  By the end of FY 2012, the entire US Government […]

Cisco IPv6 IOS Hardening – DoD Style

***Updated on 14 May 2014 – regarding NET-IPv6-022, See below*** Thousands of network engineers in the DoD out there looking at implementing IPv6 now have to address a few Security and Technical Implementation Guidance (STIG) items that they used to just annotate as “Not Applicable – NA.”  Now, IPv6 security is important.  If you are […]

Why 802.1x is Not Enough: How to Implement SeND – Part 2

Last month I presented the case as to why 802.1x authentication is not enough for local network (wired or wireless) security (go back here to read).  In this post I will present an alternative: IPv6 Secure Neighbor Discovery (SeND).  If you have an IPv6 enterprise, small IPv6 deployment, or a little IPv6 lab then pay […]

World IPv6 Launch: One Week Out

One week ago today (6 June 2012), the Internet Society (ISOC) led the charge on a voluntary initiative called World IPv6 Launch.  Participating in this event were: five home router vendors, 77 Internet Service Providers, and 3,013 websites.  By signing up as a website or ISP, you were committing to enabling IPv6 on your network […]

US Government IPv6 Enablement – 4-month Status Check

Well, it is now roughly four months until the U.S. Federal Government is supposed to have its publicly-facing network services enabled for IPv6 by 30 September 2012 according to the White House directive in 2010.  More specifically: Upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc) to operationally use native IPv6 […]

Facebook is IPv6-enabled now – without a whitelist

UPDATE 22 May 2012 It looks as though Facebook is now 100% IPv6-enabled, without white-list filtering!  See the dig below: The Updated Dig mylaptop:~$ dig @ AAAA www.facebook.com ; <<>> DiG 9.8.1-P1 <<>> @ AAAA www.facebook.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36329 […]

Regional IPv6 Week

      6 – 12 February 2012, is Brazil’s Regional IPv6 Week (#ipv6week).  Similar to World IPv6 Day, but it is meant to focus on Latin America’s support for websites to service providers.  We (Tachyon Dynamics) are also a website participant (number 16). The site includes a dashboard that indicates each organizations status of IPv6 reachable and […]

IPv6 RA Guard Implementation Advice

Bravo to Fernando Gont for getting out a great Internet Draft (soon-to-be RFC) on the Implementation Advice on IPv6 Router Advertisement (RA) Guard.  This has been one of the open, gaping wounds in the side of IPv6 enterprise deployment for years.  In fact, many of us in the IPv6 and IPv6 security fields love to […]

IPv6 IPsec – Reviving the Debate

John Spence from Nephos6 had a great article discussing IPsec and its place in the newest draft of the IPv6 Node Requirements RFC.  They offer a good opinion and perspective of the current state of the industry on IPv6 adoption, and how vendors (especially of small appliances) feel about adding IPsec to their IPv6 stack.  The […]

World IPv6 Day, what did we really learn?

On 8 June 2011, over 400 organizations from around the world participated in a global IPv6 functionality test.  The question is what did we learn? What did we gain? Simply put: the IPv6 “boogie monster” doesn’t exist.  IPv6 works, and works very well.  client-side/residential adoption rates are still very low.  However (as seen below), the amount of […]

World IPv6 Day, T-21 Hours

Tomorrow, at 8:00 pm (12:00 am GMT), World IPv6 Day begins.  Here’s what to expect: All of your favorite websites should still be accessible (Google, Facebook, Yahoo, etc) If you are so inclined to sniff your traffic you should see a huge explosion of IPv6 on your network.  If you don’t see this, then maybe […]