Saturday, October 29, 2016

Getting DHCPv6 delegation working

...or "How I learned to make friends with duct tape"

Last week I wrote about not being able to route delegated prefixes as none of the servers seemed to have functionality to update the routing table. Shortly after tweeting this, a colleague replied with a way forward. In case Twitter's memory goes a bit hazy, I'll recap here:

Wednesday, October 19, 2016

FAIL: Serving prefixes with DHCPv6-PD

I've been wanting to update the lab for some time so people can bring in their routers to simulate what they'll be seeing at home. This would also allow us to mock things up for ourselves without tearing apart our home networks. For now, this means DHCPv6-PD (Prefix Delegation) as that is what many ISPs are deploying. I finally got some time last weekend to start updating the lab. Sadly, I couldn't get it to work.

To delegate a prefix to downstream, a DHCPv6 server must allocate a free prefix from its pool and then update the router configuration with the new target for that prefix. In our case, the DHCPv6 server and the router are the same machine, so no crazy remote updating is needed. We're running ISC DHCPd at the moment. It turns out, there is no way to update the routing table with this software. Someone has already tried to do this! In our case the IPv6 prefix is static, so there was no need to get a dynamic prefix from upstream. However, the crux of the problem is that while ISC makes hook scripts available for the events, they don't provide the target address to create the route. The linked article was written two years ago. I can find no evidence that anything has changed in that time. If someone out there has gotten this to work with existing software that I haven't found, please let me know.

Thursday, October 13, 2016

All Things Open 2016 - IPv6 enabled sponsors

An interesting exercise for a technical event is to see how many of its sponsors have IPv6 enabled. I have attended All Things Open (who itself enabled IPv6 on their site via CloudFlare) since its inception three years ago and will be doing so again in two weeks, so I decided to perform this exercise. The parameters are simple: Is there an AAAA record on the webserver for the sponsor URL provided? Rather than list the resulting table for all of the sponsors, I will only list those who are enabled.

SponsorHost
RedHatAkamai
CenturyLink BusinessSelf
CoreOSCloudFlare
OpenNMSDigitalOcean
PendoGoogle
MozillaCloudFlare
elasticAmazon (legacy)

Of 46 total sponsors, only 6 have IPv6 enabled on their website, or approximately 13%. It should also be noted that this does not indicate whether these companies have IPv6 support in their product, only that they've cleared the simple hurdle of enabling it for their website.

Particularly interesting here is the one site that is hosted on Amazon. Their site is hosted on a legacy load balancer, which new accounts (VPC) cannot use. I am somewhat hopeful that more Amazon hosted sites will begin to leverage the recently announced IPv6 on CloudFront in the near future.

I plan to continue to meet with folk at these sorts of events and explain the benefits of IPv6 for their projects and the future of the Internet. Hopefully next year's numbers will be much improved.