Dispatches from the Front: Deploying IPv6 Internally

Share On Facebook
Share On Twitter
Share On Linkedin

Last month, Infoblox began deployment of IPv6 on our internal networks. We’ve supported IPv6 on our web server and name servers since World IPv6 Day in 2011, but we’d held off on the implementation of IPv6 on internal networks until now. I thought those of you considering an internal IPv6 deployment might appreciate a few of our war stories, while the rest of you might get a chuckle or two from our mishaps. Here’s our first story – a cliffhanger!

On a test IPv6 subnet, with statically configured IPv6 addresses, our Macs had no trouble querying a recursive name server over IPv6. Likewise our Dells running Windows 7 had no problem. But our Lenovo ThinkPads running Windows 7 couldn’t resolve domain names over IPv6 using said name server.

There’s a firewall between the test IPv6 subnet and the recursive name server, but it was (only temporarily!) configured to pass all IPv6 traffic. According to the firewall’s logs, the Lenovos weren’t even sending DNS queries.

Later, we started up a DHCPv6 server for the test IPv6 subnet. Again, the Macs had no trouble, nor did the Dells: They were able to get IPv6 addresses using DHCPv6. And once again, the Lenovos had a problem: They couldn’t get IPv6 addresses using DHCPv6. In fact, our network traces showed that they weren’t even trying: We saw no DHCPv6 traffic from them. This despite an IPv6 network configuration that looked identical to that on the Dells.

There followed a period of finger-pointing and subsequent reconfiguration: Why was Teredo on? Disable it. No change. Could a device driver specific to the Lenovos cause the problem? Try another NIC. No change.

There was one very odd development: We found the Lenovos would successfully get an address from DHCPv6 if they were connected to the test IPv6 subnet via a hub rather than directly to the switch. (Honestly, though, I still don’t understand why this was, so don’t get hung up on it.)

We did finally determine the cause of the problem. Once it was addressed, the Lenovos were able to get addresses via DHCPv6 and resolve names over IPv6. Any ideas what it was? Submit your guess in the comments. If you’re the first to guess correctly, I’ll send you an Infoblox “Getting Connected Using IPv6” poster, autographed by the whole Center of Excellence team (and thus rendered only slightly less valuable than if it weren’t signed at all).

I’ll tell you the answer in a few days in another blog entry.

Labels:

Cricket Liu

Chief DNS Architect at Infoblox

Cricket is one of the world’s leading experts on the Domain Name System (DNS), and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an Internet consulting and training company, Acme Byte & Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.

View All Posts
×