[privateSFacct]

I made a major push to try to get IPv6 running at a small business.

In the end, despite the ISP at the business supplying IPv6, and getting some client side IPv6 going with OTHER ISPS (a pain) it fell over because.

1) Things like the VPN client software didn't get routes right when client side network was IPv6 oriented so VPN connections broke - a no go.

2) We had to continue to offer ipv4, as folks in the field were not guaranteed an ipv6 connection back.

3) The WAN fallback / failover stuff didn't seem to work well with IPv6 (another ISP to work out IPv6 with).

4) Security folks continue to be worried about giving all machines in a business globally routable addresses. The tools say NOT to filter ICMP when you run ipv6 reachability, the security people say to filter ICMP. Too much of pain to figure out who is right and if/how ipv6 changed ICMP

5) ipv6 seemed to purposely make this transition harder than it needed to be. I don't get why they couldn't have kept a simpler / more familiar framework with ipv6 as an option, even if less ideal. Ie, DHCP vs autoconfig stuff, ICMPv4 style instead of having security folks worrying me about the weird things unfiltered ICMPv6 might do. Seriously, make the goodies / cool stuff the add ons.

[pilif]

>Too much of pain to figure out who is right and if/how ipv6 changed ICMP

then let me make this easy for you: ICMP has become a vital part of the inner workings of an IPv6 network. You will break all kinds of functionality by dropping ICMPv6 packets.

If you are concerned, then drop ICMP echo requests and replies, but absolutely do not drop any other ICMP packets or you'll be one of those people that turn off ipv6 "because it's too hard to make it work" (no shit - when you actively break something, it's hard to make it work).

[cmroanirgo]

> ICMP has become a vital part of the inner workings of an IPv6 network. You will break all kinds of functionality by dropping ICMPv6 packets.

You've just neatly described my experience (and naivety), because I've always dropped ICMP and wondered why ipv6 never worked. In all of the articles I've read on getting ipv6 to work, this had never been explained.

[toast0]

The key thing with ICMP is for the love of Pete, don't drop valid ICMP type 3 (destination unreachable), specifically subtype 4 (fragmentation needed, but don't fragment set), because that breaks many real world connections on both IPv4 and IPv6.

[pas]

> push

Thanks for trying! I did the same round. Tried to get v6, and finally gave up, because everything was broken in very stupid ways.

> I don't get why they

Because it happened in the early 90s, and since then all the RFCs that got layered upon that had to try and keep things consistent.

There could have been a simpler thing, but it was scrapped. IPv5 is missing for a reason.

And the goodies cannot be opt-in, otherwise no one will opt-in.

Of course this leads to a very slow deployment, because v4 with a lot of hacks just work, and will continue to work. It's easier to encapsulate things in DTLS (TLS + UDP) and gRPC and whatever (and deal with all of that in end user software) than trying to convert the whole World to IPv6.

> DHCP vs autoconfig stuff,

There's DHCPv6, so you don't have to use SLAAC.

[Dagger2]

> I don't get why they couldn't have kept a simpler / more familiar framework with ipv6 as an option, even if less ideal. Ie, DHCP vs autoconfig stuff

That's a statement made with 20 years of hindsight behind it. But if you had an extra 5 or so years of hindsight then it'd make more sense.

DHCP only predates IPv6 by two years (October 1993 on RFC 1531, vs December 1995 on RFC 1883). AppleTalk and Novell NetWare were still fairly common around that time. You're looking at DHCP as if it's ubiquitous, which indeed it is now, but it certainly wasn't while v6 was being developed and wouldn't be until a good few years afterwards.

In fact, router advertisements were defined in RFC 1256 in 1991, so they have two years of seniority on DHCP -- although I suppose you could make an argument that DHCP is a standardized set of BOOTP extensions, and that BOOTP has been around for longer.