IPv6 success

[Ted Mittelstaedt]

On 12/8/2010 7:11 PM, Frank Bulk - iName.com wrote:
> Wanted to share a small success I had in our IPv6 rollout, perhaps someone
> else can benefit.
>
> Our ISP has four different access platforms (DSL, FTTH, cable broadband, and
> broadband wireless), and the IPv6 deployment approach will not be identical
> between all of them.
>
> I wanted to start with our FTTH, hopefully the easiest because it's L2 from
> the CPE back to the router.  In terms of automatic addressing, I considered
> both SLAAC and DHCPv6 approaches, but settled on DHCPv6 because of the
> logging that comes along with (nice for CALEA requests) it and that fact
> that it's how we hand out IPv4.
>
> Using the DHCPv6 server on the Cisco works fine to hand out an IPv6 address
> to the WAN interface, but didn't (easily) facilitate DHCPv6-PD at the same
> time.  After some tinkering around, the best approach appeared to be to use
> an external DHCP server and have our router relay all the DHCP traffic (both
> DHCPv6 and DHCPv6-PD).  I used the latest ISC 4.2x build for our DHCP server
> and tweaked the sample configuration.
>
> But initial testing on our Cisco 7609-S running 12.2(33)SRB4 showed that
> when we used DHCPv6-PD relay a static route to the CPE's WAN was not being
> inserted into the router's route table.  After working with Cisco TAC and
> some internal contacts there, 12.2(33)SRE2 seemed to be the code release
> that had the static route insertion functionality, but I was being told by
> some Cisco folk that I needed an ES20/ES+ card with the broadband service
> software load to actually do that route insertion.  Not wanting to
> needlessly shell out the $$$$$, I replicated my preferred approach on
> someone else's spare 7609-S running 12.2(33)SRE2.  It all worked like a
> charm -- I hand out an IPv6 address out of a single /64 to the CPE's WAN
> interface, and a give separate /56'es to the CPE for its LAN interfaces.
>
> BTW, the CPE I tested with were the D-Link DIR-601 and 825.
>

Does the DIR-601 activate all of the access control/network filters
and other who-ha when it's routing IPv6?  The manual for it fails
to mention this.

I have a DIR-615 - what a POS.  The wireless transmitter locks up about
once every couple weeks - and that's on dd-wrt firmware.  Under the 
d-link firmware it locked up once or twice a day.  That kind of soured 
me for d-link products but dammit, the specs on the 601 are very 
attractive as it supports IPv6-over-IPv4 tunnels and appears to be one
of the few consumer CPE's out there that does.   In our case we run
IRB and IPv6 is busted in that until IOS 15, so until we forklift out
gear, we have to tunnel.  (and we won't be throwing away perfectly
working gear anytime soon.)  The one advantage of tunnelling though is
that I don't have to depend on Cisco's iffy IPv6 support, I terminate
the tunnels on a PC router, not on a Cisco.

$120 for a DIR-825 is gonna be out of the question but Walmart and
Office Depot have sold the DIR-601 for $30 which is more like it.  I
just hate the idea though of buying a box that won't run dd-wrt
because if the factory firmware is crappy then you have a brick.

(people have actually got the openwrt-ar71xx-dir-600-a1 firmware
to work on the 601 but none of the lights work, and they have got
dd-wrt to run on it but the wireless radio doesn't work)

Ted

> Kind regards,
>
> Frank
>