SV: Google over IPv6

Ulrich Kiermayr ulrich.kiermayr at univie.ac.at
Thu Aug 19 12:57:08 CEST 2010


On 19.08.2010, at 12:45, Martin Millnert wrote:

> Hi Ulrich,
> 
> On Thu, 2010-08-19 at 12:38 +0200, Ulrich Kiermayr wrote:
>> We are running all-dualstack for years now. and google is a way to
>> generate v6 traffic. Esp. since all our Stundents in the WLAN networks
>> do ipv6 (mostly without knowing/noticing).
> 
> out of curiosity, (how) have you solved the rouge RA issue that ICS et
> al makes up? 

We did 2 things. 1. Setting the RA Priority from our roouters to high (helps in most cases since winwows seems to respect this). 2. Monitoring the RAs in that network and inform/lock out users sending those RAs. In most cases the users simply were not aware, that they are sending this, they just turned on connection sharing "a long time ago and it never caused any trouble". And the support knows by now where to look at for a specific failure pattern (in our case: Internet works, but I cannot reach the webserver of the University nor can I send or receive email).

What we also did is block IPv6 tunnel protocols at our border routers (we offer native ipv6 - so tunneling out of our lan is not a good idea anyway).

All these measures help to almost eliminate the problem. But we are also looking for a more general solution to that.

> By what Steinar posted, it seems you **might** get away with setting up
> a separate set of resolvers that you can use in the WLAN network, if you
> commit to serving all v6 user experience issues with top service. This
> of course provided you have sufficient reachability to 15169.

This should not be a problem here ;-)

lG uk
-- 
Ulrich Kiermayr                       jabber xmpp:uk at jabber.univie.ac.at
Leiter der Abteilung Datennetz und Telefonie              skype:kiermayr
Vienna University Computer Center                 phone +43 1 4277 14020
Universitaetsstrasse 7, 1010 Wien, AT               fax +43 1 4277  9140




More information about the ipv6-ops mailing list