Configure and Deploy
When you have obtained your IPv6 allocation and have worked out a scalable IPv6 addressing plan, you can start configuring your first devices.
While every device needs a different configuration and no two networks are the same, there are still some basic concepts and best practices to follow. We strongly recommend you start your IPv6 configuration in a test environment in order to observe the resulting behaviour and get familiar with the new setup.
Before configuring your devices, it is very important that you understand some basic functionalities of IPv6. One of the things that’s different from IPv4 is that IPv6 does not have broadcast (sending one packet to a large number of unspecified hosts). There’s only multicast, anycast and unicast. In IPv6, all nodes are required to support multicast. Without multicast, many services that you need will simply not work.
On the network, there will be Multicast Listener Discovery (MLD) messages. MLD is a component of IPv6, much like IGMP is used in IPv4. The protocol is embedded in ICMPv6, which is why, in a lot of documentation, you will read that you should be very careful about which messages you can disable in ICMPv6.
Find out which types of ICMPv6 your network needs to allow, and do not filter out unknown ICMPv6 types. If these need to be filtered, filter out no more than ICMPv6 Echo Requests directly from the Internet and ICMPv6 Echo Responses.
See RFC 4890 (http://www.ietf.org/rfc/rfc4890.txt) for more recommendations about filtering ICMPv6.
Neighbor Discovery Protocol
NDP corresponds to, among other things, Address Resolution Protocol (ARP) in IPv4. NDP is responsible for address autoconfiguration of nodes, discovery of other nodes on the link, determining the link layer addresses of other nodes, duplicate address detection, finding available routers and Domain Name System (DNS) servers, address prefix discovery, and maintaining reachability information about the paths to other active neighbour nodes. NDP is a very important protocol that uses ICMPv6 and solicited node multicast addresses.
IPv6 NDP uses five ICMPv6 messages for the neighbour discovery mechanism:
|ICMPv6 Type||Message Name|
|Type 133||Router Solicitation (RS)|
|Type 134||Router Advertisement (RA)|
|Type 135||Neighbor Solicitation (NS)|
|Type 136||Neighbor Advertisement (NA)|
|Type 137||Redirect Message|
On your routers, servers and switches, we recommended that you use manually configured addresses. In IPv6, stateless address autoconfiguration (SLAAC) is often enabled by default, meaning that a device will get an IPv6 address based on the MAC address automatically. This is not what you want inside your network, so you should turn off Router Advertisements (RA) so that devices cannot autoconfigure their IPv6 address using SLAAC.
This provides more control over which servers will become IPv6 enabled and makes troubleshooting easier. Also, with manual configuration, you can use addresses that are easier to remember.
Configure IPv6 one device at a time. Before activating IPv6 for any more functions or services, it is important to test that the service is functioning as it should, that it is highly accessibile and secure, and that it does not have a negative effect on other services. You can do this by setting up monitoring and logging for the service.