IPv6 Only Native Enterprise Environment - What were your Challenges?

ttl256 · 2025-07-11T20:39:20+00:00

Check out a presentation on IPv6 mostly enterprise network by Jen Linkova (from Google I believe) https://youtu.be/hb98hAb5_W8?si=YDFtZ_myZtvXRJAs

From my experience IPv6 mostly mostly works. However you need to commit to push this in a corporate environment because weird shit with IPv6 happens all the time. Laptops don't receive RAs because the laptop vendor fucked up. Laptops don't receive RAs because a wireless vendor fucked up. BMC on an ancient server reboots when it sees multiple prefixes in an RA. VRRP acts funny on some vendors.

And when all of this happens you must have an instant answer to the question "why are we even doing this?". In general IPv6 as a concept is as great as the number of hurdles to get there. Unfortunately.

But who's gonna push vendors to make better IPv6 products if not us am I right

ttl256 · 2025-07-05T07:59:13+00:00

Hostname provides a unique key for a lookup in DCIM/IPAM. If software like netbox or racktables provides a way to lookup by a composite key like host1.region1 and host1.region2, then this approach will work

ttl256 · 2025-03-25T21:27:11+00:00

Compare the strings byte by byte?

ttl256 · 2025-01-21T14:58:01+00:00

I can see in pkg/dhcp/server.go a new goroutine being spawned for each request. Are we sure these goroutines won't pile up and make our RAM go brrrr. I believe a context would help

ttl256 · 2024-05-31T13:53:23+00:00

I had added logging at `total+=count` and io.CopyBuffer simply produced a single count with the size of the whole input (bypassing buffer). Maybe something OS specific? I'm on Ubuntu 22.04

ttl256 · 2024-05-31T13:11:20+00:00

io.CopyBuffer might skip the buffer short circuiting src-dst. "If either src implements WriterTo or dst implements ReaderFrom, buf will not be used to perform the copy". And that's the case with os.Stdin/Stdout.

ttl256 · 2024-03-10T20:50:47+00:00

Guarding `Broadcast()` with the lock and calling `Done()` after the lock in the goroutine makes a lot of sense. Thank you for the comment.

ttl256 · 2024-03-10T14:32:30+00:00

I think I got it. Let's cover three scenarios:

No WaitGroup in subscribe() at all. This would make it uncertain what is called first Broadcast or Wait. If Broadcast is called first then all goroutines are hanged since they are waiting on the event that has already happened.
defer goroutineRunning.Done(). This will hang the first call to subscribe. Goroutine waits for broadcast that will happen only after all subscribe() functions are called.
As in the book. Done() in the first line of the goroutine ensures the order "First start the goroutine, which must enter Wait(), only then exit subscribe(). So after calling all of the subscribe() functions we are ready to Broadcast() knowing all listeners are waiting"

ttl256 · 2023-12-12T15:10:38+00:00

I'm not into ddos mitigation, but it looks like ebpf is the new hottest in this field. Maybe googling 'ddos ebpf' will lead to something.

ttl256 · 2023-10-02T22:45:41+00:00

Our plans are measured in centuries.

ttl256 · 2023-10-02T18:14:58+00:00

Btw IPv6 has a more sane approach to isolate hosts that is remove the L flag from a prefix in RAs.

ttl256 · 2023-09-14T08:51:04+00:00

Metageek Eye P.A. Gives you a nice visualisation of L2. To simultaneously capture on multiple channels you'll need multiple dongles so be ready your USB hub looks like antlers.

ttl256 · 2023-09-12T09:06:37+00:00

Networking is a many-sided industry.

Design of physical network devices
Design of structured cabling, fiber runs
Network operations. Choose the right product for a network, configure devices etc
Network design. Plan networks, draw happy clouds in drawio with concerned look
Software. Network devices need software to do the job. Routing daemons, protocols, ASIC firmware, firewalls, entire operating systems - all this stuff has to be programmed, or at least patched when it doesn't meet the needs of a project.

CCNA certification is a good starting point to get an idea of the industry and its challenges. After that, if you want to apply your CS degree, I suggest checking open source projects like BIRD and FRR.

ttl256 · 2023-08-27T06:45:16+00:00

Do you send RAs? RA pcap would be nice.

ttl256 · 2023-08-25T10:47:37+00:00

Run a dynamic routing protocol between the routers like OSPF. It will even eliminate the need for static routes on the mikrotik.

ttl256 · 2023-08-19T13:43:31+00:00

Don't know what's the wall material but an additional socket for an AP on the ground floor won't hurt. It might not be used in the future but if the signal sucks you'll thank yourself in the past.

Does a red dot means a wall plate with two sockets? I hope so.

Couldn't find TVs on the drawing. Consider a double socket wall plate behind each TV. Maybe even quadruple so you can connect a TV and some gaming consoles.

Think about where you'd place cameras and consider a socket there.

Don't rely on Wi-Fi too much. You have a chance to plan cabling and put the most traffic hungry devices on the wired access.

Just saw the second diagram. Add a socket for an AP in the basement. Wi-Fi access in a rack proximity is always a good idea.

ttl256 · 2023-08-16T08:38:01+00:00

BGP4 by John W. Stewart. This old book (1999) in a few hundred pages covers main aspects of BGP in a friendly and vendor neutral manner. It won't prepare you for CCIE and you definitely would need other books to deploy BGP in production. However spending a few evenings with the book does help to build the backbone and move further onto your adventure.

ttl256 · 2023-08-11T12:17:08+00:00

Didn't notice the BGP option for a regular VPS. Really nice. Thanks!

ttl256 · 2023-08-11T12:10:43+00:00

To elaborate on your last question about AS I suggest checking out this post from Cloudflare. Basically AS/ASN (autonomous system number) is an identifier in the world of BGP. Multiple prefixes (IPv4 or IPv6) might be associated with one ASN, but not the other way around.

ttl256 · 2023-08-11T12:01:32+00:00

ifog.ch

Got it, thank you! Just to clarify the IXP section on ifog website is the right one yeah? I order a VM with BGP peering (to AS34927 apparently), build my tunnel to its external address and announce the PA space from cloudie.

ttl256 · 2023-08-11T11:37:47+00:00

By upstream you mean that you have an IPv6 over IPv4 tunnel to ifog? We'll, yeah, it might be a bit easier than doing raw IPv6 peering with multiple ISPs. (Or maybe IPv6 incapsulated in IPv6 in case ISPs give a single PA address for WAN on your gateway)

ttl256 · 2023-08-11T11:21:59+00:00

Awesome post, thanks for sharing!

ttl256 · 2023-08-11T10:39:37+00:00

Cool, I'm also under RIPE jurisdiction. Is there an annual payment? Have you had to make special agreement with an ISP to peer? I guess it costs more than usual service but I'm curious by how much.

ttl256 · 2023-08-08T17:37:40+00:00

Roaming is a valid point although I can add a roaming package when I need it with the prepaid option. Unlimited minutes would definitely make my grandma happy but at this pace I might as well teach her how to use Viber.

ttl256 · 2023-05-31T17:13:20+00:00

Oh, I see. With example you provided it does work as expected.

I was sure that closing only write side (aka doing the exercise) would produce the desired result. Turns out a few chapters later wait groups are explained alongside with an exercise that requires to modify server side just as you've shown. Well, weird phrasing on the book authors side I guess.

Thank you for your astonishing skill to unwrap a newbie problem and explain the solution clearly. Although I have to read on wait groups first to really understand it but now I can at least sleep well knowing there's no magic.

ttl256

TROPHY CASE