IPv6 for the Forum static-self-managed subnets

Following the introduction of IPv6 for the Forum self-managed dynamic-address subnet (and the ironing out of a couple of teething problems), we would now like to roll IPv6 out to the two “static-self-managed” subnets (“SM164” and “SM197”).

We propose enabling this on Monday 10th February, at lunch-time.  To do this we will set up the routers for the subnets so that they start sending Router Advertisements, at which point we expect that IPv6-enabled hosts on the subnets will automatically configure “SLAAC” style IPv6 addresses and add the appropriate default routes.

We will then enable the generation of DNS entries to correspond with these addresses, and reconfigure the edge firewalls so that where there are holes opened for ports using IPv4 there will be corresponding holes for those same ports using IPv6.

Your machines will then start to receive IPv6 traffic, so it is important that you ensure that any access controls you have configured are correct.  You should not assume that any defaults will be reasonable!

We do have the ability to add static (non-SLAAC) IPv6 addresses if really necessary, though our experience to date has been that they very rarely are.  We can also turn off the generation of the DNS entries on a per-host basis, with any firewall holes then also disappearing.  Please contact us using the support form in the usual way to discuss this.  We do not have the ability to add “privacy” addresses to the DNS, and in any case it really doesn’t make a lot of sense to do so, so you may also have to adjust your machines’ configurations so as not to try to use these.

Reminder: the documents we produced as part of our original IPv6 investigation project are here.  In particular, there is one discussing IPv6 addressing here.  SLAAC (“StateLess Address AutoConfiguration”) addresses are defined in RFC 4862.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply