Thursday, November 29, 2012

Microsoft PowerShell IPv6 best practices notes

I just wanted to jot down some notes about some PowerShell commands to use for IPv6 best practices for servers and workstations in enterprise environments.

I recommend turning off all the transition technology solutions on Windows systems, specifically 6to4, ISATAP and Teredo (unless you have a specific use case and design that leverages them.) To address each of those the follow PowerShell commands can be used to do this.

For Windows 8 and Server 2012 PowerShell v3 use:
# - specific IPv6 PowerShell cmdlets
# - turn off 6to4
Set-Net6to4Configuration -State Disabled
#
# - turn off isatap
Set-NetIsatapConfiguration -State Disabled
#
# - turn off teredo
Set-NetTeredoConfiguration -Type Disabled
#

For Windows 7 and Server 2008R2 PowerShell v2 use:
# - specific IPv6 netsh commands - still work from PowerShell
# - turn off 6to4
netsh interface ipv6 6to4 set state disable
#
# - turn off isatap
netsh interface isatap set state disable
#
# - turn off teredo
netsh interface teredo set state type=Disabled

#

To validate the configurations use the following.
For Windows 8 and Server 2012 PowerShell v3 use:
# - check 6to4 state
Get-Net6to4Configuration
#
# - check isatap state
Get-NetIsatapConfiguration
#
# - check teredo state
Get-NetTeredoConfiguration
#

For Windows 7 and Server 2008R2 PowerShell v2 use:
# - check 6to4 state
netsh interface ipv6 6to4 show state
#
# - check isatap state
netsh interface ipv6 isatap show state
#
# - check teredo state
netsh interface teredo show state
#

I hope to be putting together some more useful cmdlets for folks to get best practice configurations pushed out in mass for platforms regarding IPv6, adding in firewall rules and protections and perhaps some extensions for routing and source address selection for enterprises to control behavior the way they want.
- Ed

Monday, November 19, 2012

gogoNETLive! 3 IPv6 Conference is a wrap


The 3rd annual gogoNETLive! IPv6 conference happened last week at San Jose State University. The line up of presenters was fantastic and all the presentations were video recorded so keep an eye out because in the next month or two those should hit the website. The content will be posted to the agenda page where the slides are already posted next to their respective presenter bios.

I'm sorry this post didn't go out prior to the event happening but work and trying to get things ready for the event itself kept me from getting a blog post up. I would personally like to thank Scott Hogg, Jeff Carrell, Sam Bowne and Mike Meyers for putting on the workshops (which are sponsored by the California IPv6 Task Force) that happened on Monday the 12th. Unfortunately these were not video recorded so if you did not attend the event then you missed out. I would also like to thank Yurie Rich for hosting the IPv6 Forum Silver and Gold certification testing at the event. It allowed a lot of folks the opportunity to get tested and certified.

If you absolutely need to attend an IPv6 event prior to the end of the year the only one left is the Texas IPv6 Task Force IPv6 Summit but it starts Nov 19th (day of this post) and is two days.

Otherwise, I suggest marking your calendar for April 17-19th, 2013 so you can attend the North American IPv6 Summit which is hosted by the Rocky Mountain IPv6 Task Force and is hosted in Denver, CO. It is the largest, most influential and likely the finest IPv6 event in North America and I am proud to say I am also involved with that event too.

I think 2012 really has been the year of IPv6, perhaps not from the deployment standpoint but certainly from the discussion and planning perspective. It is finally something that enterprises and service providers are able to build specific plans around deployment and operations and not feel they are totally bleeding edge for doing so. With the current momentum I think 2013 will only hold more promise for widespread deployment. The biggest challenge will continue to be education and closing the knowledge gap around IPv6.

So, if you want to be part of the in crowd and are living and/or working in California or for a California company feel free to send me an email - I'll be happy to send you a CAv6TF laptop sticker! (US only shipping is on us - outside US we will let you know the cost)
Happy holidays - now go deploy IPv6!
- Ed