Wednesday, December 03, 2014

How IPv6 Impacts Private Cloud Deployments from Microsoft TechEd, Houston 2014

My presentation from Microsoft TechEd in Houston (last US TechEd since it is now Ignite) is available on YouTube, in addition to Channel9, so if you have some time and want to hear the impacts of IPv6 on Private Cloud jump over and watch or you can play it from the embedded video below.


If you want a copy of the slides you can download them from the Channel 9 link along with the video itself too if you want to watch it while offline.
Enjoy.
- Ed

Wednesday, November 19, 2014

Dual ISP, no BGP and IPv6 - what do my design options look like?

One of the recent questions I am getting around IPv6 deployment has to do with connecting remote sites and making branch offices highly available without using BGP. Today, with IPv4 it is not uncommon for a typical branch office to have two ISP connections, each with unique IPv4 ISP address space (provider assigned). The branch site will have a router or firewall that will make use of both connections by leveraging NAT and some sort of tracking or performance algorithm to determine which connection to use. It is able to do this because the solutions utilized NAT to obscure the actual IPv4 addresses used by the hosts. It is cost effective and works for many scenarios where some sort of higher availability and/or failover is desired for these sites without the complication of BGP. All these configurations allow the remote site to have local Internet hop off without backhauling the traffic across WAN or VPN links back to the corporate office.
So the natural question that comes from this IPv4 topology solution is, how do I do this in IPv6?
The answer is not as clean and neat as many would like it to be but there are several options you can utilize. Let's cover each of them and go over their merits and shortcomings.

1. Use both IPv6 provider assigned address ranges in your remote branch location. Optionally use NPTv6 on the router(s) to handle failure scenarios of ISP's and to provider faster failover.

2. Use a single IPv6 provider assigned address range in your remote branch location. Use NPTv6 on the router(s) to handle failure scenarios of that primary ISP. Simplifies host address configuration.

3. Use VPN to extend your primary provider independent address space to the remote branch for routing. Optionally use NPTv6 on the router(s) to handle local Internet hop off. Simplifies host address configuration.

4. Use ULA in your branch location and use NPTv6 on the router(s) to direct traffic to the appropriate ISP. Simplifies host address configuration however complicates routing and global reachability.

5. Upgrade the site to use provider independent configuration and do BGP and run a single prefix that is routable. No NPTv6, no PA address space and highly available.

After describing these options I am often asked, which is the best? What configuration should be used? The first option almost everyone selects is 4 - it looks and feels like what they operate with IPv4 today. I can't blame anyone for picking that initially, especially given it familiarity. But I believe ULA should only be used in narrow situations with an eye on preferring global unicast address space at all times. After picking the option of global unicast address space the next sorting preference is provider independent address space. This is a tough one and for many is not a viable option due to a variety of reasons. Costs, operational skills to run BGP and slightly more complex routing configurations, hardware requirements, plus often it can be political. So, with a preference for global unicast, likely provider assigned address space where are we left? Options 1, 2 and 3 are all still possible. My next rule is to try and simplify host address configuration and try and make RFC 6724 as predictable as possible. This means preferring a single prefix from one service provider to address the site. Just like in IPv4 you will likely prefer a particular connection due to speed, cost or some other criteria that is dictated by business decisions. Use the address prefix that comes out of that decision and address the site. Use a VPN connection from the other ISP to connect the remote site back to your corporate via routing and set up NPTv6 if needed. This solution address almost all use cases and has the advantage of being predictable from a routing and topology basis.
If you have existing PI space from a regional registry like ARIN then consider extending the address space to the remote site via VPN. If you require local Internet hop off you can then enable NPTv6 and leverage that. Remember, NPTv6 brings all the penalties of potential protocol brokenness. There can be situations where certain applications and protocols will not function correctly so NPTv6 is an undesirable tool for that reason. This is one of the reasons that I avoid ULA and why making use of ULA is so far down my list. At least with a true global unicast address you can guarantee proper IPv6 functionality in all cases.
To make things even more challenging - there are very few NPTv6 (or older NAT66) implementations available. So those that think NAT and IPv6 is a happy future, think again.
I hope this helps clarify how I come to my design recommendations and why I think ULA is a poor option for many situations and how leveraging NPTv6 today will be a challenge.
- Ed

Tuesday, September 09, 2014

Some IPv6 podcast content and events

I have been lucky enough to be featured on a couple of podcasts recently around IPv6. The first is one I recorded for Interop New York. You can find that one at https://soundcloud.com/technologyadvice/interop-speaker-ed-horley

I will be presenting at Interop in New York so if you will be in the area I invite you to attend the show and please come see my session:
IPv6 Bootcamp - Get Up to Speed Quickly

You can get a 25% discount on the event or a free expo pass, just jump from the banner below and you should be set.

http://tinyurl.com/chrevcw


The second is me as a guest on the PowerScripting Podcast - episode 283. Huge thank you to Hal Rottenberg and Jonathan Walz for inviting me to participate, I had a blast. Get the swimming turtle!

http://powershell.org/wp/


I had a few errors in the podcast that I wanted to correct. First, ULA (Unique Local Addresses) are from the fc00::/7 prefix and the useable space is fd00::/8. To clarify, VLSM (variable length subnet masking) in conjunction with CIDR (Classless Inter Domain Routing) are complimentary and what enabled better utilization of IPv4 address space along with more granular routing of address blocks. Third, the M flag in the RA is for Managed and not Manual. I am bad about saying manual when I really mean managed so apologies about that. I think the rest was pretty much on target.

There is still time to sign up for the North American IPv6 Summit hosted by the Rocky Mountain IPv6 Task Force in Denver, CO. It is the premier IPv6 event in North America for sure and the list of speakers is a who's who of the IPv6 world. I'll be attending and helping out by providing free time to review through an IPv6 Address Planning worksheet. If you are interested in IPv6 at all and have the time, please come join me.

Finally, the California IPv6 Task Force is having our quarterly meeting next Weds, Sept 17th at the Cisco campus in San Jose. You can find details on our meetup site. The event is open for anyone to attend, simply RSVP so we know how many folks to expect.
- Ed

Monday, August 18, 2014

Upcoming IPv6 events

There are several opportunities to get some IPv6 education outside of taking a formal training course. In September the North American IPv6 Summit hosted by the Rocky Mountain IPv6 Task Force will happen in Denver, CO. This is the primer IPv6 event that happens in North America, hands down with a great line up of speakers and some incredible pre-conference tutorials that you can attend. If you can make the time (it is a super cost effective event so don't complain about the cost! - especially compared to things like Cisco Live, TechEd, VMworld, OracleWorld, etc.) I can assure you the speakers and content will be worth the time investment.

If you are in New York in October, I will be presenting at Interop doing an IPv6 bootcamp. I will cover a variety of IPv6 topics to help you get up to speed quickly using the protocol. You can get more details about me session here. Interop is always a great show, I hope they expand the IPv6 training and education but I am grateful they at least have my session for folks to attend if they are interested.

In November, the California IPv6 Task Force and gogo6 jointly run the gogoNET Live IPv6 conference in Silicon Valley. This will be the 5th year of the event and the best part is that it is principally going to be an online broadcast event again this year. It is a super cost effective event to participate in, regardless of where you are located in the world. The topics will focus on SDN, NFV, IOT and how IPv6 is leveraged in all of those technologies. IPv6 really is the underpinning for a lot of innovation happening in other fields, it just isn't talked about as much.

So, there you have it, a few in person IPv6 events you can attend. Obviously you can get online education and resources from a bunch of places. ARIN has a wonderful wiki you can use, RIPE has a great IPv6 resource page too.
- Ed


Tuesday, July 22, 2014

Additional blog content not on howfunky.com

Some of you who only keep track of me via my blog site might not realize I have been producing content (regular blog posts for sites like the Infoblox IPv6 Center of Excellence or guest posts here and there) on other Internet properties. I thought I would quickly jot down where some of my other posts are in case you are interested in reading them.

Guest blog post on ARIN as a follow up to my Interop presentation on IPv6
Date: July 22, 2014
Title: Getting Serious About IPv6 – Go Big or Go Home

Guest blog posts on Information Week regarding my Interop presentation on IPv6
Date: July 23, 2014
Title: The IPv6 Skills Crisis
URL: http://www.informationweek.com/strategic-cio/team-building-and-staffing/the-ipv6-skills-crisis/a/d-id/1297481

Date: January 17, 2014
Title: IPv6 Decision Time


My ongoing blog entries on the Infoblox IPv6 COE:
Date: July 11, 2014
Title: What is holding you back from deploying IPv6?

Date: June 10, 2014
Title: Challenges for IPv6 and address management with DHCPv6

Date: April 4, 2014
Title: IPv6 is still evolving - New DHCPv6 RFC is published

Date: March 6, 2014
Title: Time to prepare for IPv6

Date: February 10, 2014
Title: OpenDaylight - the impact of SDN and NFV on DDI

Date: January 13, 2014
Title: IPv6 ULA and NAT. Is It Better Than Global Unicast

Date: October 8, 2013
Title: IPv6 within the context of the big things happening in networking today

And here are some fun personal links, I was one of the top 10 speakers for Interop Las Vegas in 2014 - http://www.informationweek.com/interop/top-rated-speakers-from-interop-las-vegas-2014/d/d-id/1234877

Enjoy - keep an eye out, I hope to be adding some more IPv6 content to howfunky.com shortly.
- Ed

Tuesday, July 01, 2014

Time to reflect

It is July 1, 2014 and this is the first time for me that I have not been a Microsoft MVP since 2004. Since announcing that I was stepping away from community (user group) and the MVP and STEP programs I have been asked why a lot. While I think my previous blog post explains it pretty well I had some additional thoughts to share.

First, by stepping away what am I gaining???

TIME

I don't think people realize how much time I have spent on user group just looking for sponsors, speakers and coordinating events for regular monthly meetings never mind the occasional conference or one day event that was put on. Also, when you are doing that sort of thing you always have a nagging voice in the back of your head asking if whomever you are talking to or emailing with might be interested in doing something with your community. It chews up a LOT of mental cycles. This also applies to the MVP award. Getting an award is wonderful but it does modify your behavior. You end up thinking if you are doing enough, contributing enough, engaging enough, etc. You get the picture. You find yourself loosing time to commitments you take on to try and keep your MVP status. It becomes a treadmill, a rat race. I want off.

Second, by getting back the mental cycles and also a reasonable bit of time I can now choose to do other things. I have been getting asked "what I am choosing to do" - I don't know yet. I am taking some time to figure that out. I might decide to use the time to learn something new, or take up a new hobby, or re-discovery an old hobby for that matter. The point is, you don't have the option to do any of that if you don't step away.

Third, I think reflection is something we don't do enough of in our culture (and I am talking about the Silicon Valley culture I was born and raised in that seems to be taking over the rest of the world). I don't know if doing this will help me in any way (and lots of folks have shared they think it will hurt my career or that I am crazy) but I won't really know unless I try. I must admit, I find it amusing how surprised many colleagues in the MVP community were that someone would pull themselves out of the renewal process. Remember folks, 10 years as an Microsoft MVP, can anyone truly deserve an award that many years in a row? I think it is time for new blood, I just freed up a slot for someone else to get discovered. In the meantime, I now have time to go discover and perhaps become deserving of an award in some other aspect of my life.
- Ed

Monday, June 16, 2014

I am stepping away from community

This all happened rather suddenly, the realization that I didn't want to lead nor be as involved in community and user groups. It has been such a part of what I have done over the years that it surprised me how much I was in auto pilot around doing things for user groups and how much personal time and energy (and money) I was spending on community activities.

Several things have happened since I made this decision. First, I have formally retired out of the Microsoft MVP program (withdrew my renewal for 2014 - my renewal quarter is July). I have been awarded 10 years in a row (first in 2004) and I felt because I was stepping away from community activity it wasn't proper to be accepting something that is at it's core a community contribution award. I have fond memories of attending many MVP Summits - I will miss seeing many of those colleagues in person.

Second, I also retired out of the Springboard Technical Experts Panel (STEP) as that is focused on engaged local community members who are driving events and content. Clearly I will not be doing any of that anymore either. The Springboard group had been idle for almost the last year so I felt with its renewed kickoff recently my stepping off the group would allow them to add some more energized and active folks.

Third, I am retiring from Pacific IT Professionals, the IT Pro user group I have helped run for over 15 years. This user group was one of the reasons I became a Microsoft MVP and has lead to many wonderful relationships over the years. I wish all those involved with the group the best of luck and I hope it develops some of the next Microsoft MVP's and continues to have impact.

So, what will I be doing? I will still be involved in IPv6, I still find it very interesting and technically relevant to what is happening to the Internet today. So, for now, I will be staying on with the California IPv6 Task Force. In addition, I will tracking cloud technologies and what is happening in that market. Everything else is undetermined. I hope to have more free time to explore new things that are personally interesting to me.

For those that know me and are wondering why, I can only say I have been burnt out for several years and I reached the breaking (the "I'm too tired") point this month. I made the decision over a weekend and I sent out the emails retiring myself out of everything right after that. The last things to do are clean up the blog to remove some logos etc. after July as I will no longer be an MVP or on STEP. It was time, I acted on that, now on to the next adventure!
- Ed

Thursday, May 22, 2014

Join me at TechDays in San Francisco happening June 5-6

 
I'm excited to be participating in TechDays in San Francisco happening June 5-6. You can't ask for a better line up of speakers and sessions. It is two days, 4 tracks per day and just some amazing content. The entire schedule is available up on Eventboard (mobile app) and it is the best way to figure out who is presenting and the session abstracts.

The remarkable part of this regional conference is the quality and level of speakers they get who also present at events like Microsoft TechEd, TechMentor, Windows Connections, and many other key conferences. Oh, and one of the best parts of this conference? It is only $200 for two days and there is limited time to sign up. All the proceeds go to help fund raise for Pacific IT Professionals, a non-profit IT pro user group to run their monthly user group meetings so come help them out!

So join me in San Francisco at the Microsoft office and hear from industry experts about IT, DevOps and all the interesting innovations happening in the industry today, like PowerShell!
- Ed

Monday, May 19, 2014

Presented at Cisco Live 2014 in San Francisco - TECRST-3614 session follow up

For those that attended the Cisco Live TECRST-3614 - Practical Knowledge for Enterprise IPv6 Deployments session yesterday (May 18, 2014), thank you for participating. I was unfortunately unable to present some of my IPv6 Windows host specific content. I wanted to provide some PowerShell examples along with some info from my demo because I had to skip all of that content.
So, to add a bit more value here are some of my demo scripts I planned to walk through as part of the session. The demos were based on my book chapters and the code from those so this is a quick way to get much of that information (it isn't a match one for one but it should still be useful).

Demo 1:
# - Chapter 5 - IPv6 and PowerShell
# - IPv6 only PowerShell cmdlets
Get-NetIPv6Protocol
Set-NetIPv6Protocol
#
# - Randomize IPv6 Addresses for Privacy
# turn off privacy addressing (make it do EUI-64)
Set-NetIPv6Protocol -RandomizeIdentifiers Disabled
# turn back on privacy addressing
Set-NetIPv6Protocol -RandomizeIdentifiers Enabled
#
# - Temporary IPv6 Address Behavior
# - turn off temporary addressing
Set-NetIPv6Protocol -UseTemporaryAddresses Disabled
# - turn back on temporary addressing
Set-NetIPv6Protocol -UseTemporaryAddresses Enabled
#
# - Physical and Logical Interfaces
Get-NetAdapter
Set-NetAdapter
Disable-NetAdapter
Enable-NetAdapter
Rename-NetAdapter 
Restart-NetAdapter
# - examples of the above cmdlets
# - Disable an example Wi-Fi adapter
Disable-NetAdapter -InterfaceDescription 'Intel(R) Centrino(R) Advanced-N 6205' -Confirm:$false
# - Enable the example Wi-Fi adapter
Enable-NetAdapter -InterfaceDescription 'Intel(R) Centrino(R) Advanced-N 6205' -Confirm:$false
# - Rename the adapter
Rename-NetAdapter  -Name <current name> -NewName <new name>
# - Disable then Enable the adapter
Restart-NetAdapter
#
# - Interface Management
Get-NetIPAddress
New-NetIPAddress
Set-NetIPAddress
Remove-NetIPAddress
Get-NetIPConfiguration
# - examples of the above cmdlets
# - see if any existing IP addresses are assigned to interface 20 (Wi-Fi)
Get-NetIPAddress –InterfaceIndex 20
# - Set the IP address on the interface for the first time using PowerShell
New-NetIPAddress -InterfaceIndex 12 -IPAddress 2001:0db8:cafe:0010::1 -PrefixLength 64 -DefaultGateway 2001:0db8:cafe:0010::254
# - If you are modifying an existing server IP stack you will need to use PowerShell
Set-NetIPAddress -InterfaceIndex 12 -IPAddress 2001:0db8:cafe:0010::2 -PrefixLength 64
# - Remove the IP address on the interface
Remove-NetIPAddress -InterfaceIndex 12 -Confirm:$false
#
# - Routing Management
Get-NetRoute
New-NetRoute
Remove-NetRoute
# - examples of the above cmdlets
# - see the existing IPv6 routing table
Get-NetRoute -AddressFamily IPv6
# - add an example IPv6 route to the routing table
New-NetRoute -DestinationPrefix 2600::/12 -InterfaceIndex 20 -NextHop fe80::5ef:b5a3:2ab1:54ce -Publish Yes -RouteMetric 256
# - remove an example IPv6 route to the routing table
Remove-NetRoute -DestinationPrefix 2600::/12 -Confirm:$false
#
# - DNS Client Management
Get-DnsClientServerAddress
Set-DnsClientServerAddress
# - see the existing DNS resolver IPv6 addresses on a Windows host
Get-DnsClientServerAddress -AddressFamily IPv6
# - set the IPv6 DNS resolvers to 2001:4860:4860::8888 and 2001:4860:4860::8844
Set-DnsClientServerAddress -InterfaceIndex 20 -ServerAddresses("2001:4860:4860::8888","2001:4860:4860::8844")
# - restore the DNS settings to what DHCP provided
Set-DnsClientServerAddress -InterfaceIndex 20 -ResetServerAddresses
#
# - 6to4 transition technology
Get-Net6to4Configuration
Set-Net6to4Configuration
Reset-Net6to4Configuration
# - first check the 6to4 status with PowerShell
Get-Net6to4Configuration
# - show the status with netsh
netsh interface ipv6 6to4 show state
# - turn off 6to4
Set-Net6to4Configuration -State Disabled 
# - same task with netsh
netsh interface ipv6 6to4 set state disable 
#
# - ISATAP transition technology
Get-NetIsatapConfiguration
Set-NetIsatapConfiguration
Reset-NetIsatapConfiguration
# - first check the ISATAP status
Get-NetIsatapConfiguration
# - show the status
netsh interface ipv6 isatap show state
# - turn off ISATAP
Set-NetIsatapConfiguration -State Disabled
Set-NetIsatapConfiguration -ResolutionState Disabled
# - same task with netsh
netsh interface isatap set state disable
netsh interface isatap set router state disable 
#
# - Teredo transition technology
Get-NetTeredoConfiguration
Get-NetTeredoState
Set-NetTeredoConfiguration
Reset-NetTeredoConfiguration
# - Teredo status
Get-NetTeredoConfiguration
Get-NetTeredoState
# - show the status with netsh
netsh interface teredo show state
# - turn off teredo 
Set-NetTeredoConfiguration -Type Disabled
# - same task with netsh
netsh interface teredo set state type=Disabled
#
# - EOF


Demo 2:
# - Chapter 3 - IPv6 Addressing
# - Enable ISATAP forwarding:
# - ISATAP Router PowerShell configuration example for Windows Server 2012 and 2012 R2
Set-NetIPInterface -InterfaceAlias <Name> -AddressFamily IPv6 -Forwarding Enabled -Advertising Enabled
# - ISATAP Router netsh configuration example for Windows Server 2008 and 2008 R2
netsh interface ipv6 set interface <ISATAP Interface Name or Index> forwarding=enabled advertise=enabled
#
# - Enable ISATAP routing and publish the route for the ISATAP prefix:
# - ISATAP PowerShell configuration example for Windows Server 2012 and 2012 R2
New-NetRoute -DestinationPrefix <Prefix> -InterfaceAlias <Name> -AddressFamily IPv6 -Publish Yes
# - ISATAP netsh configuration example for Windows Server 2008 and 2008 R2
netsh interface ipv6 add route <Address/Prefix> <ISATAP Interface Name or Index> publish=yes
#
# - Enable the ISATAP interface:
# - ISATAP PowerShell configuration example for Windows Server 2012 and 2012 R2
Set-NetIsatapConfiguration -Router <IPv4 address>
# - ISATAP netsh configuration example for Windows Server 2008 and 2008 R2
netsh interface isatap set router <IPv4 Address or name>
#
# - Teredo
# - Teredo status PowerShell example
Get-NetTeredoConfiguration 
# - Teredo status netsh example
netsh interface teredo show state 
#
# - Configure the Teredo Server in PowerShell
Set-NetTeredoConfiguration -Type server -ServerName <Name or IP Address>
# - Configure the Teredo Server in netsh
netsh interface teredo set state type=server servername=<Name or IP Address>
#
# - Configure the Teredo Relay with routing in PowerShell
Set-NetIPInterface -InterfaceAlias <Name> -AddressFamily IPv6 -Forwarding Enabled
# - Configure the Teredo Relay with routing in netsh
netsh interface ipv6 set interface <Interface Name or Index Number> forwarding=enabled
#
# - Turn on Shunt for Teredo
Set-NetTeredoConfiguration -ServerShunt $True
Reset-NetTeredoConfiguration -ServerShunt
# - Confirm Shunt is on for Teredo
Get-NetTeredoConfiguration
#
# - Configure Teredo Clients with PowerShell
Set-NetTeredoConfiguration -ServerName <name>
# - Configure Teredo Clients with netsh
netsh interface teredo set state servername=<IPv4 address>
#
# - Multicast
# - Display the multicast addresses on a host's interface
netsh interface ipv6 show joins <interface id>
# - Display the multicast neighbors on a host's interface
Get-NetNeighbor -AddressFamily IPv6 -InterfaceIndex <interface id> | ft
# - Remove the multicast neighbor entries on a host
Remove-NetNeighbor -AddressFamily IPv6 -Confirm:$false
#
# - Random IDs
# - turn off random addressing (make it do EUI-64) with PowerShell
Set-NetIPv6Protocol -RandomizeIdentifiers Disabled
# - turn back on random addressing with PowerShell
Set-NetIPv6Protocol -RandomizeIdentifiers Enabled    
#- shutting off random extension (force EUI-64) with netsh
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
#
# - Temporary IPv6 Address
# - turn off temporary addressing with PowerShell
Set-NetIPv6Protocol -UseTemporaryAddresses Disabled
# - turn back on temporary addressing with PowerShell
Set-NetIPv6Protocol -UseTemporaryAddresses Enabled
# - shutting off temporary addresses
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent

# - Manually setting IPv6 Addresses
# Set the IP address on the interface for the first time using PowerShell
New-NetIPAddress -InterfaceIndex 12 -IPAddress 2001:0db8:cafe:0010::1 -PrefixLength 64 -DefaultGateway 2001:0db8:cafe:0010::254
# If you are modifying an existing server IP stack you will need to use PowerShell
Set-NetIPAddress -InterfaceIndex 12 -IPAddress 2001:0db8:cafe:0010::2 -PrefixLength 64
# - EOF

Demo 3:
# - Chapter 8 - IPv6 and DNS
# - Installing DNS
Add-WindowsFeature DNS
Get-WindowsFeature DNS
# - to modify the DNS listener IP address
Get-DnsServer | Export-Clixml -Path "c:\DnsServerConfig1.xml"
# - import the DNS listener file back in (it replaces the file)
$x = Import-Clixml "c:\DnsServerConfig1.xml"
Set-DnsServer -InputObject $x
#
# - IPv6 DNS resource entries
Add-DnsServerPrimaryZone
Add-DnsServerResourceRecordAAAA
Remove-DnsServerResourceRecord
# - build out the example.com zone
Add-DnsServerPrimaryZone -Name "example.com" -ZoneFile "example.com.dns"
# - build out an AAAA record
Add-DnsServerResourceRecordAAAA -Name "ipv6host" -ZoneName "example.com" -CreatePtr -AllowUpdateAny -IPv6Address "2001:db8:a::1" -TimeToLive 08:00:00
# - as an alternative do
Add-DnsServerResourceRecord -AAAA -Name "ipv6host" -ZoneName "example.com" -CreatePtr -AllowUpdateAny -IPv6Address "2001:db8:a::1" -TimeToLive 08:00:00
# - remove the record
Remove-DnsServerResourceRecord -name "ipv6host" -ZoneName "example.com" -RRType AAAA -Force
#
# - Get DNS query block list
Get-DnsServerGlobalQueryBlockList
# - Root Hint information
Get-DnsServerRootHint
Import-DnsServerRootHint
Add-DnsServerRootHint
Remove-DnsServerRootHint
# - example PowerShell cmdlet to see unique root level servers
Get-DnsServerRootHint | sort-object -property{$_.NameServer.RecordData.NameServer} -Unique
# - removing a.root-servers.net
Remove-DnsServerRootHint -NameServer "a.root-servers.net"
# - adding a new a.root-server.net entry
Add-DnsServerRootHint -NameServer "a.root-servers.net" -IPAddress 2001:503:ba3e::2:30
# - check for the change
Get-DnsServerRootHint | Where-Object {$_.NameServer.RecordData.NameServer -EQ "a.root-servers.net."} | Sort-Object -Unique
#
Get-DnsServerSetting
Test-DnsServer
# - example of testing DNS
Test-DnsServer -IPAddress ::1 -ZoneName "example.com"
# - check for the DNS Server module
Get-Command -Module DNSServer
#
# - DNS client settings
Get-DnsClientServerAddress
# - For IPv6 only
Get-DnsClientServerAddress -AddressFamily IPv6
# - set new DNS resolver server IPs
Set-DnsClientServerAddress -InterfaceIndex 4 -ServerAddresses("2001:4860:4860::8888","2001:4860:4860::8844")
# - check the DNS resolver settings
Get-DnsClientServerAddress -InterfaceIndex 4 -AddressFamily IPv6
# - test against the default DNS resolvers
Resolve-DnsName -Name www.cav6tf.org -Type AAAA
# - test against a specific DNS resolver
Resolve-DnsName -Name www.cav6tf.org -Type AAAA -Server 2001:4860:4860::8888
# - script to determine which interface a name resolver will use to connect to a resource
$rn = Resolve-DnsName -name www.cav6tf.org -type AAAA
Find-NetRoute -RemoteIPAddress $rn.ip6address
# - EOF

Demo 4:
# - Chapter 10 - Miscellaneous IPv6
# - NCSI
# - example that modifies the ncsi url location
Set-NCSIPolicyConfiguration -CorporateWebsiteProbeURL http://ipv6.ncsi.example.com -policystore Howfunky
# - get the ncsi policy
Get-NCSIPolicyConfiguration
# - reset back to default the ncsi policy on host "Howfunky"
Reset-NCSIPolicyConfiguration -PolicyStore Howfunky
#
# - prefix policy table
# - get the prefix policy table
Get-NetPrefixPolicy
# - netsh commands to manage the prefix policy table
netsh interface ipv6 show prefixpolicies
netsh interface ipv6 add prefixpolicy <prefix> <precedence> <label>
netsh interface ipv6 set prefixpolicy <prefix> <precedence> <label>
netsh interface ipv6 remove prefixpolicy <prefix> <precedence> <label>
# - sample script to get an RFC 3484 host to RFC 6724
netsh int ipv6 add prefixpolicy 3ffe::/16 1 12 store=persistent
netsh int ipv6 add prefixpolicy fec0::/10 1 11 store=persistent
netsh int ipv6 add prefixpolicy fc00::/8 4 13 store=persistent
netsh int ipv6 add prefixpolicy fd00::/8 3 14 store=persistent
netsh int ipv6 add prefixpolicy ::/96 1 3 store=persistent
netsh int ipv6 add prefixpolicy ::ffff:0:0/96 35 4 store=persistent
# - EOF

Demo 5:
#---
# multicast
# - mld vserion 2
Set-NetIPv6Protocol MldVersion=3
#
# netsh command
netsh interface ipv6 set global mldversion=version2
#
# - set igmp v2
Set-NetIPv6Protocol MldVersion=2
#
#
resolve-dnsname -name www.cav6tf.org -LlmnrOnly
#
#---
# multicast
netsh interface ipv6 show joins
Get-NetIPAddress -AddressFamily ipv6 -InterfaceIndex 4 | ft
netsh interface ipv6 show joins interface=4
#
#
# - script to determine which interface a name resolver will use to connect to a resource
$rn = Resolve-DnsName -name www.cav6tf.org -type AAAA
Find-NetRoute -RemoteIPAddress $rn.ip6address
# - EOF

Please let me know if you have any questions. I would like to know if folks are finding the examples useful.
- Ed

Saturday, May 10, 2014

Book signing at Microsoft TechEd on Tuesday

My publisher will be hosting a book signing at their booth at Microsoft TechEd and I am schedule for a spot. Come join me at the @Apress booth #740 on Tuesday from 11:30 to Noon. I will be signing copies of my book and would love to chat and talk about IPv6 and Windows.


If you have your own copy with you I am happy to sign that one also. If you aren't lucky enough to get a copy of the book I will have some discount codes to hand out at the event for an ebook version. Looking forward to seeing everyone in Houston!
- Ed

Tuesday, May 06, 2014

I am presenting at Microsoft TechEd 2014 in Houston, TX

Microsoft TechEd North America

This year is going by too fast! I can't believe Microsoft TechEd is right around the corner. I am excited to be presenting again at the event, this time I am doing:
How IPv6 Impacts Private Cloud Deployments

The abstract for the presentation:
Thursday, May 15 2:45 PM - 4:00 PM
Speaker(s): Edward Horley
Track: Datacenter and Infrastructure Management
Session Type: Breakout
Topic: IPv6
This presentation is focused on how IPv6 impacts Microsoft Private Cloud deployments. Topics covered include Hyper-V Network Virtualization (HNV), HNV Gateways, NVGRE, Windows PowerShell configuration for IPv6 addressing, DHCPv6 reservations for client hosts, IPAM integration, and general best practices for deployment. 
 
If you are attending TechEd this year I would love to see you in my session. I will be handing out discount codes for an ebook version of my recent book title Practical IPv6 for Windows Administrators from Apress.
Practical IPv6 for Windows Administrators
 

See you in Houston!
- Ed

Wednesday, April 23, 2014

ARIN moves into Phase 4 and is down to their last /8 of IPv4 - it is time for IPv6

It is official, as of today (April 23, 2014) ARIN and by extension North America has run into the final phase of IPv4 address allocations. They are down to their last /8 and therefore the largest allocation now will be a /22 along with showing a use case for transition over to IPv6. If you have no transition plan, you can't even get that last /22.

ARIN

 You can see more information about Phase 4 at the ARIN press release. This is a huge deal for the Internet community and will likely change some corporate and enterprise adoption plans and thinking in the near future. If you are curious, it looks like Akamai was the big winner with the 104.64.0.0/10 allocation going to them and tipping the inventory level.

So for all of you holding off thinking IPv6 will never impact them, it is time to start planning and figuring out your design and implementation schedules. You will have a bit of time for the service providers to burn through their existing inventory of IPv4 but after that you will have to purchase IPv4 at the going market rate. It makes IPv6 look more and more attractive.

If you want some help getting started in a lab or deploying and you run Windows you might want to pick up my book.

Practical IPv6 for Windows Administrators

Welcome to a brave new world, I think I need to pick up my "the world is ending" sign and go walk around downtown San Francisco for the day.
- Ed

Saturday, April 05, 2014

Post Interop Las Vegas - IPv6 update

Thanks to everyone who attended my IPv6 presentation at Interop. I was pleased with the number of attendees who chose to participate in my session especially being the last timeslot of the day. Many who attended wanted the slides so I am making them available via slideshare. You can also download the PDF from the Interop website (attendees only - requires username and password)



If you have more questions please reach out to me via twitter or by email (My name at howfunky.com) and I will do my best to answer any questions around the presentation and about IPv6.
 - Ed

Tuesday, March 11, 2014

Presenting on IPv6 at InterOp in Las Vegas - April 3, 2014

I was delighted when my colleague Ethan Banks (of PacketPushers fame) asked me to present on IPv6 at InterOp. The presentation audience is a slightly different for me so I have had to change some of my content and get a bit more creative, all good things. The title for my session is:
Getting Serious about IPv6: Go Big or Go Home

http://www.interop.com/lasvegas/schedule-builder/session-id/26

It is really focused at Enterprise Network Managers, Directors of IT and CTO types rather then the typical networking nerd that might attend an IPv6 session. I felt it was important to start explaining IPv6 to these professionals so they really understand what is happening in the industry. For the session the key takeaways are:
    Why you need to move to IPv6 for your Enterprise
    The impact to your business of staying on IPv4 only
    What to do next to get started with IPv6 in your Enterprise 

My session is on Thursday, April 3rd at 4pm and the show is in Las Vegas. I encourage you to register for the event not just because I am presenting (though that should be good enough on its own!) but also because of the impressive list of other speakers.

I believe InterOp makes the contents available after the event so I will update the blog when that happens. I hope to see you at my session!
- Ed

Update: apparently InterOp has a really good discount going on right now until March 17th for the show. If you use the discount code 40PERCENT you will get, surprise, 40% off the total access pass. 

Thursday, January 16, 2014

Getting your first IPv6 address allocation from ARIN

The American Registry for Internet Numbers or ARIN has put out a great little PDF you can download on how to get started with getting your first IPv6 allocation. For those who have not done this it can be useful to have an outline about what to expect in the process and this provides that.
It is interesting to note that they give the same site to prefix allocation chart as their website which is outlined below:

 Number of Sites   Prefix Block Size 
1  /48
2-12  /44
13-192  /40
193-3,072  /36
3,072 - 49,152  /32

You can find the details for how this actually works on the ARIN website.

I would expect most enterprises to fit in the /40 to /36 category as ARIN's definition of a site is relatively broad. They did this intentionally and as you can see in the definitions that follow, you can argue your single work from home user would classify as a site.

From ARIN's website:
"6.5.8.2.1. Standard sites
A site is a discrete location that is part of an organization’s network. A campus with multiple buildings may be considered as one or multiple sites, based on the implementation of its network infrastructure. For a campus to be considered as multiple sites, reasonable technical documentation must be submitted describing how the network infrastructure is implemented in a manner equivalent to multiple sites.
An organization may request up to a /48 for each site in its network, and any sites that will be operational within 12 months.

6.5.8.2.2. Extra-large sites
In rare cases, an organization may request more than a /48 for an extra-large site which requires more than 16,384 /64 subnets. In such a case, a detailed subnet plan must be submitted for each extra-large site in an organization’s network. An extra-large site qualifies for the next larger prefix when the total subnet utilization exceeds 25%. Each extra-large site will be counted as an equivalent number of /48 standard sites."

Remember, if you run labs, dev and test networks that might have to simulate an entire site then you need to include each of those as sites and not as a single /64 subnet in your design and request to ARIN. Otherwise you will not have enough address space to build out those test environments that you might require and you will have to go back to request address space.
- Ed

Monday, January 13, 2014

The IPv6 Show - IPv6 in the Enterprise? Why Bother?

The IPv6 Show
Bruce Sinclair with gogo6 is running a great podcast on IPv6. The IPv6 Show has had some fantastic guests already like Scott Hogg, Joe Klein, Jeff Doyle and Rene Paap.

I've personally really enjoyed listening to the show and I encourage you to listen to past shows and to follow the podcast if you are interested in IPv6 at all. I was fortunate enough to have Bruce ask me onto the show so please have a listen.

Podcast: Download for a copy and to play on iOS devices
Click here to Subscribe to "The IPv6 Show" on iTunes!

I am looking forward to hearing from other IPv6 industry experts that Bruce interviews in the future on the show, I think it is one to keep any eye on!
- Ed