On Tuesday, May 26, 2015, David Sotnick <sotnickd-na...@ddv.com> wrote:
> Hi NANOG, > > The company I work for has no business case for being on the IPv6-Internet. > However, I am an inquisitive person and I am always looking to learn new > things, so about 3 years ago I started down the IPv6 path. This was early > 2012. > > Fast forward to today. We have a /44 presence for our company's multiple > sites; All our desktop computers have been on the IPv6 Internet since June, > 2012 and we have a few AAAAs in our external DNS for some key services — > and, there have been bugs. *Lots* of bugs. > > Now, maybe (_maybe_) I can have some sympathy for smaller network companies > (like Arista Networks at the time) to not quite have their act together as > far as IPv6 goes, but for larger, well-established companies to still have > critical IPv6 bugs is just inexcusable! > > This month has just been the most disheartening time working with IPv6. > > Vendor 1: > > Aruba Networks. Upon adding an IPv6 address to start managing our WiFi > controller over IPv6, I receive a call from our Telecom Lead saying that or > WiFi VoIP phones have just gone offline. WHAT? All I did was add an IPv6 > address to a management interface which has *nothing* to do with our VoIP > system or SSID, ACLs, policies, roles, etc. > > Vendor 2: > > Palo Alto Networks: After upgrading our firewalls from a version which has > a nasty bug where the IPv6 neighbor table wasn't being cleaned up properly > (which would overflow the table and break IPv6), we now have a *new* IPv6 > neighbor discovery bug where one of our V6-enabled DMZ hosts just falls of > the IPv6 network. The only solution: clear the neighbor table on the Palo > Alto or the client (linux) host. > > Vendor 3: > > Arista Networks: We are seeing a very similar ND bug with Arista. This one > is slightly more interesting because it only started after upgrading our > Arista EOS code — and it only appears to affect Virtual Machines which are > behind our RedHat Enterprise Virtualization cluster. None of the hundreds > of VMware-connected hosts are affected. The symptom is basically the same > as the Palo Alto bug. Neighbor table gets in some weird state where ND > breaks and the host is unreachable until the neighbor table is cleared. > > Oh, and the final straw today, which is *almost* leading me to throw in the > IPv6 towel completely (for now): On certain hosts (VMs), scp'ing a file > over the [Arista] LAN (10 gigabit LAN) takes 5 minutes over IPv6 and <1 > second over IPv4. What happened? > > It really saddens me that it is still not receiving anywhere near the kind > of QA (partly as a result of lack of adoption) that IPv4 has. > > Oh, and let's not forget everybody's "favorite" vendor, Cisco. Why is it, > Cisco, that I have to restart my IPv6 OSPF3 process on my ASA every time my > Palo Alto firewall crashes and fails over, otherwise none of my VPN clients > can connect via IPv6? > > Why do you hurt me so, IPv6? I just wanted to be friends, and now I just > want to break up with you. Maybe we can try to be friends again when your > vendors get their shit together. > > -David > Had ipv4 ever hurt you ? Me too. CB
