Implementing IPv6 at ARIN

Abstract

Research on how to best implement IPv6 on our network began in 2002 with the goal of having something in production in 2003. Our production deployment began in 2003 with a single IPv6-only T1 to our Chantilly, Virginia office from Sprint. We began by hosting HTTP (www.arin.net), FTP (ftp.arin.net), and DNS (inaddr.arpa and ARIN zones), as well as a server doing secondary DNS for other regional Internet registries. All hosts ran Linux, we used Apache for HTTP, ProFTPd for FTP and Bind for DNS. The network initially used a Linux box with a Sangoma card as the router and firewall. The firewall functionality was eventually moved to an OpenBSD host because its IPv6 support was better at the time. Linux lacked stateful packet inspection in ip6tables which made maintaining a good security policy difficult. However, using a Linux box as a router proved to be great for troubleshooting because having tools such as tcpdump directly on the routing platform was very convenient. This IPv6-only network was completely separate from the primary ARIN network because we had security and stability concerns. A positive side effect of our paranoia was that the segregation allowed us to experiment without worrying about negative affects on our primary IPv4-only network. All hosts had static IPv6 addresses and the default gateway used simple static routes to forward packets.

Cite this paper

@inproceedings{Ryanczak2010ImplementingIA, title={Implementing IPv6 at ARIN}, author={Matt Ryanczak}, booktitle={LISA}, year={2010} }