We’re currently involved in a complex RfP procedure for global network services of a large organization. As part of that we were asked to define a list of IPv6 related requirements as for the Internet uplink and MPLS circuit connections. The involved service providers/carrier offerings will be checked to comply with those.
As a source of inspiration we mainly used the excellent “What To Ask From Your Service Provider About IPv6” document from Cisco, and enhanced that with stuff we observed in other environments (go wrong), namely with regard to MTU/PMTUD and in the space of prefix filtering. Here’s the first draft list we came up with:
- IPv6 service level agreements (SLAs) meet or exceed existing/IPv4 SLAs.
- IPv6 circuit bandwidth, latency, packet loss, and jitter specifications meet or exceed existing/IPv4 specifications/properties.
- The QoS policies (queuing/discard) applicable to both IPv4 and IPv6 traffic are identical.
- IPv6 performance metrics of $PROVIDER’s network will be made available.
- $PROVIDER hosts and provides access to a “looking glass” IPv6 BGP router and/or similar functionality (e.g. an access-controlled monitoring portal) for troubleshooting purposes.
- Full support of MPLS 6VPE (RFC 4659) throughout $PROVIDER’s MPLS network.
- $PROVIDER is willing to accept IPv6 prefix advertisements from XY’s RIPE PA space allocation up to /48 _without_ a covering aggregate, provided appropriate route6 objects exist.
- In case answer to previous question is “No”, what would be the maximum prefix length that XY can advertise without a covering aggregate?
- [redundant] $PROVIDER does not impose any restrictions on IPv6 prefixes accepted as long as their length is shorter or equal /48 and appropriate route6 objects have been created (that means: “strict filtering” like described in http://www.space.net/~gert/RIPE/ipv6-filters.html will not be applied to XY’s IPv6 prefixes).
- XY’s IPv6 own address space can be used in the transit network between $PROVIDER’s and XY’s BGP router(s)?
- What is the maximum MTU of IPv6 packets that can be transported without fragmentation through $PROVIDER’s network? Different for MPLS network?
- All network devices/hosts under $PROVIDER’s control originate ICMPv6 PTB messages when needed.
- All network devices under $PROVIDER’s control pass any ICMPv6 PTB messages in transit which are originated from other devices/hosts.
===
We’re happy to receive feedback from the community if those make sense from your perspective or if we’re missing something important.
Furthermore it’s planned to assign a weight to the individual factors. In the actual environment this will probably look along the lines of the following:
Again, feel free to comment on those…
In case you want to discuss stuff like this in person, join us for the IPv6 Security Summit in Heidelberg or come to one of our “IPv6 in Enterprise Networks” trainings. Furthermore we will create (and release in a draft version here) a similar list for security devices/operations included in that RfP, or others.
Have a great weekend everybody
Enno