Digitalboard/docs
5
1
Fork 0
Code Pull requests 1 Activity Actions

chore: Adding decisions and meeting attendees

Browse source
This commit is contained in:
Tom Jampen 2025-09-18 12:57:16 +00:00
parent 6ecdfd6e3b
commit 7ffee27b47
1 changed files with 17 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

22
infrastructure/ipv6.md
View file

@ -1,5 +1,18 @@
# IPv6 Overview and Best Practices
## Summary
We agreed to setup dual stack by default as IPv6 is essential for modern IT infrastructures and significantly simplifies network management in the long term. By relying on **DNS names instead of raw IP addresses**, operating an **own, globally valid IPv6 stack**, using **Dual Stack during the migration phase**, and providing a **Jump Host for IPv6-only zones**, networks become more robust, scalable, and future-proof.
## Decisions
- Use **Dual Stack** (IPv4 and IPv6 addresses)
- Rely on **DNS names instead of raw IP addresses**
- **Each school is responsible for its DNS records** and must them for IPv4/IPv6 (including CNAME records for ACME)
- The Digitalboard provides an optional service (dynamic DNS zone for acme challenge responses) as described in the [ACME documentation](./acme.md)
- The Digitalboard might act as a RIPE customer and provide a `/32` or `/48` IPv6 network for interested schools
## Meetings
- 05.08.2025: Bert-Jan Fikse, Tobias Schaller, Tobias Wüst, Tom Jampen (inital version)
## Why IPv6?
IPv6 was introduced to address the limitations of IPv4, most notably the shortage of available addresses. It provides an almost unlimited address space, improved support for modern networking, and forms the foundation for future-proof infrastructures.
@ -9,12 +22,15 @@ IPv6 was introduced to address the limitations of IPv4, most notably the shortag
→ This improves administration, readability, and reduces error potential.
## Own IPv6 Stack
- The **RFC4193 range** (`fd00::/8`) is reserved for **local, private use**, similar to private IPv4 networks (e.g. `192.168.x.x`).
- The **RFC4193 range** (`fd00::/8`) is reserved for **local, private use**, similar to private IPv4 networks (e.g. `192.168.x.x`).
→ Disadvantages:
- In a dual stack environment (IPv4 and IPv6 with `fd00::/8` addresses) IPv4 is used by default, so IPv6 is never used!
- For production environments, it is preferable to use **public, globally routable IPv6 prefixes** obtained from an ISP or an own IPv6 allocation.
→ Advantages:
- Unique addressing without overlaps
- Direct reachability and routability on the Internet
- Sustainable, future-oriented network design
- As a direct RIPE customer an institution can get one `/29` IPv6 network (resulting in 8 `/32` IPv6 networks) for < CHF 2'000.-/year (e.g. one `/32` network for CHF 250.-/year)
## Dual Stack as a Transition Strategy
- In many environments, IPv4 cannot be replaced immediately.
@ -27,7 +43,3 @@ IPv6 was introduced to address the limitations of IPv4, most notably the shortag
- A **Jump Host** with both IPv4 and IPv6 connectivity can serve as an entry point.
- It enables access from IPv4-based networks into IPv6-only segments, acting as a controlled and secure bridge during the transition phase.
- This approach ensures operability while gradually phasing out IPv4.
## Conclusion
IPv6 is essential for modern IT infrastructures and significantly simplifies network management in the long term.
By relying on **DNS names instead of raw IP addresses**, operating an **own, globally valid IPv6 stack**, using **Dual Stack during the migration phase**, and providing a **Jump Host for IPv6-only zones**, networks become more robust, scalable, and future-proof.