Re: [v6ops] new draft: draft-servin-v6ops-monitor-ds-ipv6
John Mann <john.mann@monash.edu> Tue, 30 July 2013 06:55 UTC
Return-Path: <john.mann@monash.edu>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B3A811E81BF for <v6ops@ietfa.amsl.com>; Mon, 29 Jul 2013 23:55:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.376
X-Spam-Level:
X-Spam-Status: No, score=-5.376 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNEmxgB8pThe for <v6ops@ietfa.amsl.com>; Mon, 29 Jul 2013 23:55:18 -0700 (PDT)
Received: from na3sys009aog110.obsmtp.com (na3sys009aog110.obsmtp.com [74.125.149.203]) by ietfa.amsl.com (Postfix) with ESMTP id B1CEB21E8090 for <v6ops@ietf.org>; Mon, 29 Jul 2013 23:55:17 -0700 (PDT)
Received: from mail-wg0-f54.google.com ([74.125.82.54]) (using TLSv1) by na3sys009aob110.postini.com ([74.125.148.12]) with SMTP ID DSNKUfdjVOJCzxXk/rKX+WtMHIHA3VrRgez5@postini.com; Mon, 29 Jul 2013 23:55:17 PDT
Received: by mail-wg0-f54.google.com with SMTP id n11so2517546wgh.21 for <v6ops@ietf.org>; Mon, 29 Jul 2013 23:55:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=LncYs/uIxwkRUH1XsS8i1Fy8m47sUhwbrRkYl9H9AWI=; b=S1KMDzcaQPlFslXlzXwzNZ0CCy4j6V9zHNV5Mj/234J3ZPJbUSeZ6Gv1gFdWoZJXfD Zrr3/fWEInefE1D4EEERKzlvOa7Jm6eV8UXGQD8g2JzxM7ORAKrx7YiiqmvdYapVCvPy 7G1eoHeo40+VknS+vKBUaeHnjrpFDO7fWezk/KvsOsqEQApLKTKgNUifFbWmF5hwhuWn ralSWs0I5QZyRhUnQt33qOtNpaTJ5iEcTAF7wGoH7zHDfZTIY3eIayyA8ARIJtk++niE S7XOgWF6PzmKiEl9BYH9Hy75Gaa/PS4vUIjVc/9/aRZ8oXKDiXF9IyGhWa+hiKBaoToa teBw==
X-Received: by 10.194.242.69 with SMTP id wo5mr46158883wjc.30.1375167315141; Mon, 29 Jul 2013 23:55:15 -0700 (PDT)
X-Received: by 10.194.242.69 with SMTP id wo5mr46158878wjc.30.1375167315042; Mon, 29 Jul 2013 23:55:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.164.78 with HTTP; Mon, 29 Jul 2013 23:54:54 -0700 (PDT)
In-Reply-To: <51E15A35.2090603@lacnic.net>
References: <201307131245.r6DCj0d01032@ftpeng-update.cisco.com> <51E15A35.2090603@lacnic.net>
From: John Mann <john.mann@monash.edu>
Date: Tue, 30 Jul 2013 16:54:54 +1000
Message-ID: <CA+OBy1OYeY-fn+ExTV3RSgx6J7=0QcxpZmkT3-xKg2w7-px05g@mail.gmail.com>
To: Arturo Servin <aservin@lacnic.net>
Content-Type: multipart/alternative; boundary="089e0122f0fe51efcf04e2b51786"
X-Gm-Message-State: ALoCoQnqYyifHb4q1KNjAlJWe10BvblIoF8qnn7yHyz+MpEwkyZh20FHpAkxoxnMOFDz6zNewgsy84YyoHBqjwOUThMXtwwgeOIeBYnFLp1YWPPxcAW4p4SA4kySa0df9Ms5BGEP7lGr5MXV6LoKPE6/JPCjPKz1lA==
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] new draft: draft-servin-v6ops-monitor-ds-ipv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 06:55:25 -0000
Hi,
Some culture shift may be necessary when changing from monitoring IPv4 to
IPv4+IPv6 .
For example, "interface counters" may count all packets, not just IPv4
packets.
All existing network graphs and statistics are likely to be useless for
monitoring IPv6 (separate from IPv4).
Also, just because IPv4 is working over a network path and IPv6 is enabled
over the same path, does not prove that IPv6 is working over the same path.
How about backup links -
It is necessary to send real IPv6 traffic over every path to test that it
does go through.
Pinging the GUA or ULA of every IPv6 router interfaces could be used to
test if routing is working and ACLs permit traffic.
Aim to test the IPv6 network the same ways as you test for IPv4 -
management traffic, pings, application-layer tests etc.
===
There are also new things that you can monitor that are IPv6-specific.
For example, poll each router to see what IPv6 routers it can see.
On point-to-point or HSRP/VRRP router interfaces, you expect to see one
other router;
on non-HSRP/VRRP user interfaces, you expect to see no other routers.
Are the other routers you can see "your" routers, or are they rogues
advertising bogus routes, like 6to4 prefixes?
You can snoop for rogue IPv6 routers even if you don't have your router's
interface enabled to route IPv6 traffic.
Are the RA's the router received recent, or received a while ago?
If your router has OSPFv3 neighbors, are they all in state FULL?
Thanks,
John
On 13 July 2013 23:46, Arturo Servin <aservin@lacnic.net> wrote:
> Hi,
>
> We have sent this draft about considerations and recommendations to
> monitor IPv6 and dual-stack networks and services. We have been talking
> with people deploying IPv6 and we have found that not all monitor their
> networks and not many monitor them properly. We also found some
> challenges in monitor implementations that not fully support IPv6
> monitoring technologies (snmp, netflow, ipfix, ipv6 transport). Even
> though monitoring v6 networks is as critical as doing it in v4, we have
> not found many documents explaining how that has to be done (at least
> guides with free access or up to date).
>
> There are also some misconceptions about monitoring IPv6, for
> example SNMPv3 != SNMP+IPv6, or that you cannot collect IPv6 data and
> send them on IPv4 that we wanted to clarify.
>
> We collected some recommendations from informal conversations with
> people during some training and NOGs meeting during this year but we
> need some more input. We will be sharing this draft with other forums to
> get more inputs but we wanted to share it here first.
>
> Best wishes,
> Arturo and Mariela
>
> On 7/13/13 9:45 AM, fred@cisco.com wrote:
> > A new draft has been posted, at
> http://tools.ietf.org/html/draft-servin-v6ops-monitor-ds-ipv6. Please
> take a look at it and comment.
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Alejandro Acosta
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Diego R. Lopez
- [v6ops] new draft: draft-servin-v6ops-monitor-ds-… fred
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Ariel Weher
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Diego R. Lopez
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… George, Wes
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… John Mann
- Re: [v6ops] new draft: draft-servin-v6ops-monitor… Arturo Servin