As is probably obvious from the sidebar, I'm pretty enthusiastic about IPv6 - for quite a few reasons, not least of which is implementing a new Layer 3 protocol after guys like Vint Cerf already did most of the cool stuff.
However, I didn't want to simply complete this task - most people complete all of these tasks without properly implementing IPv6 - no routing, network configuration is required if you simply install a tunnel client on your computer and work from there.
So instead, let's introduce a lot of complexity and make it easier for the testing to fail.
First things first, since we have a whole network in play instead of a single Layer 2 domain, we need to request a bigger prefix. Since you can't (shouldn't) chop up a /64 for end devices, let's start with establishing a larger prefix. HE.net's tunnelbroker site lets us one-click request a /48:
previous blog post, and chopping it up as you see fit.
I already have a dual-stack Clos fabric in my lab, so establishing tunneled connectivity here was trivial - standing up a VyOS virtual router (config here) and peering BGP with the fabric. This is pretty much the upside to Clos fabrics - you have flexibility in spades.
Have you ever seen this error before? This is a really important issue in enterprise infrastructure because unauthenticated TLS connections...
After all that meatspace talk, let's look at a few technical solutions and why they might not meet business needs in a specific setting....
Note: I created a common baseline for pre-requisites in this previous post . We'll be following VMware's Avi + NSX-T Design guide . ...