Rackspace cloud servers also have native IPv6 support enabled by default.

That's a bit odd. Every IPv6 capable device I have ever seen requires you to tell it what interface to use when you are working with link local addresses. This is because on a box with more than one NIC the routing table can't be used to determine what interface to send traffic from when the destination is a link local address. Even enterprise grade stuff like F5 load balancers, IOS routers, and firewalls work like that. So it makes perfect sense that Linux would do the same thing.

I guess if you only have one NIC in your box Windows just assumes that the lone NIC is the one you are talking about when you tell it to connect to a link local IP. I guess that's a reasonable assumption for a consumer OS to make, I'm just not sure I would want an enterprise grade device to make assumptions like that.

If you only have one network segment then you should be able to use link local addresses for constant internal communication. If you have all of your hosts generate their link local addresses based on their MAC addresses then the link local IPs will be static.

If you have more than one network segment then you will need to setup a some ULA subnets. If that is the case you should be able to have your router advertise both an ISP provided delegated public prefix as well as a ULA prefix to each network segment. You should be able to do this with or without a DHCPv6 server if you setup the config flags in the prefix advertisements sent from the router properly.

Very nice. I especially like the section about fire walling in IPv6. With the death of private IPs and NAT everyone needs to know how to setup a good firewall.

Agreed. I don't think this is as much of an issue as it was back in the 90's when most people plugged their Win9x box directly into their cable modem. Windows 7 has a decent built in firewall and most people have a home router that also has a basic firewall built in. Between the proliferation of consumer firewalls and that fact that its very time consuming to scan even a single /64 block I think finding a reasonable number of IPv6 enabled samba hosts on the internet would be a bit challenging, even after IPv6 adoption is widespread.

The only easy way that I know of to make Windows 7 boxes use DHCPv6 is if the prefix advertisements they get from the gateway tell them to do so via the managed config flags in said prefix advertisements. Unfortunately the ASA cannot do this either as both of the config flags in the prefix advertisements sent from any ASA are hard set to 0 and cannot be changed. A Cisco router lets you set the config flags though. Hopefully Cisco will correct this discrepancy soon.

Can you RDP to the server over IPv4? Because I RDP into my Windows 7/2k8 boxes all the time via IPv6.

Honestly if you are doing anything even remotely serious with IPv6 you need to ditch Windows XP. It's IPv6 implantation is total crap and several parts of the OS, like the firewall, just don't support it. Windows 7, Mac OSX, and Linux are all perfectly viable alternatives depending on what you need your machine to do.

Have you tried it on a stable release?

Here is now I have my 3745 running 12.4 setup. There is no wifi interface of course but it should serve as a general example of a basic setup.

ipv6 unicast-routing
no ipv6 source-route
ipv6 cef
!
interface Tunnel0
 no ip address
 ipv6 address 2001:470:1F0E:6CA::2/64
 ipv6 enable
 ipv6 traffic-filter Block-IPv6-SSH in
 no ipv6 redirects
 ipv6 verify unicast reverse-path
 tunnel source 70.114.48.211
 tunnel destination 216.218.224.42
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 address 2001:470:B98A:1::/64 eui-64
 ipv6 mtu 1480
 ipv6 nd prefix 2001:470:B98A:1::/64
!
interface FastEthernet0/1
 ip address dhcp
 no ip redirects
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip nat inside source list 2000 interface FastEthernet0/1 overload
!
access-list 2000 permit ip any any
ipv6 route 2001:470:B98A::/48 FastEthernet0/0 FE80::21F:9EFF:FE45:2422
ipv6 route 2001:DB8::/32 Null0
ipv6 route FC00::/7 Null0
ipv6 route ::/0 2001:470:1F0E:6CA::1
!
ipv6 access-list Block-IPv6-SSH
 deny tcp any any eq 22
 permit ipv6 any any

Is there anything like this available for Chrome?

Nevermind. Should have googled before posting. The "ShowIPv6" add on does this for Chrome.

And one of these days android will work with ipv6 

I have an HTC Thunderbolt running Android 2.2 that's been working perfectly with IPv6 for almost a year. At home it gets an IPv6 address from the prefix being advertised by my router over my WiFi and while on the go it gets an IPv6 address from Verizon's 4G network. Although I noticed that it doesn't get an IPv6 address when I wander into a 3G only area. So IPv6 on Android seems to require either 4G or WiFi. At least with Verizon anyway. I'm not sure if that's a limitation of the 3G spec or Verizon's network.

Well the "T" in the IOS file name unofficially stands for "trouble" as it indicates that that image is part of a development (ie: beta) train. If stability is a serious concern then never use a "T" release.

The working config on my 3745 running 12.4(25d) Adv. Enterprise is pretty much the same as yours:

Code:

ipv6 unicast-routing
no ipv6 source-route
ipv6 cef

interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:1F0E:6CA::2/64
 ipv6 enable
 ipv6 traffic-filter Block-IPv6-SSH in
 no ipv6 redirects
 ipv6 verify unicast reverse-path
 tunnel source 70.114.48.211
 tunnel destination 216.218.224.42
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 ipv6 address 2001:470:B98A:1::/64 eui-64
 ipv6 mtu 1480
 ipv6 nd prefix 2001:470:B98A:1::/64
!
interface FastEthernet0/1
 ip address dhcp
 no ip redirects
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map vpn_alpha
 
ip nat inside source list 2000 interface FastEthernet0/1 overload

access-list 2000 deny ip 192.168.100.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 2000 deny ip 192.168.200.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 2000 deny ip 10.1.1.0 0.0.0.3 192.168.250.0 0.0.0.255
access-list 2000 deny ip 172.30.1.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 2000 permit ip any any

ipv6 route ::/0 2001:470:1F0E:6CA::1
ipv6 route 2001:470:B98A::/48 FastEthernet0/0 FE80::21F:9EFF:FE45:2422
ipv6 route 2001:DB8::/32 Null0
ipv6 route FC00::/7 Null0

ipv6 access-list Block-IPv6-SSH
 deny tcp any any eq 22
 permit ipv6 any any

I did notice that I am using the actual IPv6 address of HE's side of the tunnel as my next hop in my default route. Which shouldn't really matter but who knows.

no ipv6 source-route
ipv6 cef

Although not strictly required these are also very useful and should be on every IPv6 enabled internet facing IOS router in my opinion.