After posting the last update in this series, I spent quite a bit of time working on completing the process of Hurricane Electric’s IPv6 Certification. After working Friday night and a better part of the day Saturday, I was able to make my way through the entire process ending up at the “Sage” level. I couldn’t think of a better way of spending my time. While I still have a lot to learn about IPv6 before I begin to start implementing it, I have a much better grounding in it that when I started.
Going through the IPv6 certification process actually had me working on two different fronts at the same time. The first was going through each of the steps while adding to the foundation of knowledge I was building on IPv6. At the same time, I was learning how to configure a Cisco router as a Tunnel Broker to connect to Hurricane Electric’s Tunnel Broker service. I still haven’t been able to finish the upgrade/conversion process of my backup ASA to allow it to pass protocol 41 through so I can put the Tunnel Broker router behind the firewall instead of in parallel. The configuration I am working on now uses a separate router on a separate internet connection on the WAN side using the Protocol Inspection functionality of IOS to keep un-welcomed visitors and traffic from coming in from the outside since the IPv6 traffic was coming in a tunnel and therefore bypassing the IPv4 firewall functionality I have in place on the router.
In working through the process, I had to remember to temporarily disable the IPv6 protocol inspection so that the tests coming from Hurricane Electric’s systems could contact the Mac Book Pro that I was using. I found several articles on the Internet that showed me how to temporarily setup SMTP and Web services on the Mac Book Pro so that I didnt have to stand up a separate server to provide these same services. Having to enable these services for IPv6 helped me see into other areas that I am sure I will be working with when the time comes to begin migrating my work network to IPv6.
Moving to a separate domain name, even if it did mean retaking some of the tests I had gone through earlier, was the exact right move. Eventually I will repeat the setup I used for the different tests to use my own DNS servers. Using HE’s Free DNS service was very straight forward. One of the challenges I ran into here was that I have never done any work with Reverse DNS or PTR records, so I had some additional reading to do here. Ran into a bit of confusion on setting up the PTR record as I has the understanding that I had the enter the IPv6 address in complete reverse to get the PTR record to work correctly. Found that HE’s Free DNS service allowed me to get it working without having to get involved in the granular details early in the game. I have new topics such as IPv6 Glue to learn about to help round out my foundation of IPv6 knowledge.
I still have a little bit of work to do to completely finish the prescribed course of work going through HE’s IPv6 certification program. Now I will be running through a series of tests each day for a little over three months and uploading the results for grading. As HE continues to make improvements and additions to the great IPv6 learning system they have in place I am sure that will help increase my knowledge about IPv6. Even though the changeover to IPv6 may take long to happen for some, the more we know now will help that process to happen smoother than without having gone through this process. If you are looking to get your CCNA or CCNP, going through the IPv6 process with HE will help build the knowledge you will need for the various exams you will be taking.