San Joaquin Valley Library System IPv6 Case Study
The San Joaquin Valley Library System (SJVLS) is a ten jurisdiction, joint powers agency in central California, and we are IPv6-ready. We have around 10% of the public libraries in the state all connected to a common network. The whole network is run by three network engineers, three librarians and a manager. We get our connectivity from CENIC, California’s state-wide education network. They provide us with redundant dual-stacked links to their network. We are one of only eight CENIC members that have IPv6 assignments. As far as we can tell, we are the only public library system in California with IPv6 connectivity available.
As you can see in this CENIC hub-site map, we are ten libraries on the upper left connected to fre-dis-sw-1. You can also view the SJVLS network map. We are monitoring branches over IPv6, and our main website has IPv6: www.sjvls.org.
The biggest motivation for us to deploy IPv6 was making sure the public that uses our network everyday could reach the entire Internet. We do not plan on turning off IPv4 connectivity anytime soon, and until that day we will run both protocols. There will come a day when a company launches a new service that everyone wants to access and it will be IPv6-only; we wanted to be ready for that day and not have to scramble in the future.
Our IPv6 block from ARIN is 2607:f380:8C9::/48. We started our IPv6 roll out in June 2017 by dual-stacking nine of our hub sites. Twenty two months later we have 84 out of 110 branches dual-stacked, with more on the way as we upgrade branches from T1s to switch ethernet circuits. Six years ago the whole network was on Frame to ATM, two DS3s and a single 200Mbps Internet connection. Now we have ten dual-stacked handoffs to the Internet with a combined throughput of 9Gbps. We still have 25 locations still on T1s, but we are working on lowering this number over time.
Around 50% of the traffic leaving our network is over IPv6. We pull around 1TB a week from YouTube alone, and much of this traffic is over IPv6. In our core network between hub sites we are at around 98% IPv6 traffic.
Right now, our biggest roadblock is our wireless cloud provider’s lack of good IPv6 support. Unfortunately, the public can only get IPv4 when connected via wireless. One of our SSIDs is dual-stacked because it is in bridge mode, but this SSID is only for staff. The network behind our wireless is dual-stacked, so once our cloud provider has support, we will be ready.
Do not worry about enabling IPv6 everywhere and on everything all at once; it is still going to take us a few more years before we will be IPv6-enabled at every branch and on every service. The first step everyone should take is getting IPv6 addresses assigned from their ISP or directly from ARIN. Then create an address plan. When you have your address plan completed, prep as much as you can ahead of time.
Before enabling IPv6 on our network, we made sure our firewalls, Active Directory, and DNS all knew about these new IP addresses. This included building new IPv6 firewall rules for every branch and leaving them disabled until the branch was upgraded. This step alone has saved us a lot of time in the field. Next, consider doing a pilot program by enabling IPv6 at a few locations or on an isolated service. Now that we have the framework setup for IPv6, deploying IPv6 at a branch is as simple as replacing the router and updating a few settings.