IPv6 Real World Maturity (was re: How long is your rack?)

Mon Aug 15 06:36:03 UTC 2011

On 08/14/2011 07:43 PM, Tim Wilde wrote:
> On 8/14/2011 8:36 PM, Charles N Wyble wrote:
>
>
> Yes, they prove that IPv6 is not a viable technology as it currently
> stands and we should be working on the next big thing, of course!
> IPv42, here I come!

:)

It certainly is being debated back and forth quite a bit. With apparent
0 forward progress
being made. It's important that we keep our audience in mind. Yes much
v6 is being deployed
(Owen and his band of merry men being the notable leaders) and various
pockets of link layer
availability from the big providers. It's time to just do it already.
Mark it experimental. Tell people
ZOMG you may have to r3numb3r. Why hasn't anyone capitalized on this
opportunity yet and rolled
out decent CPE with a fat margin. I mean seriously, why not? Just wrap
it in some buzzwords (security,
gaming, whatever). The vendors already do that at bestbuy.

>
> On a serious note, though, really, what DOES it say about the real-world
> maturity / actual chances of adoption for IPv6 that Charles' statement
> above is, in fact, true?

Well stated. Hopefully folks will chime in with an answer.

>    or start a flamewar
> (well, okay, I am trying to start a flamewar, that's what Sunday nights
> are for :)), it's honestly something that puzzles me.  It just doesn't
> feel right...

Yeah. Same here. It's why I dropped off NANOG. I got tired of the
constant bickering. Everyone just needs to do what seems right for their
network. What I'm curious about, is how many people actually deployed
networks following their preferred method? I mean he.net is clear about
what it believes is right and has stuck to it for several years now. 
Know how long it took me to have v6 working on my network? 10 minutes.
Just pfsense and an he.net tunnel. radvd and done. Instant v6 LAN wide.
v6.facebook/netflix/google all works. My linux boxes hit v6 mirrors
automatically. Sourceforge download via v6. Easy. Boring.

Current working theory: If you have other (sane,expected,normal)
mitigation techniques in place on your network, dealing with any
(perceived?) v6 security issues should be easy I think. I haven't labbed
this all up yet. But I will. Soon. Q3 is all about security for me.
Expect to see some posts about operationally focused security research
in Q3. Because I want to prove/disprove all the things I see flying
around. I've got the gear, I've got the time. It's time for the rubber
to hit the road.

I seem to recall a thread asking v6 status and a bunch of people
responding with AS numbers and prefixes. Hopefully that list keeps
growing. That's on the provider side of course. Is anyone here not
deploying a v6 network, so that someone else doesn't do it for you
(which again, it's my feeling that a well engineered "enterprise" LAN
wouldn't be susceptible to a lot of the attacks). My memory is a bit
fuzzy about all the details. I'll solicit requests for tests in a while,
once my current projects are wrapped up.

What about all the other folks out there? Who pushed whatever blasted
prefix size, or moaned about neighbor table overflows, or about NAT vs
FW or whatever other inane nonsense. I WANT MY LINK LAYER NATIVE V6! AND
I WANT IT NOW!

>
> Regards,
> Tim
>

-- 
Charles N Wyble charles at knownelement.com @charlesnw on twitter

http://blog.knownelement.com

Building alternative,global scale,secure, cost effective bit moving platform
for tomorrows alternate default free zone.