The Choice: IPv4 Exhaustion or Transition to IPv6

Andy Davidson andy at nosignal.org
Fri Jun 29 08:51:16 UTC 2007


On 28 Jun 2007, at 18:27, John Curran wrote:

> At 10:16 AM -0700 6/28/07, Randy Bush wrote:
>>>     Interoperability is achieved by having public facing
>>>     servers reachable via IPv4 and IPv6.
>> that may be what it looks like from the view of an address allocator.
>> but if you actually have to deliver data from servers you need a path
>> where data from/in both protocols is supported on every link of the
>> chain that goes all the way to every bit of back end data in your
>> system.  and if one link in that chain is missing, <sound of glib  
>> idea
>> imploding>.
>    Organizations need to have IPv6 on their DMZ servers.
>    ISP's needs to provide IPv6 to these organizations, either
>    directly or via tunnel.
>    It's actually rather simple.

*That* sounds simple, but that method doesn't bear any resemblance to  
reality.

  * Software that does not support v6 needs to be rewritten (I used  
to herd some reverse proxies owned by a Juniper company that did not  
support v6 addressing.  I don't 100% convincingly know whether my  
monitoring tools do.  I don't think my IP phone does.)

  * Operational staff need to be retrained.  Hostmasters need to be  
retrained.  Support staff need to be retrained.  Your customers'  
technical contacts need to be retrained.  Everything has to keep  
working whilst your staff are learning these new skills.  2009 might  
be a great year for consultants. ;-)

  * If you don't already have v6, then rolling out your v6 assignment  
to peers and upstreams will feel a lot like building a network from  
scratch all over again.  A big co-ordinated effort involving a lot of  
third parties.

  * Testing budgets will need to swell seriously.  If you host an  
online application, you need to start your testing from scratch.

  * Policy for v6 assignment and allocation needs to be finished and  
agreed upon.  If you read the address policy lists you'll know that  
this is not going to happen for some time.  (c.f. Afrinic's decision  
to give themselves a five-hundredth of their assignment - something  
they could have done for each of their ~250 or so members without  
impact, and the bruhaha this caused.)  I daren't even mention ULA- 
Central policy.

  * Your security policy needs auditing and reworking for v6.

  * It needs to be rolled transparently to end users, unless you want  
to increase your support burden.

I'm not saying that v6 should be binned in favour of turning off the  
internet when we run out of v4, but this is a non-exhaustive list of  
projects we all should be undertaking.  Is everyone on the list  
working through their own list ?  I'd wager not.

Best regards,
Andy Davidson



More information about the NANOG mailing list