Another driver for v6?
Steven M. Bellovin
smb at cs.columbia.edu
Thu Oct 30 01:10:41 UTC 2008
On Wed, 29 Oct 2008 16:29:40 -0700
"David W. Hankins" <David_Hankins at isc.org> wrote:
> On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
> > Does anyone see any benefits to beginning a small deployment of
> > IPv6 now even if its just for internal usage?
>
> It is almost lunacy to deploy IPv6 in a customer-facing sense (note
> for example Google's choice to put its AAAA on a separate FQDN). At
> this point, I'd say people are still trying to figure out how clients
> will migrate to IPv6. Which seems like a pretty bad time to still be
> trying to figure that out, but ohwell.
>
Once, after hearing Vint Cerf give a cheerleading talk for v6, I asked
why google.com didn't have a AAAA record. He just groaned -- but of
course I knew the answer just as well as he did.
>
> It is at this time more a question of strategic positioning. The
> kind of thing your boss should be thinking about.
>
> Switching your management network to IPv6 single-stack frees up
> IPv4 addresses (depending on how big your management network is)
> to use in customer-facing areas, which gives your network longer
> legs in the projected IPv4 address shortfall. If you get really
> pressed, you can tunnel your IPv4 network over an IPv6-only backbone,
> giving you another handful of precious moneymaking IPv4 addresses.
>
> Having your backbone and servers AAAA'd (even on separate FQDN's),
> tested, and ready to go puts you ahead of the curve if clients start
> rolling out (you can just move your AAAA's around).
>
> Starting now on collecting IPv6 peering wherever you peer puts you
> ahead of the curve in the quality of your network's connectedness,
> again presuming this IPv6 thing takes off.
>
> And of course you need to "run your own dog food" on internal LANs
> before you start telling customers these IPv6 address thingies are
> useful.
>
>
> IPv6: It's kind of like storing dry food in preparation for the
> apocalypse.
>
I'd rate the probability of v6 as rather higher...
More seriously -- you need to get experience with it, and you need to
at least understand where your internal support systems and databases
have v4-only wired in. I'm not saying that substantial, real-world
demand for v6 is imminent or even certain (although frankly, I regard
it as more likely than not). I am saying that the probability of it is
high enough that preparation is simply ordinary prudence.
I posted the story link because for the first time since v6 was real,
there's a *feature* that people will want that relies on it. Never
mind lots of addresses; you can't easily sell that to management. But
something that will make security management easier and cheaper -- you
may be able to avoid triangle routing, with the consequent need for
bigger pipes -- is a story they'll understand. You want to be ready to
serve those customers.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20081029/40ee374f/attachment.sig>
More information about the NANOG
mailing list