Another driver for v6?

Steven M. Bellovin smb at
Thu Oct 30 01:10:41 UTC 2008

On Wed, 29 Oct 2008 16:29:40 -0700
"David W. Hankins" <David_Hankins at> wrote:

> On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
> > Does anyone see any benefits to beginning a small deployment of
> > IPv6 now even if its just for internal usage?
> It is almost lunacy to deploy IPv6 in a customer-facing sense (note
> for example Google's choice to put its AAAA on a separate FQDN).  At
> this point, I'd say people are still trying to figure out how clients
> will migrate to IPv6.  Which seems like a pretty bad time to still be
> trying to figure that out, but ohwell.
Once, after hearing Vint Cerf give a cheerleading talk for v6, I asked
why didn't have a AAAA record.  He just groaned -- but of
course I knew the answer just as well as he did.
> It is at this time more a question of strategic positioning.  The
> kind of thing your boss should be thinking about.
> Switching your management network to IPv6 single-stack frees up
> IPv4 addresses (depending on how big your management network is)
> to use in customer-facing areas, which gives your network longer
> legs in the projected IPv4 address shortfall.  If you get really
> pressed, you can tunnel your IPv4 network over an IPv6-only backbone,
> giving you another handful of precious moneymaking IPv4 addresses.
> Having your backbone and servers AAAA'd (even on separate FQDN's),
> tested, and ready to go puts you ahead of the curve if clients start
> rolling out (you can just move your AAAA's around).
> Starting now on collecting IPv6 peering wherever you peer puts you
> ahead of the curve in the quality of your network's connectedness,
> again presuming this IPv6 thing takes off.
> And of course you need to "run your own dog food" on internal LANs
> before you start telling customers these IPv6 address thingies are
> useful.
> IPv6: It's kind of like storing dry food in preparation for the
>       apocalypse.
I'd rate the probability of v6 as rather higher...

More seriously -- you need to get experience with it, and you need to
at least understand where your internal support systems and databases
have v4-only wired in.  I'm not saying that substantial, real-world
demand for v6 is imminent or even certain (although frankly, I regard
it as more likely than not).  I am saying that the probability of it is
high enough that preparation is simply ordinary prudence.

I posted the story link because for the first time since v6 was real,
there's a *feature* that people will want that relies on it.  Never
mind lots of addresses; you can't easily sell that to management.  But
something that will make security management easier and cheaper -- you
may be able to avoid triangle routing, with the consequent need for
bigger pipes -- is a story they'll understand.  You want to be ready to
serve those customers.

		--Steve Bellovin,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list