IPv6 Security [Was: Re: misunderstanding scale]

Tue Mar 25 02:17:02 UTC 2014

I can easily answer that one as a holder of v4 space at a commercial entity.  The end user does not feel any compelling reason to move to ipv6 if they have enough v4 space.

I can't give my employer a solid business case of why they need to make the IPv6 transition.  They already hold enough v4 space and are putting more and more servers behind virtual IPs on boxes like the F5 so they are actually gaining on the v4 space issue.  They see no economic reason to add an additional layer of complexity to their network where it is already pretty expensive to find savvy staff.  Having to find v6 savvy staff is even more challenging.  Even if the network guys are up to speed on v6 (admittedly a lot of the junior guys are not) the server and storage guys have a hard time wrapping their minds completely around ipv4.

As soon as they see an economic reason to move toward a v6 deployment I am sure they will do so.  The major cost is time not money. The engineering staff has quite enough to keep them busy without looking for projects with no ROI for the near future.  As soon as ipv6 users cannot reach ipv4 sites, they will need an ipv6 presence.  It is very much a chicken and egg problem.  Ipv6 users need to reach ipv4 sites and the fact that they can makes it unnecessary for the ipv4 sites move to ipv6.  Most commercial entities that are not in the gaming and multimedia do not feel any performance hit on v4 to v6 so there is no current pain point for the current ipv4 holders unless they are experiencing the need for more address space.  The commercial users that have been around a long time typically have pretty large allocations (/24 or better) and the majority of them do not need that many public facing addresses.

The thing that will push them toward a v6 infrastructure is having most of their customers on ipv6 and their being some performance penalty that they see for being ipv4 only.

We are doing some lab testing on v6 and trying to get more experience for the junior guys but there are lots of legacy stuff and lots of old code that is not v6 aware.  That stuff is slowly going away but there is no real push for that to happen.  Running the v6 infrastructure in parallel with the v4 infrastructure does not gain anyone very much, unfortunately they will have to run in parallel for quite some time.  Another issue is having all of their global MPLS carriers and Internet service providers supplying dual stack capability on those circuits.  There is just not enough v6 traffic to make the case for dedicated access circuits supporting just ipv6.

Steven Naslund
Chicago IL

>>It is unsettling to see such dismissive attitudes.

>>I'll leave it as an exercise for the remainder of... everywhere to figure out why there is resistance to v6 migration, and it isn't "just because" people can't be bothered.

>>Your customers are your compasses. And as Randy Bush always like to say (paraphrased), "I encourage my competitors to dismiss customer concerns over IPv6 migration."