IPv6 Security [Was: Re: misunderstanding scale]

Lamar Owen lowen at pari.edu
Tue Mar 25 14:46:17 UTC 2014

On 03/24/2014 09:39 PM, Paul Ferguson wrote:
> I'll leave it as an exercise for the remainder of... everywhere to
> figure out why there is resistance to v6 migration, and it isn't "just
> because" people can't be bothered.
I'm sure there are numerous enterprises in the same shape I am in, with 
significant equipment investment in non-quite-ipv6-ready gear, and 
insufficient technology refresh capex monies to get ipv6-ready 
capacity-equivalent replacements.  Cisco 6500/7600 even with Sup720 has 
issues, and I know of a number of networks still running Sup2 on 
6500/7600 or even older (including some gear in my own network, where I 
still have old gear, older even than I'm willing to admit publicly, 
serving in core roles; I just decommissioned a failing Extreme Summit 1i 
this past Saturday, and still have two more in core roles, doing Layer 3 
IPv4 in one case).  I know I'm not alone.

While much of this gear may be fully depreciated, the cost of the 
forklift upgrade is major, and the gear is not the biggest part of the 
cost.  Repairs are not anywhere near as draining on the capex budget as 
complete chassis upgrades are, and so we keep old gear running because 
it's what we can afford to do.

So capex is a big part of it; but then there's training costs and the 
opex of dealing with a new-to-us technology.

Just my very-late-to-the-party opinion, and not likely to change 
anything at all, but in hindsight it seems we might have been better off 
with ipv4.1 instead of ipv6, which, IMO, just simply bit off too much in 
one bite.  Much like how the Fountainhead project at DG got eclipsed by 
the much less ambitious Eagle, and never really went anywhere due to its 
pie-in-the-sky goals, when all the customers really wanted was a 32-bit 
Eclipse, which Eagle provided.  (Tracy Kidder, "The Soul of a New 
Machine" which should be on every tech's must-read list).  Yeah, I know, 
too late to matter, as ipv6 is here and here to stay.  But the 
transition could have been smoother and less traumatic to equipment 
vendors' customers.  At least that's my opinion and experience, your 
mileage may vary.

More information about the NANOG mailing list